fix: 6764: solve merge conflict

Author: bolanlesd

.github/workflows/terraform_and_release.yml

@@ -33,19 +33,18 @@ jobs:
       - run: terraform validate
 
   release:
-   if: github.event_name == 'push'
-   needs: terraform
-   runs-on: ubuntu-latest
-
-   steps:
-   - uses: actions/checkout@v2
-   - name: Semantic Release
-     id: semantic
-     uses: cycjimmy/semantic-release-action@v2
-     env:
-       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-     with:
-       semantic_version: 17
-       extra_plugins: |
-         @semantic-release/changelog
-         @semantic-release/git
+    if: github.event_name == 'push'
+    needs: terraform
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Semantic Release
+      id: semantic
+      uses: cycjimmy/semantic-release-action@v2
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        semantic_version: 19
+        extra_plugins: |
+          @semantic-release/changelog@6
+          @semantic-release/git@10

CHANGELOG.md

@@ -1,3 +1,41 @@
+# [3.0.0](https://github.com/scribd/terraform-aws-datadog/compare/v2.7.0...v3.0.0) (2022-04-05)
+
+
+* feat!: enable support for aws provider 4.0+ (#49) ([5bc98cb](https://github.com/scribd/terraform-aws-datadog/commit/5bc98cb56b7dd1b697f3bfa64251515d8e8ff61c)), closes [#49](https://github.com/scribd/terraform-aws-datadog/issues/49)
+
+
+### BREAKING CHANGES
+
+* This release drops support for AWS provider <4.0
+
+When updating to this version, the diff will show each of the new resources as needing to be created. However, each of the new aws_s3_bucket_* resources relies on S3 API calls that utilize a PUT action in order to modify the target S3 bucket. Because these API calls adhere to standard HTTP methods for REST APIs, they should handle situations where the target configuration already exists (as noted in the HTTP RFC). Given that this is the case, it's not strictly necessary to import any new aws_s3_bucket_* resources that are a one-to-one translation from previous versions of the AWS provider -- on the next terraform apply, they'll attempt the PUT, and update the state with the results as necessary.
+
+# [2.7.0](https://github.com/scribd/terraform-aws-datadog/compare/v2.6.1...v2.7.0) (2022-03-07)
+
+
+### Features
+
+* enable support for Datadog provider 3.x ([e42de0e](https://github.com/scribd/terraform-aws-datadog/commit/e42de0e3ee6217db29251630370244e25debed6b))
+
+## [2.6.1](https://github.com/scribd/terraform-aws-datadog/compare/v2.6.0...v2.6.1) (2022-03-07)
+
+
+### Bug Fixes
+
+* restrict aws provider to <4 for this major branch ([#47](https://github.com/scribd/terraform-aws-datadog/issues/47)) ([07de45a](https://github.com/scribd/terraform-aws-datadog/commit/07de45adb3ff85fc925a9066dc581248f151fb49))
+
+# [2.6.0](https://github.com/scribd/terraform-aws-datadog/compare/v2.5.0...v2.6.0) (2022-01-19)
+
+
+### Bug Fixes
+
+* explicitly specify the versions for semantic-release ([#42](https://github.com/scribd/terraform-aws-datadog/issues/42)) ([09bd8b9](https://github.com/scribd/terraform-aws-datadog/commit/09bd8b96d3b78c302756e8b05baa2589b71daa4a))
+
+
+### Features
+
+* enable support for Terraform 1.1.3 ([#40](https://github.com/scribd/terraform-aws-datadog/issues/40)) ([51c5279](https://github.com/scribd/terraform-aws-datadog/commit/51c52792eed5f4b324420429677bbe9b10b0cef0))
+
 # [2.5.0](https://github.com/scribd/terraform-aws-datadog/compare/v2.4.0...v2.5.0) (2021-10-01)
 
 

README.md

@@ -72,8 +72,9 @@ Cloudwatch log sync are namspaced by module.
 
 ## Module Versions
 
-Version 2.0.0 and greater require terraform version 0.13.x. 
-Version 1.3.5 is the latest version that support terraform version 0.12.x. 
+**Version 3.x.x** and greater require terraform version > 0.13.x and AWS provider > 4.0.0.
+**Version 2.x.x** and greater require terraform version > 0.13.x and AWS provider < 4.0.0.  
+**Version 1.x.x** is the latest version that support terraform version 0.12.x and AWS provider < 4.0.0.  
 When using this module, please be sure to [pin to a compatible version](https://www.terraform.io/docs/configuration/modules.html#module-versions).
 
