From e18570a206ef6b0df9cc9f8327916077fe9c093c Mon Sep 17 00:00:00 2001
From: rpoluri <38321430+rpoluri@users.noreply.github.com>
Date: Mon, 1 Mar 2021 09:41:49 -0600
Subject: [PATCH] Feature/tf format (#184)

* terraform fmt

* configure required providers

* update changelog

Co-authored-by: Raj Poluri <rpoluri@expediagroup.com>
---
 .gitignore                        |  1 +
 CHANGELOG.md                      |  5 +++
 cloudwatch.tf                     | 26 ++++++-------
 common.tf                         | 12 +++---
 db.tf                             | 44 +++++++++++-----------
 ecs-service-discovery.tf          | 20 +++++-----
 ecs.tf                            | 62 +++++++++++++++----------------
 iam-cross-account-client-roles.tf |  4 +-
 iam-policy-cloudwatch.tf          |  4 +-
 iam-policy-glue.tf                |  2 +-
 iam-policy-rds.tf                 |  8 ++--
 iam-policy-s3-buckets.tf          | 16 ++++----
 iam-policy-secretsmanager.tf      |  8 ++--
 iam-policy-sns.tf                 |  2 +-
 iam.tf                            | 12 +++---
 k8s-readonly.tf                   | 18 ++++-----
 k8s-readwrite.tf                  | 22 +++++------
 k8s-secrets.tf                    |  2 +-
 lb.tf                             | 36 +++++++++---------
 route53.tf                        | 24 ++++++------
 s3-other.tf                       |  2 +-
 s3.tf                             |  6 +--
 secretsmanager.tf                 | 20 +++++-----
 sg.tf                             |  8 ++--
 templates.tf                      |  4 +-
 version.tf                        |  8 +++-
 vpc-endpoint-service.tf           |  8 ++--
 27 files changed, 198 insertions(+), 186 deletions(-)

diff --git a/.gitignore b/.gitignore
index a18f5b0..ddd08a6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,6 +46,7 @@ terraform.tfstate.backup
 *.plan
 terraform.tfstate
 .terraform.tfstate.lock.info
+.terraform.lock.hcl
 
 # Netbeans files
 nbactions.xml
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 21005bc..458b70f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [6.7.3] - 2021-03-01
+### Changed
+- Terraform 0.12+ formatting.
+- Add required version(1.x) for kubernetes provider,to fix issues with 2.x provider.
+
 ## [6.7.2] - 2021-01-04
 ### Fixed
 - Fix colliding Grafana dashboard names for multiple Apiary instances.
diff --git a/cloudwatch.tf b/cloudwatch.tf
index 6918d96..8b8a554 100644
--- a/cloudwatch.tf
+++ b/cloudwatch.tf
@@ -5,7 +5,7 @@
  */
 
 data "template_file" "s3_widgets" {
-  count = "${length(local.schemas_info)}"
+  count = length(local.schemas_info)
 
   template = <<EOF
        {
@@ -92,7 +92,7 @@ EOF
 }
 
 data "template_file" "ecs_widgets" {
-  count = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count = var.hms_instance_type == "ecs" ? 1 : 0
 
   template = <<EOF
        {
@@ -129,7 +129,7 @@ EOF
 }
 
 data "template_file" "nlb_widgets" {
-  count = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count = var.hms_instance_type == "ecs" ? 1 : 0
 
   template = <<EOF
        {
@@ -262,7 +262,7 @@ locals {
     },
   ]
 
-  ecs_cluster_name = "${join("", aws_ecs_cluster.apiary.*.name)}"
+  ecs_cluster_name = join("", aws_ecs_cluster.apiary.*.name)
 
   dimensions = [
     {
@@ -288,18 +288,18 @@ locals {
 }
 
 resource "aws_cloudwatch_metric_alarm" "apiary_alert" {
-  count               = "${var.hms_instance_type == "ecs" ? length(local.alerts) : 0}"
-  alarm_name          = "${lookup(local.alerts[count.index], "alarm_name")}"
-  comparison_operator = "${lookup(local.alerts[count.index], "comparison_operator", "GreaterThanOrEqualToThreshold")}"
-  metric_name         = "${lookup(local.alerts[count.index], "metric_name")}"
-  namespace           = "${lookup(local.alerts[count.index], "namespace")}"
-  period              = "${lookup(local.alerts[count.index], "period", "120")}"
-  evaluation_periods  = "${lookup(local.alerts[count.index], "evaluation_periods", "2")}"
+  count               = var.hms_instance_type == "ecs" ? length(local.alerts) : 0
+  alarm_name          = lookup(local.alerts[count.index], "alarm_name")
+  comparison_operator = lookup(local.alerts[count.index], "comparison_operator", "GreaterThanOrEqualToThreshold")
+  metric_name         = lookup(local.alerts[count.index], "metric_name")
+  namespace           = lookup(local.alerts[count.index], "namespace")
+  period              = lookup(local.alerts[count.index], "period", "120")
+  evaluation_periods  = lookup(local.alerts[count.index], "evaluation_periods", "2")
   statistic           = "Average"
-  threshold           = "${lookup(local.alerts[count.index], "threshold")}"
+  threshold           = lookup(local.alerts[count.index], "threshold")
 
   #alarm_description         = "This metric monitors apiary ecs ec2 cpu utilization"
   insufficient_data_actions = []
-  dimensions                = "${local.dimensions[count.index]}"
+  dimensions                = local.dimensions[count.index]
   alarm_actions             = ["${aws_sns_topic.apiary_ops_sns.arn}"]
 }
diff --git a/common.tf b/common.tf
index 68f0b57..c5a52ae 100644
--- a/common.tf
+++ b/common.tf
@@ -5,7 +5,7 @@
  */
 
 locals {
-  instance_alias                   = "${var.instance_name == "" ? "apiary" : format("apiary-%s", var.instance_name)}"
+  instance_alias                   = var.instance_name == "" ? "apiary" : format("apiary-%s", var.instance_name)
   apiary_bucket_prefix             = "${local.instance_alias}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
   apiary_assume_role_bucket_prefix = [for assumerole in var.apiary_assume_roles : "${local.instance_alias}-${data.aws_caller_identity.current.account_id}-${lookup(assumerole, "allow_cross_region_access", false) ? "*" : data.aws_region.current.name}"]
   enable_route53_records           = var.apiary_domain_name == "" ? false : true
@@ -23,11 +23,11 @@ locals {
     schema)
   ]
 
