Tagging and Terraform updates.

- Update the AWS provider.
- Use the common tags option in the provider and improve tagging usage.
- Address a few warnings from the updated provider.

alarms.tf

@@ -11,7 +11,6 @@ resource "aws_cloudwatch_metric_alarm" "invocations" {
   ok_actions                = [local.topic_arn]
   period                    = (var.rate + 1) * 60
   statistic                 = "Sum"
-  tags                      = local.common_tags
   threshold                 = 1
 
   dimensions = {
@@ -36,7 +35,6 @@ resource "aws_cloudwatch_metric_alarm" "errors" {
   ok_actions                = [local.topic_arn]
   period                    = (var.rate + 1) * 60
   statistic                 = "Sum"
-  tags                      = local.common_tags
   threshold                 = 0
 
   dimensions = {

functions.tf

 locals {
-  function_name_prefix = local.Name
+  function_name_prefix = local.name
   functions = [
     "_dns",
     "gitlab",
@@ -40,9 +40,8 @@ locals {
 }
 
 resource "aws_iam_role" "lambda" {
-  name               = local.Name
+  name               = local.name
   assume_role_policy = local.lambda_assume_policy_doc
-  tags               = local.common_tags
 }
 
 locals {
@@ -125,7 +124,6 @@ resource "aws_lambda_function" "function" {
   description                    = "${local.module} ${local.functions[count.index]} check in ${local.env}."
   memory_size                    = var.memory_size
   reserved_concurrent_executions = -1
-  tags                           = local.common_tags
   timeout                        = var.timeout
 
   environment {

log-groups.tf

@@ -3,7 +3,6 @@ resource "aws_cloudwatch_log_group" "lambda" {
   count             = length(local.function_names)
   name              = "/aws/lambda/${local.function_names[count.index]}"
   retention_in_days = var.log_retention
-  tags              = local.common_tags
 }
 
 locals {
@@ -39,9 +38,8 @@ locals {
 }
 
 resource "aws_iam_policy" "log" {
-  name   = "${local.module}-${local.env}-log"
+  name   = "${local.name}-log"
   policy = local.log_policy_doc
-  tags   = local.common_tags
 }
 
 locals {

main.tf

 terraform {
   backend "http" {}
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
 }
 
 locals {
@@ -8,8 +14,9 @@ locals {
   common_tags = {
     Environment = local.env
     Module      = local.module
+    Name        = local.name
   }
-  Name = "${local.module}-${local.env}"
+  name = "${local.module}-${local.env}"
 }
 
 output "env" {
@@ -35,11 +42,13 @@ output "region" {
 
 provider "aws" {
   region = var.region
+  default_tags {
+    tags = local.common_tags
+  }
 }
 
 resource "aws_resourcegroups_group" "group" {
-  name = local.Name
-  tags = local.common_tags
+  name = local.name
   resource_query {
     query = <<EOF
 {

s3.tf

 resource "aws_s3_bucket" "payloads" {
   # checkov:skip=CKV_AWS_18
   # checkov:skip=CKV_AWS_19
+  # checkov:skip=CKV_AWS_21
   # checkov:skip=CKV_AWS_144
   # checkov:skip=CKV_AWS_145
-  bucket        = local.Name
-  tags          = local.common_tags
-  acl           = "private"
+  bucket        = local.name
   force_destroy = true
-
-  versioning {
-    enabled = true
-  }
 }
 
 
@@ -19,6 +14,18 @@ locals {
   payloads_bucket_name = aws_s3_bucket.payloads.bucket
 }
 
+resource "aws_s3_bucket_versioning" "payloads" {
+  bucket = local.payloads_bucket_name
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_acl" "payloads" {
+  acl    = "private"
+  bucket = local.payloads_bucket_name
+}
+
 resource "aws_s3_bucket_public_access_block" "payloads" {
   bucket = aws_s3_bucket.payloads.bucket
 
@@ -38,19 +45,18 @@ output "payloads_bucket_name" {
   value       = local.payloads_bucket_name
 }
 
-resource "aws_s3_bucket_object" "payload" {
+resource "aws_s3_object" "payload" {
   # checkov:skip=CKV_AWS_186
   bucket = local.payloads_bucket_name
   key    = "payload.zip"
   source = "payload.zip"
   etag   = filemd5("payload.zip")
-  tags   = local.common_tags
 }
 
 locals {
-  payload_object_etag    = aws_s3_bucket_object.payload.etag
-  payload_object_name    = aws_s3_bucket_object.payload.key
-  payload_object_version = aws_s3_bucket_object.payload.version_id
+  payload_object_etag    = aws_s3_object.payload.etag
+  payload_object_name    = aws_s3_object.payload.key
+  payload_object_version = aws_s3_object.payload.version_id
 }
 
 output "payload_object_etag" {

sms-notify.tf

@@ -28,7 +28,6 @@ resource "aws_lambda_function" "sms_notify" {
   description                    = "Send SMS message notification using Twilio."
   memory_size                    = var.memory_size
   reserved_concurrent_executions = -1
-  tags                           = local.common_tags
   timeout                        = var.timeout
 
   environment {
@@ -111,7 +110,6 @@ resource "aws_cloudwatch_log_group" "sms_notify" {
   # checkov:skip=CKV_AWS_158
   name              = "/aws/lambda/${local.function_name_prefix}-sms-notify"
   retention_in_days = var.log_retention
-  tags              = local.common_tags
 }
 
 locals {
@@ -149,7 +147,6 @@ locals {
 resource "aws_iam_policy" "sms_notify_log" {
   name   = "${local.module}-${local.env}-sms-notify-log"
   policy = local.sms_notify_log_policy_doc
-  tags   = local.common_tags
 }
 
 locals {

sns.tf

 resource "aws_sns_topic" "topic" {
   # checkov:skip=CKV_AWS_26
-  name = local.Name
-  tags = local.common_tags
+  name = local.name
 }
 
 locals {
@@ -61,9 +60,8 @@ locals {
 }
 
 resource "aws_iam_policy" "publish" {
-  name   = "${local.module}-${local.env}-publish"
+  name   = "${local.name}-publish"
   policy = local.sns_publish_policy_doc
-  tags   = local.common_tags
 }
 
 locals {

triggers.tf

@@ -14,7 +14,6 @@ resource "aws_cloudwatch_event_rule" "schedule" {
   name                = local.function_names[count.index]
   description         = "Schedule to trigger ${local.function_names[count.index]} functions in ${local.env}."
   schedule_expression = "rate(${var.rate} minutes)"
-  tags                = local.common_tags
 }
 
 locals {