Terraform 0.12 upgrade

Author: twistedgrim

modules/backup/examples/all_options.tf

@@ -33,6 +33,7 @@ module "backup" {
     },
   ]
   selection_name = "fullSelectionName"
+
   # Vault
   vault_name = "newVault"
   plan_tags = {
@@ -42,6 +43,7 @@ module "backup" {
   schedule          = "cron(0 12 * * ? *)"
   start_window      = 240
   completion_window = 600
+
   # Use Lifecycle Cold Storage
   use_lifecycle = true
   lifecycle = {
@@ -54,6 +56,8 @@ module "backup" {
   vault_tags = {
     vault_tag = "vault_tag_value"
   }
+
   # Using a custom KMS key for encryption
   kms_key_arn = "arn:aws:kms:us-west-2:<account>:key/e267ea23-9d4d-a24e-247bc44f5fae"
 }
+

modules/backup/examples/backup_default_role.tf

@@ -14,15 +14,15 @@ locals {
 module "backup" {
   source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-backup//modules/backup/?ref=v0.0.3"
 
-  environment = "${local.tags["Environment"]}"
+  environment = local.tags["Environment"]
 
   lifecycle = {
     delete_after = 35
   }
 
   lifecycle_enable = true
-  plan_name        = "${local.plan_name}"
-  plan_tags        = "${local.tags}"
+  plan_name        = local.plan_name
+  plan_tags        = local.tags
   rule_name        = "Daily"
   schedule         = "cron(0 5 ? * * *)"
   selection_name   = "fullSelectionName"
@@ -31,11 +31,12 @@ module "backup" {
     {
       type  = "STRINGEQUALS"
       key   = "BackupPlan"
-      value = "${local.plan_name}"
+      value = local.plan_name
     },
   ]
 
   start_window = 60
   vault_name   = "${local.tags["Environment"]}-Vault"
-  vault_tags   = "${local.tags}"
+  vault_tags   = local.tags
 }
+

modules/backup/examples/backup_default_role_efs.tf

@@ -14,10 +14,12 @@ locals {
 module "efs" {
   source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-efs//?ref=v0.0.8"
 
-  custom_tags = "${merge(
+  custom_tags = merge(
     local.tags,
-    map("BackupPlan", "${local.plan_name}")
-  )}"
+    {
+      "BackupPlan" = local.plan_name
+    },
+  )
 
   name            = "${local.tags["Environment"]}-EFS"
   security_groups = ["sg-1234567890abcdef1"]
@@ -28,16 +30,16 @@ module "backup" {
   source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-backup//modules/backup/?ref=v0.0.3"
 
   completion_window = 300
-  environment       = "${local.tags["Environment"]}"
+  environment       = local.tags["Environment"]
 
   lifecycle = {
     cold_storage_after = 30
     delete_after       = 120
   }
 
   lifecycle_enable = true
-  plan_name        = "${local.plan_name}"
-  plan_tags        = "${local.tags}"
+  plan_name        = local.plan_name
+  plan_tags        = local.tags
   rule_name        = "Daily"
   schedule         = "cron(0 5 ? * * *)"
   selection_name   = "fullSelectionName"
@@ -46,11 +48,12 @@ module "backup" {
     {
       type  = "STRINGEQUALS"
       key   = "BackupPlan"
-      value = "${local.plan_name}"
+      value = local.plan_name
     },
   ]
 
   start_window = 60
   vault_name   = "${local.tags["Environment"]}-Vault"
-  vault_tags   = "${local.tags}"
+  vault_tags   = local.tags
 }
+

modules/backup/main.tf

@@ -40,52 +40,47 @@
 
 locals {
   tags = {
-    Environment     = "${var.environment}"
+    Environment     = var.environment
     ServiceProvider = "Rackspace"
   }
 
-  plan_tags = "${merge(
-    local.tags,
-    var.plan_tags
-  )}"
+  plan_tags = merge(local.tags, var.plan_tags)
 
-  vault_tags = "${merge(
-    local.tags,
-    var.vault_tags
-  )}"
+  vault_tags = merge(local.tags, var.vault_tags)
 }
 
 module "vault" {
   source = "../vault"
 
