release prep

.gitignore

@@ -6,3 +6,4 @@
 .kitchen
 .kitchen.local.yml
 Gemfile.lock
+terraform.tfstate.d

.kitchen.yml

@@ -19,4 +19,4 @@ suites:
     verifier:
       name: "awspec"
       patterns:
-      - "test/integration/default/local_alb.rb"
+      - "test/integration/default/test_alb.rb"

.ruby-version

@@ -0,0 +1 @@
+2.4.2

.travis.yml

@@ -21,8 +21,8 @@ before_script:
   - export AWS_REGION=$(docker run --env AWS_DEFAULT_REGION=us-east-2 --env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} --env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} garland/aws-cli-docker aws ec2 describe-regions --query 'Regions[].{Name:RegionName}' --output text | shuf | head -n1)
   - export TF_VAR_region=${AWS_REGION}
   - echo "using AWS_REGION=${AWS_REGION}"
-  - curl --silent --output terraform.zip https://releases.hashicorp.com/terraform/0.11.0/terraform_0.11.0_linux_amd64.zip
-  - sha256sum terraform.zip  | grep "402b4333792967986383670134bb52a8948115f83ab6bda35f57fa2c3c9e9279" -q
+  - curl --silent --output terraform.zip https://releases.hashicorp.com/terraform/0.11.2/terraform_0.11.2_linux_amd64.zip
+  - sha256sum terraform.zip  | grep "f728fa73ff2a4c4235a28de4019802531758c7c090b6ca4c024d48063ab8537b" -q
   - unzip terraform.zip ; rm -f terraform.zip; chmod +x terraform
   - mkdir -p ${HOME}/bin ; export PATH=${PATH}:${HOME}/bin; mv terraform ${HOME}/bin/
   - terraform -v

CHANGELOG.md

@@ -5,9 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
 project adheres to [Semantic Versioning](http://semver.org/).
 
-## [v2.4.0] - Unreleased
+## [v2.4.0] - 2018-01-19
 
 * Remove `region` input. If you'd like to customise the AWS provider configuration, this is supported using the new `providers` input which is a core Terraform feature. [Read more.](https://www.terraform.io/docs/modules/usage.html#providers-within-modules)
+* update CI to use terraform 0.11.2 and KT 3.1.0.
+* `alb_arn_suffix` output added for external consumption.
+* Several formatting changes to adhere to convention.
 
 ## [v2.3.2] - 2017-12-18
 
@@ -114,8 +117,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Changed
 
-* Restructured project templates to alb dir to add testing. This is a breaking
-  change so upping major version.
+* Restructured project templates to alb dir to add testing. This is a breaking change so upping major version.
 * Redundant examples dir removed
 * Updated documentation
 

Gemfile

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 ruby '2.4.2'
 
 source 'https://rubygems.org/' do
-  gem 'kitchen-verifier-awspec'
-  gem 'rhcl'
-  gem 'awspec'
-  gem 'kitchen-terraform', '>= 3.0.0'
+  gem 'awspec', '~> 1.0.0'
+  gem 'kitchen-terraform', '~> 3.1'
+  gem 'kitchen-verifier-awspec', '~> 0.1.1'
+  gem 'rhcl', '~> 0.1.0'
 end

README.md

@@ -1,4 +1,5 @@
 # terraform-aws-alb
+
 A Terraform module containing common configurations for an AWS Application Load
 Balancer (ALB) running over HTTP/HTTPS. Available through the [terraform registry](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws).
 