-  gluedb_prefix                   = "${var.instance_name == "" ? "" : "${var.instance_name}_"}"
+  gluedb_prefix                   = var.instance_name == "" ? "" : "${var.instance_name}_"
   cw_arn                          = "arn:aws:swf:${var.aws_region}:${data.aws_caller_identity.current.account_id}:action/actions/AWS_EC2.InstanceId.Reboot/1.0"
   assume_allowed_principals       = split(",", join(",", [for role in var.apiary_assume_roles : join(",", [for principal in role.principals : replace(principal, "/:role.*/", ":root")])]))
   producer_allowed_principals     = split(",", join(",", values(var.apiary_producer_iamroles)))
-  final_atlas_cluster_name        = "${var.atlas_cluster_name == "" ? local.instance_alias : var.atlas_cluster_name}"
+  final_atlas_cluster_name        = var.atlas_cluster_name == "" ? local.instance_alias : var.atlas_cluster_name
   s3_inventory_prefix             = "EntireBucketDaily"
   s3_inventory_bucket             = var.s3_enable_inventory ? "${local.apiary_bucket_prefix}-s3-inventory" : ""
   create_sqs_data_event_queue     = contains([for schema in local.schemas_info : lookup(schema, "enable_data_events_sqs", "0")], "1") ? true : false
@@ -54,11 +54,11 @@ data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
 
 data "aws_vpc" "apiary_vpc" {
-  id = "${var.vpc_id}"
+  id = var.vpc_id
 }
 
 data "aws_route53_zone" "apiary_zone" {
   count  = local.enable_route53_records ? 1 : 0
-  name   = "${var.apiary_domain_name}"
-  vpc_id = "${var.vpc_id}"
+  name   = var.apiary_domain_name
+  vpc_id = var.vpc_id
 }
diff --git a/db.tf b/db.tf
index 72664e7..f8616b8 100644
--- a/db.tf
+++ b/db.tf
@@ -5,19 +5,19 @@
  */
 
 resource "aws_db_subnet_group" "apiarydbsg" {
-  count       = "${var.external_database_host == "" ? 1 : 0}"
+  count       = var.external_database_host == "" ? 1 : 0
   name        = "${local.instance_alias}-dbsg"
   subnet_ids  = var.private_subnets
   description = "Apiary DB Subnet Group"
 
-  tags = "${merge(map("Name", "Apiary DB Subnet Group"), var.apiary_tags)}"
+  tags = merge(map("Name", "Apiary DB Subnet Group"), var.apiary_tags)
 }
 
 resource "aws_security_group" "db_sg" {
-  count  = "${var.external_database_host == "" ? 1 : 0}"
+  count  = var.external_database_host == "" ? 1 : 0
   name   = "${local.instance_alias}-db"
-  vpc_id = "${var.vpc_id}"
-  tags   = "${var.apiary_tags}"
+  vpc_id = var.vpc_id
+  tags   = var.apiary_tags
 
   ingress {
     from_port   = 0
@@ -31,7 +31,7 @@ resource "aws_security_group" "db_sg" {
     from_port   = 3306
     to_port     = 3306
     protocol    = "tcp"
-    cidr_blocks = "${var.ingress_cidr}"
+    cidr_blocks = var.ingress_cidr
   }
 
   egress {
@@ -44,28 +44,28 @@ resource "aws_security_group" "db_sg" {
 }
 
 resource "random_id" "snapshot_id" {
-  count       = "${var.external_database_host == "" ? 1 : 0}"
+  count       = var.external_database_host == "" ? 1 : 0
   byte_length = 8
 }
 
 resource "random_string" "db_master_password" {
-  count   = "${var.external_database_host == "" ? 1 : 0}"
+  count   = var.external_database_host == "" ? 1 : 0
   length  = 16
   special = false
 }
 
 resource "aws_rds_cluster" "apiary_cluster" {
-  count                               = "${var.external_database_host == "" ? 1 : 0}"
+  count                               = var.external_database_host == "" ? 1 : 0
   cluster_identifier                  = "${local.instance_alias}-cluster"
-  database_name                       = "${var.apiary_database_name}"
-  master_username                     = "${var.db_master_username}"
-  master_password                     = "${random_string.db_master_password[0].result}"
-  backup_retention_period             = "${var.db_backup_retention}"
-  preferred_backup_window             = "${var.db_backup_window}"
-  preferred_maintenance_window        = "${var.db_maintenance_window}"
-  db_subnet_group_name                = "${aws_db_subnet_group.apiarydbsg[0].name}"
+  database_name                       = var.apiary_database_name
+  master_username                     = var.db_master_username
+  master_password                     = random_string.db_master_password[0].result
+  backup_retention_period             = var.db_backup_retention
+  preferred_backup_window             = var.db_backup_window
+  preferred_maintenance_window        = var.db_maintenance_window
+  db_subnet_group_name                = aws_db_subnet_group.apiarydbsg[0].name
   vpc_security_group_ids              = compact(concat(list(aws_security_group.db_sg[0].id), var.apiary_rds_additional_sg))
-  tags                                = "${var.apiary_tags}"
+  tags                                = var.apiary_tags
   final_snapshot_identifier           = "${local.instance_alias}-cluster-final-${random_id.snapshot_id[0].hex}"
   iam_database_authentication_enabled = true
   apply_immediately                   = var.db_apply_immediately
@@ -76,13 +76,13 @@ resource "aws_rds_cluster" "apiary_cluster" {
 }
 
 resource "aws_rds_cluster_instance" "apiary_cluster_instance" {
-  count                = "${var.external_database_host == "" ? var.db_instance_count : 0}"
+  count                = var.external_database_host == "" ? var.db_instance_count : 0
   identifier           = "${local.instance_alias}-instance-${count.index}"
-  cluster_identifier   = "${aws_rds_cluster.apiary_cluster[0].id}"
-  instance_class       = "${var.db_instance_class}"
-  db_subnet_group_name = "${aws_db_subnet_group.apiarydbsg[0].name}"
+  cluster_identifier   = aws_rds_cluster.apiary_cluster[0].id
+  instance_class       = var.db_instance_class
+  db_subnet_group_name = aws_db_subnet_group.apiarydbsg[0].name
   publicly_accessible  = false
-  tags                 = "${var.apiary_tags}"
+  tags                 = var.apiary_tags
 
   lifecycle {
     create_before_destroy = true
diff --git a/ecs-service-discovery.tf b/ecs-service-discovery.tf
index 75b93ad..a00267e 100644
--- a/ecs-service-discovery.tf
+++ b/ecs-service-discovery.tf
@@ -5,17 +5,17 @@
  */
 
