Write Upgrade Guide for AWS Provider v4. (#491)

Co-authored-by: Yevgeniy Brikman <[email protected]>
Co-authored-by: Eugene K <[email protected]>
Co-authored-by: docs-sourcer[bot] <99042413+docs-sourcer[bot]@users.noreply.github.com>

Author: 4 people

_docs-sources/guides/stay-up-to-date/index.md

@@ -40,6 +40,10 @@ href="/guides/stay-up-to-date/terraform/terraform-1.1"
   title="Update to Terraform 12"
   href="/guides/stay-up-to-date/terraform/terraform-12"
   />
+<Card
+  title="Update to Version 4 of the Terraform provider"
+  href="/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v4"
+  />
 <Card
   title="Update to Version 3 of the Terraform provider"
   href="/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v3"

_docs-sources/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v4/core-concepts.md

@@ -0,0 +1,13 @@
+# Core Concepts
+
+Version [v4.0.0](https://github.com/terraform-providers/terraform-provider-aws/releases/tag/v4.0.0)
+of the Terraform AWS provider was released on February 10th 2022 with backward incompatible updates. Following the 
+provider release cycle, future releases from this point onward would only be compatible with 4.X. This means that if 
+you wish to use any new resources or data sources that are released from this point onwards, you will need to be 
+compatible with version 4 of the AWS provider to be able to pull those changes in.
+
+Originally v4 was a backward incompatible update, but since v4.9.0, released April 7th 2022, it has become backward
+compatible. When bumping your versions, HashiCorp recommends using a version v4.9.0 or newer. For your own code, 
+you can follow [the official guide](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade)
+on updating to AWS provider version 4. The rest of this guide will focus on updating references to Gruntwork 
+modules and the Gruntwork Reference Architecture to be compatible with AWS provider version 4.

_docs-sources/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v4/deployment-walkthrough.md