@@ -7,33 +8,38 @@ Balancer (ALB) running over HTTP/HTTPS. Available through the [terraform registr
 | master | [![build Status](https://travis-ci.org/terraform-aws-modules/terraform-aws-alb.svg?branch=master)](https://travis-ci.org/terraform-aws-modules/terraform-aws-alb) |
 
 ## Assumptions
+
 * You want to create a set of resources for the ALB: namely an associated target group and listener.
-* You've created a Virtual Private Cloud (VPC) + subnets where you intend to put
-this ALB.
+* You've created a Virtual Private Cloud (VPC) + subnets where you intend to put this ALB.
 * You have one or more security groups to attach to the ALB.
 * You want to configure a listener for HTTPS/HTTP
 * You've uploaded an SSL certificate to AWS IAM if using HTTPS
 
 The module supports both (mutually exclusive):
+
 * Internal IP ALBs
 * External IP ALBs
 
 It's recommended you use this module with [terraform-aws-vpc](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws),
 [terraform-aws-security-group](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws), and
 [terraform-aws-autoscaling](https://registry.terraform.io/modules/terraform-aws-modules/autoscaling/aws/).
 
-## Why ALB instead of ELB?
+## Why ALB instead of ELB
+
 The use-case presented here appears almost identical to how one would use an ELB
 but we inherit a few bonuses by moving to ALB. Those are best outlined in [AWS's
 documentation](https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/).
 For an example of using ALB with ECS look no further than the [hashicorp example](https://github.com/terraform-providers/terraform-provider-aws/blob/master/examples/ecs-alb).
 
 ## Resources, inputs, outputs
+
 [Resources](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=resources), [inputs](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=inputs), and [outputs](https://registry.terraform.io/modules/terraform-aws-modules/alb/aws?tab=outputs) documented in the terraform registry.
 
 ## Usage example
+
 A full example leveraging other community modules is contained in the [examples/test_fixtures directory](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/examples/test_fixtures). Here's the gist of using it via the Terraform registry:
-```
+
+```hcl
 module "alb" {
   source                        = "terraform-aws-modules/alb/aws"
   alb_name                      = "my-alb"
@@ -46,7 +52,7 @@ module "alb" {
   create_log_bucket             = true
   enable_logging                = true
   log_bucket_name               = "logs-us-east-2-123456789012"
-  log_location_prefix           = "my-alb-logs"
+  log_location_prefix           = "my-alb-logs
   health_check_path             = "/"
 
   tags {
@@ -55,41 +61,48 @@ module "alb" {
   }
 }
 ```
-3. Always `terraform plan` to see your change before running `terraform apply`.
-4. Win the day!
 
 ## Testing
+
 This module has been packaged with [awspec](https://github.com/k1LoW/awspec) tests through test kitchen. To run them:
+
 1. Install [rvm](https://rvm.io/rvm/install) and the ruby version specified in the [Gemfile](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/Gemfile).
-2. Install bundler and the gems from our Gemfile:
-```
+1. Install bundler and the gems from our Gemfile:
+
+```bash
 gem install bundler; bundle install
 ```
-3. Ensure your AWS environment is configured (i.e. credentials and region) for test and set TF_VAR_region to a valid AWS region (e.g. `export TF_VAR_region=${AWS_REGION}`).
-4. Test using `kitchen test` from the root of the repo.
+
+1. Ensure your AWS environment is configured (i.e. credentials and region) for test and set TF_VAR_region to a valid AWS region (e.g. `export TF_VAR_region=${AWS_REGION}`).
+1. Test using `kitchen test` from the root of the repo.
 
 ## Contributing
+
 Report issues/questions/feature requests on in the [Issues](https://github.com/terraform-aws-modules/terraform-aws-alb/issues) section.
 
 Pull requests are welcome! Ideally create a feature branch and issue for every
 individual change made. These are the steps:
 
 1. Fork the repo to a personal space or org.
-2. Create your feature branch from master (`git checkout -b my-new-feature`).
-4. Commit your awesome changes (`git commit -am 'Added some feature'`).
-5. Push to the branch (`git push origin my-new-feature`).
-6. Create a new Pull Request and tell us about your changes.
+1. Create your feature branch from master (`git checkout -b my-new-feature`).
+1. Commit your awesome changes (`git commit -am 'Added some feature'`).
+1. Push to the branch (`git push origin my-new-feature`).
+1. Create a new Pull Request and tell us about your changes.
 
