diff --git a/modules/mq-broker/README.md b/modules/mq-broker/README.md
index 56466728b..0a0224254 100644
--- a/modules/mq-broker/README.md
+++ b/modules/mq-broker/README.md
@@ -40,9 +40,9 @@ components:
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13.0 |
-| [aws](#requirement\_aws) | >= 3.0 |
-| [local](#requirement\_local) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| [aws](#requirement\_aws) | >= 4.0 |
+| [local](#requirement\_local) | >= 2.4 |
| [template](#requirement\_template) | >= 2.2 |
| [utils](#requirement\_utils) | >= 1.10.0 |
@@ -56,9 +56,9 @@ No providers.
|------|--------|---------|
| [eks](#module\_eks) | cloudposse/stack-config/yaml//modules/remote-state | 1.5.0 |
| [iam\_roles](#module\_iam\_roles) | ../account-map/modules/iam-roles | n/a |
-| [mq\_broker](#module\_mq\_broker) | cloudposse/mq-broker/aws | 0.14.0 |
-| [this](#module\_this) | cloudposse/label/null | 0.24.1 |
-| [vpc](#module\_vpc) | cloudposse/stack-config/yaml//modules/remote-state | 1.5.0 |
+| [mq\_broker](#module\_mq\_broker) | cloudposse/mq-broker/aws | 3.0.0 |
+| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
+| [vpc](#module\_vpc) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.1 |
## Resources
@@ -68,47 +68,54 @@ No resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | List of CIDR blocks that are allowed ingress to the broker's Security Group created in the module | `list(string)` | `[]` | no |
| [allowed\_security\_groups](#input\_allowed\_security\_groups) | List of security groups to be allowed to connect to the broker instance | `list(string)` | `[]` | no |
| [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window | `bool` | `false` | no |
-| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
+| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
| [audit\_log\_enabled](#input\_audit\_log\_enabled) | Enables audit logging. User management action made using JMX or the ActiveMQ Web Console is logged | `bool` | `true` | no |
| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions | `bool` | `false` | no |
-| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
-| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
+| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
| [deployment\_mode](#input\_deployment\_mode) | The deployment mode of the broker. Supported: SINGLE\_INSTANCE and ACTIVE\_STANDBY\_MULTI\_AZ | `string` | `"ACTIVE_STANDBY_MULTI_AZ"` | no |
+| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [encryption\_enabled](#input\_encryption\_enabled) | Flag to enable/disable Amazon MQ encryption at rest | `bool` | `true` | no |
| [engine\_type](#input\_engine\_type) | Type of broker engine, `ActiveMQ` or `RabbitMQ` | `string` | `"ActiveMQ"` | no |
| [engine\_version](#input\_engine\_version) | The version of the broker engine. See https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html for more details | `string` | `"5.15.14"` | no |
-| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
| [existing\_security\_groups](#input\_existing\_security\_groups) | List of existing Security Group IDs to place the broker into. Set `use_existing_security_groups` to `true` to enable using `existing_security_groups` as Security Groups for the broker | `list(string)` | `[]` | no |
| [general\_log\_enabled](#input\_general\_log\_enabled) | Enables general logging via CloudWatch | `bool` | `true` | no |
| [host\_instance\_type](#input\_host\_instance\_type) | The broker's instance type. e.g. mq.t2.micro or mq.m4.large | `string` | `"mq.t3.micro"` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| [kms\_mq\_key\_arn](#input\_kms\_mq\_key\_arn) | ARN of the AWS KMS key used for Amazon MQ encryption | `string` | `null` | no |
+> [kms\_mq\_key\_arn](#input\_kms\_mq\_key\_arn) | ARN of the AWS KMS key used for Amazon MQ encryption | `string` | `null` | no |
| [kms\_ssm\_key\_arn](#input\_kms\_ssm\_key\_arn) | ARN of the AWS KMS key used for SSM encryption | `string` | `"alias/aws/ssm"` | no |
-| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
-| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
-| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no |
+| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
+| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
+| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no |
+| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