 resource "aws_service_discovery_private_dns_namespace" "apiary" {
-  count = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count = var.hms_instance_type == "ecs" ? 1 : 0
   name  = "${local.instance_alias}-${var.aws_region}.${var.ecs_domain_extension}"
-  vpc   = "${var.vpc_id}"
+  vpc   = var.vpc_id
 }
 
 resource "aws_service_discovery_service" "hms_readwrite" {
-  count = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count = var.hms_instance_type == "ecs" ? 1 : 0
   name  = "hms-readwrite"
 
   dns_config {
-    namespace_id = "${aws_service_discovery_private_dns_namespace.apiary[0].id}"
+    namespace_id = aws_service_discovery_private_dns_namespace.apiary[0].id
 
     dns_records {
       ttl  = 10
@@ -31,11 +31,11 @@ resource "aws_service_discovery_service" "hms_readwrite" {
 }
 
 resource "aws_service_discovery_service" "hms_readonly" {
-  count = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count = var.hms_instance_type == "ecs" ? 1 : 0
   name  = "hms-readonly"
 
   dns_config {
-    namespace_id = "${aws_service_discovery_private_dns_namespace.apiary[0].id}"
+    namespace_id = aws_service_discovery_private_dns_namespace.apiary[0].id
 
     dns_records {
       ttl  = 10
@@ -51,8 +51,8 @@ resource "aws_service_discovery_service" "hms_readonly" {
 }
 
 resource "aws_route53_zone_association" "secondary" {
-  count      = "${var.hms_instance_type == "ecs" ? length(var.secondary_vpcs) : 0}"
-  zone_id    = "${aws_service_discovery_private_dns_namespace.apiary[0].hosted_zone}"
-  vpc_id     = "${element(var.secondary_vpcs, count.index)}"
-  vpc_region = "${var.aws_region}"
+  count      = var.hms_instance_type == "ecs" ? length(var.secondary_vpcs) : 0
+  zone_id    = aws_service_discovery_private_dns_namespace.apiary[0].hosted_zone
+  vpc_id     = element(var.secondary_vpcs, count.index)
+  vpc_region = var.aws_region
 }
diff --git a/ecs.tf b/ecs.tf
index 4a22c7f..cac896a 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -5,54 +5,54 @@
  */
 
 resource "aws_ecs_cluster" "apiary" {
-  count = "${var.hms_instance_type == "ecs" ? 1 : 0}"
-  name  = "${local.instance_alias}"
-  tags  = "${var.apiary_tags}"
+  count = var.hms_instance_type == "ecs" ? 1 : 0
+  name  = local.instance_alias
+  tags  = var.apiary_tags
 }
 
 resource "aws_cloudwatch_log_group" "apiary_ecs" {
-  count = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count = var.hms_instance_type == "ecs" ? 1 : 0
   name  = "${local.instance_alias}-ecs"
-  tags  = "${var.apiary_tags}"
+  tags  = var.apiary_tags
 }
 
 resource "aws_ecs_task_definition" "apiary_hms_readwrite" {
-  count                    = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count                    = var.hms_instance_type == "ecs" ? 1 : 0
   family                   = "${local.instance_alias}-hms-readwrite"
-  task_role_arn            = "${aws_iam_role.apiary_hms_readwrite.arn}"
-  execution_role_arn       = "${aws_iam_role.apiary_task_exec[0].arn}"
+  task_role_arn            = aws_iam_role.apiary_hms_readwrite.arn
+  execution_role_arn       = aws_iam_role.apiary_task_exec[0].arn
   network_mode             = "awsvpc"
-  memory                   = "${var.hms_rw_heapsize}"
-  cpu                      = "${var.hms_rw_cpu}"
+  memory                   = var.hms_rw_heapsize
+  cpu                      = var.hms_rw_cpu
   requires_compatibilities = ["EC2", "FARGATE"]
-  container_definitions    = "${data.template_file.hms_readwrite.rendered}"
-  tags                     = "${var.apiary_tags}"
+  container_definitions    = data.template_file.hms_readwrite.rendered
+  tags                     = var.apiary_tags
 }
 
 resource "aws_ecs_task_definition" "apiary_hms_readonly" {
-  count                    = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count                    = var.hms_instance_type == "ecs" ? 1 : 0
   family                   = "${local.instance_alias}-hms-readonly"
-  task_role_arn            = "${aws_iam_role.apiary_hms_readonly.arn}"
-  execution_role_arn       = "${aws_iam_role.apiary_task_exec[0].arn}"
+  task_role_arn            = aws_iam_role.apiary_hms_readonly.arn
+  execution_role_arn       = aws_iam_role.apiary_task_exec[0].arn
   network_mode             = "awsvpc"
-  memory                   = "${var.hms_ro_heapsize}"
-  cpu                      = "${var.hms_ro_cpu}"
+  memory                   = var.hms_ro_heapsize
+  cpu                      = var.hms_ro_cpu
   requires_compatibilities = ["EC2", "FARGATE"]
-  container_definitions    = "${data.template_file.hms_readonly.rendered}"
-  tags                     = "${var.apiary_tags}"
+  container_definitions    = data.template_file.hms_readonly.rendered
+  tags                     = var.apiary_tags
 }
 
 resource "aws_ecs_service" "apiary_hms_readwrite_service" {
-  count           = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count           = var.hms_instance_type == "ecs" ? 1 : 0
   depends_on      = [aws_lb_target_group.apiary_hms_rw_tg]
   name            = "${local.instance_alias}-hms-readwrite-service"
   launch_type     = "FARGATE"
-  cluster         = "${aws_ecs_cluster.apiary[0].id}"
-  task_definition = "${aws_ecs_task_definition.apiary_hms_readwrite[0].arn}"
-  desired_count   = "${var.hms_rw_ecs_task_count}"
+  cluster         = aws_ecs_cluster.apiary[0].id
+  task_definition = aws_ecs_task_definition.apiary_hms_readwrite[0].arn
+  desired_count   = var.hms_rw_ecs_task_count
 
   load_balancer {
-    target_group_arn = "${aws_lb_target_group.apiary_hms_rw_tg[0].arn}"
+    target_group_arn = aws_lb_target_group.apiary_hms_rw_tg[0].arn
     container_name   = "apiary-hms-readwrite"
     container_port   = 9083
   }
@@ -63,21 +63,21 @@ resource "aws_ecs_service" "apiary_hms_readwrite_service" {
   }
 