@@ -0,0 +1,140 @@
+# Deployment walkthrough
+
+## Updating references to Gruntwork Infrastructure as Code Library
+
+In order to take advantage of the Terraform AWS provider version 4, you need to update your references to the Gruntwork
+Infrastructure as Code Library to use a compatible version. We (Gruntwork) have gone through all our modules in the
+library to test and update the code to be compatible with AWS provider version 4. As a customer, you need to update to
+the proper versions of the Gruntwork library to pick up the fixes/changes that were made to be compatible. Be sure to
+read the release notes to know what changes need to be made to update to that version.
+
+Refer to our guide on ["Updating to new versions"](/guides/working-with-code/versioning#updating-to-new-versions)
+for instructions on how to update the versions in your code.
+
+The following table lists the versions of relevant Gruntwork AWS IaC library modules and Service Catalogs which are
+compatible with AWS provider version 4. Since the AWS provider version 3 upgrade, we have sunsetted some of our module 
+repos. They have not been updated and are not listed below. Please visit the repo READMEs to see our recommendations
+for alternatives to those modules.
+
+:::caution
+
+Gruntwork follows [semantic versioning](/guides/working-with-code/versioning#semantic-versioning).
+For pre-1.0 modules, version updates to the _minor_ version are considered backward incompatible releases. Make sure to
+read the release notes for the relevant modules anytime you are updating minor versions! For example, if you are going
+from `v0.5.x` to `v0.9.x`, read the notes for `v0.6.0`, `v0.7.0`, `v0.8.0`, and `v0.9.0` to get the migration steps for
+all backward incompatible updates in your upgrade path.
+
+:::
+
+## Version Compatibility table
+
+<table>
+<colgroup>
+<col />
+<col />
+</colgroup>
+<tbody>
+<tr className="odd">
+<td><p><strong>Gruntwork Repo</strong></p></td>
+<td><p><strong>Minimum version with AWS Provider v4 support</strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-utilities</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-utilities/releases/tag/v0.9.0">v0.9.0</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-vpc</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-vpc/releases/tag/v0.22.0">v0.22.0</a></strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-asg</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-asg/releases/tag/v0.19.0">v0.19.0</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-server</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-server/releases/tag/v0.15.0">v0.15.0</a></strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-lambda</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-lambda/releases/tag/v0.20.0">v0.20.0</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-security</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-security/releases/tag/v0.65.0">v0.65.0</a></strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-load-balancer</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/releases/tag/v0.29.0">v0.29.0</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-data-storage</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-data-storage/releases/tag/v0.24.0">v0.24.0</a></strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-cache</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-cache/releases/tag/v0.18.0">v0.18.0</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-messaging</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-messaging/releases/tag/v0.9.0">v0.9.0</a></strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-static-assets</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-static-assets/releases/tag/v0.15.0">v0.15.0</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-monitoring</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-monitoring/releases/tag/v0.34.1">v0.34.1</a></strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-openvpn</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-openvpn/releases/tag/v0.24.0">v0.24.0</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-ecs</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-ecs/releases/tag/v0.34.0">v0.34.0</a></strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-ci</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-ci/releases/tag/v0.48.0">v0.48.0</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-eks</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v0.53.0">v0.53.0</a></strong></p></td>
+</tr>
+<tr className="even">
+<td><p>terraform-aws-service-catalog</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.96.1">v0.96.1</a></strong></p></td>
+</tr>
+<tr className="odd">
+<td><p>terraform-aws-cis-service-catalog</p></td>
+<td><p><strong><a href="https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.41.0">v0.41.0</a></strong></p></td>
+</tr>
+</tbody>
+</table>
+
+## Update the Gruntwork Reference Architecture to AWS Provider v4
+
+If you purchased the Gruntwork Reference Architecture, update the relevant code in `infrastructure-live` to use a 
+compatible version of the Gruntwork Infrastructure as Code Library, as per 
+[the compatibility table](#version-compatibility-table) above.
+
+To update your Reference Architecture:
+
+1. Update the underlying module source versions being referenced. 
+    - We recommend using tools like `ripgrep`, `xargs`, and `sed` to accomplish this.
+    - E.g.: `rg v0.95.0 --files-with-matches | xargs sed -i '' "s|v0.95.0|v0.96.1|g"`. This command finds and replaces
+      all instances of `v0.95.0` with `v0.96.1` in your repo. Double-check all your changes before committing them to 
+      version control.
+    - If you are several minors behind, please follow the migration guide for each minor version bump. Use the 
+      find-and-replace command to bump one minor version at a time.
+    - Update the underlying Service Catalog versions, and also any one-off library module versions as well. You
+      can accomplish this by grepping for each of the repos in the table above.
+1. Run `terraform init -upgrade` to allow Terraform to pull in the latest provider version. Without the `-upgrade` flag
+   the `3.75.X` version of the provider will be used instead. The `-upgrade` flag allows unlocking the provider
+   restriction enforced in `terraform.lock.hcl`, in the module folder.
+1. Follow up with `terraform plan`. NOTE: The provider update creates and updates resources. You will see changes in 
+   the `plan`. These should be safe to `apply`, but always double-check anything slated for destruction.
+1. Then run `terraform apply` to bring Terraform state in sync with the provider changes. 
+
+If you have any questions, we'd love to hear them. Please reach out to <a href="mailto:[email protected]">Gruntwork Support</a>.

_docs-sources/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v4/index.md

@@ -0,0 +1,26 @@
+# Upgrade to AWS Provider v4
+
+This guide will walk you through how to update the [Gruntwork Reference
+Architecture](https://gruntwork.io/reference-architecture/) and any code that depends on the
+[Gruntwork Infrastructure as Code Library](https://gruntwork.io/infrastructure-as-code-library/) to version 4.x of the
+Terraform AWS provider. Following the release of v4.0.0, new features and bug fixes will only be available on version
+4.x, but it also has a number of backward incompatibilities that have to be incorporated into your codebase.
+
+## What you’ll learn in this guide
+
+This guide consists of two main sections:
+
+<div className="dlist">
+
+#### [Core Concepts](core-concepts.md)
+
+An overview of version 4 of the AWS provider and why it is important to update your code for compatibility.
+
+#### [Deployment walkthrough](deployment-walkthrough.md)
+
+The steps you need to take to update your code relying on the Gruntwork Infrastructure as Code library and your 
+version of the Gruntwork Reference Architecture with compatibility with AWS provider v4. Includes a [version
+compatibility table](deployment-walkthrough.md#version-compatibility-table) you can use as a reference to know
+which Gruntwork Repo version tag is compatible with AWS provider v4.
+
+</div>

_docs-sources/guides/working-with-code/versioning.md

@@ -3,43 +3,92 @@
 ## Versioning
 
 All of the code in the Gruntwork Infrastructure as Code Library is _versioned_. Every time we make a change, we put out a new
-versioned release, and announce it in the monthly
+versioned release, and announce it in the periodical
 [Gruntwork Newsletter](https://blog.gruntwork.io/tagged/gruntwork-newsletter).
 
