fix: remove awscc references from provider (#103)

* fix: remove awscc references from provider

* heredoc to jsonencode

Author: quixoticmonk

.header.md

@@ -21,7 +21,7 @@ The following is a basic example, see examples folder for more complete examples
 
 ```hcl
 module "ec2-image-builder" {
-  source                = "aws-ia/ec2-image-builder/aws"
+  source              = "aws-ia/ec2-image-builder/aws"
   name                = "basic-ec2-image"
   vpc_id              = "<ENTER_VPC_ID>"
   subnet_id           = "<ENTER_SUBNET_ID>"

CONTRIBUTING.md

@@ -30,7 +30,7 @@ It is a best practice to perform these checks locally prior to submitting a pull
 - tfsec
 - Markdown Lint
 - Checkov
-- Terratest
+- Terraform test
 
 > :bangbang: The readme.md file will be created after all checks have completed successfuly, it is recommended that you install terraform-docs locally in order to preview your readme.md file prior to publication.
 
@@ -76,18 +76,6 @@ terraform plan -out tf.plan
 terraform show -json tf.plan  > tf.json 
 checkov 
 ```
-### Terratest
-
-Include tests to validate your examples/<> root modules, at a minimum. This can be accomplished with usually only slight modifications to the [boilerplate test provided in this template](./test/examples\_basic\_test.go)
-
-```
-# from the root of the repository
-cd test
-go mod init github.com/aws-ia/terraform-project-ephemeral
-go mod tidy
-go install github.com/gruntwork-io/terratest/modules/terraform
-go test -timeout 45m
-```
 
 ## Documentation
 

README.md

@@ -22,7 +22,7 @@ The following is a basic example, see examples folder for more complete examples
 
 ```hcl
 module "ec2-image-builder" {
-  source                = "aws-ia/ec2-image-builder/aws"
+  source              = "aws-ia/ec2-image-builder/aws"
   name                = "basic-ec2-image"
   vpc_id              = "<ENTER_VPC_ID>"
   subnet_id           = "<ENTER_SUBNET_ID>"

examples/linux/README.md

@@ -25,28 +25,33 @@ This example creates the following resources:
 
 ## How to Deploy
 
-### Prerequisites:
+### Prerequisites
+
 Ensure that you have installed the following tools in your Mac or Windows Laptop before start working with this module and run Terraform Plan and Apply
 
 1. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
 2. [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli)
 
 ### Deployment Steps
+
 #### Step 1: Clone the repo using the command below
 
 ```sh
 git clone https://github.com/aws-ia/terraform-aws-ec2-image-builder.git
 ```
 
 #### Step 2: Run Terraform INIT
+
 Initialize a working directory with configuration files
 
 ```sh
 cd examples/linux/
+
 terraform init
 ```
 
 #### Step 3: Run Terraform PLAN
+
 Verify the resources created by this execution
 
 ```sh
@@ -55,6 +60,7 @@ terraform plan
 ```
 
 #### Step 4: Finally, Terraform APPLY
+
 Create the resources
 
 ```sh
@@ -67,21 +73,20 @@ Enter `yes` to apply.
 
