chore!: Rename resource aws_appsync_api_cache

Author: taufort

README.md

@@ -132,7 +132,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61.0 |
 
 ## Providers
@@ -149,7 +149,7 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_appsync_api_cache.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_api_cache) | resource |
+| [aws_appsync_api_cache.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_api_cache) | resource |
 | [aws_appsync_api_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_api_key) | resource |
 | [aws_appsync_datasource.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_datasource) | resource |
 | [aws_appsync_domain_name.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_domain_name) | resource |
@@ -188,15 +188,15 @@ No modules.
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name that AppSync gets associated with. | `string` | `""` | no |
 | <a name="input_domain_name_association_enabled"></a> [domain\_name\_association\_enabled](#input\_domain\_name\_association\_enabled) | Whether to enable domain name association on GraphQL API | `bool` | `false` | no |
 | <a name="input_domain_name_description"></a> [domain\_name\_description](#input\_domain\_name\_description) | A description of the Domain Name. | `string` | `null` | no |
-| <a name="input_dynamodb_allowed_actions"></a> [dynamodb\_allowed\_actions](#input\_dynamodb\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_DYNAMODB | `list(string)` | <pre>[<br/>  "dynamodb:GetItem",<br/>  "dynamodb:PutItem",<br/>  "dynamodb:DeleteItem",<br/>  "dynamodb:UpdateItem",<br/>  "dynamodb:Query",<br/>  "dynamodb:Scan",<br/>  "dynamodb:BatchGetItem",<br/>  "dynamodb:BatchWriteItem"<br/>]</pre> | no |
-| <a name="input_elasticsearch_allowed_actions"></a> [elasticsearch\_allowed\_actions](#input\_elasticsearch\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_ELASTICSEARCH | `list(string)` | <pre>[<br/>  "es:ESHttpDelete",<br/>  "es:ESHttpHead",<br/>  "es:ESHttpGet",<br/>  "es:ESHttpPost",<br/>  "es:ESHttpPut"<br/>]</pre> | no |
+| <a name="input_dynamodb_allowed_actions"></a> [dynamodb\_allowed\_actions](#input\_dynamodb\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_DYNAMODB | `list(string)` | <pre>[<br>  "dynamodb:GetItem",<br>  "dynamodb:PutItem",<br>  "dynamodb:DeleteItem",<br>  "dynamodb:UpdateItem",<br>  "dynamodb:Query",<br>  "dynamodb:Scan",<br>  "dynamodb:BatchGetItem",<br>  "dynamodb:BatchWriteItem"<br>]</pre> | no |
+| <a name="input_elasticsearch_allowed_actions"></a> [elasticsearch\_allowed\_actions](#input\_elasticsearch\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_ELASTICSEARCH | `list(string)` | <pre>[<br>  "es:ESHttpDelete",<br>  "es:ESHttpHead",<br>  "es:ESHttpGet",<br>  "es:ESHttpPost",<br>  "es:ESHttpPut"<br>]</pre> | no |
 | <a name="input_enhanced_metrics_config"></a> [enhanced\_metrics\_config](#input\_enhanced\_metrics\_config) | Nested argument containing Lambda Ehanced metrics configuration. | `map(string)` | `{}` | no |
-| <a name="input_eventbridge_allowed_actions"></a> [eventbridge\_allowed\_actions](#input\_eventbridge\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_EVENTBRIDGE | `list(string)` | <pre>[<br/>  "events:PutEvents"<br/>]</pre> | no |
+| <a name="input_eventbridge_allowed_actions"></a> [eventbridge\_allowed\_actions](#input\_eventbridge\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_EVENTBRIDGE | `list(string)` | <pre>[<br>  "events:PutEvents"<br>]</pre> | no |
 | <a name="input_functions"></a> [functions](#input\_functions) | Map of functions to create | `any` | `{}` | no |
 | <a name="input_graphql_api_tags"></a> [graphql\_api\_tags](#input\_graphql\_api\_tags) | Map of tags to add to GraphQL API | `map(string)` | `{}` | no |
 | <a name="input_iam_permissions_boundary"></a> [iam\_permissions\_boundary](#input\_iam\_permissions\_boundary) | ARN for iam permissions boundary | `string` | `null` | no |
 | <a name="input_introspection_config"></a> [introspection\_config](#input\_introspection\_config) | Whether to enable or disable introspection of the GraphQL API. | `string` | `null` | no |
-| <a name="input_lambda_allowed_actions"></a> [lambda\_allowed\_actions](#input\_lambda\_allowed\_actions) | List of allowed IAM actions for datasources type AWS\_LAMBDA | `list(string)` | <pre>[<br/>  "lambda:invokeFunction"<br/>]</pre> | no |
+| <a name="input_lambda_allowed_actions"></a> [lambda\_allowed\_actions](#input\_lambda\_allowed\_actions) | List of allowed IAM actions for datasources type AWS\_LAMBDA | `list(string)` | <pre>[<br>  "lambda:invokeFunction"<br>]</pre> | no |
