Update code after edit pass

code/opa/09-testing-terraform-code/README.md

@@ -1,13 +1,14 @@
 # OPA example
 
 This folder contains example [Open Policy Agent (OPA)](https://www.openpolicyagent.org/) policy that enforces all 
-module source URLs come from the `brikis98` GitHub org.
+resources include a specific tag.
 
 For more info, please see Chapter 9, "How to test Terraform code", of
 *[Terraform: Up and Running](http://www.terraformupandrunning.com)*.
 
 ## Quick start
 
-The best way to run this test is with Terratest. See 
-[opa_test.go](../../terraform/09-testing-terraform-code/test/opa_test.go).
+Please see the README in the companion Terraform module at 
+[09-testing-terraform-code/examples/opa](../../terraform/09-testing-terraform-code/examples/opa) for instructions on 
+how to use this policy to test that module.
 

code/opa/09-testing-terraform-code/enforce_tagging.rego

@@ -0,0 +1,6 @@
+package tuar
+
+allow {
+   resource_change := input.resource_changes[_]
+   resource_change.change.after.tags["ManagedBy"]
+}

code/packer/01-why-terraform/webserver.json

@@ -1,6 +1,6 @@
 {
   "builders": [{
-    "ami_name": "packer-example",
+    "ami_name": "packer-example-{{isotime | clean_resource_name}}",
     "instance_type": "t2.micro",
     "region": "us-east-2",
     "type": "amazon-ebs",
@@ -16,6 +16,7 @@
     ],
     "environment_vars": [
       "DEBIAN_FRONTEND=noninteractive"
-    ]
+    ],
+    "pause_before": "60s"
   }]
 }

code/ruby/04-terraform-modules/function-example.rb

@@ -1,6 +1,7 @@
+# Define the function in one place
 def example_function()
   puts "Hello, World"
 end
 
-# Other places in your code
+# Use the function in multiple other places
 example_function()

code/ruby/04-terraform-modules/function-with-input-and-output-params-example.rb

@@ -1,6 +1,7 @@
+# A function that returns a value
 def example_function(param1, param2)
   return "Hello, #{param1} #{param2}"
 end
 
-# Other places in your code
+# Call the function and get the return value
 return_value = example_function("foo", "bar")

code/ruby/04-terraform-modules/function-with-input-params-example.rb

@@ -1,6 +1,7 @@
+# A function with two input parameters
 def example_function(param1, param2)
   puts "Hello, #{param1} #{param2}"
 end
 
-# Other places in your code
+# Pass two input parameters to the function
 example_function("foo", "bar")

code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf

@@ -25,7 +25,6 @@ resource "aws_launch_configuration" "example" {
               EOF
 
   # Required when using a launch configuration with an auto scaling group.
-  # https://www.terraform.io/docs/providers/aws/r/launch_configuration.html
   lifecycle {
     create_before_destroy = true
   }

code/terraform/03-terraform-state/file-layout-example/global/s3/main.tf

@@ -23,7 +23,7 @@ resource "aws_s3_bucket" "terraform_state" {
 
 }
 
-# Enable versioning so you can see the full revision history of our
+# Enable versioning so you can see the full revision history of your
 # state files
 resource "aws_s3_bucket_versioning" "enabled" {
   bucket = aws_s3_bucket.terraform_state.id
@@ -38,7 +38,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
 
   rule {
     apply_server_side_encryption_by_default {
-      sse_algorithm     = "AES256"
+      sse_algorithm = "AES256"
     }
   }
 }

code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf

@@ -31,9 +31,9 @@ resource "aws_db_instance" "example" {
   engine              = "mysql"
   allocated_storage   = 10
   instance_class      = "db.t2.micro"
+  skip_final_snapshot = true
 
   db_name             = var.db_name
-  skip_final_snapshot = true
 
   username = var.db_username
   password = var.db_password

code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf

@@ -26,7 +26,6 @@ resource "aws_launch_configuration" "example" {
   })
 
