From 520512169f9462d2a206ca896c9d65aad0b93472 Mon Sep 17 00:00:00 2001
From: Ben Bohn <bohnjamin@users.noreply.github.com>
Date: Fri, 1 Dec 2023 22:15:07 -0500
Subject: [PATCH 1/4] Adding China regions to elb_service_accounts

---
 main.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/main.tf b/main.tf
index bfd8f73a..60f4e308 100644
--- a/main.tf
+++ b/main.tf
@@ -573,6 +573,8 @@ locals {
     sa-east-1      = "507241528517"
     us-gov-west-1  = "048591011584"
     us-gov-east-1  = "190560391635"
+    cn-north-1     = "638102146993"
+    cn-northwest-1 = "037604701340"
   }
 }
 

From 0b0870be105106f84a923abdf336e05d2cbfec97 Mon Sep 17 00:00:00 2001
From: Ben Bohn <bohnjamin@users.noreply.github.com>
Date: Mon, 4 Dec 2023 17:26:36 -0500
Subject: [PATCH 2/4] adding example

---
 examples/china-log-bucket-failure/main.tf | 155 ++++++++++++++++++++++
 1 file changed, 155 insertions(+)
 create mode 100644 examples/china-log-bucket-failure/main.tf

diff --git a/examples/china-log-bucket-failure/main.tf b/examples/china-log-bucket-failure/main.tf
new file mode 100644
index 00000000..6c0bfd36
--- /dev/null
+++ b/examples/china-log-bucket-failure/main.tf
@@ -0,0 +1,155 @@
+provider "aws" {
+  region = local.region
+
+  # Make it faster by skipping something
+  skip_metadata_api_check     = true
+  skip_region_validation      = true
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+}
+
+data "aws_availability_zones" "available" {}
+data "aws_caller_identity" "current" {}
+
+locals {
+  bucket_name = "s3-bucket-${random_pet.this.id}"
+  region      = "cn-north-1"
+  name        = "china-alb-fail-${random_pet.this.id}"
+  vpc_cidr    = "10.0.0.0/16"
+
+  azs         = slice(data.aws_availability_zones.available.names, 0, 3)
+}
+
+##################################################################
+# S3 log bucket
+##################################################################
+
+resource "random_pet" "this" {
+  length = 2
+}
+
+resource "aws_kms_key" "objects" {
+  description             = "KMS key is used to encrypt bucket objects"
+  deletion_window_in_days = 7
+}
+
+resource "aws_iam_role" "this" {
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "bucket_policy" {
+  statement {
+    principals {
+      type        = "AWS"
+      identifiers = [aws_iam_role.this.arn]
+    }
+
+    actions = [
+      "s3:ListBucket",
+    ]
+
+    resources = [
+      "arn:aws:s3:::${local.bucket_name}",
+    ]
+  }
+}
+
+module "log_bucket" {
+  source  = "terraform-aws-modules/s3-bucket/aws"
+#  source = "git::https://github.com/bohnjamin/terraform-aws-s3-bucket.git?ref=add-china-regions"
+
+  bucket        = "logs-${random_pet.this.id}"
+  force_destroy = true
+
+  control_object_ownership = true
+
+  attach_elb_log_delivery_policy        = true
+  attach_lb_log_delivery_policy         = true
+  attach_access_log_delivery_policy     = true
+  attach_deny_insecure_transport_policy = true
+  attach_require_latest_tls_policy      = true
+
+  access_log_delivery_policy_source_accounts = [data.aws_caller_identity.current.account_id]
+  access_log_delivery_policy_source_buckets  = ["arn:aws:s3:::${local.bucket_name}"]
+}
+
+##################################################################
+# Application Load Balancer
+##################################################################
+
+module "alb" {
+  source = "terraform-aws-modules/alb/aws"
+
+  name    = local.name
+  vpc_id  = module.vpc.vpc_id
+  subnets = module.vpc.public_subnets
+
+  # For example only
+  enable_deletion_protection = false
+
+  # Security Group
+  security_group_ingress_rules = {
+    all_http = {
+      from_port   = 80
+      to_port     = 80
+      ip_protocol = "tcp"
+      description = "HTTP web traffic"
+      cidr_ipv4   = "0.0.0.0/0"
+    }
+  }
+  security_group_egress_rules = {
+    all = {
+      ip_protocol = "-1"
+      cidr_ipv4   = "10.0.0.0/16"
+    }
+  }
+
+  access_logs = {
+    bucket = module.log_bucket.s3_bucket_id
+  }
+
+  listeners = {
+    ex-fixed-response = {
+      port     = 89
+      protocol = "HTTP"
+      fixed_response = {
+        content_type = "text/plain"
+        message_body = "Fixed message"
+        status_code  = "200"
+      }
+    }
+  }
+
+}
+
+################################################################################
+# Supporting resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0"
+
+  name = local.name
+  cidr = local.vpc_cidr
+
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+
+}
+