 ## IAM Permissions
+
 Testing and using this repo requires a minimum set of IAM permissions. Test permissions
 are listed in the [test_fixtures README](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/examples/test_fixtures/README.md).
 
 ## Change log
+
 The [changelog](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/CHANGELOG.md) captures all important release notes.
 
 ## Authors
+
 Created and maintained by [Brandon O'Connor](https://github.com/brandoconnor) - brandon@atscale.run.
 Many thanks to [the contributers listed here](https://github.com/terraform-aws-modules/terraform-aws-alb/graphs/contributors)!
 
 ## License
+
 MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-alb/tree/master/LICENSE) for full details.

data.tf

@@ -4,15 +4,9 @@ data "aws_elb_service_account" "main" {}
 
 data "aws_iam_policy_document" "bucket_policy" {
   statement {
-    sid = "AllowToPutLoadBalancerLogsToS3Bucket"
-
-    actions = [
-      "s3:PutObject",
-    ]
-
-    resources = [
-      "arn:aws:s3:::${var.log_bucket_name}/${var.log_location_prefix}/AWSLogs/${data.aws_caller_identity.current.account_id}/*",
-    ]
+    sid       = "AllowToPutLoadBalancerLogsToS3Bucket"
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::${var.log_bucket_name}/${var.log_location_prefix}/AWSLogs/${data.aws_caller_identity.current.account_id}/*"]
 
     principals {
       type        = "AWS"

examples/test_fixtures/README.md

@@ -1,12 +1,15 @@
 # test_fixtures example
+
 This set of templates serves two purposes:
 
-0. it shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
+1. it shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
 1. serves as the test infrastructure for CI on the project.
 
