From a899cea12d68b0931de52603bce16dda9a111ae2 Mon Sep 17 00:00:00 2001 From: nitrocode Date: Mon, 25 Oct 2021 15:35:03 -0500 Subject: [PATCH 01/11] Add broker_node_security_groups --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index af26169..a23e3c3 100644 --- a/main.tf +++ b/main.tf @@ -75,7 +75,7 @@ resource "aws_msk_cluster" "default" { instance_type = var.broker_instance_type ebs_volume_size = var.broker_volume_size client_subnets = var.subnet_ids - security_groups = aws_security_group.default.*.id + security_groups = concat(var.broker_node_security_groups, aws_security_group.default.*.id) } configuration_info { From 426730b75903fb7f17d2d6a55e39f2edc9b18f02 Mon Sep 17 00:00:00 2001 From: nitrocode Date: Mon, 25 Oct 2021 15:36:16 -0500 Subject: [PATCH 02/11] Add broker_node_security_groups --- variables.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/variables.tf b/variables.tf index de2eb75..2c90e10 100644 --- a/variables.tf +++ b/variables.tf @@ -41,6 +41,12 @@ variable "security_groups" { description = "List of security group IDs to be allowed to connect to the cluster" } +variable "broker_node_security_groups" { + type = list(string) + default = [] + description = "List of broker node security group IDs to be associated with the elastic network interfaces to control who can communicate with the cluster" +} + variable "allowed_cidr_blocks" { type = list(string) default = [] From 995a283cdbe83257bbc39d8c6738e936cba59540 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Mon, 25 Oct 2021 20:38:14 +0000 Subject: [PATCH 03/11] Auto Format --- README.md | 1 + docs/terraform.md | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 11f36e4..debcc6f 100644 --- a/README.md +++ b/README.md @@ -185,6 +185,7 @@ Available targets: | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | List of CIDR blocks to be allowed to connect to the cluster | `list(string)` | `[]` | no | | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [broker\_instance\_type](#input\_broker\_instance\_type) | The instance type to use for the Kafka brokers | `string` | n/a | yes | +| [broker\_node\_security\_groups](#input\_broker\_node\_security\_groups) | List of broker node security group IDs to be associated with the elastic network interfaces to control who can communicate with the cluster | `list(string)` | `[]` | no | | [broker\_volume\_size](#input\_broker\_volume\_size) | The size in GiB of the EBS volume for the data drive on each broker node | `number` | `1000` | no | | [certificate\_authority\_arns](#input\_certificate\_authority\_arns) | List of ACM Certificate Authority Amazon Resource Names (ARNs) to be used for TLS client authentication | `list(string)` | `[]` | no | | [client\_broker](#input\_client\_broker) | Encryption setting for data in transit between clients and brokers. Valid values: `TLS`, `TLS_PLAINTEXT`, and `PLAINTEXT` | `string` | `"TLS"` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 5c1f538..07a3c16 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -42,6 +42,7 @@ | [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | List of CIDR blocks to be allowed to connect to the cluster | `list(string)` | `[]` | no | | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [broker\_instance\_type](#input\_broker\_instance\_type) | The instance type to use for the Kafka brokers | `string` | n/a | yes | +| [broker\_node\_security\_groups](#input\_broker\_node\_security\_groups) | List of broker node security group IDs to be associated with the elastic network interfaces to control who can communicate with the cluster | `list(string)` | `[]` | no | | [broker\_volume\_size](#input\_broker\_volume\_size) | The size in GiB of the EBS volume for the data drive on each broker node | `number` | `1000` | no | | [certificate\_authority\_arns](#input\_certificate\_authority\_arns) | List of ACM Certificate Authority Amazon Resource Names (ARNs) to be used for TLS client authentication | `list(string)` | `[]` | no | | [client\_broker](#input\_client\_broker) | Encryption setting for data in transit between clients and brokers. Valid values: `TLS`, `TLS_PLAINTEXT`, and `PLAINTEXT` | `string` | `"TLS"` | no | From 7d42a92df915434f6409b21560e550c208095a40 Mon Sep 17 00:00:00 2001 From: nitrocode Date: Mon, 25 Oct 2021 15:47:51 -0500 Subject: [PATCH 04/11] Add broker_node_security_groups to readme --- README.