   # Required when using a launch configuration with an auto scaling group.
-  # https://www.terraform.io/docs/providers/aws/r/launch_configuration.html
   lifecycle {
     create_before_destroy = true
   }

code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf

@@ -13,14 +13,14 @@ resource "aws_launch_configuration" "example" {
   image_id        = "ami-0fb653ca2d3203ac1"
   instance_type   = var.instance_type
   security_groups = [aws_security_group.instance.id]
-  user_data       = templatefile("${path.module}/user-data.sh", {
+
+  user_data = templatefile("${path.module}/user-data.sh", {
     server_port = var.server_port
     db_address  = data.terraform_remote_state.db.outputs.address
     db_port     = data.terraform_remote_state.db.outputs.port
   })
 
   # Required when using a launch configuration with an auto scaling group.
-  # https://www.terraform.io/docs/providers/aws/r/launch_configuration.html
   lifecycle {
     create_before_destroy = true
   }

code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf

@@ -16,6 +16,8 @@ provider "aws" {
 module "webserver_cluster" {
   source = "../../../modules/services/webserver-cluster"
 
+  # (parameters hidden for clarity)
+
   cluster_name           = var.cluster_name
   db_remote_state_bucket = var.db_remote_state_bucket
   db_remote_state_key    = var.db_remote_state_key

code/terraform/04-terraform-module/multi-repo-example/live/prod/services/webserver-cluster/main.tf

@@ -17,11 +17,7 @@ module "webserver_cluster" {
 
   # Since the terraform-up-and-running-code repo is open source, we're using an HTTPS URL here. If it was a private
   # repo, we'd instead use an SSH URL ([email protected]:brikis98/terraform-up-and-running-code.git) to leverage SSH auth
-  # TODO: restore proper source URL with ref 0.2.0 when ready!
-  # source = "github.com/brikis98/terraform-up-and-running-code//code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster?ref=v0.1.0"
-
-  # TODO: This is a temporary replacement for the proper source URL above!
-  source = "../../../../../module-example/modules/services/webserver-cluster"
+  source = "github.com/brikis98/terraform-up-and-running-code//code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster?ref=v0.2.0"
 
   cluster_name           = var.cluster_name
   db_remote_state_bucket = var.db_remote_state_bucket

code/terraform/04-terraform-module/multi-repo-example/live/stage/services/webserver-cluster/main.tf

@@ -17,11 +17,7 @@ module "webserver_cluster" {
 
   # Since the terraform-up-and-running-code repo is open source, we're using an HTTPS URL here. If it was a private
   # repo, we'd instead use an SSH URL ([email protected]:brikis98/terraform-up-and-running-code.git) to leverage SSH auth
-  # TODO: restore proper source URL with ref 0.2.0 when ready!
-  # source = "github.com/brikis98/terraform-up-and-running-code//code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster?ref=v0.1.0"
-
-  # TODO: This is a temporary replacement for the proper source URL above!
-  source = "../../../../../module-example/modules/services/webserver-cluster"
+  source = "github.com/brikis98/terraform-up-and-running-code//code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster?ref=v0.2.0"
 
   cluster_name           = var.cluster_name
   db_remote_state_bucket = var.db_remote_state_bucket

code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/string-directives/main.tf

@@ -2,33 +2,40 @@ terraform {
   required_version = ">= 1.0.0, < 2.0.0"
 }
 
-variable "name" {
-  description = "A name to render"
-  type        = string
-}
-
-output "if_else_directive" {
-  value = "Hello, %{ if var.name != "" }${var.name}%{ else }(unnamed)%{ endif }"
-}
-
 variable "names" {
   description = "Names to render"
   type        = list(string)
   default     = ["neo", "trinity", "morpheus"]
 }
 
 output "for_directive" {
+  value = "%{ for name in var.names }${name}, %{ endfor }"
+}
+
+output "for_directive_index" {
+  value = "%{ for i, name in var.names }(${i}) ${name}, %{ endfor }"
+}
+
+output "for_directive_index_if" {
   value = <<EOF
-%{ for name in var.names }
-  ${name}
+%{ for i, name in var.names }
+  ${name}%{ if i < length(var.names) - 1 }, %{ endif }
 %{ endfor }
 EOF
 }
 
