upgrades to new terraform v0.12 syntax (#31)

README.md

@@ -87,7 +87,7 @@ create an input vars file (`terraform.tfvars`)
 app = "my-app"
 environment = "dev"
 
-internal = "true"
+internal = true
 container_port = "8080"
 replicas = "1"
 health_check = "/health"

base/ecr.tf

@@ -6,15 +6,16 @@
 
 # create an ECR repo at the app/image level
 resource "aws_ecr_repository" "app" {
-  name = "${var.app}"
+  name = var.app
 }
 
-data "aws_caller_identity" "current" {}
+data "aws_caller_identity" "current" {
+}
 
 # grant access to saml users
 resource "aws_ecr_repository_policy" "app" {
-  repository = "${aws_ecr_repository.app.name}"
-  policy     = "${data.aws_iam_policy_document.ecr.json}"
+  repository = aws_ecr_repository.app.name
+  policy     = data.aws_iam_policy_document.ecr.json
 }
 
 data "aws_iam_policy_document" "ecr" {

base/main.tf

@@ -1,3 +1,7 @@
+terraform {
+  required_version = ">= 0.12"
+}
+
 /**
  * main.tf
  * The main entry point for Terraform run
@@ -9,8 +13,8 @@
 # Using the AWS Provider
 # https://www.terraform.io/docs/providers/
 provider "aws" {
-  region  = "${var.region}"
-  profile = "${var.aws_profile}"
+  region  = var.region
+  profile = var.aws_profile
 }
 
 /*
@@ -21,10 +25,10 @@ provider "aws" {
 
 # Returns the name of the ECR registry, this will be used later in various scripts
 output "docker_registry" {
-  value = "${aws_ecr_repository.app.repository_url}"
+  value = aws_ecr_repository.app.repository_url
 }
 
 # Returns the name of the S3 bucket that will be used in later Terraform files
 output "bucket" {
-  value = "${module.tf_remote_state.bucket}"
+  value = module.tf_remote_state.bucket
 }

base/state.tf

@@ -12,7 +12,7 @@
 module "tf_remote_state" {
   source = "github.com/turnerlabs/terraform-remote-state?ref=v2.2.0"
 
-  role        = "${var.saml_role}"
-  application = "${var.app}"
-  tags        = "${var.tags}"
+  role        = var.saml_role
+  application = var.app
+  tags        = var.tags
 }

base/variables.tf

@@ -11,14 +11,17 @@ variable "region" {
 }
 
 # The AWS profile to use, this would be the same value used in AWS_PROFILE.
-variable "aws_profile" {}
+variable "aws_profile" {
+}
 
 # The role that will have access to the S3 bucket, this should be a role that all
 # members of the team have access to.
-variable "saml_role" {}
+variable "saml_role" {
+}
 
 # Name of the application. This value should usually match the application tag below.
-variable "app" {}
+variable "app" {
+}
 
 # A map of the tags to apply to various resources. The required tags are:
 # `application`, name of the app;
@@ -27,5 +30,5 @@ variable "app" {}
 # `contact-email`, contact email for the _team_;
 # and `customer`, who the application was create for.
 variable "tags" {
-  type = "map"
+  type = map(string)
 }

env/dev/autoscale-perf.tf

@@ -54,14 +54,14 @@ resource "aws_cloudwatch_metric_alarm" "cpu_utilization_high" {
   namespace           = "AWS/ECS"
   period              = "60"
   statistic           = "Average"
-  threshold           = "${var.ecs_as_cpu_high_threshold_per}"
+  threshold           = var.ecs_as_cpu_high_threshold_per
 
-  dimensions {
-    ClusterName = "${aws_ecs_cluster.app.name}"
-    ServiceName = "${aws_ecs_service.app.name}"
+  dimensions = {
+    ClusterName = aws_ecs_cluster.app.name
+    ServiceName = aws_ecs_service.app.name
   }
 
-  alarm_actions = ["${aws_appautoscaling_policy.app_up.arn}"]
+  alarm_actions = [aws_appautoscaling_policy.app_up.arn]
 }
 
 resource "aws_cloudwatch_metric_alarm" "cpu_utilization_low" {
@@ -72,21 +72,21 @@ resource "aws_cloudwatch_metric_alarm" "cpu_utilization_low" {
   namespace           = "AWS/ECS"
   period              = "60"
   statistic           = "Average"
-  threshold           = "${var.ecs_as_cpu_low_threshold_per}"
+  threshold           = var.ecs_as_cpu_low_threshold_per
 
-  dimensions {
-    ClusterName = "${aws_ecs_cluster.app.name}"
-    ServiceName = "${aws_ecs_service.app.name}"
+  dimensions = {
+    ClusterName = aws_ecs_cluster.app.name
+    ServiceName = aws_ecs_service.app.name
   }
 