-![An example of all the versioned updates announced in the monthly Gruntwork Newsletter](/img/guides/stay-up-to-date/newsletter.png)
+![An example of all the versioned updates announced in the Gruntwork Newsletter](/img/guides/stay-up-to-date/newsletter.png)
 
 ### Pinned Versions
 
-When you use the code from the Gruntwork Infrastructure as Code Library, you pin
-yourself to a specific version of the code. That way, you are not accidentally affected by any subsequent changes in
-the Gruntwork Infrastructure as Code Library until you explicitly choose to pull those changes in. And when you do want to pull the
-changes in, it’s just a matter of bumping the version number!
+When you use the code from the Gruntwork IaC Library, you pin yourself to a specific version of the code. That way 
+you are not accidentally affected by any subsequent changes in the Gruntwork IaC Library until you explicitly choose to
+pull those changes in. When you do want to pull the changes in, be sure to read through the release notes for any 
+migration steps you need to take and then bump the version number accordingly.
 
 ### Semantic Versioning
 
 We use version numbers of the form `MAJOR.MINOR.PATCH` (e.g., `1.2.3`), following the principles of
 _[semantic versioning](https://semver.org)_. In traditional semantic versioning, you increment the:
 
-1. MAJOR version when you make incompatible API changes,
-2. MINOR version when you add functionality in a backwards compatible manner, and
-3. PATCH version when you make backwards compatible bug fixes.
+1. MAJOR version when you make backward incompatible API changes,
+2. MINOR version when you add functionality in a backward compatible manner, and
+3. PATCH version when you make backward compatible bug fixes.
 
-However, much of the Gruntwork Infrastructure as Code Library is still not at version `1.0.0`. Most of the Gruntwork Infrastructure as Code Library is using `0.MINOR.PATCH` version numbers. With `0.MINOR.PATCH`, the rules are a bit different, where you increment the:
+However, much of the Gruntwork IaC Library is still pre-`1.0.0`. Most of the Gruntwork IaC Library uses 
+`0.MINOR.PATCH` version numbers. With `0.MINOR.PATCH`, the rules are a bit different, where you increment the:
 
-1. MINOR version when you make incompatible API changes
-2. PATCH version when you add backwards compatible functionality or bug fixes.
+1. MINOR version when you make backward incompatible API changes, and
+2. PATCH version when you add backward compatible functionality or bug fixes.
+
+### What changes are backward incompatible?
+
+In the world of DevOps, we've inherited our view of toil, and that continues to describe what DevOps engineers expect 
+as part of their daily grunt work. However with IaC, we can liberate ourselves from that thinking and automate more of 
+the toil than before, and as automation and infrastructure APIs improve, we can expect much more of DevOps grunt work 
+to become automated. What we think of as necessary toil is constantly evolving, so how we define our releases (i.e., 
+backward compatible or not) is also subject to this evolution.
+
+We (Gruntwork) currently consider the following types of updates backward incompatible:
+
+1. Any update that requires some toil by the user. This is a moving target. At the moment, actions like bumping a
+version number are not considered toil, but actions like running migration steps that modify Terraform state are
+considered toil. In the near future, bumping a version number could be toil, and we are working to remove the need
+for users to do that.
+
+2. Any update that requires configuration changes by the user. When we release a new MINOR version in pre-`1.0.0`, we 
+include a migration guide with explicit steps you can take to resolve the backward incompatibilities, such that the 
+update becomes backward compatible for you. 
+
+3. Any update that incurs downtime for you. This includes changes that require recreating a resource that may be in 
+use. Even if the update attempts to first create the new resource and then destroy the existing resource, the order of
+apply may not be guaranteed, and there could still be downtime during the hand-off.
+
+4. Most updates that destroy resources. There are some cases where destroying resources is necessary and will not incur 
+downtime, such as `null_resource`s that only exist as a stop-gap for something missing in the AWS API or the Terraform
+AWS provider API.
+
+We try to err on the side of caution. Sometimes we release an update as MINOR even if it is functionally backward 
+compatible. For example, the [AWS Provider v4 update](/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v4)
+requires no configuration changes in Gruntwork module usage. It requires unlocking the provider version maintained in 
+the `terraform.lock.hcl` file, which makes it somewhat backward incompatible. Additionally it may still require you to 
+update any infrastructure code which does not use Gruntwork modules. Because this upgrade requires some vigilance, we 
+released it as a MINOR version increase to signal importance.
+
+We're working to provide automatic resolution with patches, i.e., scripts that you can run when bumping your versions,
+so that `terraform plan` and `terraform apply` result in clean updates. These releases would still be considered
+backward incompatible because they require running a patch, could cause downtime, or could change resources 
+significantly.
 