 | <a name="input_lambda_authorizer_config"></a> [lambda\_authorizer\_config](#input\_lambda\_authorizer\_config) | Nested argument containing Lambda authorizer configuration. | `map(string)` | `{}` | no |
 | <a name="input_log_cloudwatch_logs_role_arn"></a> [log\_cloudwatch\_logs\_role\_arn](#input\_log\_cloudwatch\_logs\_role\_arn) | Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account. | `string` | `null` | no |
 | <a name="input_log_exclude_verbose_content"></a> [log\_exclude\_verbose\_content](#input\_log\_exclude\_verbose\_content) | Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. | `bool` | `false` | no |
@@ -206,14 +206,14 @@ No modules.
 | <a name="input_logs_role_tags"></a> [logs\_role\_tags](#input\_logs\_role\_tags) | Map of tags to add to Cloudwatch logs IAM role | `map(string)` | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of GraphQL API | `string` | `""` | no |
 | <a name="input_openid_connect_config"></a> [openid\_connect\_config](#input\_openid\_connect\_config) | Nested argument containing OpenID Connect configuration. | `map(string)` | `{}` | no |
-| <a name="input_opensearchservice_allowed_actions"></a> [opensearchservice\_allowed\_actions](#input\_opensearchservice\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_OPENSEARCH\_SERVICE | `list(string)` | <pre>[<br/>  "es:ESHttpDelete",<br/>  "es:ESHttpHead",<br/>  "es:ESHttpGet",<br/>  "es:ESHttpPost",<br/>  "es:ESHttpPut"<br/>]</pre> | no |
+| <a name="input_opensearchservice_allowed_actions"></a> [opensearchservice\_allowed\_actions](#input\_opensearchservice\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_OPENSEARCH\_SERVICE | `list(string)` | <pre>[<br>  "es:ESHttpDelete",<br>  "es:ESHttpHead",<br>  "es:ESHttpGet",<br>  "es:ESHttpPost",<br>  "es:ESHttpPut"<br>]</pre> | no |
 | <a name="input_query_depth_limit"></a> [query\_depth\_limit](#input\_query\_depth\_limit) | The maximum depth a query can have in a single request. | `number` | `null` | no |
-| <a name="input_relational_database_allowed_actions"></a> [relational\_database\_allowed\_actions](#input\_relational\_database\_allowed\_actions) | List of allowed IAM actions for datasources type RELATIONAL\_DATABASE | `list(string)` | <pre>[<br/>  "rds-data:BatchExecuteStatement",<br/>  "rds-data:BeginTransaction",<br/>  "rds-data:CommitTransaction",<br/>  "rds-data:ExecuteStatement",<br/>  "rds-data:RollbackTransaction"<br/>]</pre> | no |
+| <a name="input_relational_database_allowed_actions"></a> [relational\_database\_allowed\_actions](#input\_relational\_database\_allowed\_actions) | List of allowed IAM actions for datasources type RELATIONAL\_DATABASE | `list(string)` | <pre>[<br>  "rds-data:BatchExecuteStatement",<br>  "rds-data:BeginTransaction",<br>  "rds-data:CommitTransaction",<br>  "rds-data:ExecuteStatement",<br>  "rds-data:RollbackTransaction"<br>]</pre> | no |
 | <a name="input_resolver_caching_ttl"></a> [resolver\_caching\_ttl](#input\_resolver\_caching\_ttl) | Default caching TTL for resolvers when caching is enabled | `number` | `60` | no |
 | <a name="input_resolver_count_limit"></a> [resolver\_count\_limit](#input\_resolver\_count\_limit) | The maximum number of resolvers that can be invoked in a single request. | `number` | `null` | no |
 | <a name="input_resolvers"></a> [resolvers](#input\_resolvers) | Map of resolvers to create | `any` | `{}` | no |
 | <a name="input_schema"></a> [schema](#input\_schema) | The schema definition, in GraphQL schema language format. Terraform cannot perform drift detection of this configuration. | `string` | `""` | no |
-| <a name="input_secrets_manager_allowed_actions"></a> [secrets\_manager\_allowed\_actions](#input\_secrets\_manager\_allowed\_actions) | List of allowed IAM actions for secrets manager datasources type RELATIONAL\_DATABASE | `list(string)` | <pre>[<br/>  "secretsmanager:GetSecretValue"<br/>]</pre> | no |
+| <a name="input_secrets_manager_allowed_actions"></a> [secrets\_manager\_allowed\_actions](#input\_secrets\_manager\_allowed\_actions) | List of allowed IAM actions for secrets manager datasources type RELATIONAL\_DATABASE | `list(string)` | <pre>[<br>  "secretsmanager:GetSecretValue"<br>]</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to add to all GraphQL resources created by this module | `map(string)` | `{}` | no |
 | <a name="input_user_pool_config"></a> [user\_pool\_config](#input\_user\_pool\_config) | The Amazon Cognito User Pool configuration. | `map(string)` | `{}` | no |
 | <a name="input_visibility"></a> [visibility](#input\_visibility) | The API visibility. Valid values: GLOBAL, PRIVATE. | `string` | `null` | no |