-output "for_directive_strip_marker" {
+output "for_directive_index_if_strip" {
+  value = <<EOF
+%{~ for i, name in var.names ~}
+${name}%{ if i < length(var.names) - 1 }, %{ endif }
+%{~ endfor ~}
+EOF
+}
+
+output "for_directive_index_if_else_strip" {
   value = <<EOF
-%{~ for name in var.names }
-  ${name}
-%{~ endfor }
+%{~ for i, name in var.names ~}
+${name}%{ if i < length(var.names) - 1 }, %{ else }.%{ endif }
+%{~ endfor ~}
 EOF
 }

code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/outputs.tf

@@ -1,6 +1,6 @@
-output "neo_arn" {
+output "first_arn" {
   value       = aws_iam_user.example[0].arn
-  description = "The ARN for user Neo"
+  description = "The ARN for the first user"
 }
 
 output "all_arns" {

code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/services/webserver-cluster/main.tf

@@ -26,8 +26,8 @@ module "webserver_cluster" {
   enable_autoscaling   = true
 
   custom_tags = {
-    Owner      = "team-foo"
-    DeployedBy = "terraform"
+    Owner     = "team-foo"
+    ManagedBy = "terraform"
   }
 
 }

code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf

@@ -20,7 +20,6 @@ resource "aws_launch_configuration" "example" {
   })
 
   # Required when using a launch configuration with an auto scaling group.
-  # https://www.terraform.io/docs/providers/aws/r/launch_configuration.html
   lifecycle {
     create_before_destroy = true
   }

code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf

@@ -21,7 +21,6 @@ resource "aws_launch_configuration" "example" {
   })
 
   # Required when using a launch configuration with an auto scaling group.
-  # https://www.terraform.io/docs/providers/aws/r/launch_configuration.html
   lifecycle {
     create_before_destroy = true
   }

code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf

@@ -13,6 +13,7 @@ resource "aws_launch_configuration" "example" {
   image_id        = var.ami
   instance_type   = var.instance_type
   security_groups = [aws_security_group.instance.id]
+
   user_data       = templatefile("${path.module}/user-data.sh", {
     server_port = var.server_port
     db_address  = data.terraform_remote_state.db.outputs.address
@@ -21,7 +22,6 @@ resource "aws_launch_configuration" "example" {
   })
 
   # Required when using a launch configuration with an auto scaling group.
-  # https://www.terraform.io/docs/providers/aws/r/launch_configuration.html
   lifecycle {
     create_before_destroy = true
   }

code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/variables.tf

@@ -45,14 +45,14 @@ variable "enable_autoscaling" {
 
 variable "ami" {
   description = "The AMI to run in the cluster"
-  default     = "ami-0fb653ca2d3203ac1"
   type        = string
+  default     = "ami-0fb653ca2d3203ac1"
 }
 
 variable "server_text" {
   description = "The text the web server should return"
-  default     = "Hello, World"
   type        = string
+  default     = "Hello, World"
 }
 
 variable "custom_tags" {

code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf

@@ -17,22 +17,18 @@ resource "aws_instance" "example" {
   ami           = "ami-0fb653ca2d3203ac1"
   instance_type = "t2.micro"
 
-  # Use the instance profile; this, in turn, lets the EC2 instance use the IAM role
+  # Attach the instance profile
   iam_instance_profile = aws_iam_instance_profile.instance.name
-
-  tags = {
-    Name = var.name
-  }
 }
 
 # Create an IAM role
 resource "aws_iam_role" "instance" {
   name_prefix        = var.name
-  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
+  assume_role_policy = data.aws_iam_policy_document.assume_role.json
 }
 