 ## Examples

logs_monitoring.tf

@@ -1,4 +1,4 @@
-resource aws_cloudformation_stack "datadog-forwarder" {
+resource "aws_cloudformation_stack" "datadog-forwarder" {
   name         = "${local.stack_prefix}datadog-forwarder"
   capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"]
   parameters = {
@@ -18,13 +18,13 @@ resource aws_cloudformation_stack "datadog-forwarder" {
   }
 }
 
-resource aws_secretsmanager_secret "datadog_api_key" {
+resource "aws_secretsmanager_secret" "datadog_api_key" {
   name_prefix = "${local.stack_prefix}datadog-api-key"
   description = "Datadog API Key"
   tags        = local.default_tags
 }
 
-resource aws_secretsmanager_secret_version "datadog_api_key" {
+resource "aws_secretsmanager_secret_version" "datadog_api_key" {
   secret_id     = aws_secretsmanager_secret.datadog_api_key.id
   secret_string = var.datadog_api_key
 }

logs_monitoring_cloudwatch_log.tf

@@ -7,7 +7,7 @@ resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter
   distribution    = "Random"
 }
 
-resource aws_lambda_permission "allow_cloudwatch_logs_to_call_dd_lambda_handler" {
+resource "aws_lambda_permission" "allow_cloudwatch_logs_to_call_dd_lambda_handler" {
   count         = length(var.cloudwatch_log_groups)
   statement_id  = "${replace(var.cloudwatch_log_groups[count.index], "/", "_")}-AllowExecutionFromCloudWatchLogs"
   action        = "lambda:InvokeFunction"

logs_monitoring_elb.tf

@@ -25,48 +25,46 @@ locals {
   elb_logs_s3_bucket = "${var.elb_logs_bucket_prefix}-${var.namespace}-${var.env}-elb-logs"
 }
 
+data aws_iam_policy_document "elb_logs" {
+  statement {
+    actions = [
+      "s3:PutObject"
+    ]
+    resources = [
+      "arn:aws:s3:::${local.elb_logs_s3_bucket}/*",
+    ]
+    principals {
+      type        = "AWS"
+      identifiers = [data.aws_elb_service_account.main.arn]
+    }
+    effect = "Allow"
+  }
+}
+
 resource "aws_s3_bucket" "elb_logs" {
   count  = var.create_elb_logs_bucket ? 1 : 0
   bucket = local.elb_logs_s3_bucket
-  acl    = "private"
-  policy = <<POLICY
-{
-  "Id": "Policy",
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": [
-        "s3:PutObject"
-      ],
-      "Effect": "Allow",
-      "Resource": "arn:aws:s3:::${local.elb_logs_s3_bucket}/*",
-      "Principal": {
-        "AWS": [
-          "${data.aws_elb_service_account.main.arn}"
-        ]
-      }
-    }
-  ]
 }
-POLICY
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
+resource "aws_s3_bucket_policy" "elb_logs" {
+  count  = var.create_elb_logs_bucket ? 1 : 0
+  bucket = aws_s3_bucket.elb_logs[0].id
+  policy = data.aws_iam_policy_document.elb_logs.json
+}
 
-  lifecycle_rule {
-    id      = "log"
-    enabled = true
+resource "aws_s3_bucket_acl" "elb_logs" {
+  count  = var.create_elb_logs_bucket ? 1 : 0
+  bucket = aws_s3_bucket.elb_logs[0].id
+  acl    = "private"
+}
 
-    tags = {
-      "rule"      = "log"
-      "autoclean" = "true"
-    }
+resource "aws_s3_bucket_lifecycle_configuration" "elb_logs" {
+  count  = var.create_elb_logs_bucket ? 1 : 0
+  bucket = aws_s3_bucket.elb_logs[0].id
 
+  # Remove old versions of images after 15 days
+  rule {
+    id = "log"
     transition {
       days          = 30
       storage_class = "STANDARD_IA" # or "ONEZONE_IA"
@@ -80,6 +78,18 @@ POLICY
     expiration {
       days = 365 # store logs for one year
     }
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "elb_logs" {
+  count  = var.create_elb_logs_bucket ? 1 : 0
+  bucket = aws_s3_bucket.elb_logs[0].id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
   }
 
   lifecycle_rule {

main.tf

@@ -59,10 +59,9 @@ resource "aws_iam_policy" "datadog-core" {
         "cloudformation:DetectStack*",
         "cloudfront:GetDistributionConfig",
         "cloudfront:ListDistributions",
+        "cloudtrail:LookupEvents",
         "cloudtrail:DescribeTrails",
         "cloudtrail:GetTrailStatus",
-        "cloudtrail:LookupEvents",
-        "cloudwatch:ListMetrics",
         "cloudwatch:Describe*",
         "cloudwatch:Get*",
         "cloudwatch:List*",
@@ -119,9 +118,9 @@ resource "aws_iam_policy" "datadog-core" {
         "ses:Get*",
         "sns:List*",
         "sns:Publish",
-        "sqs:ListQueues",
         "states:ListStateMachines",
         "states:DescribeStateMachine",
+        "sqs:ListQueues",
         "support:*",
         "tag:GetResources",
         "tag:GetTagKeys",

versions.tf

@@ -1,10 +1,15 @@
 terraform {
-  required_version = ">= 0.13, < 1.1.0"
+  required_version = ">= 0.13, < 1.3.0"
 
   required_providers {
     datadog = {
       source  = "DataDog/datadog"
-      version = ">= 2.10, < 3"
+      version = ">= 2.10, < 4"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
     }
   }
 }