   service_registries {
-    registry_arn = "${aws_service_discovery_service.hms_readwrite[0].arn}"
+    registry_arn = aws_service_discovery_service.hms_readwrite[0].arn
   }
 }
 
 resource "aws_ecs_service" "apiary_hms_readonly_service" {
-  count           = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count           = var.hms_instance_type == "ecs" ? 1 : 0
   depends_on      = [aws_lb_target_group.apiary_hms_ro_tg]
   name            = "${local.instance_alias}-hms-readonly-service"
   launch_type     = "FARGATE"
-  cluster         = "${aws_ecs_cluster.apiary[0].id}"
-  task_definition = "${aws_ecs_task_definition.apiary_hms_readonly[0].arn}"
-  desired_count   = "${var.hms_ro_ecs_task_count}"
+  cluster         = aws_ecs_cluster.apiary[0].id
+  task_definition = aws_ecs_task_definition.apiary_hms_readonly[0].arn
+  desired_count   = var.hms_ro_ecs_task_count
 
   load_balancer {
-    target_group_arn = "${aws_lb_target_group.apiary_hms_ro_tg[0].arn}"
+    target_group_arn = aws_lb_target_group.apiary_hms_ro_tg[0].arn
     container_name   = "apiary-hms-readonly"
     container_port   = 9083
   }
@@ -88,6 +88,6 @@ resource "aws_ecs_service" "apiary_hms_readonly_service" {
   }
 
   service_registries {
-    registry_arn = "${aws_service_discovery_service.hms_readonly[0].arn}"
+    registry_arn = aws_service_discovery_service.hms_readonly[0].arn
   }
 }
diff --git a/iam-cross-account-client-roles.tf b/iam-cross-account-client-roles.tf
index df88941..90db138 100644
--- a/iam-cross-account-client-roles.tf
+++ b/iam-cross-account-client-roles.tf
@@ -23,13 +23,13 @@ resource "aws_iam_role" "apiary_assume_role" {
   ]
 }
 EOF
-  tags               = "${var.apiary_tags}"
+  tags               = var.apiary_tags
 }
 
 resource "aws_iam_role_policy" "apiary_assume_role_s3" {
   count = length(var.apiary_assume_roles)
   name  = "s3_access"
-  role  = "${aws_iam_role.apiary_assume_role[count.index].id}"
+  role  = aws_iam_role.apiary_assume_role[count.index].id
 
   policy = <<EOF
 {
diff --git a/iam-policy-cloudwatch.tf b/iam-policy-cloudwatch.tf
index 94a20d7..7a6b1e6 100644
--- a/iam-policy-cloudwatch.tf
+++ b/iam-policy-cloudwatch.tf
@@ -6,7 +6,7 @@
 
 resource "aws_iam_role_policy" "cloudwatch_for_hms_readonly" {
   name = "cloudwatch"
-  role = "${aws_iam_role.apiary_hms_readonly.id}"
+  role = aws_iam_role.apiary_hms_readonly.id
 
   policy = <<EOF
 {
@@ -29,7 +29,7 @@ EOF
 
 resource "aws_iam_role_policy" "cloudwatch_for_hms_readwrite" {
   name = "cloudwatch"
-  role = "${aws_iam_role.apiary_hms_readwrite.id}"
+  role = aws_iam_role.apiary_hms_readwrite.id
 
   policy = <<EOF
 {
diff --git a/iam-policy-glue.tf b/iam-policy-glue.tf
index 548d0c1..c55a41d 100644
--- a/iam-policy-glue.tf
+++ b/iam-policy-glue.tf
@@ -7,7 +7,7 @@
 resource "aws_iam_role_policy" "glue_for_hms_readwrite" {
   count = var.enable_gluesync ? 1 : 0
   name  = "glue"
-  role  = "${aws_iam_role.apiary_hms_readwrite.id}"
+  role  = aws_iam_role.apiary_hms_readwrite.id
 
   policy = <<EOF
 {
diff --git a/iam-policy-rds.tf b/iam-policy-rds.tf
index 3b6afe0..1e8abca 100644
--- a/iam-policy-rds.tf
+++ b/iam-policy-rds.tf
@@ -5,9 +5,9 @@
  */
 
 resource "aws_iam_role_policy" "rds_for_hms_readonly" {
-  count = "${var.external_database_host == "" ? 1 : 0}"
+  count = var.external_database_host == "" ? 1 : 0
   name  = "rds"
-  role  = "${aws_iam_role.apiary_hms_readonly.id}"
+  role  = aws_iam_role.apiary_hms_readonly.id
 
   policy = <<EOF
 {
@@ -25,9 +25,9 @@ EOF
 }
 
 resource "aws_iam_role_policy" "rds_for_hms_readwrite" {
-  count = "${var.external_database_host == "" ? 1 : 0}"
+  count = var.external_database_host == "" ? 1 : 0
   name  = "rds"
-  role  = "${aws_iam_role.apiary_hms_readwrite.id}"
+  role  = aws_iam_role.apiary_hms_readwrite.id
 
   policy = <<EOF
 {
diff --git a/iam-policy-s3-buckets.tf b/iam-policy-s3-buckets.tf
index 4b18e35..4de06f0 100644
--- a/iam-policy-s3-buckets.tf
+++ b/iam-policy-s3-buckets.tf
@@ -5,9 +5,9 @@
  */
 
 resource "aws_iam_role_policy" "s3_data_for_hms_readwrite" {
-  count = "${length(var.apiary_managed_schemas) == 0 ? 0 : 1}"
+  count = length(var.apiary_managed_schemas) == 0 ? 0 : 1
   name  = "s3"
-  role  = "${aws_iam_role.apiary_hms_readwrite.id}"
+  role  = aws_iam_role.apiary_hms_readwrite.id
 
   policy = <<EOF
 {
@@ -40,9 +40,9 @@ EOF
 }
 
 resource "aws_iam_role_policy" "s3_data_for_hms_readonly" {
-  count = "${length(var.apiary_managed_schemas) == 0 ? 0 : 1}"
+  count = length(var.apiary_managed_schemas) == 0 ? 0 : 1
   name  = "s3"
-  role  = "${aws_iam_role.apiary_hms_readonly.id}"
+  role  = aws_iam_role.apiary_hms_readonly.id
 
   policy = <<EOF
 {
@@ -65,9 +65,9 @@ EOF
 }
 
 resource "aws_iam_role_policy" "external_s3_data_for_hms_readwrite" {
-  count = "${length(var.external_data_buckets) == 0 ? 0 : 1}"
+  count = length(var.external_data_buckets) == 0 ? 0 : 1
   name  = "external-s3"
-  role  = "${aws_iam_role.apiary_hms_readwrite.id}"
+  role  = aws_iam_role.apiary_hms_readwrite.id
 
