feat(config-recorder): support aws provider v6

Author: posquit0

modules/config-recorder/README.md

@@ -2,14 +2,15 @@
 # Authorization for Aggregators
 ###################################################
 
+# TODO: Not yet support `region` for AWS provider v6
 resource "aws_config_aggregate_authorization" "this" {
   for_each = {
     for aggregator in var.authorized_aggregators :
     "${aggregator.account}:${aggregator.region}" => aggregator
   }
 
-  account_id = each.value.account
-  region     = each.value.region
+  account_id            = each.value.account
+  authorized_aws_region = each.value.region
 
   tags = merge(
     local.module_tags,
@@ -29,6 +30,8 @@ resource "aws_config_configuration_aggregator" "account" {
     aggregation.name => aggregation
   }
 
+  region = var.region
+
   name = each.key
 
   account_aggregation_source {
@@ -53,6 +56,8 @@ resource "aws_config_configuration_aggregator" "account" {
 resource "aws_config_configuration_aggregator" "organization" {
   count = var.organization_aggregation.enabled ? 1 : 0
 
+  region = var.region
+
   name = var.organization_aggregation.name
 
   organization_aggregation_source {

modules/config-recorder/aggregator.tf

@@ -13,7 +13,7 @@ module "role__recorder" {
   count = var.default_service_role.enabled ? 1 : 0
 
   source  = "tedilabs/account/aws//modules/iam-role"
-  version = "~> 0.28.0"
+  version = "~> 0.32.0"
 
   name = coalesce(
     var.default_service_role.name,
@@ -39,9 +39,11 @@ module "role__recorder" {
     var.default_service_role.inline_policies
   )
 
-  force_detach_policies  = true
-  resource_group_enabled = false
-  module_tags_enabled    = false
+  force_detach_policies = true
+  resource_group = {
+    enabled = false
+  }
+  module_tags_enabled = false
 
   tags = merge(
     local.module_tags,
@@ -53,7 +55,7 @@ module "role__aggregator" {
   count = var.organization_aggregation.enabled && var.default_organization_aggregator_role.enabled ? 1 : 0
 
   source  = "tedilabs/account/aws//modules/iam-role"
-  version = "~> 0.28.0"
+  version = "~> 0.32.0"
 
   name = coalesce(
     var.default_organization_aggregator_role.name,
@@ -74,9 +76,11 @@ module "role__aggregator" {
   )
   inline_policies = var.default_organization_aggregator_role.inline_policies
 
-  force_detach_policies  = true
-  resource_group_enabled = false
-  module_tags_enabled    = false
+  force_detach_policies = true
+  resource_group = {
+    enabled = false
+  }
+  module_tags_enabled = false
 
   tags = merge(
     local.module_tags,

modules/config-recorder/iam.tf

@@ -60,6 +60,8 @@ locals {
 ###################################################
 
 resource "aws_config_configuration_recorder" "this" {
+  region = var.region
+
   name = var.name
   role_arn = (var.default_service_role.enabled
     ? module.role__recorder[0].arn
@@ -101,6 +103,8 @@ resource "aws_config_configuration_recorder" "this" {
 }
 
 resource "aws_config_configuration_recorder_status" "this" {
+  region = var.region
+
   name       = aws_config_configuration_recorder.this.name
   is_enabled = var.enabled
 
@@ -110,6 +114,8 @@ resource "aws_config_configuration_recorder_status" "this" {
 }
 
 resource "aws_config_retention_configuration" "this" {
+  region = var.region
+
   retention_period_in_days = var.retention_period
 }
 
@@ -119,6 +125,8 @@ resource "aws_config_retention_configuration" "this" {
 ###################################################
 
 resource "aws_config_delivery_channel" "this" {
+  region = var.region
+
   name = aws_config_configuration_recorder.this.name
 
   s3_bucket_name = var.delivery_channels.s3_bucket.name

modules/config-recorder/main.tf

@@ -1,3 +1,8 @@
+output "region" {
+  description = "The AWS region this module resources resides in."
+  value       = aws_config_configuration_recorder.this.region
+}
+
 output "name" {
   description = "The name of the recorder."
   value       = aws_config_configuration_recorder.this.name

modules/config-recorder/outputs.tf

@@ -16,6 +16,8 @@ module "resource_group" {
 
   count = (var.resource_group.enabled && var.module_tags_enabled) ? 1 : 0
 
+  region = var.region
+
   name        = local.resource_group_name
   description = var.resource_group.description
 

modules/config-recorder/resource-group.tf

@@ -1,3 +1,10 @@
+variable "region" {
+  description = "(Optional) The region in which to create the module resources. If not provided, the module resources will be created in the provider's configured region."
+  type        = string
+  default     = null
+  nullable    = true
+}
+
 variable "name" {
   description = "(Optional) The name of the recorder. Defaults to `default`. Changing it recreates the resource."
   type        = string
@@ -269,9 +276,6 @@ variable "module_tags_enabled" {
 # Resource Group
 ###################################################
 
-
-
-
 variable "resource_group" {
   description = <<EOF
   (Optional) A configurations of Resource Group for this module. `resource_group` as defined below.

modules/config-recorder/variables.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.6"
+  required_version = ">= 1.12"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.39"
+      version = ">= 6.12"
     }
   }
 }