From 2ee3f845b70f606df41df815b30fcc3f43f2388d Mon Sep 17 00:00:00 2001
From: Ben Bohn <bohnjamin@users.noreply.github.com>
Date: Tue, 5 Dec 2023 16:41:20 -0500
Subject: [PATCH 3/4] adding pre-commit changes

---
 examples/china-log-bucket-failure/main.tf     | 24 ++-------
 examples/china-log-bucket-failure/outputs.tf  | 49 +++++++++++++++++++
 .../china-log-bucket-failure/variables.tf     |  0
 examples/china-log-bucket-failure/versions.tf | 14 ++++++
 4 files changed, 66 insertions(+), 21 deletions(-)
 create mode 100644 examples/china-log-bucket-failure/outputs.tf
 create mode 100644 examples/china-log-bucket-failure/variables.tf
 create mode 100644 examples/china-log-bucket-failure/versions.tf

diff --git a/examples/china-log-bucket-failure/main.tf b/examples/china-log-bucket-failure/main.tf
index 6c0bfd36..22be2d3b 100644
--- a/examples/china-log-bucket-failure/main.tf
+++ b/examples/china-log-bucket-failure/main.tf
@@ -17,7 +17,7 @@ locals {
   name        = "china-alb-fail-${random_pet.this.id}"
   vpc_cidr    = "10.0.0.0/16"
 
-  azs         = slice(data.aws_availability_zones.available.names, 0, 3)
+  azs = slice(data.aws_availability_zones.available.names, 0, 3)
 }
 
 ##################################################################
@@ -51,26 +51,9 @@ resource "aws_iam_role" "this" {
 EOF
 }
 
-data "aws_iam_policy_document" "bucket_policy" {
-  statement {
-    principals {
-      type        = "AWS"
-      identifiers = [aws_iam_role.this.arn]
-    }
-
-    actions = [
-      "s3:ListBucket",
-    ]
-
-    resources = [
-      "arn:aws:s3:::${local.bucket_name}",
-    ]
-  }
-}
-
 module "log_bucket" {
-  source  = "terraform-aws-modules/s3-bucket/aws"
-#  source = "git::https://github.com/bohnjamin/terraform-aws-s3-bucket.git?ref=add-china-regions"
+  source = "terraform-aws-modules/s3-bucket/aws"
+  #  source = "git::https://github.com/bohnjamin/terraform-aws-s3-bucket.git?ref=add-china-regions"
 
   bucket        = "logs-${random_pet.this.id}"
   force_destroy = true
@@ -152,4 +135,3 @@ module "vpc" {
   public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
 