   policy = <<EOF
 {
@@ -100,9 +100,9 @@ EOF
 }
 
 resource "aws_iam_role_policy" "external_s3_data_for_hms_readonly" {
-  count = "${length(var.external_data_buckets) == 0 ? 0 : 1}"
+  count = length(var.external_data_buckets) == 0 ? 0 : 1
   name  = "external-s3"
-  role  = "${aws_iam_role.apiary_hms_readonly.id}"
+  role  = aws_iam_role.apiary_hms_readonly.id
 
   policy = <<EOF
 {
diff --git a/iam-policy-secretsmanager.tf b/iam-policy-secretsmanager.tf
index e376ead..c4835ec 100644
--- a/iam-policy-secretsmanager.tf
+++ b/iam-policy-secretsmanager.tf
@@ -6,7 +6,7 @@
 
 resource "aws_iam_role_policy" "secretsmanager_for_hms_readonly" {
   name = "secretsmanager"
-  role = "${aws_iam_role.apiary_hms_readonly.id}"
+  role = aws_iam_role.apiary_hms_readonly.id
 
   policy = <<EOF
 {
@@ -22,7 +22,7 @@ EOF
 
 resource "aws_iam_role_policy" "secretsmanager_for_hms_readwrite" {
   name = "secretsmanager"
-  role = "${aws_iam_role.apiary_hms_readwrite.id}"
+  role = aws_iam_role.apiary_hms_readwrite.id
 
   policy = <<EOF
 {
@@ -37,9 +37,9 @@ EOF
 }
 
 resource "aws_iam_role_policy" "secretsmanager_for_ecs_task_exec" {
-  count = "${var.hms_instance_type == "ecs" && var.docker_registry_auth_secret_name != "" ? 1 : 0}"
+  count = var.hms_instance_type == "ecs" && var.docker_registry_auth_secret_name != "" ? 1 : 0
   name  = "secretsmanager-exec"
-  role  = "${aws_iam_role.apiary_task_exec[0].id}"
+  role  = aws_iam_role.apiary_task_exec[0].id
 
   policy = <<EOF
 {
diff --git a/iam-policy-sns.tf b/iam-policy-sns.tf
index 49749cc..710c279 100644
--- a/iam-policy-sns.tf
+++ b/iam-policy-sns.tf
@@ -7,7 +7,7 @@
 resource "aws_iam_role_policy" "sns_for_hms_readwrite" {
   count = var.enable_metadata_events ? 1 : 0
   name  = "sns"
-  role  = "${aws_iam_role.apiary_hms_readwrite.id}"
+  role  = aws_iam_role.apiary_hms_readwrite.id
 
   policy = <<EOF
 {
diff --git a/iam.tf b/iam.tf
index a2eadb0..e0ba4e3 100644
--- a/iam.tf
+++ b/iam.tf
@@ -5,7 +5,7 @@
  */
 
 resource "aws_iam_role" "apiary_task_exec" {
-  count = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count = var.hms_instance_type == "ecs" ? 1 : 0
   name  = "${local.instance_alias}-ecs-task-exec-${var.aws_region}"
 
   assume_role_policy = <<EOF
@@ -24,12 +24,12 @@ resource "aws_iam_role" "apiary_task_exec" {
 }
 EOF
 
-  tags = "${var.apiary_tags}"
+  tags = var.apiary_tags
 }
 
 resource "aws_iam_role_policy_attachment" "task_exec_managed" {
-  count      = "${var.hms_instance_type == "ecs" ? 1 : 0}"
-  role       = "${aws_iam_role.apiary_task_exec[0].id}"
+  count      = var.hms_instance_type == "ecs" ? 1 : 0
+  role       = aws_iam_role.apiary_task_exec[0].id
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
 }
 
@@ -60,7 +60,7 @@ resource "aws_iam_role" "apiary_hms_readonly" {
 }
 EOF
 
-  tags = "${var.apiary_tags}"
+  tags = var.apiary_tags
 
   lifecycle {
     create_before_destroy = true
@@ -94,7 +94,7 @@ resource "aws_iam_role" "apiary_hms_readwrite" {
 }
 EOF
 
-  tags = "${var.apiary_tags}"
+  tags = var.apiary_tags
 
   lifecycle {
     create_before_destroy = true
diff --git a/k8s-readonly.tf b/k8s-readonly.tf
index d10bffe..d5b6919 100644
--- a/k8s-readonly.tf
+++ b/k8s-readonly.tf
@@ -5,7 +5,7 @@
  */
 
 resource "kubernetes_deployment" "apiary_hms_readonly" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   metadata {
     name      = "${local.hms_alias}-readonly"
     namespace = "metastore"
@@ -139,27 +139,27 @@ resource "kubernetes_deployment" "apiary_hms_readonly" {
           }
           env {
             name  = "RANGER_POLICY_MANAGER_URL"
-            value = "${var.ranger_policy_manager_url}"
+            value = var.ranger_policy_manager_url
           }
           env {
             name  = "RANGER_AUDIT_SOLR_URL"
-            value = "${var.ranger_audit_solr_url}"
+            value = var.ranger_audit_solr_url
           }
           env {
             name  = "LDAP_URL"
-            value = "${var.ldap_url}"
+            value = var.ldap_url
           }
           env {
             name  = "LDAP_CA_CERT"
-            value = "${var.ldap_ca_cert}"
+            value = var.ldap_ca_cert
           }
           env {
             name  = "LDAP_BASE"
-            value = "${var.ldap_base}"
+            value = var.ldap_base
           }
           env {
             name  = "LDAP_SECRET_ARN"
-            value = "${var.ldap_url == "" ? "" : join("", data.aws_secretsmanager_secret.ldap_user.*.arn)}"
+            value = var.ldap_url == "" ? "" : join("", data.aws_secretsmanager_secret.ldap_user.*.arn)
           }
           env {
             name  = "HMS_MIN_THREADS"
@@ -188,7 +188,7 @@ resource "kubernetes_deployment" "apiary_hms_readonly" {
 }
 
 resource "kubernetes_service" "hms_readonly" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   metadata {
     name      = "${local.hms_alias}-readonly"
     namespace = "metastore"
@@ -211,6 +211,6 @@ resource "kubernetes_service" "hms_readonly" {
 }
 