 Output of Terraform apply should look similar
 
-```
+```sh
 module.ec2-image-builder.aws_imagebuilder_image.imagebuilder_image[0]: Creation complete after 1h3m56s [id=arn:aws:imagebuilder:ap-southeast-2:XXXXXXXX:image/myfirstpipeline-image-recipe/0.0.2/1]
 ```
 
 Login to AWS Console, go to the AWS Region where resources are deployed, and go to the location showed on the Terraform output, for example:
 
-EC2 Image Builder > Images > myfirstpipeline-image-recipe | 0.0.2 > myfirstpipeline-image-recipe | 0.0.2/1
+EC2 Image Builder > Images > "myfirstpipeline-image-recipe 0.0.2" > "myfirstpipeline-image-recipe 0.0.2/1"
 
 You can see the AMI ID on the output resources:
 
-<p align="center">
-  <img src="../../images/outputresources.png" alt="AMI generated by EC2 Image Builder" width="100%">
-</p>
+![AMI generated by EC2 Image Builder](../../images/outputresources.png)
 
 ## Cleanup
+
 To clean up your environment, destroy the Terraform module.
 
 *NOTE:* Empty the S3 bucket created by this module before executing the `terraform destroy`
@@ -92,15 +97,19 @@ terraform destroy -auto-approve
 
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.4.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0.0, < 4.0.0 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 4.0.0, < 5.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 3.0.0, < 4.0.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | >= 4.0.0, < 5.0.0 |
 
 ## Modules
 

examples/linux/main.tf

@@ -73,23 +73,23 @@ module "ec2-image-builder" {
 resource "aws_kms_key" "imagebuilder_image_recipe_kms_key" {
   description         = "Imagebuilder Image Recipe KMS key"
   enable_key_rotation = true
-  policy              = <<POLICY
-  {
-    "Version": "2012-10-17",
-    "Id": "default",
-    "Statement": [
-      {
-        "Sid": "DefaultAllow",
-        "Effect": "Allow",
-        "Principal": {
-          "AWS": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
-        },
-        "Action": "kms:*",
-        "Resource": "*"
-      }
-    ]
-  }
-POLICY
+  policy = jsonencode(
+    {
+      "Version" : "2012-10-17",
+      "Id" : "default",
+      "Statement" : [
+        {
+          "Sid" : "DefaultAllow",
+          "Effect" : "Allow",
+          "Principal" : {
+            "AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+          },
+          "Action" : "kms:*",
+          "Resource" : "*"
+        }
+      ]
+    }
+  )
 }
 
 resource "aws_s3_object" "upload_scripts" {
@@ -105,23 +105,23 @@ resource "aws_s3_object" "upload_scripts" {
 resource "aws_kms_key" "aws_imagebuilder_component_kms_key" {
   description         = "Imagebuilder Component KMS key"
   enable_key_rotation = true
-  policy              = <<POLICY
-  {
-    "Version": "2012-10-17",
-    "Id": "default",
-    "Statement": [
-      {
-        "Sid": "DefaultAllow",
-        "Effect": "Allow",
-        "Principal": {
-          "AWS": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
-        },
-        "Action": "kms:*",
-        "Resource": "*"
-      }
-    ]
-  }
-POLICY
+  policy = jsonencode(
+    {
+      "Version" : "2012-10-17",
+      "Id" : "default",
+      "Statement" : [
+        {
+          "Sid" : "DefaultAllow",
+          "Effect" : "Allow",
+          "Principal" : {
+            "AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+          },
+          "Action" : "kms:*",
+          "Resource" : "*"
+        }
+      ]
+    }
+  )
 }
 
 resource "aws_imagebuilder_component" "linuxbuild" {
@@ -216,36 +216,36 @@ data "aws_iam_policy_document" "iam_policy_document" {
 resource "aws_s3_bucket_policy" "bucket_policy" {
   bucket = aws_s3_bucket.ec2_image_builder_components.id
 
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Principal": {
-        "AWS": "${data.aws_caller_identity.current.account_id}"
-      },
-      "Action": [ "s3:*" ],
-      "Resource": [
-        "${aws_s3_bucket.ec2_image_builder_components.arn}",
-        "${aws_s3_bucket.ec2_image_builder_components.arn}/*"
-      ]
-    },
+  policy = jsonencode(
     {
-  "Sid": "Deny non-HTTPS access",
-  "Effect": "Deny",
-  "Principal": "*",
-  "Action": [ "s3:*" ],
-  "Resource": "${aws_s3_bucket.ec2_image_builder_components.arn}/*",
-  "Condition": {
-    "Bool": {
-      "aws:SecureTransport": "false"
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Effect" : "Allow",
+          "Principal" : {
+            "AWS" : "${data.aws_caller_identity.current.account_id}"
+          },
+          "Action" : ["s3:*"],
+          "Resource" : [
+            "${aws_s3_bucket.ec2_image_builder_components.arn}",
+            "${aws_s3_bucket.ec2_image_builder_components.arn}/*"
+          ]
+        },
+        {
+          "Sid" : "Deny non-HTTPS access",
+          "Effect" : "Deny",
+          "Principal" : "*",
+          "Action" : ["s3:*"],
+          "Resource" : "${aws_s3_bucket.ec2_image_builder_components.arn}/*",
+          "Condition" : {
+            "Bool" : {
+              "aws:SecureTransport" : "false"
             }
-      }
-  }
-  ]
-}
-EOF
+          }
+        }
+      ]
+    }
+  )
 }
 
 resource "random_uuid" "random_uuid" {
@@ -254,23 +254,23 @@ resource "random_uuid" "random_uuid" {
 resource "aws_kms_key" "aws_s3_bucket_kms_key" {
   description         = "S3 Bucket KMS key"
   enable_key_rotation = true
-  policy              = <<POLICY
-  {
-    "Version": "2012-10-17",
-    "Id": "default",
-    "Statement": [
-      {
-        "Sid": "DefaultAllow",
-        "Effect": "Allow",
-        "Principal": {
-          "AWS": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
-        },
-        "Action": "kms:*",
-        "Resource": "*"
-      }
-    ]
-  }
-POLICY
+  policy = jsonencode(
+    {
+      "Version" : "2012-10-17",
+      "Id" : "default",
+      "Statement" : [
+        {
+          "Sid" : "DefaultAllow",
+          "Effect" : "Allow",
+          "Principal" : {
+            "AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+          },
+          "Action" : "kms:*",
+          "Resource" : "*"
+        }
+      ]
+    }
+  )
 }
 
 #tfsec:ignore:aws-s3-enable-bucket-logging
@@ -325,23 +325,23 @@ resource "aws_s3_bucket_public_access_block" "block_public_access" {
 resource "aws_kms_key" "aws_ssm_parameter_kms_key" {
   description         = "SSM Parameter KMS key"
   enable_key_rotation = true
-  policy              = <<POLICY
-  {
-    "Version": "2012-10-17",
-    "Id": "default",
-    "Statement": [
-      {
-        "Sid": "DefaultAllow",
-        "Effect": "Allow",
-        "Principal": {
-          "AWS": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
-        },
-        "Action": "kms:*",
-        "Resource": "*"
-      }
-    ]
-  }
-POLICY
+  policy = jsonencode(
+    {
+      "Version" : "2012-10-17",
+      "Id" : "default",
+      "Statement" : [
+        {
+          "Sid" : "DefaultAllow",
+          "Effect" : "Allow",
+          "Principal" : {
+            "AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+          },
+          "Action" : "kms:*",
+          "Resource" : "*"
+        }
+      ]
+    }
+  )
 }
 
 resource "tls_private_key" "imagebuilder" {
@@ -393,4 +393,4 @@ module "vpc" {
   single_nat_gateway = true
 
   tags = local.tags
-}
+}

examples/linux/providers.tf

@@ -2,11 +2,7 @@ terraform {
   required_version = ">= 1.4.0"
   required_providers {
     aws = {
-      source  = "hashicorp/aws"
-    }
-     awscc = {
-      source  = "hashicorp/awscc"
-      version = ">= 0.24.0"
+      source = "hashicorp/aws"
     }
     tls = {
       source  = "hashicorp/tls"
@@ -21,4 +17,4 @@ terraform {
 
 provider "aws" {
   region = local.aws_region
-}
+}