 ## Updating to new versions
 
+:::caution
+
+In general, update one MINOR at a time, paying close attention to the release notes for migration steps. A MINOR 
+version number increase (e.g., `v0.18.0` → `v0.19.0`) signals a backward incompatible change, and the release 
+notes will contain a migration guide explaining what you need to do (e.g., update the configuration by adding, 
+removing, or changing variables you pass to the module).
+
+:::
+
 Follow the steps below to keep your code up to date:
 
-1.  Make sure you're following our monthly [Gruntwork Newsletter](https://blog.gruntwork.io/tagged/gruntwork-newsletter) to be notified
-    of all updates to the Gruntwork Infrastructure as Code Library. Alternatively, you can "watch" repos in GitHub that you’re
-    interested in.
+1.  Make sure you're following our [Gruntwork Newsletter](https://blog.gruntwork.io/tagged/gruntwork-newsletter)
+    to be notified of all updates to the Gruntwork IaC Library. Alternatively, you can watch repos in GitHub that 
+    you’re interested in. If you use the Reference Architecture, you could watch the Service Catalog repos.
 
-2.  When you find an update you’d like for a specific module, update any code using that module in
-    `infrastructure-modules` to the new version number. For example, if you were using `terraform-aws-vpc` at `v0.18.5` and you
-    wanted to update to `v0.7.3`, you would change from:
+2.  When you find an update you’d like for a specific module, update module sources referencing that module in your 
+    Terraform code to the new version number. For example, if you were using `terraform-aws-vpc` at `v0.18.5` and you
+    wanted to update to `v0.18.6`, you would change from:
 
     ```hcl
     module "vpc" {
@@ -57,11 +106,12 @@ Follow the steps below to keep your code up to date:
     }
     ```
 
-3.  Pay close attention to the release notes for any additional instructions. In particular, if the MINOR version number
-    was increased (e.g., `v0.18.0` → `v0.19.0`), that implies a backwards incompatible change, and the release notes will
-    explain what you need to do (e.g., you might have to add, remove, or change arguments you pass to the module).
+    One way you can do this quickly is by stringing together commands using `ripgrep`, `xargs`, and `sed`, or any other
+    method that allows find-and-replace operations within a directory.
 
-4.  Test your changes locally. You do this using the same process outlined in [Manual tests for Terraform code](/intro/first-deployment/testing#manual-tests-for-terraform-code) and
+3.  Optionally, test your changes locally. Use the same process outlined in 
+    [Manual tests for Terraform code](/intro/first-deployment/testing#manual-tests-for-terraform-code) and
     [Automated tests for Terraform code](/intro/first-deployment/testing#automated-tests-for-terraform-code).
 
-5.  Deploy your changes to each environment. You do this using the same process outlined in [Deploying Terraform code](#deploy_terraform).
+4.  Deploy your changes to each environment. Use `terraform plan` to sanity-check the changes before `terraform apply`.
+    Use the same process outlined in [Deploying Terraform code](#deploy_terraform).

docs/guides/stay-up-to-date/index.md

@@ -40,6 +40,10 @@ href="/guides/stay-up-to-date/terraform/terraform-1.1"
   title="Update to Terraform 12"
   href="/guides/stay-up-to-date/terraform/terraform-12"
   />
+<Card
+  title="Update to Version 4 of the Terraform provider"
+  href="/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v4"
+  />
 <Card
   title="Update to Version 3 of the Terraform provider"
   href="/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v3"
@@ -78,6 +82,6 @@ href="/guides/stay-up-to-date/terraform/terraform-1.1"
 <!-- ##DOCS-SOURCER-START
 {
   "sourcePlugin": "local-copier",
-  "hash": "6108197b36342bbac59c8d32d9e3dfbb"
+  "hash": "fcfce8df9f087e34a129afd5575e6df1"
 }
 ##DOCS-SOURCER-END -->

docs/guides/stay-up-to-date/terraform/how-to-update-to-aws-provider-v4/_category_.json

@@ -0,0 +1,3 @@
+{
+  "label": "Update to version 4 of the Terraform AWS Provider"
+}