Migrate to AWS provider v4

[rstml]

what

• Replace s3 resources with the latest version of cloudposse/s3_bucket module
• Upgrade AWS provider to V4

why

• Support latest version of AWS provider V4

references

• https://github.com/cloudposse/terraform-aws-tfstate-backend/pull/113#pullrequestreview-929629524
• resolves #111
• overrides #113

migration

@Nuru 's comment above requests inclusion of the explicit warnings about potential data loss. However, I'm not sure where to include it. Also, it'd be only relevant to tfstate bucket since log bucket's force_destroy isn't set by this module.

mfa_delete option was also removed because it's not supported in downstream s3-bucket module.

I managed to migrate existing states simply by renaming modules:

% terraform state mv 'module.tfstate.aws_s3_bucket.default[0]' 'module.tfstate.module.tfstate_s3_bucket.aws_s3_bucket.default[0]'
% terraform state mv 'module.tfstate.aws_s3_bucket_public_access_block.default[0]' 'module.tfstate.module.tfstate_s3_bucket.aws_s3_bucket_public_access_block.default[0]'

Haven't tested replication.

[sudoforge]

Any chance this could get looked at, Cloudposse?

[mgerlach]

Can this be looked at, please? I think many users are forced to stay with AWS Provider v3 until tfstate backend supports v4 and are waiting for this...

[nitrocode]

/test all

[nitrocode]

I skimmed over the code and it looks OK to me. Let's make sure it passes the tests.

I'd like to see a plan of version 0.38.1 vs the changes in this PR. I wonder if we need a migration guide for this ? cc: @Nuru

[osterman]

We also should be graduating this module to 1.0 ASAP.

[rstml]

any update on this?

[sudoforge]

Well, it failed the bridgecrew and terratest status checks:

• bridgecrew's details page is private and i cannot view the details
• the test/terratest action failed due to a missing go.sum entry for a golang module.

The test/terratest action failure is due to commit dfdcbb336d62b430bc2a810f69d5aff37c4d94ac (tag: 0.31.0) changing the go.mod version, but not updating the go.sum file:

/tmp/tmp.HFcF1wBKsb [ master ]
➜ git show dfdcbb336d6 -- test/src/go.mod test/src/go.sum
commit dfdcbb336d62b430bc2a810f69d5aff37c4d94ac (tag: 0.31.0)
Author: Maxim Mironenko <maxim@cloudposse.com>
Date:   Sat Jan 30 21:29:44 2021 +0700

    Bc compliance (#81)

    * workflows updated

    * readme updated, BC compliance checks fixed

diff --git a/test/src/go.mod b/test/src/go.mod
index f54cc98..c33d042 100644
--- a/test/src/go.mod
+++ b/test/src/go.mod
@@ -3,6 +3,6 @@ module github.com/cloudposse/terraform-aws-tfstate-backend
 go 1.14

 require (
-   github.com/gruntwork-io/terratest v0.30.23
+   github.com/gruntwork-io/terratest v0.31.4
    github.com/stretchr/testify v1.6.1
 )

[nitrocode]

Once PR https://github.com/cloudposse/terraform-aws-tfstate-backend/pull/116 is merged, this PR branch can be updated to fix the tests.

Edit: It's merged. Please update this PR and I will rerun the tests.

Edit: I merged this repo's default branch into your PR branch.

[nitrocode]

/test all

[nitrocode]

Ok so tests are passed. Once this is good to go, just like Erik mentioned, we'll have to release this as a 1.x module version.

To do that, let's do the following (correct me if I'm mistaken).

1. Please address unresolved comments
2. We will rerun the tests
3. Correct tests if they break
4. Setup a local module tfstate backend using the current release version 0.38.1
5. Apply 0.38.1
6. Change the source of the module to this PR branch rstml:master
7. Plan rstml:master (future 1.x)
8. Ensure we can keep the persist the same functionality of the current 0.38.1 in the new 1.x version
9. Create a migration document in docs/ to go from 0.38.1 -> latest 1.x
10. Link the migration document from the README.yaml
11. Wait for more feedback from us
12. Resolve feedback
13. Merge

[Yuriy6735]

Are there any updates?

[rstml]

I didn't have time to incorporate @nitrocode 's changes yet. Maybe later this week.

[mouzerlol]

Any updates on the progress?