feat!: Upgrade AWS provider and min required Terraform version to 6.18 and 1.11 respectively

[bryantbiggs]

Description

List of backwards incompatible changes

• Terraform v1.11 is now minimum supported version to support write-only (wo_*) attributes.
• AWS provider v6.18 is now minimum supported version
• The underlying aws_security_group_rule resources has been replaced with aws_vpc_security_group_ingress_rule and aws_vpc_security_group_egress_rule to allow for more flexibility in defining security group rules.
• master_password is no longer supported and only the write-only equivalent is supported (master_password_wo and master_password_wo_version) (#513)
• security_group_rules has been split into security_group_ingress_rules and security_group_egress_rules to better match the AWS API and allow for more flexibility in defining security group rules

Additional changes

Added

• Support for region argument to specify the AWS region for the resources created if different from the provider region.

Modified

• Variable definitions now contain detailed object types in place of the previously used any type
• copy_tags_to_snapshot default value is now true (#521)
• db_cluster_parameter_group_parameters was previously of type list(map(...)), now of type map(object(...))with name being optional and defaulting to the map key if not provided
• preferred_maintenance_window and preferred_backup_window default values are now null (#524)

Removed

• None

Variable and output changes

1. Removed variables:

   • auto_minor_version_upgrade -> still available within the instances variable definition
   • ca_cert_identifier -> available within the instances variable definition
   • monitoring_interval -> still available within the instances variable definition
   • performance_insights_enabled -> still available within the instances variable definition
   • performance_insights_kms_key_id -> still available within the instances variable definition
   • performance_insights_retention_period -> still available within the instances variable definition
   • iam_role_managed_policy_arns -> deprecated argument on aws_iam_role resource
   • iam_role_force_detach_policies -> hardcode to true

2. Renamed variables:

   • instance_class -> cluster_instance_class
   • db_cluster_db_instance_parameter_group_name -> cluster_db_instance_parameter_group_name
   • role_associations was previously iam_roles
   • master_password replaced with master_password_wo and master_password_wo_version
   • The variables for DB shard group have been nested under a single, top-level shard_group variable:
     • create_shard_group removed - set shard_group to null to disable or provide an object to enable
     • compute_redundancy -> shard_group.compute_redundancy
     • db_shard_group_identifier -> shard_group.identifier
     • max_acu -> shard_group.max_acu
     • min_acu -> shard_group.min_acu
     • publicly_accessible -> shard_group.publicly_accessible
     • shard_group_tags -> shard_group.tags
     • shard_group_timeouts -> shard_group.timeouts
   • The variables for the cluster activity stream have been nested under a single, top-level cluster_activity_stream variable:
     • create_db_cluster_activity_stream removed - set cluster_activity_stream to null to disable or provide an object to enable
     • db_cluster_activity_stream_mode -> cluster_activity_stream.mode
     • db_cluster_activity_stream_kms_key_id -> cluster_activity_stream.kms_key_id
     • engine_native_audit_fields_included -> cluster_activity_stream.include_audit_fields
   • The variables for the cluster parameter group have been nested under a single, top-level cluster_parameter_group variable:
     • create_db_cluster_parameter_group removed - set cluster_parameter_group to null to disable or provide an object to enable
     • db_cluster_parameter_group_name -> cluster_parameter_group.name
     • db_cluster_parameter_group_use_name_prefix -> cluster_parameter_group.use_name_prefix
     • db_cluster_parameter_group_description -> cluster_parameter_group.description
     • db_cluster_parameter_group_family -> cluster_parameter_group.family
     • db_cluster_parameter_group_parameters -> cluster_parameter_group.parameters
   • The variables for the instance parameter group have been nested under a single, top-level db_parameter_group variable:
     • create_db_parameter_group removed - set db_parameter_group to null to disable or provide an object to enable
     • db_parameter_group_name -> db_parameter_group.name
       • A variable cluster_parameter_group_name has been retained for when users want to provide an existing cluster parameter group name.
     • db_parameter_group_use_name_prefix -> db_parameter_group.use_name_prefix
     • db_parameter_group_description -> db_parameter_group.description
     • db_parameter_group_family -> db_parameter_group.family
     • db_parameter_group_parameters -> db_parameter_group.parameters

3. Added variables:

   • region

Motivation and Context

• Resolves feat: Enhanced region support #509
• Resolves feat: Ephemeral password support #513
• Resolves Support AWS provider v6 #519
• Resolves default copy_tags_to_snapshot to true #521
• Resolves fix: Don't use a specific default value for preferred maintenance/backup windows for clusters #524

Breaking Changes

• Yes

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects
• I have executed pre-commit run -a on my pull request

[magreenbaum]

Maybe we need a dynamic block for timeouts or make the default {}.
This produces an error when null:

╷
│ Error: Attempt to get attribute from null value
│ 
│   on ../../modules/dsql/main.tf line 41, in resource "aws_dsql_cluster_peering" "this":
│   41:     create = var.timeouts.create
│     ├────────────────
│     │ var.timeouts is null
│ 
│ This value is null, so it does not have any attributes.

[bryantbiggs]

thank you - fixed in 42cb1ad

[magreenbaum]

The DSQL's witness region should be the same between the two clusters and also can't be the same as the regions the clusters are in. We would need to keep the region2 local var and use that for region and keep witness_region = local.witness_region in this second cluster.

[bryantbiggs]

thanks - I have zero understanding of DSQL 😅 . I believe its correct now and matches this example https://docs.aws.amazon.com/aurora-dsql/latest/userguide/multi-region-aws-cli.html in 42cb1ad

[magreenbaum]

Similar here I think needs to be a dynamic block for timeouts, got an error with the default set to null.

[bryantbiggs]

thank you - fixed in 42cb1ad

[antonbabenko]

I don't have anything to add.

@magreenbaum Thank you for helping with the review!