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.yaml b/README.yaml index baec01b..dff461b 100644 --- a/README.yaml +++ b/README.yaml @@ -86,11 +86,15 @@ usage: |- name = "app" vpc_id = "vpc-XXXXXXXX" zone_id = "Z14EN2YD427LRQ" - security_groups = ["sg-XXXXXXXXX", "sg-YYYYYYYY"] subnet_ids = ["subnet-XXXXXXXXX", "subnet-YYYYYYYY"] kafka_version = "2.4.1" number_of_broker_nodes = 2 # this has to be a multiple of the # of subnet_ids broker_instance_type = "kafka.m5.large" + + # security groups to put on the cluster itself + broker_node_security_groups = ["sg-XXXXXXXXX", "sg-YYYYYYYY"] + # security groups to give access to the cluster + security_groups = ["sg-XXXXXXXXX", "sg-YYYYYYYY"] } ``` From 2dce0a139cffd3f668cba8c88f1494522196550c Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Mon, 25 Oct 2021 20:48:57 +0000 Subject: [PATCH 05/11] Auto Format --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index debcc6f..78d7f12 100644 --- a/README.md +++ b/README.md @@ -111,11 +111,15 @@ module "kafka" { name = "app" vpc_id = "vpc-XXXXXXXX" zone_id = "Z14EN2YD427LRQ" - security_groups = ["sg-XXXXXXXXX", "sg-YYYYYYYY"] subnet_ids = ["subnet-XXXXXXXXX", "subnet-YYYYYYYY"] kafka_version = "2.4.1" number_of_broker_nodes = 2 # this has to be a multiple of the # of subnet_ids broker_instance_type = "kafka.m5.large" + + # security groups to put on the cluster itself + broker_node_security_groups = ["sg-XXXXXXXXX", "sg-YYYYYYYY"] + # security groups to give access to the cluster + security_groups = ["sg-XXXXXXXXX", "sg-YYYYYYYY"] } ``` From 1463f706737326b14cb02b56282f2db0228ceb42 Mon Sep 17 00:00:00 2001 From: nitrocode Date: Mon, 25 Oct 2021 15:49:37 -0500 Subject: [PATCH 06/11] Update main.tf --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index a23e3c3..d815eed 100644 --- a/main.tf +++ b/main.tf @@ -65,6 +65,7 @@ resource "aws_msk_configuration" "config" { } resource "aws_msk_cluster" "default" { + #bridgecrew:skip=BC_AWS_LOGGING_18:Skipping `Amazon MSK cluster logging is not enabled` check since it can be enabled with cloudwatch_logs_enabled = true count = local.enabled ? 1 : 0 cluster_name = module.this.id kafka_version = var.kafka_version From 61e56828bdac39e1dfd9077a8e63ec0d2b992f31 Mon Sep 17 00:00:00 2001 From: Yonatan Koren Date: Mon, 25 Oct 2021 19:12:15 -0400 Subject: [PATCH 07/11] Restrict security groups based on enabled protocols. --- main.tf | 85 +++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 74 insertions(+), 11 deletions(-) diff --git a/main.tf b/main.tf index d815eed..94501cb 100644 --- a/main.tf +++ b/main.tf @@ -12,6 +12,69 @@ locals { bootstrap_brokers_combined_list = concat(local.bootstrap_brokers_list, local.bootstrap_brokers_tls_list, local.bootstrap_brokers_scram_list, local.bootstrap_brokers_iam_list) # If var.storage_autoscaling_max_capacity is not set, don't autoscale past current size broker_volume_size_max = coalesce(var.storage_autoscaling_max_capacity, var.broker_volume_size) + + # var.client_broker types + plaintext = "PLAINTEXT" + tls_plaintext = "TLS_PLAINTEXT" + tls = "TLS" + + # The following ports are not configurable. See: https://docs.aws.amazon.com/msk/latest/developerguide/client-access.html#port-info + protocols = [ + { + name = "plaintext" + # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#bootstrap_brokers + enabled = contains([local.plaintext, local.tls_plaintext], var.client_broker) + port = 9092 + }, + { + name = "tls" + # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#bootstrap_brokers_tls + enabled = contains([local.tls_plaintext, local.tls], var.client_broker) + port = 9094 + }, + { + name = "SASL/SCRAM" + # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#bootstrap_brokers_sasl_scram + enabled = var.client_sasl_scram_enabled && contains([local.tls_plaintext, local.tls], var.client_broker) + port = 9096 + }, + { + name = "SASL/IAM" + # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#bootstrap_brokers_sasl_iam + enabled = var.client_sasl_iam_enabled && contains([local.tls_plaintext, local.tls], var.client_broker) + port = 9098 + }, + # The following two protocols are always enabled. + # See: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#zookeeper_connect_string + # and https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#zookeeper_connect_string_tls + { + name = "Zookeeper plaintext" + enabled = true + port = 2181 + }, + { + name = "Zookeeper TLS" + enabled = true + port = 2182 + } + ] + + sg_based_rules = local.enabled && length(var.security_groups) > 0 ? flatten([ + for sg in var.security_groups : [for protocol in local.protocols : + { + description = "Allow inbound ${protocol.name} traffic from Security Group ${sg}" + source_security_group_id = sg + port = protocol.port + } if protocol.enabled + ]]) : [] + + cidr_based_rules = local.enabled && length(var.allowed_cidr_blocks) > 0 ? [ + for protocol in local.protocols : { + description = "Allow inbound ${protocol.name} traffic from CIDR Blocks" + cidr_blocks = var.allowed_cidr_blocks + port = protocol.port + } if protocol.enabled + ] : [] } resource "aws_security_group" "default" { @@ -23,24 +86,24 @@ resource "aws_security_group" "default" { } resource "aws_security_group_rule" "ingress_security_groups" { - count = local.enabled ? length(var.security_groups) : 0 - description = "Allow inbound traffic from Security Groups" + count = local.enabled ? length(local.sg_based_rules) : 0 + description = local.sg_based_rules[count.index].description type = "ingress" - from_port = 0 - to_port = 65535 + from_port = local.sg_based_rules[count.index].port + to_port = local.sg_based_rules[count.index].port protocol = "tcp" - source_security_group_id = var.security_groups[count.index] + source_security_group_id = local.sg_based_rules[count.index].source_security_group_id security_group_id = join("", aws_security_group.default.*.id) } resource "aws_security_group_rule" "ingress_cidr_blocks" { - count = local.enabled && length(var.allowed_cidr_blocks) > 0 ? 1 : 0 - description = "Allow inbound traffic from CIDR blocks" + count = local.enabled ? length(local.cidr_based_rules) : 0 + description = local.sg_based_rules[count.index].description type = "ingress" - from_port = 0 - to_port = 65535 + from_port = local.cidr_based_rules[count.index].port + to_port = local.cidr_based_rules[count.index].port protocol = "tcp" - cidr_blocks = var.allowed_cidr_blocks + cidr_blocks = local.cidr_based_rules[count.index].cidr_blocks security_group_id = join("", aws_security_group.default.*.id) } @@ -65,7 +128,7 @@ resource "aws_msk_configuration" "config" { } resource "aws_msk_cluster" "default" { - #bridgecrew:skip=BC_AWS_LOGGING_18:Skipping `Amazon MSK cluster logging is not enabled` check since it can be enabled with cloudwatch_logs_enabled = true + #bridgecrew:skip=BC_AWS_LOGGING_18:Skipping `Amazon MSK cluster logging is not enabled` check since it can be enabled with cloudwatch_logs_enabled = true count = local.enabled ? 1 : 0 cluster_name = module.this.id kafka_version = var.kafka_version From 6e464eea29fcf3400fc266ac2ed928795b524280 Mon Sep 17 00:00:00 2001 From: Yonatan Koren Date: Tue, 26 Oct 2021 08:45:51 -0400 Subject: [PATCH 08/11] Use Security Group module. --- main.tf | 117 ++++++++++++++++++++--------------------------------- outputs.tf | 4 +- 2 files changed, 46 insertions(+), 75 deletions(-) diff --git a/main.tf b/main.tf index 94501cb..c519c46 100644 --- a/main.tf +++ b/main.tf @@ -14,108 +14,79 @@ locals { broker_volume_size_max = coalesce(var.storage_autoscaling_max_capacity, var.broker_volume_size) # var.client_broker types - plaintext = "PLAINTEXT" + plaintext = "PLAINTEXT" tls_plaintext = "TLS_PLAINTEXT" - tls = "TLS" + tls = "TLS" # The following ports are not configurable. See: https://docs.aws.amazon.com/msk/latest/developerguide/client-access.html#port-info - protocols = [ - { - name = "plaintext" + protocols = { + plaintext = { + name = "plaintext" # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#bootstrap_brokers enabled = contains([local.plaintext, local.tls_plaintext], var.client_broker) port = 9092 - }, - { - name = "tls" + } + tls = { + name = "TLS" # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#bootstrap_brokers_tls enabled = contains([local.tls_plaintext, local.tls], var.client_broker) port = 9094 - }, - { - name = "SASL/SCRAM" + } + sasl_scram = { + name = "SASL/SCRAM" # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#bootstrap_brokers_sasl_scram