 data "aws_lb" "k8s_hms_ro_lb" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   name  = split("-", split(".", kubernetes_service.hms_readonly.0.load_balancer_ingress.0.hostname).0).0
 }
diff --git a/k8s-readwrite.tf b/k8s-readwrite.tf
index 9e78659..e2d2364 100644
--- a/k8s-readwrite.tf
+++ b/k8s-readwrite.tf
@@ -5,7 +5,7 @@
  */
 
 resource "kubernetes_deployment" "apiary_hms_readwrite" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   metadata {
     name      = "${local.hms_alias}-readwrite"
     namespace = "metastore"
@@ -146,35 +146,35 @@ resource "kubernetes_deployment" "apiary_hms_readwrite" {
           }
           env {
             name  = "RANGER_POLICY_MANAGER_URL"
-            value = "${var.ranger_policy_manager_url}"
+            value = var.ranger_policy_manager_url
           }
           env {
             name  = "RANGER_AUDIT_SOLR_URL"
-            value = "${var.ranger_audit_solr_url}"
+            value = var.ranger_audit_solr_url
           }
           env {
             name  = "ATLAS_KAFKA_BOOTSTRAP_SERVERS"
-            value = "${var.atlas_kafka_bootstrap_servers}"
+            value = var.atlas_kafka_bootstrap_servers
           }
           env {
             name  = "ATLAS_CLUSTER_NAME"
-            value = "${local.final_atlas_cluster_name}"
+            value = local.final_atlas_cluster_name
           }
           env {
             name  = "LDAP_URL"
-            value = "${var.ldap_url}"
+            value = var.ldap_url
           }
           env {
             name  = "LDAP_CA_CERT"
-            value = "${var.ldap_ca_cert}"
+            value = var.ldap_ca_cert
           }
           env {
             name  = "LDAP_BASE"
-            value = "${var.ldap_base}"
+            value = var.ldap_base
           }
           env {
             name  = "LDAP_SECRET_ARN"
-            value = "${var.ldap_url == "" ? "" : join("", data.aws_secretsmanager_secret.ldap_user.*.arn)}"
+            value = var.ldap_url == "" ? "" : join("", data.aws_secretsmanager_secret.ldap_user.*.arn)
           }
           env {
             name  = "KAFKA_BOOTSTRAP_SERVERS"
@@ -224,7 +224,7 @@ resource "kubernetes_deployment" "apiary_hms_readwrite" {
 }
 
 resource "kubernetes_service" "hms_readwrite" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   metadata {
     name      = "${local.hms_alias}-readwrite"
     namespace = "metastore"
@@ -247,6 +247,6 @@ resource "kubernetes_service" "hms_readwrite" {
 }
 
 data "aws_lb" "k8s_hms_rw_lb" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   name  = split("-", split(".", kubernetes_service.hms_readwrite.0.load_balancer_ingress.0.hostname).0).0
 }
diff --git a/k8s-secrets.tf b/k8s-secrets.tf
index cbc74b0..b7d902a 100644
--- a/k8s-secrets.tf
+++ b/k8s-secrets.tf
@@ -1,5 +1,5 @@
 resource "kubernetes_secret" "hms_secrets" {
-  count = "${var.external_database_host == "" && var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.external_database_host == "" && var.hms_instance_type == "k8s" ? 1 : 0
   metadata {
     name      = "${local.hms_alias}-credentials"
     namespace = "metastore"
diff --git a/lb.tf b/lb.tf
index 3c380c3..491d0d5 100644
--- a/lb.tf
+++ b/lb.tf
@@ -5,77 +5,77 @@
  */
 
 resource "aws_lb" "apiary_hms_rw_lb" {
-  count              = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count              = var.hms_instance_type == "ecs" ? 1 : 0
   name               = "${local.instance_alias}-hms-rw-lb"
   load_balancer_type = "network"
   subnets            = var.private_subnets
   internal           = true
-  idle_timeout       = "${var.elb_timeout}"
-  tags               = "${var.apiary_tags}"
+  idle_timeout       = var.elb_timeout
+  tags               = var.apiary_tags
 }
 
 resource "aws_lb_target_group" "apiary_hms_rw_tg" {
-  count       = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count       = var.hms_instance_type == "ecs" ? 1 : 0
   name        = "${local.instance_alias}-hms-rw-tg"
   port        = 9083
   protocol    = "TCP"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
   target_type = "ip"
 
   health_check {
     protocol = "TCP"
   }
-  tags = "${var.apiary_tags}"
+  tags = var.apiary_tags
 
   depends_on = [aws_lb.apiary_hms_rw_lb]
 }
 
 resource "aws_lb_listener" "hms_rw_listener" {
-  count             = "${var.hms_instance_type == "ecs" ? 1 : 0}"
-  load_balancer_arn = "${aws_lb.apiary_hms_rw_lb[0].arn}"
+  count             = var.hms_instance_type == "ecs" ? 1 : 0
+  load_balancer_arn = aws_lb.apiary_hms_rw_lb[0].arn
   port              = "9083"
   protocol          = "TCP"
 
   default_action {
-    target_group_arn = "${aws_lb_target_group.apiary_hms_rw_tg[0].arn}"
+    target_group_arn = aws_lb_target_group.apiary_hms_rw_tg[0].arn
     type             = "forward"
   }
 }
 
 resource "aws_lb" "apiary_hms_ro_lb" {
-  count              = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count              = var.hms_instance_type == "ecs" ? 1 : 0
   name               = "${local.instance_alias}-hms-ro-lb"
   load_balancer_type = "network"
   subnets            = var.private_subnets
   internal           = true
-  idle_timeout       = "${var.elb_timeout}"
-  tags               = "${var.apiary_tags}"
+  idle_timeout       = var.elb_timeout
+  tags               = var.apiary_tags
 }
 
 resource "aws_lb_target_group" "apiary_hms_ro_tg" {
-  count       = "${var.hms_instance_type == "ecs" ? 1 : 0}"
+  count       = var.hms_instance_type == "ecs" ? 1 : 0
   depends_on  = [aws_lb.apiary_hms_ro_lb]
   name        = "${local.instance_alias}-hms-ro-tg"
   port        = 9083
   protocol    = "TCP"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
   target_type = "ip"
 
   health_check {
     protocol = "TCP"
   }
 
-  tags = "${var.apiary_tags}"
+  tags = var.apiary_tags
 }
 
 resource "aws_lb_listener" "hms_ro_listener" {
-  count             = "${var.hms_instance_type == "ecs" ? 1 : 0}"
-  load_balancer_arn = "${aws_lb.apiary_hms_ro_lb[0].arn}"
+  count             = var.hms_instance_type == "ecs" ? 1 : 0
+  load_balancer_arn = aws_lb.apiary_hms_ro_lb[0].arn
   port              = "9083"
   protocol          = "TCP"
 