-  kms_key_arn = "${var.kms_key_arn}"
-  tags        = "${local.vault_tags}"
-  vault_name  = "${var.vault_name}"
+  kms_key_arn = var.kms_key_arn
+  tags        = local.vault_tags
+  vault_name  = var.vault_name
 }
 
 module "plan" {
   source = "../plan"
 
-  completion_window   = "${var.completion_window}"
-  lifecycle           = "${var.lifecycle}"
-  lifecycle_enable    = "${var.lifecycle_enable}"
-  plan_name           = "${var.plan_name}"
-  recovery_point_tags = "${var.recovery_point_tags}"
-  rule_name           = "${var.rule_name}"
-  schedule            = "${var.schedule}"
-  start_window        = "${var.start_window}"
-  tags                = "${local.plan_tags}"
-  target_vault_name   = "${module.vault.vault_name}"
+  completion_window   = var.completion_window
+  lifecycle           = var.lifecycle
+  lifecycle_enable    = var.lifecycle_enable
+  plan_name           = var.plan_name
+  recovery_point_tags = var.recovery_point_tags
+  rule_name           = var.rule_name
+  schedule            = var.schedule
+  start_window        = var.start_window
+  tags                = local.plan_tags
+  target_vault_name   = module.vault.vault_name
 }
 
 module "selection" {
   source = "../selection"
 
-  create_iam_role = "${var.create_iam_role}"
-  iam_role_arn    = "${var.iam_role_arn}"
-  iam_role_name   = "${var.iam_role_name}"
-  plan_id         = "${module.plan.plan_id}"
-  selection_name  = "${var.selection_name}"
-  resources       = "${var.resources}"
-  selection_tag   = "${var.selection_tag}"
+  create_iam_role = var.create_iam_role
+  iam_role_arn    = var.iam_role_arn
+  iam_role_name   = var.iam_role_name
+  plan_id         = module.plan.plan_id
+  selection_name  = var.selection_name
+  resources       = var.resources
+  selection_tag   = var.selection_tag
 }
+

modules/backup/outputs.tf

@@ -1,39 +1,40 @@
 output "backup_iam_role_arn" {
   description = "ARN for given IAM Role or newly created IAM Role."
-  value       = "${module.selection.backup_iam_role_arn}"
+  value       = module.selection.backup_iam_role_arn
 }
 
 output "plan_arn" {
   description = "Plan ARN."
-  value       = "${module.plan.plan_arn}"
+  value       = module.plan.plan_arn
 }
 
 output "plan_id" {
   description = "Plan ID"
-  value       = "${module.plan.plan_id}"
+  value       = module.plan.plan_id
 }
 
 output "plan_version" {
   description = "Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan."
-  value       = "${module.plan.plan_version}"
+  value       = module.plan.plan_version
 }
 
 output "selection_id" {
   description = "Backup Selection identifier."
-  value       = "${module.selection.selection_id}"
+  value       = module.selection.selection_id
 }
 
 output "vault_arn" {
   description = "The ARN of the vault."
-  value       = "${module.vault.vault_arn}"
+  value       = module.vault.vault_arn
 }
 
 output "vault_name" {
   description = "The name of the vault."
-  value       = "${module.vault.vault_name}"
+  value       = module.vault.vault_name
 }
 
 output "vault_recovery_points" {
   description = "The number of recovery points that are stored in a backup vault."
-  value       = "${module.vault.vault_recovery_points}"
+  value       = module.vault.vault_recovery_points
 }
+

modules/backup/variables.tf

@@ -1,36 +1,36 @@
 variable "completion_window" {
   description = "The amount of time AWS Backup attempts a backup before canceling the job and returning an error. Defaults to 8 hours. Completion windows only apply to EFS backups."
-  type        = "string"
+  type        = string
   default     = 480
 }
 
 variable "create_iam_role" {
   description = "Create a new IAM role that AWS Backup uses to authenticate when backing up the target resource(s) using the default policy, `AWSBackupServiceRolePolicyForBackup`. Setting this to `true` must be accompanied by `iam_role_name`. If this is `false` and both `iam_role_arn` and `iam_role_name` are empty the module will attempt to use the default AWS Backup role, `AWSBackupDefaultServiceRole`."
-  type        = "string"
+  type        = string
   default     = false
 }
 
 variable "environment" {
   description = "Application environment for which these resources are being created, e.g. Production, Development, etc."
-  type        = "string"
+  type        = string
   default     = "Development"
 }
 