-  alarm_actions = ["${aws_appautoscaling_policy.app_down.arn}"]
+  alarm_actions = [aws_appautoscaling_policy.app_down.arn]
 }
 
 resource "aws_appautoscaling_policy" "app_up" {
   name               = "app-scale-up"
-  service_namespace  = "${aws_appautoscaling_target.app_scale_target.service_namespace}"
-  resource_id        = "${aws_appautoscaling_target.app_scale_target.resource_id}"
-  scalable_dimension = "${aws_appautoscaling_target.app_scale_target.scalable_dimension}"
+  service_namespace  = aws_appautoscaling_target.app_scale_target.service_namespace
+  resource_id        = aws_appautoscaling_target.app_scale_target.resource_id
+  scalable_dimension = aws_appautoscaling_target.app_scale_target.scalable_dimension
 
   step_scaling_policy_configuration {
     adjustment_type         = "ChangeInCapacity"
@@ -102,9 +102,9 @@ resource "aws_appautoscaling_policy" "app_up" {
 
 resource "aws_appautoscaling_policy" "app_down" {
   name               = "app-scale-down"
-  service_namespace  = "${aws_appautoscaling_target.app_scale_target.service_namespace}"
-  resource_id        = "${aws_appautoscaling_target.app_scale_target.resource_id}"
-  scalable_dimension = "${aws_appautoscaling_target.app_scale_target.scalable_dimension}"
+  service_namespace  = aws_appautoscaling_target.app_scale_target.service_namespace
+  resource_id        = aws_appautoscaling_target.app_scale_target.resource_id
+  scalable_dimension = aws_appautoscaling_target.app_scale_target.scalable_dimension
 
   step_scaling_policy_configuration {
     adjustment_type         = "ChangeInCapacity"

env/dev/autoscale-time.tf

@@ -30,14 +30,14 @@ variable "scale_down_max_capacity" {
 resource "aws_appautoscaling_scheduled_action" "app_autoscale_time_up" {
   name = "app-autoscale-time-up-${var.app}-${var.environment}"
 
-  service_namespace  = "${aws_appautoscaling_target.app_scale_target.service_namespace}"
-  resource_id        = "${aws_appautoscaling_target.app_scale_target.resource_id}"
-  scalable_dimension = "${aws_appautoscaling_target.app_scale_target.scalable_dimension}"
-  schedule           = "${var.scale_up_cron}"
+  service_namespace  = aws_appautoscaling_target.app_scale_target.service_namespace
+  resource_id        = aws_appautoscaling_target.app_scale_target.resource_id
+  scalable_dimension = aws_appautoscaling_target.app_scale_target.scalable_dimension
+  schedule           = var.scale_up_cron
 
   scalable_target_action {
-    min_capacity = "${aws_appautoscaling_target.app_scale_target.min_capacity}"
-    max_capacity = "${aws_appautoscaling_target.app_scale_target.max_capacity}"
+    min_capacity = aws_appautoscaling_target.app_scale_target.min_capacity
+    max_capacity = aws_appautoscaling_target.app_scale_target.max_capacity
   }
 }
 
@@ -46,13 +46,13 @@ resource "aws_appautoscaling_scheduled_action" "app_autoscale_time_up" {
 resource "aws_appautoscaling_scheduled_action" "app_autoscale_time_down" {
   name = "app-autoscale-time-down-${var.app}-${var.environment}"
 
-  service_namespace  = "${aws_appautoscaling_target.app_scale_target.service_namespace}"
-  resource_id        = "${aws_appautoscaling_target.app_scale_target.resource_id}"
-  scalable_dimension = "${aws_appautoscaling_target.app_scale_target.scalable_dimension}"
-  schedule           = "${var.scale_down_cron}"
+  service_namespace  = aws_appautoscaling_target.app_scale_target.service_namespace
+  resource_id        = aws_appautoscaling_target.app_scale_target.resource_id
+  scalable_dimension = aws_appautoscaling_target.app_scale_target.scalable_dimension
+  schedule           = var.scale_down_cron
 
   scalable_target_action {
-    min_capacity = "${var.scale_down_min_capacity}"
-    max_capacity = "${var.scale_down_max_capacity}"
+    min_capacity = var.scale_down_min_capacity
+    max_capacity = var.scale_down_max_capacity
   }
 }

env/dev/cicd.tf

@@ -4,7 +4,7 @@ resource "aws_iam_user" "cicd" {
 }
 
 resource "aws_iam_access_key" "cicd_keys" {
-  user = "${aws_iam_user.cicd.name}"
+  user = aws_iam_user.cicd.name
 }
 
 # grant required permissions to deploy
@@ -24,7 +24,7 @@ data "aws_iam_policy_document" "cicd_policy" {
     ]
 
     resources = [
-      "${data.aws_ecr_repository.ecr.arn}",
+      data.aws_ecr_repository.ecr.arn,
     ]
   }
 
