Skip to main content

Step 1: Update references to the Gruntwork Infrastructure as Code Library

info

Please follow the steps listed to upgrade from version 1.2.0 to version 1.3.0 of the Benchmark. To see examples of what the relevant code changes look like, please refer to these pull requests in the Acme CIS Reference Architecture:

To update to the CIS AWS Foundations Benchmark v1.3.0, you need to update your references to the Gruntwork Infrastructure as Code Library to use compatible versions. We (Gruntwork) have reviewed and updated all the library modules for compatibility with the new version of the Benchmark. As a customer, you need to update to the proper versions of the Gruntwork IaC Library to pick up the fixes/changes made to be compatible. Refer to the "Updating to new versions" section of "Stay Up to Date" for instructions on how to update the versions in your code.

For the vast majority of the repos, the only change that will be necessary is a version number bump, but several repos require more extensive code changes and state migrations. To upgrade without downtime and data loss, you MUST follow the migration instructions in the release notes in each repo to know what changes need to be made to update to the new version.

caution

Gruntwork follows semantic versioning. For any pre-1.0 modules, this means that version updates to the minor version are considered backward incompatible releases for any version updates before the 1.0.0 release. Make sure to read the release notes for the relevant modules any time you are updating minor versions! Note that you will want to read the release notes for each minor version that is updated (e.g., if you are going from v0.5.x to v0.9.x, you will want to read the notes for v0.6.0, v0.7.0, v0.8.0, and v0.9.0 to get the full list of backward incompatible updates).

The following table provides a summary of all the relevant Gruntwork AWS modules and the respective versions that are compatible with CIS AWS v1.3.0:

Compatibility Table

Gruntwork Repo

Minimum version with CIS AWS v1.3.0 support

Corresponding CIS AWS v1.3.0 recommendations

terraform-aws-security

v0.44.6

1.20, 1.21, 2.1.1, 2.1.2, 3.10, 3.11

terraform-aws-monitoring

v0.24.0

1.20, 2.1.1, 2.1.2

terraform-aws-zookeeper

v0.8.0

1.20, 2.1.1, 2.1.2

terraform-aws-vpc

v0.13.0

1.20, 2.1.1, 2.1.2

terraform-aws-openvpn

v0.13.0

1.20, 2.1.1, 2.1.2

terraform-aws-cis-service-catalog

v0.11.1

3.10, 3.11, 4.15, 5.1

terraform-aws-service-catalog

v0.15.4

1.21