Terraform Cleanup

Why these changes are being introduced:
Update the Terraform lockfile and Terraform Cloud to run version 1.2.9.

How this addresses that need:
* Run `terraform init -upgrade` to update the .terraform.lock.hcl file
to capture the AWS provider update
* Clean up ssm_inputs file to remove unnecessary lines
* Minor README formatting changes

Side effects of this change:
None.

Author: cabutlermit

.terraform.lock.hcl

@@ -33,23 +33,26 @@ The [ppod_ecr.tf](./ppod_ecr.tf) is a good example of a single ECR repository fo
 
 A quick note for application developers and the integration of workflows to automate the deployment of their containerized application to either Fargate or Lambda. When this code is deployed in Terraform Cloud, it generates outputs that contain the caller workflows code as well as the `Makefile` code for their application. Those outputs are accessible to the developers via Terraform Cloud -- they can go into TfC, find the correct Terraform Output, and then copy that text into their application repository.
 
-## Making this work in your environment outside of MIT libraries:
-This repository is a part of an ecosystem of components designed to work in our AWS organization.  This component is responsible for a standardized setup of ECR repositories and a build process that goes in github actions and makefiles.  On its own, this repository could be useful to you if you want to emulate how we deploy and promote containers across our AWS accounts, or utilize github OIDC connections for depositing ECR containers to AWS.  Before this will deploy in your environment, you will need an OpenID Connect Provider.  We generate this in our "init" repo, but you could just as easily place it here and reference it directly.  
+## Making this work in your environment outside of MIT libraries
+
+This repository is a part of an ecosystem of components designed to work in our AWS organization.  This component is responsible for a standardized setup of ECR repositories and a build process that goes in Github Actions and Makefiles.  On its own, this repository could be useful to you if you want to emulate how we deploy and promote containers across our AWS accounts, or utilize GitHub OIDC connections for depositing ECR containers to AWS.  Before this will deploy in your environment, you will need an OpenID Connect Provider.  We generate this in our "init" repo, but you could just as easily place it here and reference it directly.  
 