 variable "iam_role_arn" {
   description = "Optional, the ARN of an existing IAM role that AWS Backup uses to authenticate when backing up the target resource(s). Must have the appropriate permissions for the target(s) and AWS Backup."
-  type        = "string"
+  type        = string
   default     = ""
 }
 
 variable "iam_role_name" {
   description = "Optional, the name for the IAM Role to be created if setting `create_iam_role` to `true`."
-  type        = "string"
+  type        = string
   default     = ""
 }
 
 variable "kms_key_arn" {
   description = "Optional server-side KMS encryption key that is used to protect your backups. If this is not provided AWS Backup will use a default aws:kms key for this service."
-  type        = "string"
+  type        = string
   default     = ""
 }
 
@@ -42,53 +42,54 @@ variable "lifecycle" {
     See [examples](./examples).
 EOF
 
-  type    = "map"
+
+  type    = map(string)
   default = {}
 }
 
 variable "lifecycle_enable" {
   description = "Set to `true` if an input was provided for variable `lifecycle`."
-  type        = "string"
+  type        = string
   default     = false
 }
 
 variable "plan_name" {
   description = "The display name of the backup plan."
-  type        = "string"
+  type        = string
 }
 
 variable "plan_tags" {
   description = "Map of tags to assign to created plan."
-  type        = "map"
+  type        = map(string)
   default     = {}
 }
 
 variable "recovery_point_tags" {
   description = "Map of tags to assign to created recovery points. Note that changes to this variable once set will require the rule to be deleted due to Terraform providers issues [8431](https://github.com/terraform-providers/terraform-provider-aws/issues/8431) and [8737](https://github.com/terraform-providers/terraform-provider-aws/issues/8737)."
-  type        = "map"
+  type        = map(string)
   default     = {}
 }
 
 variable "resources" {
   description = "Optional list of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan. Must use `selection_tag` and/or `resources`. i.e ['arn:aws:ec2:us-east-1:123456789012:volume/','arn:aws:ec2:us-east-1:56789012234:volume/']"
-  type        = "list"
+  type        = list(string)
   default     = []
 }
 
 variable "rule_name" {
   description = "A display name for the backup rule."
-  type        = "string"
+  type        = string
 }
 
 variable "schedule" {
   description = "A CRON expression specifying when AWS Backup initiates a backup job. Default is 05:00 UTC every day. Consult https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html for expression help."
-  type        = "string"
+  type        = string
   default     = "cron(0 5 ? * * *)"
 }
 
 variable "selection_name" {
   description = "The display name of the resource selection document."
-  type        = "string"
+  type        = string
 }
 
 variable "selection_tag" {
@@ -100,24 +101,26 @@ variable "selection_tag" {
     See [examples](./examples).
 EOF
 
-  type    = "list"
+
+  type    = list(string)
   default = []
 }
 
 variable "start_window" {
   description = "The amount of time in minutes after a backup is scheduled before a job is canceled if it doesn't start successfully. Minimum and Default value is 60. Max is 720 (12 Hours)."
-  type        = "string"
+  type        = string
   default     = 60
 }
 
 variable "vault_name" {
   description = "Name of the backup vault to create."
-  type        = "string"
+  type        = string
 }
 
 variable "vault_tags" {
   description = "Map of tags to assign to created vault."
 
-  type    = "map"
+  type    = map(string)
   default = {}
 }
+

modules/iam_default/main.tf

@@ -25,15 +25,15 @@ resource "aws_iam_role" "backup_service" {
   name               = "AWSBackupDefaultServiceRole"
   description        = "Provides AWS Backup permission to create backups and perform restores on your behalf across AWS services."
   path               = "/service-role/"
-  assume_role_policy = "${data.aws_iam_policy_document.backup_assume.json}"
+  assume_role_policy = data.aws_iam_policy_document.backup_assume.json
 }
 
 resource "aws_iam_role_policy_attachment" "backup" {
-  role       = "${aws_iam_role.backup_service.name}"
+  role       = aws_iam_role.backup_service.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
 }
 
 resource "aws_iam_role_policy_attachment" "restore" {
-  role       = "${aws_iam_role.backup_service.name}"
+  role       = aws_iam_role.backup_service.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores"
 }