Merge pull request #396 from mdr-engineering/feature/ftd_MSOCI-2089_FixDeprecatedStuff

Fixes some of the deprecated field names from the AWS 4.0 updated

base/aws_client_vpn/vpn.tf

@@ -14,7 +14,8 @@ resource "aws_ec2_client_vpn_endpoint" "vpn" {
   server_certificate_arn = aws_acm_certificate.cert.arn
   self_service_portal = "enabled" # requires a self_service_saml_provider in authentication_options
 
-  # TODO: Specify DNS Servers
+  security_group_ids = [aws_security_group.vpn_access.id]
+
   dns_servers = var.dns_servers
 
   # Certificate based authenticaiton requires the certificate be in the same account
@@ -45,7 +46,6 @@ resource "aws_ec2_client_vpn_network_association" "vpn_subnets" {
 
   client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.vpn.id
   subnet_id = var.public_subnets[count.index]
-  security_groups = [aws_security_group.vpn_access.id]
 
   lifecycle {
     // The issue why we are ignoring changes is that on every change

base/bastion/main.tf

@@ -210,6 +210,27 @@ resource "aws_security_group_rule" "ssh-in" {
   security_group_id = aws_security_group.bastion_security_group.id
 }
 
+# Uncomment for performance testing of the VPN
+#resource "aws_security_group_rule" "iperf-in" {
+#  description       = "iperf testing"
+#  type              = "ingress"
+#  from_port         = 4000
+#  to_port           = 4000
+#  protocol          = "tcp"
+#  cidr_blocks       = [ "0.0.0.0/0" ]
+#  security_group_id = aws_security_group.bastion_security_group.id
+#}
+#
+#resource "aws_security_group_rule" "iperf-udp-in" {
+#  description       = "iperf testing"
+#  type              = "ingress"
+#  from_port         = 4000
+#  to_port           = 4000
+#  protocol          = "udp"
+#  cidr_blocks       = [ "0.0.0.0/0" ]
+#  security_group_id = aws_security_group.bastion_security_group.id
+#}
+
 resource "aws_security_group_rule" "ssh-out" {
   type = "egress"
   from_port = 22

base/customer_portal/elb.tf

@@ -75,7 +75,7 @@ resource "aws_lb_listener" "portal_https_redirect" {
 
 # Attach the instances to the ELB
 resource "aws_autoscaling_attachment" "customer_portal_asg_attachment" {
-  alb_target_group_arn = aws_alb_target_group.portal.arn
+  lb_target_group_arn = aws_alb_target_group.portal.arn
   autoscaling_group_name = aws_autoscaling_group.customer_portal.name
 }
 

base/customer_portal/rds.tf

@@ -30,7 +30,7 @@ resource "aws_db_instance" "postgres" {
   identifier                  = "customerportal"
   kms_key_id                  = aws_kms_key.customer_portal_kms.arn
   maintenance_window          = "Mon:00:00-Mon:03:00"
-  name                        = "customerportal"
+  db_name                     = "customerportal"
   password                    = var.environment == "test" ? "foobarbaz" : "050ff734-fb33-9248-13e4-7d8ad2e899a0"
   port                        = 5432
   skip_final_snapshot         = var.environment == "test" ? "true" : "false"

base/jira/rds_jira/main.tf

@@ -17,10 +17,10 @@ output "ca_cert_identifier" {
 
 module "jira_db" {
   source = "terraform-aws-modules/rds/aws"
-  version = "~> v3.0"
+  version = "~> v4.0"
 
   identifier = var.identifier # this is the RDS identifier, not the DB name
-  name = "jira" # the DB name
+  db_name = "jira" # the DB name
 
   engine = "postgres"
   auto_minor_version_upgrade = true
@@ -60,9 +60,10 @@ module "jira_db" {
 
   # DB subnet group
   subnet_ids = var.subnets
+  create_db_subnet_group = true
 
   # Snapshot name upon DB deletion
-  final_snapshot_identifier = "${var.identifier}-final-snapshot"
+  final_snapshot_identifier_prefix = "${var.identifier}-final-snapshot"
 