   default_action {
-    target_group_arn = "${aws_lb_target_group.apiary_hms_ro_tg[0].arn}"
+    target_group_arn = aws_lb_target_group.apiary_hms_ro_tg[0].arn
     type             = "forward"
   }
 }
diff --git a/route53.tf b/route53.tf
index 4abcf70..4ca516c 100644
--- a/route53.tf
+++ b/route53.tf
@@ -6,54 +6,54 @@
 
 resource "aws_route53_record" "hms_readwrite_alias" {
   count   = local.enable_route53_records ? 1 : 0
-  zone_id = "${data.aws_route53_zone.apiary_zone[0].zone_id}"
+  zone_id = data.aws_route53_zone.apiary_zone[0].zone_id
   name    = "${local.instance_alias}-hms-readwrite"
   type    = "A"
 
   alias {
-    name                   = "${aws_lb.apiary_hms_rw_lb[0].dns_name}"
-    zone_id                = "${aws_lb.apiary_hms_rw_lb[0].zone_id}"
+    name                   = aws_lb.apiary_hms_rw_lb[0].dns_name
+    zone_id                = aws_lb.apiary_hms_rw_lb[0].zone_id
     evaluate_target_health = true
   }
 }
 
 resource "aws_route53_record" "hms_readonly_alias" {
   count   = local.enable_route53_records ? 1 : 0
-  zone_id = "${data.aws_route53_zone.apiary_zone[0].zone_id}"
+  zone_id = data.aws_route53_zone.apiary_zone[0].zone_id
   name    = "${local.instance_alias}-hms-readonly"
   type    = "A"
 
   alias {
-    name                   = "${aws_lb.apiary_hms_ro_lb[0].dns_name}"
-    zone_id                = "${aws_lb.apiary_hms_ro_lb[0].zone_id}"
+    name                   = aws_lb.apiary_hms_ro_lb[0].dns_name
+    zone_id                = aws_lb.apiary_hms_ro_lb[0].zone_id
     evaluate_target_health = true
   }
 }
 
 resource "aws_route53_zone" "apiary" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   name  = "${local.instance_alias}-${var.aws_region}.${var.ecs_domain_extension}"
 
   vpc {
-    vpc_id = "${var.vpc_id}"
+    vpc_id = var.vpc_id
   }
 }
 
 resource "aws_route53_record" "hms_readwrite" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   name  = "hms-readwrite"
 
-  zone_id = "${aws_route53_zone.apiary[0].id}"
+  zone_id = aws_route53_zone.apiary[0].id
   type    = "CNAME"
   ttl     = "300"
   records = kubernetes_service.hms_readwrite[0].load_balancer_ingress.*.hostname
 }
 
 resource "aws_route53_record" "hms_readonly" {
-  count = "${var.hms_instance_type == "k8s" ? 1 : 0}"
+  count = var.hms_instance_type == "k8s" ? 1 : 0
   name  = "hms-readonly"
 
-  zone_id = "${aws_route53_zone.apiary[0].id}"
+  zone_id = aws_route53_zone.apiary[0].id
   type    = "CNAME"
   ttl     = "300"
   records = kubernetes_service.hms_readonly[0].load_balancer_ingress.*.hostname
diff --git a/s3-other.tf b/s3-other.tf
index 71a62c9..b63deb6 100644
--- a/s3-other.tf
+++ b/s3-other.tf
@@ -8,7 +8,7 @@ resource "aws_s3_bucket" "apiary_inventory_bucket" {
   count  = var.s3_enable_inventory == true ? 1 : 0
   bucket = local.s3_inventory_bucket
   acl    = "private"
-  tags   = "${merge(map("Name", "${local.s3_inventory_bucket}"), "${var.apiary_tags}")}"
+  tags   = merge(map("Name", "${local.s3_inventory_bucket}"), "${var.apiary_tags}")
   policy = <<EOF
 {
   "Version":"2012-10-17",
diff --git a/s3.tf b/s3.tf
index 5413948..73adc4d 100644
--- a/s3.tf
+++ b/s3.tf
@@ -12,7 +12,7 @@ data "template_file" "bucket_policy" {
   for_each = {
     for schema in local.schemas_info : "${schema["schema_name"]}" => schema
   }
-  template = "${file("${path.module}/templates/apiary-bucket-policy.json")}"
+  template = file("${path.module}/templates/apiary-bucket-policy.json")
 
   vars = {
     #if apiary_shared_schemas is empty or contains current schema, allow customer accounts to access this bucket.
@@ -83,8 +83,8 @@ resource "aws_s3_bucket_inventory" "apiary_bucket" {
 
   destination {
     bucket {
-      format     = "${var.s3_inventory_format}"
-      bucket_arn = "${aws_s3_bucket.apiary_inventory_bucket[0].arn}"
+      format     = var.s3_inventory_format
+      bucket_arn = aws_s3_bucket.apiary_inventory_bucket[0].arn
       encryption {
         sse_s3 {}
       }
diff --git a/secretsmanager.tf b/secretsmanager.tf
index 5d28f69..ce56a5b 100644
--- a/secretsmanager.tf
+++ b/secretsmanager.tf
@@ -5,19 +5,19 @@
  */
 
 data "aws_secretsmanager_secret" "db_rw_user" {
-  name = "${var.db_rw_secret_name == "" ? format("%s-db-rw-user", local.instance_alias) : var.db_rw_secret_name}"
+  name = var.db_rw_secret_name == "" ? format("%s-db-rw-user", local.instance_alias) : var.db_rw_secret_name
 }
 
 data "aws_secretsmanager_secret" "db_ro_user" {
-  name = "${var.db_ro_secret_name == "" ? format("%s-db-ro-user", local.instance_alias) : var.db_ro_secret_name}"
+  name = var.db_ro_secret_name == "" ? format("%s-db-ro-user", local.instance_alias) : var.db_ro_secret_name
 }
 
 data "aws_secretsmanager_secret_version" "db_rw_user" {
-  secret_id = "${data.aws_secretsmanager_secret.db_rw_user.id}"
+  secret_id = data.aws_secretsmanager_secret.db_rw_user.id
 }
 
