chore: Update Terraform minimum version to 1.12 #9
Description
Terraform Version Update
Current State
- Current Minimum Version: 1.6
- Target Version: 1.12.2 (latest stable)
- Affected Modules: All modules (account, organization, organizational-unit, ram-share, sso-access-control-attributes, sso-account-assignment, sso-permission-set)
Major Changes ⚠️
1.6 -> 1.7
New Features:
- New
removedblock for module refactoring - allows module authors to specify when a resource/module has been removed - Enhanced Terraform Test capabilities with mocking for providers, modules, resources, and data sources
- Import block improvements with
for_eachsupport
Breaking Changes:
- S3 Backend:
use_legacy_workflownow defaults tofalse- backend will search for credentials in the same order as the default provider chain in AWS SDKs (this argument is deprecated)
Important for AWS modules:
- Improved credential handling for S3 backend affects state management
- New testing capabilities can improve module reliability
1.7 -> 1.8
New Features:
- Provider Functions - providers can now offer custom functions callable in configurations with syntax
provider::provider_name::function_name() - Remote Object Ownership Transfer between different resource types
- New
issensitive()function to check if a value is marked as sensitive
Enhancements:
- Import configuration generation improvements with JSON syntax detection
- Enhanced plan presentation with more granular diff display for lists
- Terraform Test improvements with file-level variables referencing global variables
Impact on AWS modules:
- Better sensitive value handling
- Improved import workflows for AWS resources
1.8 -> 1.9
New Features:
- Enhanced Input Variable Validation - validation rules can now refer to other objects in the same module
- New
templatestringfunction for dynamically rendering templates
Performance Improvements:
- Graph building optimizations for large configurations
- Reduced state copying for better performance with large resource sets
Breaking Changes:
- Terraform test files: Provider version constraints must now be in main configuration, not in .tftest.hcl files
- Import behavior: Invalid import blocks pointing to non-existent modules will now raise errors
1.9 -> 1.10
New Features:
- Ephemeral Resources and Values - resources that are read during each Terraform evaluation
- Ephemeral input variables and outputs
- New
ephemeralasnull()function
Breaking Changes:
- S3 backend: Removed deprecated IAM role attributes
- Backend changes: Deprecated
-stateflag with warning to uselocalbackend path attribute - Configuration parsing: Moved blocks now respect reserved keywords
Performance:
- Resource evaluation performance enhancements
- Improved import block validation
Impact on AWS modules:
- S3 backend configuration may need updates
- Ephemeral resources can improve dynamic AWS resource handling
1.10 -> 1.11
New Features:
- Write-only Attributes for Resources - providers can specify attributes that are not persisted in state
- S3 native state locking is now generally available
- JUnit XML reporting for Terraform test
- Enhanced test mocking capabilities
Deprecations:
- DynamoDB-related arguments for state locking (superseded by S3 native locking)
Impact on AWS modules:
- Improved state locking with S3 native support
- Write-only attributes can enhance security for sensitive AWS resources
1.11 -> 1.12
New Features:
- Enhanced import blocks with new identity attribute support
- Terraform test parallelism control with
-parallelism=noption - OCI Object Storage backend implementation
System Requirements:
⚠️ Linux kernel 3.2 or later now required on Linux systems
Language Improvements:
- Logical binary operators can now short-circuit
- Enhanced test execution with detailed diagnostic objects
Required Changes
- Update
versions.tfminimum version from>= 1.6to>= 1.12in all modules:-
modules/account/versions.tf -
modules/organization/versions.tf -
modules/organizational-unit/versions.tf -
modules/ram-share/versions.tf -
modules/sso-access-control-attributes/versions.tf -
modules/sso-account-assignment/versions.tf -
modules/sso-permission-set/versions.tf
-
- Review and update S3 backend configurations if using deprecated IAM role attributes
- Update any test configurations to move provider version constraints to main configuration
- Test all modules with Terraform 1.12.2
- Update documentation with new minimum version requirement
- Consider leveraging new features:
- Evaluate ephemeral resources for dynamic AWS resource management
- Consider write-only attributes for sensitive AWS configurations
- Upgrade test suites to use enhanced testing capabilities
Migration Guide
Step 1: Update Version Constraints
Update all modules/*/versions.tf files to change:
terraform {
required_version = ">= 1.6"
# ...
}to:
terraform {
required_version = ">= 1.12"
# ...
}Step 2: Review Backend Configuration
If using S3 backend with deprecated IAM role attributes, update configuration to use the new credential chain approach.
Step 3: Update Test Files
Move any provider version constraints from .tftest.hcl files to main configuration files.
Step 4: Validation
- Run
terraform initto ensure compatibility - Run
terraform planwith existing configurations - Execute
terraform testif tests are available - Verify all modules work with AWS provider
Step 5: Documentation
Update README files and documentation to reflect the new minimum Terraform version requirement.
Benefits of Upgrading
- Enhanced testing capabilities with mocking and improved test execution
- Better performance with graph building and resource evaluation optimizations
- Improved AWS integration with S3 native state locking
- Enhanced security with write-only attributes and better sensitive value handling
- Future-proofing with support for ephemeral resources and modern Terraform features