| [maintenance\_day\_of\_week](#input\_maintenance\_day\_of\_week) | The maintenance day of the week. e.g. MONDAY, TUESDAY, or WEDNESDAY | `string` | `"SUNDAY"` | no |
| [maintenance\_time\_of\_day](#input\_maintenance\_time\_of\_day) | The maintenance time, in 24-hour format. e.g. 02:00 | `string` | `"03:00"` | no |
| [maintenance\_time\_zone](#input\_maintenance\_time\_zone) | The maintenance time zone, in either the Country/City format, or the UTC offset format. e.g. CET | `string` | `"UTC"` | no |
| [mq\_admin\_password](#input\_mq\_admin\_password) | Admin password | `string` | `null` | no |
+| [mq\_admin\_password\_ssm\_parameter\_name](#input\_mq\_admin\_password\_ssm\_parameter\_name) | SSM parameter name for Admin password | `string` | `"mq_admin_password"` | no |
| [mq\_admin\_user](#input\_mq\_admin\_user) | Admin username | `string` | `null` | no |
+| [mq\_admin\_user\_ssm\_parameter\_name](#input\_mq\_admin\_user\_ssm\_parameter\_name) | SSM parameter name for Admin username | `string` | `"mq_admin_username"` | no |
| [mq\_application\_password](#input\_mq\_application\_password) | Application password | `string` | `null` | no |
+| [mq\_application\_password\_ssm\_parameter\_name](#input\_mq\_application\_password\_ssm\_parameter\_name) | SSM parameter name for Application password | `string` | `"mq_application_password"` | no |
| [mq\_application\_user](#input\_mq\_application\_user) | Application username | `string` | `null` | no |
-| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
-| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
+| [mq\_application\_user\_ssm\_parameter\_name](#input\_mq\_application\_user\_ssm\_parameter\_name) | SSM parameter name for Application username | `string` | `"mq_application_username"` | no |
+| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
+| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [overwrite\_ssm\_parameter](#input\_overwrite\_ssm\_parameter) | Whether to overwrite an existing SSM parameter | `bool` | `true` | no |
| [publicly\_accessible](#input\_publicly\_accessible) | Whether to enable connections from applications outside of the VPC that hosts the broker's subnets | `bool` | `false` | no |
-| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [region](#input\_region) | AWS Region | `string` | n/a | yes |
| [ssm\_parameter\_name\_format](#input\_ssm\_parameter\_name\_format) | SSM parameter name format | `string` | `"/%s/%s"` | no |
| [ssm\_path](#input\_ssm\_path) | SSM path | `string` | `"mq"` | no |
-| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
+| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
+| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
| [use\_aws\_owned\_key](#input\_use\_aws\_owned\_key) | Boolean to enable an AWS owned Key Management Service (KMS) Customer Master Key (CMK) for Amazon MQ encryption that is not in your account | `bool` | `true` | no |
| [use\_existing\_security\_groups](#input\_use\_existing\_security\_groups) | Flag to enable/disable creation of Security Group in the module. Set to `true` to disable Security Group creation and provide a list of existing security Group IDs in `existing_security_groups` to place the broker into | `bool` | `false` | no |
@@ -116,6 +123,8 @@ No resources.
| Name | Description |
|------|-------------|
+| [admin\_username](#output\_admin\_username) | AmazonMQ admin username |
+| [application\_username](#output\_application\_username) | AmazonMQ application username |
| [broker\_arn](#output\_broker\_arn) | AmazonMQ broker ARN |
| [broker\_id](#output\_broker\_id) | AmazonMQ broker ID |
| [primary\_amqp\_ssl\_endpoint](#output\_primary\_amqp\_ssl\_endpoint) | AmazonMQ primary AMQP+SSL endpoint |
@@ -132,6 +141,9 @@ No resources.
| [secondary\_ssl\_endpoint](#output\_secondary\_ssl\_endpoint) | AmazonMQ secondary SSL endpoint |
| [secondary\_stomp\_ssl\_endpoint](#output\_secondary\_stomp\_ssl\_endpoint) | AmazonMQ secondary STOMP+SSL endpoint |
| [secondary\_wss\_endpoint](#output\_secondary\_wss\_endpoint) | AmazonMQ secondary WSS endpoint |
+| [security\_group\_arn](#output\_security\_group\_arn) | The ARN of the created security group |
+| [security\_group\_id](#output\_security\_group\_id) | AmazonMQ security group id |
+| [security\_group\_name](#output\_security\_group\_name) | The name of the created security group |