enabled = var.client_sasl_scram_enabled && contains([local.tls_plaintext, local.tls], var.client_broker) port = 9096 - }, - { - name = "SASL/IAM" + } + sasl_iam = { + name = "SASL/IAM" # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#bootstrap_brokers_sasl_iam enabled = var.client_sasl_iam_enabled && contains([local.tls_plaintext, local.tls], var.client_broker) port = 9098 - }, + } # The following two protocols are always enabled. # See: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#zookeeper_connect_string # and https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#zookeeper_connect_string_tls - { + zookeeper_plaintext = { name = "Zookeeper plaintext" enabled = true port = 2181 - }, - { + } + zookeeper_tls = { name = "Zookeeper TLS" enabled = true port = 2182 } - ] - - sg_based_rules = local.enabled && length(var.security_groups) > 0 ? flatten([ - for sg in var.security_groups : [for protocol in local.protocols : - { - description = "Allow inbound ${protocol.name} traffic from Security Group ${sg}" - source_security_group_id = sg - port = protocol.port - } if protocol.enabled - ]]) : [] - - cidr_based_rules = local.enabled && length(var.allowed_cidr_blocks) > 0 ? [ - for protocol in local.protocols : { - description = "Allow inbound ${protocol.name} traffic from CIDR Blocks" - cidr_blocks = var.allowed_cidr_blocks - port = protocol.port - } if protocol.enabled - ] : [] + } } -resource "aws_security_group" "default" { - count = local.enabled ? 1 : 0 - vpc_id = var.vpc_id - name = module.this.id - description = "Allow inbound traffic from Security Groups and CIDRs. Allow all outbound traffic" - tags = module.this.tags -} +module "broker_security_group" { + source = "cloudposse/security-group/aws" + version = "0.4.2" -resource "aws_security_group_rule" "ingress_security_groups" { - count = local.enabled ? length(local.sg_based_rules) : 0 - description = local.sg_based_rules[count.index].description - type = "ingress" - from_port = local.sg_based_rules[count.index].port - to_port = local.sg_based_rules[count.index].port - protocol = "tcp" - source_security_group_id = local.sg_based_rules[count.index].source_security_group_id - security_group_id = join("", aws_security_group.default.*.id) -} + attributes = ["broker"] -resource "aws_security_group_rule" "ingress_cidr_blocks" { - count = local.enabled ? length(local.cidr_based_rules) : 0 - description = local.sg_based_rules[count.index].description - type = "ingress" - from_port = local.cidr_based_rules[count.index].port - to_port = local.cidr_based_rules[count.index].port - protocol = "tcp" - cidr_blocks = local.cidr_based_rules[count.index].cidr_blocks - security_group_id = join("", aws_security_group.default.*.id) -} + security_group_description = "Allow inbound MSK-related traffic from Security Groups and CIDRs. Allow all outbound traffic" + allow_all_egress = true + rule_matrix = [ + { + source_security_group_ids = var.security_groups + cidr_blocks = var.allowed_cidr_blocks + rules = [ + for protocol_key, protocol in local.protocols : { + key = protocol_key + type = "ingress" + from_port = protocol.port + to_port = protocol.port + protocol = "tcp" + description = "Allow inbound ${protocol.name} traffic" + } if protocol.enabled + ] + } + ] + vpc_id = var.vpc_id -resource "aws_security_group_rule" "egress" { - count = local.enabled ? 1 : 0 - description = "Allow all egress traffic" - type = "egress" - from_port = 0 - to_port = 65535 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = join("", aws_security_group.default.*.id) + context = module.this.context } resource "aws_msk_configuration" "config" { @@ -139,7 +110,7 @@ resource "aws_msk_cluster" "default" { instance_type = var.broker_instance_type ebs_volume_size = var.broker_volume_size client_subnets = var.subnet_ids - security_groups = concat(var.broker_node_security_groups, aws_security_group.default.*.id) + security_groups = concat(var.broker_node_security_groups, [module.broker_security_group.id]) } configuration_info { diff --git a/outputs.tf b/outputs.tf index 7cd21d6..af3113d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -55,10 +55,10 @@ output "cluster_name" { output "security_group_id" { description = "The ID of the security group rule" - value = join("", aws_security_group.default.