 ## IAM Permissions
+
 The following IAM policy is the minimum needed to execute the module from the test suite.
-```
+
+```json
 {
     "Version": "2012-10-17",
     "Statement": [
@@ -103,5 +106,4 @@ The following IAM policy is the minimum needed to execute the module from the te
         }
     ]
 }
-
 ```

examples/test_fixtures/data.tf

@@ -1,3 +1,7 @@
-data "aws_caller_identity" "fixtures" {}
+data "aws_caller_identity" "current" {}
 
 data "aws_availability_zones" "available" {}
+
+data "aws_region" "current" {
+  current = true
+}

examples/test_fixtures/main.tf

@@ -1,16 +1,18 @@
 terraform {
-  required_version = ">= 0.10.0"
+  required_version = ">= 0.11.2"
+}
+
+locals {
+  tags = "${map("Environment", "test", "GithubRepo", "tf-aws-alb", "GithubOrg", "terraform-aws-modules", "Workspace", "${terraform.workspace}")}"
 }
 
 provider "aws" {
-  region  = "${var.region}"
   version = ">= 1.0.0"
+  region  = "${var.region}"
 }
 
-provider "template" {}
-
 resource "aws_iam_server_certificate" "fixture_cert" {
-  name             = "test_cert-${data.aws_caller_identity.fixtures.account_id}-${var.region}"
+  name             = "test_cert-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
   certificate_body = "${file("${path.module}/../../examples/test_fixtures/certs/example.crt.pem")}"
   private_key      = "${file("${path.module}/../../examples/test_fixtures/certs/example.key.pem")}"
 
@@ -21,40 +23,38 @@ resource "aws_iam_server_certificate" "fixture_cert" {
 
 module "vpc" {
   source             = "terraform-aws-modules/vpc/aws"
-  name               = "my-vpc"
+  version            = "1.14.0"
+  name               = "test-vpc"
   cidr               = "10.0.0.0/16"
   azs                = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}"]
   private_subnets    = ["10.0.1.0/24", "10.0.2.0/24"]
-  public_subnets     = ["10.0.101.0/24", "10.0.102.0/24"]
+  public_subnets     = ["10.0.3.0/24", "10.0.4.0/24"]
   enable_nat_gateway = true
   single_nat_gateway = true
-  tags               = {}
+  tags               = "${local.tags}"
 }
 
 module "security-group" {
-  source = "terraform-aws-modules/security-group/aws"
-  name   = "my-sg-https"
-  vpc_id = "${module.vpc.vpc_id}"
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "1.12.0"
+  name    = "test-sg-https"
+  vpc_id  = "${module.vpc.vpc_id}"
+  tags    = "${local.tags}"
 }
 
 module "alb" {
   source                   = "../.."
-  alb_name                 = "my-alb"
+  alb_protocols            = ["HTTPS"]
+  alb_name                 = "test-alb"
   alb_security_groups      = ["${module.security-group.this_security_group_id}"]
-  region                   = "${var.region}"
-  vpc_id                   = "${module.vpc.vpc_id}"
-  subnets                  = "${module.vpc.public_subnets}"
   certificate_arn          = "${aws_iam_server_certificate.fixture_cert.arn}"
-  alb_protocols            = ["HTTPS"]
-  health_check_path        = "/"
   create_log_bucket        = true
   enable_logging           = true
-  log_bucket_name          = "logs-${var.region}-${data.aws_caller_identity.fixtures.account_id}"
-  log_location_prefix      = "${var.log_location_prefix}"
   force_destroy_log_bucket = true
-
-  tags {
-    "Terraform" = "true"
-    "Env"       = "${terraform.workspace}"
-  }
+  health_check_path        = "/"
+  log_bucket_name          = "logs-${data.aws_region.current.name}-${data.aws_caller_identity.current.account_id}"
+  log_location_prefix      = "${var.log_location_prefix}"
+  subnets                  = "${module.vpc.public_subnets}"
+  tags                     = "${local.tags}"
+  vpc_id                   = "${module.vpc.vpc_id}"
 }

examples/test_fixtures/outputs.tf

@@ -1,23 +1,19 @@
-/*
-Outputs used for tests
-*/
+output "account_id" {
+  value = "${data.aws_caller_identity.current.account_id}"
+}
 
 output "principal_account_id" {
   value = "${module.alb.principal_account_id}"
 }
 
-output "vpc_id" {
-  value = "${module.vpc.vpc_id}"
+output "region" {
+  value = "${var.region}"
 }
 
 output "sg_id" {
   value = "${module.security-group.this_security_group_id}"
 }
 
-output "account_id" {
-  value = "${data.aws_caller_identity.fixtures.account_id}"
-}
-
-output "region" {
-  value = "${var.region}"
+output "vpc_id" {
+  value = "${module.vpc.vpc_id}"
 }

main.tf

@@ -1,11 +1,9 @@
-### ALB resources
-
 resource "aws_alb" "main" {
   name            = "${var.alb_name}"
   subnets         = ["${var.subnets}"]
   security_groups = ["${var.alb_security_groups}"]
   internal        = "${var.alb_is_internal}"
-  tags            = "${merge(var.tags, map("Name", format("%s", var.alb_name)))}"
+  tags            = "${merge(var.tags, map("Name", var.alb_name))}"
 
   access_logs {
     bucket  = "${var.log_bucket_name}"
@@ -21,7 +19,7 @@ resource "aws_s3_bucket" "log_bucket" {
   policy        = "${var.bucket_policy == "" ? data.aws_iam_policy_document.bucket_policy.json : var.bucket_policy}"
   force_destroy = "${var.force_destroy_log_bucket}"
   count         = "${var.create_log_bucket ? 1 : 0}"
-  tags          = "${merge(var.tags, map("Name", format("%s", var.log_bucket_name)))}"
+  tags          = "${merge(var.tags, map("Name", var.log_bucket_name))}"
 }
 
 resource "aws_alb_target_group" "target_group" {
@@ -48,7 +46,7 @@ resource "aws_alb_target_group" "target_group" {
     enabled         = "${ var.cookie_duration == 1 ? false : true}"
   }
 
-  tags = "${merge(var.tags, map("Name", format("%s-tg", var.alb_name)))}"
+  tags = "${merge(var.tags, map("Name", "${var.alb_name}-tg"))}"
 }
 
 resource "aws_alb_listener" "frontend_http" {