examples/complete/README.md

@@ -29,13 +29,14 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.1 |
+| <a name="provider_aws.us-east-1"></a> [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.1 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 3 |
+| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 3.0 |
 | <a name="module_appsync"></a> [appsync](#module\_appsync) | ../../ | n/a |
 | <a name="module_disabled"></a> [disabled](#module\_disabled) | ../../ | n/a |
 
@@ -48,11 +49,18 @@ Note that this example may create resources which cost money. Run `terraform des
 | [aws_route53_record.api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
 | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+| [aws_acm_certificate.existing_certificate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/acm_certificate) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_existing_acm_certificate"></a> [existing\_acm\_certificate](#input\_existing\_acm\_certificate) | Override this value to use an existing ACM certificate | <pre>object({<br>    # Use existing certificate (via data source) or create new one<br>    use         = optional(bool, false)<br>    domain_name = optional(string)<br>  })</pre> | `{}` | no |
+| <a name="input_existing_route53_zone"></a> [existing\_route53\_zone](#input\_existing\_route53\_zone) | Override this value to use an existing Route 53 zone | <pre>object({<br>    # Use existing zone (via data source) or create new one (will fail validation, if zone is not reachable)<br>    use         = optional(bool, true)<br>    domain_name = optional(string, "terraform-aws-modules.modules.tf")<br>  })</pre> | <pre>{<br>  "domain_name": "pat-poc.edf.fr"<br>}</pre> | no |
+| <a name="input_main_region"></a> [main\_region](#input\_main\_region) | AWS main region | `string` | `"eu-west-1"` | no |
 
 ## Outputs
 

examples/complete/main.tf

@@ -1,5 +1,5 @@
 provider "aws" {
-  region = "eu-west-1"
+  region = var.main_region
 
   # Make it faster by skipping something
   skip_metadata_api_check     = true
@@ -24,60 +24,67 @@ provider "aws" {
 }
 
 locals {
-  # Use existing (via data source) or create new zone (will fail validation, if zone is not reachable)
-  use_existing_route53_zone = true
-
-  domain = "terraform-aws-modules.modules.tf"
-
   # Removing trailing dot from domain - just to be sure :)
-  domain_name = trimsuffix(local.domain, ".")
+  route53_domain_name = trimsuffix(var.existing_route53_zone.domain_name, ".")
 }
 
 data "aws_route53_zone" "this" {
-  count = local.use_existing_route53_zone ? 1 : 0
+  count = var.existing_route53_zone.use ? 1 : 0
 
-  name         = local.domain_name
+  name         = local.route53_domain_name
   private_zone = false
 }
 
 resource "aws_route53_zone" "this" {
-  count = !local.use_existing_route53_zone ? 1 : 0
-  name  = local.domain_name
+  count = !var.existing_route53_zone.use ? 1 : 0
+  name  = local.route53_domain_name
 }
 
 resource "aws_route53_record" "api" {
   zone_id = try(data.aws_route53_zone.this[0].zone_id, aws_route53_zone.this[0].zone_id)
-  name    = "api.${local.domain}"
+  name    = "api.${var.existing_route53_zone.domain_name}"
   type    = "CNAME"
   ttl     = "300"
   records = [module.appsync.appsync_domain_name]
 }
 
