Merge pull request #19 from schubergphilis/fvb/provider-v4

Support AWS Provider V4
schubergphilis · Mar 17, 2022 · 4f349ce · 4f349ce
2 parents f5f5392 + 2b2fe1e
commit 4f349ce
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 34 deletions.
diff --git a/README.md b/README.md
@@ -7,13 +7,13 @@ Terraform module to setup and manage an AWS Redshift cluster
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.0 |
-| aws | >= 3.50.0, < 4.0.0 |
+| aws | >= 4.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 3.50.0, < 4.0.0 |
+| aws | >= 4.0.0 |
 
 ## Inputs
 
@@ -26,8 +26,8 @@ Terraform module to setup and manage an AWS Redshift cluster
 | password | Password for the master DB user | `string` | n/a | yes |
 | tags | A mapping of tags to assign to the cluster | `map(string)` | n/a | yes |
 | username | Username for the master DB user | `string` | n/a | yes |
-| additional\_ingress\_rules | n/a | <pre>list(object({<br>    description        = string<br>    from_port          = number<br>    to_port            = number<br>    protocol           = string<br>    security_group_ids = list(string)<br>  }))</pre> | `[]` | no |
 | additional\_egress\_rules | n/a | <pre>list(object({<br>    description        = string<br>    from_port          = number<br>    to_port            = number<br>    protocol           = string<br>    security_group_ids = list(string)<br>    prefix_list_ids    = list(string)<br>  }))</pre> | `[]` | no |
+| additional\_ingress\_rules | n/a | <pre>list(object({<br>    description        = string<br>    from_port          = number<br>    to_port            = number<br>    protocol           = string<br>    security_group_ids = list(string)<br>  }))</pre> | `[]` | no |
 | automated\_snapshot\_retention\_period | The number of days automated snapshots should be retained | `number` | `1` | no |
 | availability\_zones | List of availability zones to deploy Redshift in | `list(string)` | `[]` | no |
 | cluster\_type | The cluster type to use (either `single-node` or `multi-node`) | `string` | `"single-node"` | no |

diff --git a/main.tf b/main.tf
@@ -89,35 +89,13 @@ resource "aws_redshift_parameter_group" "default" {
   }
 }
 
-#tfsec:ignore:aws-s3-enable-bucket-logging
-#tfsec:ignore:aws-s3-encryption-customer-key
-resource "aws_s3_bucket" "logging" {
-  count         = var.logging ? 1 : 0
-  bucket        = var.logging_bucket
-  force_destroy = var.force_destroy
-  policy        = data.aws_iam_policy_document.logging.json
-  tags          = var.tags
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-
-  versioning {
-    enabled = true
-  }
-}
-
-resource "aws_s3_bucket_public_access_block" "default" {
-  count                   = var.logging ? 1 : 0
-  bucket                  = aws_s3_bucket.logging[0].id
-  block_public_acls       = true
-  block_public_policy     = true
-  ignore_public_acls      = true
-  restrict_public_buckets = true
+module "logging_bucket" {
+  count      = var.logging ? 1 : 0
+  source     = "github.com/schubergphilis/terraform-aws-mcaf-s3?ref=v0.5.0"
+  name       = var.logging_bucket
+  policy     = data.aws_iam_policy_document.logging.json
+  versioning = true
+  tags       = var.tags
 }
 
 data "aws_redshift_service_account" "main" {}
@@ -177,7 +155,7 @@ resource "aws_redshift_cluster" "default" {
 
   logging {
     enable        = var.logging
-    bucket_name   = aws_s3_bucket.logging[0].id
+    bucket_name   = module.logging_bucket[0].name
     s3_key_prefix = "redshift-audit-logs/"
   }
 }
diff --git a/versions.tf b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.50.0, < 4.0.0"
+      version = ">= 4.0.0"
     }
   }
   required_version = ">= 0.12.0"