*.id) + value = module.broker_security_group.id } output "security_group_name" { description = "The name of the security group rule" - value = join("", aws_security_group.default.*.name) + value = module.broker_security_group.name } From 3963055163ddbbd7467690a4c88ea397d10798c8 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Tue, 26 Oct 2021 12:51:38 +0000 Subject: [PATCH 09/11] Auto Format --- README.md | 5 +---- docs/terraform.md | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 78d7f12..cd0e7aa 100644 --- a/README.md +++ b/README.md @@ -164,6 +164,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| +| [broker\_security\_group](#module\_broker\_security\_group) | cloudposse/security-group/aws | 0.4.2 | | [hostname](#module\_hostname) | cloudposse/route53-cluster-hostname/aws | 0.12.2 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | @@ -176,10 +177,6 @@ Available targets: | [aws_msk_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster) | resource | | [aws_msk_configuration.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_configuration) | resource | | [aws_msk_scram_secret_association.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_scram_secret_association) | resource | -| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_security_group_rule.egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | -| [aws_security_group_rule.ingress_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | -| [aws_security_group_rule.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | ## Inputs diff --git a/docs/terraform.md b/docs/terraform.md index 07a3c16..3238b14 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -17,6 +17,7 @@ | Name | Source | Version | |------|--------|---------| +| [broker\_security\_group](#module\_broker\_security\_group) | cloudposse/security-group/aws | 0.4.2 | | [hostname](#module\_hostname) | cloudposse/route53-cluster-hostname/aws | 0.12.2 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | @@ -29,10 +30,6 @@ | [aws_msk_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster) | resource | | [aws_msk_configuration.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_configuration) | resource | | [aws_msk_scram_secret_association.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_scram_secret_association) | resource | -| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_security_group_rule.egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | -| [aws_security_group_rule.ingress_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | -| [aws_security_group_rule.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | ## Inputs From fce614740c3fbe6af3f90a63a6b1e716c185e5ce Mon Sep 17 00:00:00 2001 From: Yonatan Koren Date: Tue, 26 Oct 2021 08:57:05 -0400 Subject: [PATCH 10/11] Bump minimum Terraform version to support SG module. --- examples/complete/versions.tf | 13 +++---------- versions.tf | 2 +- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 1d387de..c31c403 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,21 +1,14 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.14.0" required_providers { aws = { source = "hashicorp/aws" version = ">= 3.0" } - template = { - source = "hashicorp/template" - version = ">= 2.0" - } - local = { - source = "hashicorp/local" - version = ">= 1.3" - } random = { - source = "hashicorp/random" + source = "hashicorp/random" + version = ">= 2.2" } } } diff --git a/versions.tf b/versions.tf index 763f80f..c31c403 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.14.0" required_providers { aws = { From cd3cddfef3bf090f0381633598c2e43c3621a44a Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Tue, 26 Oct 2021 13:08:44 +0000 Subject: [PATCH 11/11] Auto Format --- README.md | 2 +- docs/terraform.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cd0e7aa..77d30c1 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,7 @@ Available targets: | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 0.14.0 | | [aws](#requirement\_aws) | >= 3.0 | | [random](#requirement\_random) | >= 2.2 | diff --git a/docs/terraform.md b/docs/terraform.md index 3238b14..89724d6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 0.14.0 | | [aws](#requirement\_aws) | >= 3.0 | | [random](#requirement\_random) | >= 2.2 |