   # Database Deletion Protection
   deletion_protection = var.instance_termination_protection

base/rhsso/rds.tf

@@ -33,10 +33,10 @@ resource "random_password" "password" {
 
 module "rhsso_db" {
   source = "terraform-aws-modules/rds/aws"
-  version = "~> v3.0"
+  version = "~> v4.0"
 
   identifier = var.identifier # this is the RDS identifier, not the DB name
-  name = "rhsso" # the DB name
+  db_name = "rhsso" # the DB name
 
   engine             = "postgres"
   #engine_version     = "12.7" # leave this disabled if you're doing auto_minor_version upgrades
@@ -72,6 +72,7 @@ module "rhsso_db" {
 
   # DB subnet group
   subnet_ids = var.private_subnets
+  create_db_subnet_group = true
 
   # DB parameter group
   family = "postgres12"

base/s3_bucket_writer_role/main.tf

@@ -86,7 +86,7 @@ data "aws_iam_policy_document" "base_policy" {
 }
 
 data "aws_iam_policy_document" "kms_policy" {
-  source_json = data.aws_iam_policy_document.base_policy.json
+  source_policy_documents = [ data.aws_iam_policy_document.base_policy.json ]
 
   statement {
     sid       = "UseTheKMSKey"

base/splunk_servers/indexer_cluster/elb-private.tf

@@ -117,6 +117,6 @@ resource "aws_lb_target_group" "hec_pvt_8088" {
 # Attach the instances to the ELB
 resource "aws_autoscaling_attachment" "hec_pvt_asg_attachments" {
   for_each = var.splunk_private_hec ? toset([ module.indexer0.asg_name[0], module.indexer1.asg_name[0], module.indexer2.asg_name[0] ]) : []
-  alb_target_group_arn = aws_lb_target_group.hec_pvt_8088[0].arn
+  lb_target_group_arn = aws_lb_target_group.hec_pvt_8088[0].arn
   autoscaling_group_name = each.key
 }

base/splunk_servers/indexer_cluster/elb-without-ack.tf

@@ -113,6 +113,6 @@ resource "aws_lb_target_group" "hec_8088" {
 # Attach the instnaces to the ELB
 resource "aws_autoscaling_attachment" "hec_asg_attachments" {
   for_each = toset([ module.indexer0.asg_name[0], module.indexer1.asg_name[0], module.indexer2.asg_name[0] ])
-  alb_target_group_arn = aws_lb_target_group.hec_8088.arn
+  lb_target_group_arn = aws_lb_target_group.hec_8088.arn
   autoscaling_group_name = each.key
 }

base/splunk_servers/indexer_cluster/nlb-splunk-data.tf

@@ -57,7 +57,7 @@ resource "aws_lb_target_group" "nlb_targets" {
 
 resource "aws_autoscaling_attachment" "nlb_asg_attachments" {
   for_each = toset([ module.indexer0.asg_name[0], module.indexer1.asg_name[0], module.indexer2.asg_name[0] ])
-  alb_target_group_arn   = aws_lb_target_group.nlb_targets.arn
+  lb_target_group_arn    = aws_lb_target_group.nlb_targets.arn
   autoscaling_group_name = each.key
 }
 

base/splunk_servers/legacy_hec/elb-without-ack-internal.tf

@@ -94,6 +94,6 @@ resource "aws_lb_target_group" "hec_internal_8088" {
 # Attach the instances to the ELB
 resource "aws_autoscaling_attachment" "hec_internal_asg_attachments" {
   for_each = local.is_moose ? toset( var.elb_attachments ) : []
-  alb_target_group_arn = aws_lb_target_group.hec_internal_8088[0].arn
+  lb_target_group_arn = aws_lb_target_group.hec_internal_8088[0].arn
   autoscaling_group_name = each.key
 }

base/splunk_servers/legacy_hec/elb-without-ack.tf

@@ -160,6 +160,6 @@ resource "aws_lb_target_group" "hec_8088" {
 # Attach the instnaces to the ELB
 resource "aws_autoscaling_attachment" "hec_asg_attachments" {
   for_each = toset( var.elb_attachments )
-  alb_target_group_arn = aws_lb_target_group.hec_8088.arn
+  lb_target_group_arn = aws_lb_target_group.hec_8088.arn
   autoscaling_group_name = each.key
 }