@@ -54,20 +54,20 @@ data "aws_iam_policy_document" "cicd_policy" {
     ]
 
     resources = [
-      "${aws_iam_role.app_role.arn}",
-      "${aws_iam_role.ecsTaskExecutionRole.arn}",
+      aws_iam_role.app_role.arn,
+      aws_iam_role.ecsTaskExecutionRole.arn,
     ]
   }
 }
 
 resource "aws_iam_user_policy" "cicd_user_policy" {
   name   = "${var.app}_${var.environment}_cicd"
-  user   = "${aws_iam_user.cicd.name}"
-  policy = "${data.aws_iam_policy_document.cicd_policy.json}"
+  user   = aws_iam_user.cicd.name
+  policy = data.aws_iam_policy_document.cicd_policy.json
 }
 
 data "aws_ecr_repository" "ecr" {
-  name = "${var.app}"
+  name = var.app
 }
 
 # The AWS keys for the CICD user to use in a build system
@@ -77,5 +77,5 @@ output "cicd_keys" {
 
 # The URL for the docker image repo in ECR
 output "docker_registry" {
-  value = "${data.aws_ecr_repository.ecr.repository_url}"
+  value = data.aws_ecr_repository.ecr.repository_url
 }

env/dev/ecs-event-stream.tf

@@ -18,12 +18,14 @@ resource "aws_cloudwatch_event_rule" "ecs_event_stream" {
       "clusterArn": ["${aws_ecs_cluster.app.arn}"]
     }
   }
-  PATTERN
+  
+PATTERN
+
 }
 
 resource "aws_cloudwatch_event_target" "ecs_event_stream" {
-  rule = "${aws_cloudwatch_event_rule.ecs_event_stream.name}"
-  arn  = "${aws_lambda_function.ecs_event_stream.arn}"
+  rule = aws_cloudwatch_event_rule.ecs_event_stream.name
+  arn = aws_lambda_function.ecs_event_stream.arn
 }
 
 data "template_file" "lambda_source" {
@@ -32,44 +34,45 @@ exports.handler = (event, context, callback) => {
   console.log(JSON.stringify(event));
 }
 EOF
+
 }
 
 data "archive_file" "lambda_zip" {
-  type                    = "zip"
-  source_content          = "${data.template_file.lambda_source.rendered}"
-  source_content_filename = "index.js"
-  output_path             = "lambda-${var.app}.zip"
+type                    = "zip"
+source_content          = data.template_file.lambda_source.rendered
+source_content_filename = "index.js"
+output_path             = "lambda-${var.app}.zip"
 }
 
 resource "aws_lambda_permission" "ecs_event_stream" {
-  statement_id  = "AllowExecutionFromCloudWatch"
-  action        = "lambda:InvokeFunction"
-  function_name = "${aws_lambda_function.ecs_event_stream.arn}"
-  principal     = "events.amazonaws.com"
-  source_arn    = "${aws_cloudwatch_event_rule.ecs_event_stream.arn}"
+statement_id  = "AllowExecutionFromCloudWatch"
+action        = "lambda:InvokeFunction"
+function_name = aws_lambda_function.ecs_event_stream.arn
+principal     = "events.amazonaws.com"
+source_arn    = aws_cloudwatch_event_rule.ecs_event_stream.arn
 }
 
 resource "aws_lambda_function" "ecs_event_stream" {
-  function_name    = "${var.app}-${var.environment}-ecs-event-stream"
-  role             = "${aws_iam_role.ecs_event_stream.arn}"
-  filename         = "${data.archive_file.lambda_zip.output_path}"
-  source_code_hash = "${data.archive_file.lambda_zip.output_base64sha256}"
-  handler          = "index.handler"
-  runtime          = "nodejs8.10"
-  tags             = "${var.tags}"
+function_name    = "${var.app}-${var.environment}-ecs-event-stream"
+role             = aws_iam_role.ecs_event_stream.arn
+filename         = data.archive_file.lambda_zip.output_path
+source_code_hash = data.archive_file.lambda_zip.output_base64sha256
+handler          = "index.handler"
+runtime          = "nodejs8.10"
+tags             = var.tags
 }
 
 resource "aws_lambda_alias" "ecs_event_stream" {
-  name             = "${aws_lambda_function.ecs_event_stream.function_name}"
-  description      = "latest"
-  function_name    = "${aws_lambda_function.ecs_event_stream.function_name}"
-  function_version = "$LATEST"
+name             = aws_lambda_function.ecs_event_stream.function_name
+description      = "latest"
+function_name    = aws_lambda_function.ecs_event_stream.function_name
+function_version = "$LATEST"
 }
 
 resource "aws_iam_role" "ecs_event_stream" {
-  name = "${aws_cloudwatch_event_rule.ecs_event_stream.name}"
+name = aws_cloudwatch_event_rule.ecs_event_stream.name
 
-  assume_role_policy = <<EOF
+assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -84,18 +87,19 @@ resource "aws_iam_role" "ecs_event_stream" {
   ]
 }
 EOF
+
 }
 
 resource "aws_iam_role_policy_attachment" "ecs_event_stream" {
-  role       = "${aws_iam_role.ecs_event_stream.name}"
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+role = aws_iam_role.ecs_event_stream.name
+policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
 }
 
 # cloudwatch dashboard with logs insights query
 resource "aws_cloudwatch_dashboard" "ecs-event-stream" {
-  dashboard_name = "${var.app}-${var.environment}-ecs-event-stream"
+dashboard_name = "${var.app}-${var.environment}-ecs-event-stream"
 
-  dashboard_body = <<EOF
+dashboard_body = <<EOF
 {
   "widgets": [
     {