diff --git a/modules/mq-broker/context.tf b/modules/mq-broker/context.tf
index 81f99b4e3..5e0ef8856 100644
--- a/modules/mq-broker/context.tf
+++ b/modules/mq-broker/context.tf
@@ -8,6 +8,8 @@
# Cloud Posse's standard configuration inputs suitable for passing
# to Cloud Posse modules.
#
+# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf
+#
# Modules should access the whole context as `module.this.context`
# to get the input variables with nulls for defaults,
# for example `context = module.this.context`,
@@ -20,10 +22,11 @@
module "this" {
source = "cloudposse/label/null"
- version = "0.24.1" # requires Terraform >= 0.13.0
+ version = "0.25.0" # requires Terraform >= 0.13.0
enabled = var.enabled
namespace = var.namespace
+ tenant = var.tenant
environment = var.environment
stage = var.stage
name = var.name
@@ -36,6 +39,8 @@ module "this" {
id_length_limit = var.id_length_limit
label_key_case = var.label_key_case
label_value_case = var.label_value_case
+ descriptor_formats = var.descriptor_formats
+ labels_as_tags = var.labels_as_tags
context = var.context
}
@@ -47,6 +52,7 @@ variable "context" {
default = {
enabled = true
namespace = null
+ tenant = null
environment = null
stage = null
name = null
@@ -59,6 +65,15 @@ variable "context" {
id_length_limit = null
label_key_case = null
label_value_case = null
+ descriptor_formats = {}
+ # Note: we have to use [] instead of null for unset lists due to
+ # https://github.com/hashicorp/terraform/issues/28137
+ # which was not fixed until Terraform 1.0.0,
+ # but we want the default to be all the labels in `label_order`
+ # and we want users to be able to prevent all tag generation
+ # by setting `labels_as_tags` to `[]`, so we need
+ # a different sentinel to indicate "default"
+ labels_as_tags = ["unset"]
}
description = <<-EOT
Single object for setting entire context at once.
@@ -88,32 +103,42 @@ variable "enabled" {
variable "namespace" {
type = string
default = null
- description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+ description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
+}
+
+variable "tenant" {
+ type = string
+ default = null
+ description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for"
}
variable "environment" {
type = string
default = null
- description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'"
+ description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
}
variable "stage" {
type = string
default = null
- description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
+ description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
}
variable "name" {
type = string
default = null
- description = "Solution name, e.g. 'app' or 'jenkins'"
+ description = <<-EOT
+ ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
+ This is the only ID element not also included as a `tag`.
+ The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
+ EOT
}
variable "delimiter" {
type = string
default = null
description = <<-EOT
- Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
+ Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
EOT
}
@@ -121,36 +146,64 @@ variable "delimiter" {
variable "attributes" {
type = list(string)
default = []
- description = "Additional attributes (e.g. `1`)"
+ description = <<-EOT
+ ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
+ in the order they appear in the list. New attributes are appended to the
+ end of the list. The elements of the list are joined by the `delimiter`
+ and treated as a single ID element.
+ EOT
+}
+
+variable "labels_as_tags" {
+ type = set(string)
+ default = ["default"]
+ description = <<-EOT
+ Set of labels (ID elements) to include as tags in the `tags` output.
+ Default is to include all labels.
+ Tags with empty values will not be included in the `tags` output.
+ Set to `[]` to suppress all generated tags.
+ **Notes:**
+ The value of the `name` tag, if included, will be the `id`, not the `name`.
+ Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
+ changed in later chained modules. Attempts to change it will be silently ignored.
+ EOT
}
variable "tags" {
type = map(string)
default = {}
- description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
+ description = <<-EOT
+ Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
+ Neither the tag keys nor the tag values will be modified by this module.
+ EOT
}
variable "additional_tag_map" {
type = map(string)
default = {}
- description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`."
+ description = <<-EOT
+ Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
+ This is for some rare cases where resources want additional configuration of tags
+ and therefore take a list of maps with tag key, value, and additional configuration.
+ EOT
}
variable "label_order" {
type = list(string)
default = null
description = <<-EOT
- The naming order of the id output and Name tag.
+ The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
- You can omit any of the 5 elements, but at least one must be present.
- EOT
+ You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
+ EOT
}
variable "regex_replace_chars" {
type = string
default = null
description = <<-EOT
- Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
+ Terraform regular expression (regex) string.
+ Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
EOT
}
@@ -161,7 +214,7 @@ variable "id_length_limit" {
description = <<-EOT
Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
- Set to `null` for default, which is `0`.
+ Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`.
EOT
validation {
@@ -174,7 +227,8 @@ variable "label_key_case" {
type = string
default = null
description = <<-EOT
- The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
+ Controls the letter case of the `tags` keys (label names) for tags generated by this module.
+ Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`.
EOT
@@ -189,8 +243,11 @@ variable "label_value_case" {
type = string
default = null
description = <<-EOT
- The letter case of output label values (also used in `tags` and `id`).
+ Controls the letter case of ID elements (labels) as included in `id`,
+ set as tag values, and output by this module individually.
+ Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
+ Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`.