 # Allow the IAM role to be assumed by EC2 instances
-data "aws_iam_policy_document" "assume_role_policy" {
+data "aws_iam_policy_document" "assume_role" {
   statement {
     effect  = "Allow"
     actions = ["sts:AssumeRole"]

code/terraform/06-managing-secrets-with-terraform/github-actions-oidc/main.tf

@@ -17,11 +17,13 @@ provider "aws" {
 resource "aws_iam_openid_connect_provider" "github_actions" {
   url             = "https://token.actions.githubusercontent.com"
   client_id_list  = ["sts.amazonaws.com"]
-  thumbprint_list = [data.tls_certificate.oidc_thumbprint.certificates[0].sha1_fingerprint]
+  thumbprint_list = [
+    data.tls_certificate.github.certificates[0].sha1_fingerprint
+  ]
 }
 
 # Fetch GitHub's OIDC thumbprint
-data "tls_certificate" "oidc_thumbprint" {
+data "tls_certificate" "github" {
   url = "https://token.actions.githubusercontent.com"
 }
 
@@ -45,11 +47,11 @@ data "aws_iam_policy_document" "assume_role_policy" {
     condition {
       test     = "StringEquals"
       variable = "token.actions.githubusercontent.com:sub"
-      # The repos and branches defined in var.allowed_repos_branches will be able to
-      # assume this IAM role
+      # The repos and branches defined in var.allowed_repos_branches
+      # will be able to assume this IAM role
       values = [
-        for allowed in var.allowed_repos_branches :
-        "repo:${allowed["org"]}/${allowed["repo"]}:ref:refs/heads/${allowed["branch"]}"
+        for a in var.allowed_repos_branches :
+        "repo:${a["org"]}/${a["repo"]}:ref:refs/heads/${a["branch"]}"
       ]
     }
   }

code/terraform/06-managing-secrets-with-terraform/github-actions-oidc/variables.tf

@@ -4,14 +4,14 @@
 # ---------------------------------------------------------------------------------------------------------------------
 
 variable "allowed_repos_branches" {
-  description = "The GitHub repos and branches that should be allowed to assume the IAM role."
-  type        = list(object({
+  description = "GitHub repos/branches allowed to assume the IAM role."
+  type = list(object({
     org    = string
     repo   = string
     branch = string
   }))
   # Example:
-  # default = [
+  # allowed_repos_branches = [
   #   {
   #     org    = "brikis98"
   #     repo   = "terraform-up-and-running-code"

code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf

@@ -28,11 +28,10 @@ resource "aws_db_instance" "example" {
   engine              = "mysql"
   allocated_storage   = 10
   instance_class      = "db.t2.micro"
+  skip_final_snapshot = true
   db_name             = var.db_name
 
   # Pass the secrets to the resource
   username = local.db_creds.username
   password = local.db_creds.password
-
-  skip_final_snapshot = true
 }

code/terraform/06-managing-secrets-with-terraform/mysql-kms/db-creds.yml.encrypted

@@ -0,0 +1 @@
+AQICAHiW/pC9neuNL5xt932ECXblZ4rRBXSupBikz9dF7kD3SgEwcp7lzid8y1I+1myk8vYuAAABpDCCAaAGCSqGSIb3DQEHBqCCAZEwggGNAgEAMIIBhgYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAwkQAx6ePTKR2C1OlECARCAggFXOrrfDxwuQ48rGvFqNZlaQ+II0FtrIrC77CNmH3uCtWbRSQZ9M4+7mm/hyHP+74bFCSBTtPmz6HK9dxkPMUPHxW1Zut7h18nufGxIixXkcIPI/ZH1L0N/yvNIk0/7lgC3UHcQsDO1yXTJyg+90NopksdBqh4yaO/XG8v0Bz700UP6bcvdIHve2mv1F6oXLMhlDoBh7AmkLI92vAjKcnDBmCmutai4c478gGcBRTrrJc2gd+nzFYy97YFf2ONpKx0zRS5An2Shcye8cbD8Iv/E5Xy6Hih+Pt2ItJBIeqS/gC0fAxEjtfURiXktZ3wC2Mplx9Iyedvl4nIxp0M2ztnbAxZ2IrfmcfP/z726ukAABd+gkkLbt9EoumIgqoj5gJMW2zovW7nyy61/D8bCEBt1nnGIPOki8mDcbUzn2a06ZCY/9cuTfRjynTrg9TNg45+6o2N9O28hdg==