Step 1: Update references to the Gruntwork Infrastructure as Code Library

info

Please follow the steps listed to upgrade from version 1.2.0 to version 1.3.0 of the Benchmark. To see examples of what the relevant code changes look like, please refer to these pull requests in the Acme CIS Reference Architecture:

• cis-infrastructure-modules-acme
• cis-infrastructure-live-acme

To update to the CIS AWS Foundations Benchmark v1.3.0, you need to update your references to the Gruntwork Infrastructure as Code Library to use compatible versions. We (Gruntwork) have reviewed and updated all the library modules for compatibility with the new version of the Benchmark. As a customer, you need to update to the proper versions of the Gruntwork library to pick up the fixes/changes made to be compatible. Refer to the "Updating to new versions" section of "Stay Up to Date" for instructions on how to update the versions in your code.

For the vast majority of the repos, the only change that will be necessary is a version number bump, but several repos require more extensive code changes and state migrations. To upgrade without downtime and data loss, you MUST follow the migration instructions in the release notes in each repo to know what changes need to be made to update to the new version.

caution

Gruntwork follows semantic versioning. For any pre-1.0 modules, this means that version updates to the minor version are considered backward incompatible releases for any version updates before the 1.0.0 release. Make sure to read the release notes for the relevant modules any time you are updating minor versions! Note that you will want to read the release notes for each minor version that is updated (e.g., if you are going from v0.5.x to v0.9.x, you will want to read the notes for v0.6.0, v0.7.0, v0.8.0, and v0.9.0 to get the full list of backward incompatible updates).

The following table provides a summary of all the relevant Gruntwork AWS modules and the respective versions that are compatible with CIS AWS v1.3.0:

Gruntwork Repo	Minimum version with CIS AWS v1.3.0 support	Corresponding CIS AWS v1.3.0 recommendations
terraform-aws-security	v0.44.6	1.20, 1.21, 2.1.1, 2.1.2, 3.10, 3.11
terraform-aws-monitoring	v0.24.0	1.20, 2.1.1, 2.1.2
terraform-aws-zookeeper	v0.8.0	1.20, 2.1.1, 2.1.2
terraform-aws-vpc	v0.13.0	1.20, 2.1.1, 2.1.2
terraform-aws-openvpn	v0.13.0	1.20, 2.1.1, 2.1.2
terraform-aws-cis-service-catalog	v0.11.1	3.10, 3.11, 4.15, 5.1
terraform-aws-service-catalog	v0.15.4	1.21