+data "aws_acm_certificate" "existing_certificate" {
+  count  = var.existing_acm_certificate.use ? 1 : 0
+  domain = var.existing_acm_certificate.domain_name
+
+  provider = aws.us-east-1
+}
+
 module "acm" {
+  count   = var.existing_acm_certificate.use ? 0 : 1
   source  = "terraform-aws-modules/acm/aws"
-  version = "~> 3"
+  version = "~> 3.0"
 
-  domain_name = local.domain_name
+  domain_name = local.route53_domain_name
   zone_id     = try(data.aws_route53_zone.this[0].zone_id, aws_route53_zone.this[0].zone_id)
 
   subject_alternative_names = [
-    "*.alerts.${local.domain_name}",
-    "new.sub.${local.domain_name}",
-    "*.${local.domain_name}",
-    "alerts.${local.domain_name}",
+    "*.alerts.${local.route53_domain_name}",
+    "new.sub.${local.route53_domain_name}",
+    "*.${local.route53_domain_name}",
+    "alerts.${local.route53_domain_name}",
   ]
 
   wait_for_validation = true
 
   tags = {
-    Name = local.domain_name
+    Name = local.route53_domain_name
   }
 
   providers = {
     aws = aws.us-east-1
   }
 }
 
+data "aws_caller_identity" "current" {}
+
+data "aws_region" "current" {}
+
 module "appsync" {
   source = "../../"
 
@@ -94,9 +101,9 @@ module "appsync" {
   query_depth_limit    = 10
   resolver_count_limit = 25
 
-  domain_name             = "api.${local.domain}"
+  domain_name             = "api.${var.existing_route53_zone.domain_name}"
   domain_name_description = "My ${random_pet.this.id} AppSync Domain"
-  certificate_arn         = module.acm.acm_certificate_arn
+  certificate_arn         = var.existing_acm_certificate.use ? data.aws_acm_certificate.existing_certificate[0].arn : module.acm[0].acm_certificate_arn
 
   caching_behavior                 = "PER_RESOLVER_CACHING"
   cache_type                       = "SMALL"
@@ -112,7 +119,7 @@ module "appsync" {
   authentication_type = "OPENID_CONNECT"
 
   lambda_authorizer_config = {
-    authorizer_uri = "arn:aws:lambda:eu-west-1:835367859851:function:appsync_auth_1"
+    authorizer_uri = "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:appsync_auth_1"
   }
 
   openid_connect_config = {

examples/complete/variables.tf

@@ -0,0 +1,27 @@
+variable "main_region" {
+  type        = string
+  description = "AWS main region"
+  default     = "eu-west-1"
+}
+
+variable "existing_route53_zone" {
+  type = object({
+    # Use existing zone (via data source) or create new one (will fail validation, if zone is not reachable)
+    use         = optional(bool, true)
+    domain_name = optional(string, "terraform-aws-modules.modules.tf")
+  })
+  description = "Override this value to use an existing Route 53 zone"
+  default = {
+    domain_name = "pat-poc.edf.fr"
+  }
+}
+
+variable "existing_acm_certificate" {
+  type = object({
+    # Use existing certificate (via data source) or create new one
+    use         = optional(bool, false)
+    domain_name = optional(string)
+  })
+  description = "Override this value to use an existing ACM certificate"
+  default     = {}
+}

main.tf

@@ -129,7 +129,7 @@ resource "aws_appsync_domain_name_api_association" "this" {
 }
 
 # API Cache
-resource "aws_appsync_api_cache" "example" {
+resource "aws_appsync_api_cache" "this" {
   count = var.create_graphql_api && var.caching_enabled ? 1 : 0
 
   api_id = aws_appsync_graphql_api.this[0].id

migrations.tf

@@ -0,0 +1,8 @@
+################################################################################
+# Migrations: v2.6.0 -> v3.0.0
+################################################################################
+
+moved {
+  from = aws_appsync_api_cache.example
+  to   = aws_appsync_api_cache.this
+}

versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.2"
 
   required_providers {
     aws = {

wrappers/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.2"
 
   required_providers {
     aws = {