Upgrade to aws provider 4.x in releases/

Mark-Simulacrum · Mark-Simulacrum · commit 2d3e3e4a3ccc · 2022-06-25T18:22:14.000-04:00
This brings in a few new resources, which will be useful when merging #108. The code delta is a no-op at plan time (after importing the new resources from S3 bucket resource expansion in 4.x).
diff --git a/terraform/releases/.terraform.lock.hcl b/terraform/releases/.terraform.lock.hcl
diff --git a/terraform/releases/_terraform.tf b/terraform/releases/_terraform.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.59"
+      version = "~> 4.20"
     }
     external = {
       source  = "hashicorp/external"
@@ -33,14 +33,12 @@ data "terraform_remote_state" "shared" {
 }
 
 provider "aws" {
-  profile = "default"
-  region  = "us-west-1"
+  region = "us-west-1"
 }
 
 provider "aws" {
-  profile = "default"
-  region  = "us-east-1"
-  alias   = "east1"
+  region = "us-east-1"
+  alias  = "east1"
 }
 
 data "aws_caller_identity" "current" {}
diff --git a/terraform/releases/impl/main.tf b/terraform/releases/impl/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source                = "hashicorp/aws"
-      version               = "~> 3.59"
+      version               = "~> 4.20"
       configuration_aliases = [aws.east1]
     }
   }
diff --git a/terraform/releases/impl/storage.tf b/terraform/releases/impl/storage.tf
@@ -1,33 +1,56 @@
 resource "aws_s3_bucket" "static" {
   bucket = var.bucket
-  acl    = "public-read"
+}
+
+resource "aws_s3_bucket_versioning" "static" {
+  bucket = aws_s3_bucket.static.bucket
 
-  versioning {
-    enabled = true
+  versioning_configuration {
+    status = "Enabled"
   }
+}
 
+resource "aws_s3_bucket_acl" "static" {
+  bucket = aws_s3_bucket.static.id
+  acl    = "public-read"
+}
+
+resource "aws_s3_bucket_cors_configuration" "static" {
+  bucket = aws_s3_bucket.static.id
   cors_rule {
     allowed_origins = ["*"]
     allowed_methods = ["GET"]
     max_age_seconds = 3000
     allowed_headers = ["Authorization"]
   }
+}
+
 
-  website {
-    index_document = "index.html"
-    error_document = "doc/nightly/not_found.html"
+resource "aws_s3_bucket_website_configuration" "static" {
+  bucket = aws_s3_bucket.static.id
+  index_document {
+    suffix = "index.html"
+  }
+  error_document {
+    key = "doc/nightly/not_found.html"
   }
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "static" {
+  bucket = aws_s3_bucket.static.id
 
   // Some files (such as the nightly tarballs) are overridden daily, creating
   // a bunch of old versions nobody cares about. This cleans up those files,
   // while keeping the past 3 months archived in case we need to rollback.
-  lifecycle_rule {
-    id      = "remove-old-versions"
-    enabled = true
+  rule {
+    id     = "remove-old-versions"
+    status = "Enabled"
 
-    abort_incomplete_multipart_upload_days = 2
+    abort_incomplete_multipart_upload {
+      days_after_initiation = 2
+    }
     noncurrent_version_expiration {
-      days = 90
+      noncurrent_days = 90
     }
   }
 }
diff --git a/terraform/releases/keys.tf b/terraform/releases/keys.tf
@@ -10,21 +10,26 @@ locals {
 
 resource "aws_s3_bucket" "release_keys" {
   bucket = "rust-release-keys"
-  acl    = "private"
+}
 
-  versioning {
-    enabled = true
-  }
+resource "aws_s3_bucket_server_side_encryption_configuration" "release_keys" {
+  bucket = aws_s3_bucket.release_keys.bucket
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
     }
   }
 }
 
+resource "aws_s3_bucket_versioning" "release_keys" {
+  bucket = aws_s3_bucket.release_keys.bucket
+
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
 resource "aws_s3_bucket_public_access_block" "release_keys" {
   bucket = aws_s3_bucket.release_keys.id
 
diff --git a/terraform/shared/modules/acm-certificate/main.tf b/terraform/shared/modules/acm-certificate/main.tf
@@ -6,7 +6,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.59"
+      version = "~> 4.20"
     }
   }
 }
diff --git a/terraform/shared/modules/lambda/main.tf b/terraform/shared/modules/lambda/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.59"
+      version = "~> 4.20"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ terraform {`
`6`	`6`	`required_providers {`
`7`	`7`	`aws = {`
`8`	`8`	`source = "hashicorp/aws"`
`9`		`- version = "~> 3.59"`
	`9`	`+ version = "~> 4.20"`
`10`	`10`	`}`
`11`	`11`	`external = {`
`12`	`12`	`source = "hashicorp/external"`
`@@ -33,14 +33,12 @@ data "terraform_remote_state" "shared" {`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`provider "aws" {`
`36`		`- profile = "default"`
`37`		`- region = "us-west-1"`
	`36`	`+ region = "us-west-1"`
`38`	`37`	`}`
`39`	`38`
`40`	`39`	`provider "aws" {`
`41`		`- profile = "default"`
`42`		`- region = "us-east-1"`
`43`		`- alias = "east1"`
	`40`	`+ region = "us-east-1"`
	`41`	`+ alias = "east1"`
`44`	`42`	`}`
`45`	`43`
`46`	`44`	`data "aws_caller_identity" "current" {}`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ terraform {`
`2`	`2`	`required_providers {`
`3`	`3`	`aws = {`
`4`	`4`	`source = "hashicorp/aws"`
`5`		`- version = "~> 3.59"`
	`5`	`+ version = "~> 4.20"`
`6`	`6`	`configuration_aliases = [aws.east1]`
`7`	`7`	`}`
`8`	`8`	`}`