 }
-
diff --git a/examples/china-log-bucket-failure/outputs.tf b/examples/china-log-bucket-failure/outputs.tf
new file mode 100644
index 00000000..85a1ab0c
--- /dev/null
+++ b/examples/china-log-bucket-failure/outputs.tf
@@ -0,0 +1,49 @@
+output "s3_bucket_id" {
+  description = "The name of the bucket."
+  value       = module.log_bucket.s3_bucket_id
+}
+
+output "s3_bucket_arn" {
+  description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname."
+  value       = module.log_bucket.s3_bucket_arn
+}
+
+output "s3_bucket_bucket_domain_name" {
+  description = "The bucket domain name. Will be of format bucketname.s3.amazonaws.com."
+  value       = module.log_bucket.s3_bucket_bucket_domain_name
+}
+
+output "s3_bucket_bucket_regional_domain_name" {
+  description = "The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL."
+  value       = module.log_bucket.s3_bucket_bucket_regional_domain_name
+}
+
+output "s3_bucket_hosted_zone_id" {
+  description = "The Route 53 Hosted Zone ID for this bucket's region."
+  value       = module.log_bucket.s3_bucket_hosted_zone_id
+}
+
+output "s3_bucket_lifecycle_configuration_rules" {
+  description = "The lifecycle rules of the bucket, if the bucket is configured with lifecycle rules. If not, this will be an empty string."
+  value       = module.log_bucket.s3_bucket_lifecycle_configuration_rules
+}
+
+output "s3_bucket_policy" {
+  description = "The policy of the bucket, if the bucket is configured with a policy. If not, this will be an empty string."
+  value       = module.log_bucket.s3_bucket_policy
+}
+
+output "s3_bucket_region" {
+  description = "The AWS region this bucket resides in."
+  value       = module.log_bucket.s3_bucket_region
+}
+
+output "s3_bucket_website_endpoint" {
+  description = "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string."
+  value       = module.log_bucket.s3_bucket_website_endpoint
+}
+
+output "s3_bucket_website_domain" {
+  description = "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. "
+  value       = module.log_bucket.s3_bucket_website_domain
+}
diff --git a/examples/china-log-bucket-failure/variables.tf b/examples/china-log-bucket-failure/variables.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/examples/china-log-bucket-failure/versions.tf b/examples/china-log-bucket-failure/versions.tf
new file mode 100644
index 00000000..629d346a
--- /dev/null
+++ b/examples/china-log-bucket-failure/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 0.13.1"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.9"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
+  }
+}

From fe5aeb41c66128371f488e623956d0e3bbc01a0c Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 12 Jan 2024 13:45:49 +0100
Subject: [PATCH 4/4] Removed China examples

---
 .pre-commit-config.yaml                       |   4 +-
 examples/china-log-bucket-failure/main.tf     | 137 ------------------
 examples/china-log-bucket-failure/outputs.tf  |  49 -------
 .../china-log-bucket-failure/variables.tf     |   0
 examples/china-log-bucket-failure/versions.tf |  14 --
 5 files changed, 2 insertions(+), 202 deletions(-)
 delete mode 100644 examples/china-log-bucket-failure/main.tf
 delete mode 100644 examples/china-log-bucket-failure/outputs.tf
 delete mode 100644 examples/china-log-bucket-failure/variables.tf
 delete mode 100644 examples/china-log-bucket-failure/versions.tf