 data "aws_secretsmanager_secret_version" "db_ro_user" {
-  secret_id = "${data.aws_secretsmanager_secret.db_ro_user.id}"
+  secret_id = data.aws_secretsmanager_secret.db_ro_user.id
 }
 
 data "external" "db_rw_user" {
@@ -29,16 +29,16 @@ data "external" "db_ro_user" {
 }
 
 data "aws_secretsmanager_secret" "ldap_user" {
-  count = "${var.ldap_url == "" ? 0 : 1}"
-  name  = "${var.ldap_secret_name == "" ? format("%s-ldap-user", local.instance_alias) : var.ldap_secret_name}"
+  count = var.ldap_url == "" ? 0 : 1
+  name  = var.ldap_secret_name == "" ? format("%s-ldap-user", local.instance_alias) : var.ldap_secret_name
 }
 
 data "aws_secretsmanager_secret" "ranger_audit" {
-  count = "${var.ranger_audit_db_url == "" ? 0 : 1}"
-  name  = "${var.ranger_audit_secret_name == "" ? format("%s-ranger-audit", local.instance_alias) : var.ranger_audit_secret_name}"
+  count = var.ranger_audit_db_url == "" ? 0 : 1
+  name  = var.ranger_audit_secret_name == "" ? format("%s-ranger-audit", local.instance_alias) : var.ranger_audit_secret_name
 }
 
 data "aws_secretsmanager_secret" "docker_registry" {
-  count = "${var.docker_registry_auth_secret_name == "" ? 0 : 1}"
-  name  = "${var.docker_registry_auth_secret_name}"
+  count = var.docker_registry_auth_secret_name == "" ? 0 : 1
+  name  = var.docker_registry_auth_secret_name
 }
diff --git a/sg.tf b/sg.tf
index 422ce43..70dd9f8 100644
--- a/sg.tf
+++ b/sg.tf
@@ -6,21 +6,21 @@
 
 resource "aws_security_group" "hms_sg" {
   name   = "${local.instance_alias}-hms"
-  vpc_id = "${var.vpc_id}"
-  tags   = "${var.apiary_tags}"
+  vpc_id = var.vpc_id
+  tags   = var.apiary_tags
 
   ingress {
     from_port   = 22
     to_port     = 22
     protocol    = "tcp"
-    cidr_blocks = "${var.ingress_cidr}"
+    cidr_blocks = var.ingress_cidr
   }
 
   ingress {
     from_port   = 9083
     to_port     = 9083
     protocol    = "tcp"
-    cidr_blocks = "${var.ingress_cidr}"
+    cidr_blocks = var.ingress_cidr
   }
 
   ingress {
diff --git a/templates.tf b/templates.tf
index 483a5d2..f0945fa 100644
--- a/templates.tf
+++ b/templates.tf
@@ -5,7 +5,7 @@
  */
 
 data "template_file" "hms_readwrite" {
-  template = "${file("${path.module}/templates/apiary-hms-readwrite.json")}"
+  template = file("${path.module}/templates/apiary-hms-readwrite.json")
 
   vars = {
     mysql_db_host              = "${var.external_database_host == "" ? join("", aws_rds_cluster.apiary_cluster.*.endpoint) : var.external_database_host}"
@@ -63,7 +63,7 @@ data "template_file" "hms_readwrite" {
 }
 
 data "template_file" "hms_readonly" {
-  template = "${file("${path.module}/templates/apiary-hms-readonly.json")}"
+  template = file("${path.module}/templates/apiary-hms-readonly.json")
 
   vars = {
     mysql_db_host              = "${var.external_database_host == "" ? join("", aws_rds_cluster.apiary_cluster.*.reader_endpoint) : var.external_database_host}"
diff --git a/version.tf b/version.tf
index ffa34e3..8345a0e 100644
--- a/version.tf
+++ b/version.tf
@@ -5,5 +5,11 @@
  */
 
 terraform {
-  required_version = "~> 0.12.0"
+  required_version = "> 0.12.0"
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 1.0"
+    }
+  }
 }
diff --git a/vpc-endpoint-service.tf b/vpc-endpoint-service.tf
index 61b825f..5796d5a 100644
--- a/vpc-endpoint-service.tf
+++ b/vpc-endpoint-service.tf
@@ -9,13 +9,13 @@ resource "aws_vpc_endpoint_service" "hms_readonly" {
   network_load_balancer_arns = compact(concat(aws_lb.apiary_hms_ro_lb.*.arn, data.aws_lb.k8s_hms_ro_lb.*.arn))
   acceptance_required        = false
   allowed_principals         = formatlist("arn:aws:iam::%s:root", var.apiary_customer_accounts)
-  tags                       = "${merge(map("Name", "${local.instance_alias}-hms-readonly"), "${var.apiary_tags}")}"
+  tags                       = merge(map("Name", "${local.instance_alias}-hms-readonly"), "${var.apiary_tags}")
 }
 
 resource "aws_vpc_endpoint_connection_notification" "hms_readonly" {
   count                       = var.enable_vpc_endpoint_services ? 1 : 0
   vpc_endpoint_service_id     = join("", aws_vpc_endpoint_service.hms_readonly.*.id)
-  connection_notification_arn = "${aws_sns_topic.apiary_ops_sns.arn}"
+  connection_notification_arn = aws_sns_topic.apiary_ops_sns.arn
   connection_events           = ["Connect", "Accept", "Reject", "Delete"]
 }
 
@@ -24,12 +24,12 @@ resource "aws_vpc_endpoint_service" "hms_readwrite" {
   network_load_balancer_arns = compact(concat(aws_lb.apiary_hms_rw_lb.*.arn, data.aws_lb.k8s_hms_rw_lb.*.arn))
   acceptance_required        = false
   allowed_principals         = distinct(compact(concat(local.assume_allowed_principals, local.producer_allowed_principals)))
-  tags                       = "${merge(map("Name", "${local.instance_alias}-hms-readwrite"), "${var.apiary_tags}")}"
+  tags                       = merge(map("Name", "${local.instance_alias}-hms-readwrite"), "${var.apiary_tags}")
 }
 
 resource "aws_vpc_endpoint_connection_notification" "hms_readwrite" {
   count                       = var.enable_vpc_endpoint_services ? 1 : 0
   vpc_endpoint_service_id     = join("", aws_vpc_endpoint_service.hms_readwrite.*.id)
-  connection_notification_arn = "${aws_sns_topic.apiary_ops_sns.arn}"
+  connection_notification_arn = aws_sns_topic.apiary_ops_sns.arn
   connection_events           = ["Connect", "Accept", "Reject", "Delete"]
 }