EOT
@@ -199,4 +256,24 @@ variable "label_value_case" {
error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
}
}
+
+variable "descriptor_formats" {
+ type = any
+ default = {}
+ description = <<-EOT
+ Describe additional descriptors to be output in the `descriptors` output map.
+ Map of maps. Keys are names of descriptors. Values are maps of the form
+ `{
+ format = string
+ labels = list(string)
+ }`
+ (Type is `any` so the map values can later be enhanced to provide additional options.)
+ `format` is a Terraform format string to be passed to the `format()` function.
+ `labels` is a list of labels, in order, to pass to `format()` function.
+ Label values will be normalized before being passed to `format()` so they will be
+ identical to how they appear in `id`.
+ Default is `{}` (`descriptors` output will be empty).
+ EOT
+}
+
#### End of copy of cloudposse/terraform-null-label/variables.tf
diff --git a/modules/mq-broker/main.tf b/modules/mq-broker/main.tf
index 55a2816e9..3328010f6 100644
--- a/modules/mq-broker/main.tf
+++ b/modules/mq-broker/main.tf
@@ -13,7 +13,7 @@ locals {
module "mq_broker" {
source = "cloudposse/mq-broker/aws"
- version = "0.14.0"
+ version = "3.0.0"
vpc_id = local.vpc_id
subnet_ids = local.subnet_ids
@@ -34,5 +34,12 @@ module "mq_broker" {
kms_mq_key_arn = var.kms_mq_key_arn
use_aws_owned_key = var.use_aws_owned_key
+ mq_admin_user_ssm_parameter_name = var.mq_admin_user_ssm_parameter_name
+ mq_admin_password_ssm_parameter_name = var.mq_admin_password_ssm_parameter_name
+ mq_application_user_ssm_parameter_name = var.mq_application_user_ssm_parameter_name
+ mq_application_password_ssm_parameter_name = var.mq_application_password_ssm_parameter_name
+ ssm_parameter_name_format = var.ssm_parameter_name_format
+ ssm_path = var.ssm_path
+
context = module.this.context
}
diff --git a/modules/mq-broker/outputs.tf b/modules/mq-broker/outputs.tf
index cbeb19ae2..9cecd32a8 100644
--- a/modules/mq-broker/outputs.tf
+++ b/modules/mq-broker/outputs.tf
@@ -77,3 +77,28 @@ output "secondary_ip_address" {
value = module.mq_broker.secondary_ip_address
description = "AmazonMQ secondary IP address"
}
+
+output "security_group_id" {
+ value = module.mq_broker.security_group_id
+ description = "AmazonMQ security group id"
+}
+
+output "security_group_arn" {
+ value = module.mq_broker.security_group_arn
+ description = "The ARN of the created security group"
+}
+
+output "security_group_name" {
+ value = module.mq_broker.security_group_name
+ description = "The name of the created security group"
+}
+
+output "admin_username" {
+ value = module.mq_broker.admin_username
+ description = "AmazonMQ admin username"
+}
+
+output "application_username" {
+ value = module.mq_broker.application_username
+ description = "AmazonMQ application username"
+}
diff --git a/modules/mq-broker/variables.tf b/modules/mq-broker/variables.tf
index 276c98248..f9c887403 100644
--- a/modules/mq-broker/variables.tf
+++ b/modules/mq-broker/variables.tf
@@ -141,6 +141,30 @@ variable "ssm_path" {
description = "SSM path"
}
+variable "mq_admin_user_ssm_parameter_name" {
+ type = string
+ description = "SSM parameter name for Admin username"
+ default = "mq_admin_username"
+}
+
+variable "mq_admin_password_ssm_parameter_name" {
+ type = string
+ description = "SSM parameter name for Admin password"
+ default = "mq_admin_password"
+}
+
+variable "mq_application_user_ssm_parameter_name" {
+ type = string
+ description = "SSM parameter name for Application username"
+ default = "mq_application_username"
+}
+
+variable "mq_application_password_ssm_parameter_name" {
+ type = string
+ description = "SSM parameter name for Application password"
+ default = "mq_application_password"
+}
+
variable "kms_ssm_key_arn" {
type = string
default = "alias/aws/ssm"
diff --git a/modules/mq-broker/versions.tf b/modules/mq-broker/versions.tf
index 23548707e..48d57885b 100644
--- a/modules/mq-broker/versions.tf
+++ b/modules/mq-broker/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.0"
+ version = ">= 4.0"
}
template = {
source = "cloudposse/template"
@@ -12,7 +12,7 @@ terraform {
}
local = {
source = "hashicorp/local"
- version = ">= 1.3"
+ version = ">= 2.4"
}
utils = {
source = "cloudposse/utils"