 An example of that infrastructure is:
-```
+
+```terraform
 resource "aws_iam_openid_connect_provider" "github" {
   url             = "https://token.actions.githubusercontent.com"
   client_id_list  = ["sts.amazonaws.com"]
   thumbprint_list = ["6938fd4d98bab03faadb97b34396831e3780aea1"]
 }
 ```
+
 then replace all the ssm parameter references for `oidc_arn` with `aws_iam_openid_connect_provider.github.arn`
 
 ## Additional Reference
 
-* https://blog.tedivm.com/guides/2021/10/github-actions-push-to-aws-ecr-without-credentials-oidc/
-* https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims
+* [github-actions-push-to-aws-ecr-without-credentials-oidc](https://blog.tedivm.com/guides/2021/10/github-actions-push-to-aws-ecr-without-credentials-oidc/)
+* [about-security-hardening-with-openid-connect](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims)
 
 ## TF markdown is automatically inserted at the bottom of this file, nothing should be written beyond this point
 
@@ -65,7 +68,7 @@ then replace all the ssm parameter references for `oidc_arn` with `aws_iam_openi
 
 | Name | Version |
 |------|---------|
-| aws | 4.26.0 |
+| aws | 4.37.0 |
 
 ## Modules
 

README.md

@@ -22,9 +22,9 @@ module "ecr_dss" {
 # Outputs in dev
 output "dss_fargate_dev_build_workflow" {
   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_dss.gha_role
-    ecr    = module.ecr_dss.repository_name
+    region   = var.aws_region
+    role     = module.ecr_dss.gha_role
+    ecr      = module.ecr_dss.repository_name
     function = ""
     }
   )
@@ -43,9 +43,9 @@ output "dss_fargate_makefile" {
 # Outputs in stage
 output "dss_fargate_stage_build_workflow" {
   value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_dss.gha_role
-    ecr    = module.ecr_dss.repository_name
+    region   = var.aws_region
+    role     = module.ecr_dss.gha_role
+    ecr      = module.ecr_dss.repository_name
     function = ""
     }
   )
@@ -60,7 +60,7 @@ output "dss_fargate_prod_promote_workflow" {
     role_prod  = "${module.ecr_dss.repo_name}-gha-prod"
     ecr_stage  = "${module.ecr_dss.repo_name}-stage"
     ecr_prod   = "${module.ecr_dss.repo_name}-prod"
-    function = ""
+    function   = ""
     }
   )
   description = "Full contents of the prod-promote.yml for the dss repo"

dss.tf

@@ -65,9 +65,9 @@ module "ecr_slingshot" {
 # Outputs in dev
 output "geoweb_fargate_dev_build_workflow" {
   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_geoweb.gha_role
-    ecr    = module.ecr_geoweb.repository_name
+    region   = var.aws_region
+    role     = module.ecr_geoweb.gha_role
+    ecr      = module.ecr_geoweb.repository_name
     function = ""
     }
   )
@@ -86,9 +86,9 @@ output "geoweb_fargate_makefile" {
 # Outputs in stage
 output "geoweb_fargate_stage_build_workflow" {
   value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_geoweb.gha_role
-    ecr    = module.ecr_geoweb.repository_name
+    region   = var.aws_region
+    role     = module.ecr_geoweb.gha_role
+    ecr      = module.ecr_geoweb.repository_name
     function = ""
     }
   )
@@ -103,7 +103,7 @@ output "geoweb_fargate_prod_promote_workflow" {
     role_prod  = "${module.ecr_geoweb.repo_name}-gha-prod"
     ecr_stage  = "${module.ecr_geoweb.repo_name}-stage"
     ecr_prod   = "${module.ecr_geoweb.repo_name}-prod"
-    function = ""
+    function   = ""
     }
   )
   description = "Full contents of the prod-promote.yml for the geoweb-deposits repo"
@@ -113,9 +113,9 @@ output "geoweb_fargate_prod_promote_workflow" {
 # Outputs in dev
 output "geoserver_fargate_dev_build_workflow" {
   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_geoserver.gha_role
-    ecr    = module.ecr_geoserver.repository_name
+    region   = var.aws_region
+    role     = module.ecr_geoserver.gha_role
+    ecr      = module.ecr_geoserver.repository_name
     function = ""
     }
   )
@@ -134,9 +134,9 @@ output "geoserver_fargate_makefile" {
 # Outputs in stage
 output "geoserver_fargate_stage_build_workflow" {
   value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_geoserver.gha_role
-    ecr    = module.ecr_geoserver.repository_name
+    region   = var.aws_region
+    role     = module.ecr_geoserver.gha_role
+    ecr      = module.ecr_geoserver.repository_name
     function = ""
     }
   )
@@ -151,7 +151,7 @@ output "geoserver_fargate_prod_promote_workflow" {
     role_prod  = "${module.ecr_geoserver.repo_name}-gha-prod"
     ecr_stage  = "${module.ecr_geoserver.repo_name}-stage"
     ecr_prod   = "${module.ecr_geoserver.repo_name}-prod"
-    function = ""
+    function   = ""
     }
   )
   description = "Full contents of the prod-promote.yml for the geoserver-deposits repo"
@@ -161,9 +161,9 @@ output "geoserver_fargate_prod_promote_workflow" {
 # Outputs in dev
 output "geosolr_fargate_dev_build_workflow" {
   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_geosolr.gha_role
-    ecr    = module.ecr_geosolr.repository_name
+    region   = var.aws_region
+    role     = module.ecr_geosolr.gha_role
+    ecr      = module.ecr_geosolr.repository_name
     function = ""
     }
   )
@@ -182,9 +182,9 @@ output "geosolr_fargate_makefile" {
 # Outputs in stage
 output "geosolr_fargate_stage_build_workflow" {
   value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_geosolr.gha_role
-    ecr    = module.ecr_geosolr.repository_name
+    region   = var.aws_region
+    role     = module.ecr_geosolr.gha_role
+    ecr      = module.ecr_geosolr.repository_name
     function = ""
     }
   )
@@ -199,7 +199,7 @@ output "geosolr_fargate_prod_promote_workflow" {
     role_prod  = "${module.ecr_geosolr.repo_name}-gha-prod"
     ecr_stage  = "${module.ecr_geosolr.repo_name}-stage"
     ecr_prod   = "${module.ecr_geosolr.repo_name}-prod"
-    function = ""
+    function   = ""
     }
   )
   description = "Full contents of the prod-promote.yml for the geosolr-deposits repo"
@@ -209,9 +209,9 @@ output "geosolr_fargate_prod_promote_workflow" {
 # Outputs in dev
 output "slingshot_fargate_dev_build_workflow" {
   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_slingshot.gha_role
-    ecr    = module.ecr_slingshot.repository_name
+    region   = var.aws_region
+    role     = module.ecr_slingshot.gha_role
+    ecr      = module.ecr_slingshot.repository_name
     function = ""
     }
   )
@@ -230,9 +230,9 @@ output "slingshot_fargate_makefile" {
 # Outputs in stage
 output "slingshot_fargate_stage_build_workflow" {
   value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_slingshot.gha_role
-    ecr    = module.ecr_slingshot.repository_name
+    region   = var.aws_region
+    role     = module.ecr_slingshot.gha_role
+    ecr      = module.ecr_slingshot.repository_name
     function = ""
     }
   )
@@ -247,7 +247,7 @@ output "slingshot_fargate_prod_promote_workflow" {
     role_prod  = "${module.ecr_slingshot.repo_name}-gha-prod"
     ecr_stage  = "${module.ecr_slingshot.repo_name}-stage"
     ecr_prod   = "${module.ecr_slingshot.repo_name}-prod"
-    function = ""
+    function   = ""
     }
   )
   description = "Full contents of the prod-promote.yml for the slingshot-deposits repo"

gis_ecrs.tf

@@ -22,9 +22,9 @@ module "ecr_matomo" {
 # Outputs in dev
 output "matomo_fargate_dev_build_workflow" {
   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_matomo.gha_role
-    ecr    = module.ecr_matomo.repository_name
+    region   = var.aws_region
+    role     = module.ecr_matomo.gha_role
+    ecr      = module.ecr_matomo.repository_name
     function = ""
     }
   )
@@ -43,9 +43,9 @@ output "matomo_fargate_makefile" {
 # Outputs in stage
 output "matomo_fargate_stage_build_workflow" {
   value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
-    region = var.aws_region
-    role   = module.ecr_matomo.gha_role
-    ecr    = module.ecr_matomo.repository_name
+    region   = var.aws_region
+    role     = module.ecr_matomo.gha_role
+    ecr      = module.ecr_matomo.repository_name
     function = ""
     }
   )
@@ -60,7 +60,7 @@ output "matomo_fargate_prod_promote_workflow" {
     role_prod  = "${module.ecr_matomo.repo_name}-gha-prod"
     ecr_stage  = "${module.ecr_matomo.repo_name}-stage"
     ecr_prod   = "${module.ecr_matomo.repo_name}-prod"
-    function = ""
+    function   = ""
     }
   )
   description = "Full contents of the prod-promote.yml for the matomo repo"

matomo_ecr.tf

@@ -1,8 +1,6 @@
 ################################################################################
 # This is used to simplify the SSM Parameter inputs
 locals {
-  vpc_vars  = "/tfvars/vpc"
-  r53_vars  = "/tfvars/r53"
   init_vars = "/tfvars/init"
 }