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e940bf7d..61ef1782 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.3
+    rev: v1.86.0
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
@@ -24,7 +24,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
diff --git a/examples/china-log-bucket-failure/main.tf b/examples/china-log-bucket-failure/main.tf
deleted file mode 100644
index 22be2d3b..00000000
--- a/examples/china-log-bucket-failure/main.tf
+++ /dev/null
@@ -1,137 +0,0 @@
-provider "aws" {
-  region = local.region
-
-  # Make it faster by skipping something
-  skip_metadata_api_check     = true
-  skip_region_validation      = true
-  skip_credentials_validation = true
-  skip_requesting_account_id  = true
-}
-
-data "aws_availability_zones" "available" {}
-data "aws_caller_identity" "current" {}
-
-locals {
-  bucket_name = "s3-bucket-${random_pet.this.id}"
-  region      = "cn-north-1"
-  name        = "china-alb-fail-${random_pet.this.id}"
-  vpc_cidr    = "10.0.0.0/16"
-
-  azs = slice(data.aws_availability_zones.available.names, 0, 3)
-}
-
-##################################################################
-# S3 log bucket
-##################################################################
-
-resource "random_pet" "this" {
-  length = 2
-}
-
-resource "aws_kms_key" "objects" {
-  description             = "KMS key is used to encrypt bucket objects"
-  deletion_window_in_days = 7
-}
-
-resource "aws_iam_role" "this" {
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "ec2.amazonaws.com"
-      },
-      "Effect": "Allow",
-      "Sid": ""
-    }
-  ]
-}
-EOF
-}
-
-module "log_bucket" {
-  source = "terraform-aws-modules/s3-bucket/aws"
-  #  source = "git::https://github.com/bohnjamin/terraform-aws-s3-bucket.git?ref=add-china-regions"
-
-  bucket        = "logs-${random_pet.this.id}"
-  force_destroy = true
-
-  control_object_ownership = true
-
-  attach_elb_log_delivery_policy        = true
-  attach_lb_log_delivery_policy         = true
-  attach_access_log_delivery_policy     = true
-  attach_deny_insecure_transport_policy = true
-  attach_require_latest_tls_policy      = true
-
-  access_log_delivery_policy_source_accounts = [data.aws_caller_identity.current.account_id]
-  access_log_delivery_policy_source_buckets  = ["arn:aws:s3:::${local.bucket_name}"]
-}
-
-##################################################################
-# Application Load Balancer
-##################################################################
-
-module "alb" {
-  source = "terraform-aws-modules/alb/aws"
-
-  name    = local.name
-  vpc_id  = module.vpc.vpc_id
-  subnets = module.vpc.public_subnets
-
-  # For example only
-  enable_deletion_protection = false
-
-  # Security Group
-  security_group_ingress_rules = {
-    all_http = {
-      from_port   = 80
-      to_port     = 80
-      ip_protocol = "tcp"
-      description = "HTTP web traffic"
-      cidr_ipv4   = "0.0.0.0/0"
-    }
-  }
-  security_group_egress_rules = {
-    all = {
-      ip_protocol = "-1"
-      cidr_ipv4   = "10.0.0.0/16"
-    }
-  }
-
-  access_logs = {
-    bucket = module.log_bucket.s3_bucket_id
-  }
-
-  listeners = {
-    ex-fixed-response = {
-      port     = 89
-      protocol = "HTTP"
-      fixed_response = {
-        content_type = "text/plain"
-        message_body = "Fixed message"
-        status_code  = "200"
-      }
-    }
-  }
-
-}
-
-################################################################################
-# Supporting resources
-################################################################################
-
-module "vpc" {
-  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
-
-  name = local.name
-  cidr = local.vpc_cidr
-
-  azs             = local.azs
-  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
-  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
-
-}
diff --git a/examples/china-log-bucket-failure/outputs.tf b/examples/china-log-bucket-failure/outputs.tf
deleted file mode 100644
index 85a1ab0c..00000000
--- a/examples/china-log-bucket-failure/outputs.tf
+++ /dev/null
@@ -1,49 +0,0 @@
-output "s3_bucket_id" {
-  description = "The name of the bucket."
-  value       = module.log_bucket.s3_bucket_id
-}
-
-output "s3_bucket_arn" {
-  description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname."
-  value       = module.log_bucket.s3_bucket_arn
-}
-
-output "s3_bucket_bucket_domain_name" {
-  description = "The bucket domain name. Will be of format bucketname.s3.amazonaws.com."
-  value       = module.log_bucket.s3_bucket_bucket_domain_name
-}
-
-output "s3_bucket_bucket_regional_domain_name" {
-  description = "The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL."
-  value       = module.log_bucket.s3_bucket_bucket_regional_domain_name
-}
-
-output "s3_bucket_hosted_zone_id" {
-  description = "The Route 53 Hosted Zone ID for this bucket's region."
-  value       = module.log_bucket.s3_bucket_hosted_zone_id
-}
-
-output "s3_bucket_lifecycle_configuration_rules" {
-  description = "The lifecycle rules of the bucket, if the bucket is configured with lifecycle rules. If not, this will be an empty string."
-  value       = module.log_bucket.s3_bucket_lifecycle_configuration_rules
-}
-
-output "s3_bucket_policy" {
-  description = "The policy of the bucket, if the bucket is configured with a policy. If not, this will be an empty string."
-  value       = module.log_bucket.s3_bucket_policy
-}
-
-output "s3_bucket_region" {
-  description = "The AWS region this bucket resides in."
-  value       = module.log_bucket.s3_bucket_region
-}
-
-output "s3_bucket_website_endpoint" {
-  description = "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string."
-  value       = module.log_bucket.s3_bucket_website_endpoint
-}
-
-output "s3_bucket_website_domain" {
-  description = "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. "
-  value       = module.log_bucket.s3_bucket_website_domain
-}
diff --git a/examples/china-log-bucket-failure/variables.tf b/examples/china-log-bucket-failure/variables.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/examples/china-log-bucket-failure/versions.tf b/examples/china-log-bucket-failure/versions.tf
deleted file mode 100644
index 629d346a..00000000
--- a/examples/china-log-bucket-failure/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 0.13.1"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.9"
-    }
-    random = {
-      source  = "hashicorp/random"
-      version = ">= 2.0"
-    }
-  }
-}