Gruntwork release 2016-09
Guides / Update Guides / Releases / 2016-09
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2016-09. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 9/20/2016 | Release notes
BACKWARDS INCOMPATIBLE CHANGES
- Boilerplate now supports types for variables. Each variable in the
boilerplate.yml
file can define a type
field set to string, int, float, bool, list, map, or enum (enum variables can also include a list of options
). This allows for some basic error checking of the variable values and, even more importantly, allows you to use the corresponding Go template syntax for those types. For example, if-statements work as you would expect with booleans (no more having to check if eq .Foo "true"
), you can loop over lists and maps using the range
keyword, and you can do basic arithmetic on ints and floats.
- The
prompt
field in boilerplate.yml
has been renamed to description
.
Published: 9/16/2016 | Release notes
boilerplate
now has a --missing-config-action
flag that controls its behavior when run against a template folder that doesn't have a boilerplate.yml
file. The default behavior is now to exit with an error.
Published: 9/16/2016 | Release notes
- You can now use Go template syntax and boilerplate values in the names of files and folders.
Published: 9/16/2016 | Release notes
- Boilerplate now has a nicer, clearer UI when it prompts for variable values.
Published: 9/16/2016 | Release notes
- Templates can now use several arithmetic helpers:
plus
, minus
, times
, divide
, and mod
.
- There is also a new
slice START END INCREMENT
helper that returns an array from START
to END
, incrementing by INCREMENT
. This is useful if you need to do a quick loop over a fixed set of numbers in your templates.
Published: 9/2/2016 | Release notes
- Add support for specifying a list of dependencies in
boilerplate.yml
. Each dependency is another boilerplate
template, which allows you to chain templates together so that you can create more complicated templates out of simpler pieces.
Published: 9/1/2016 | Release notes
BREAKING CHANGE: We have updated this module to support Terraform 0.7 features.
- In both
modules/asg-rolling-deploy-dynamic
and modules/asg-rolling-deploy-static
, the input variables vpc_subnet_ids
, load_balancers
, and availability_zones
are now lists.
Published: 9/12/2016 | Release notes
- BREAKING CHANGE: We switched the redis module's implementation from CloudFormation over to Terraform now that Terraform supports Redis replication groups. Note that if you update to this new version of the redis module, it will delete you original ElastiCache cluster and replace it with a new one. Therefore, it's essential that you have all your data backed up and can take a downtime before you do the upgrade.
- Fix bugs in the outputs of both the memcached and redis module. It turns out that the Terraform (and in many cases, CloudFormation) outputs are either missing or broken (see https://github.com/hashicorp/terraform/issues/8794 and https://github.com/hashicorp/terraform/issues/8788). We've added hacky workarounds that should do the trick for now, but we will be watching the progress of those bugs closely in the hope of getting a more reliable solution.
Published: 9/9/2016 | Release notes
- Snapshots can now properly be disabled for the redis module by setting the
snapshot_retention_limit
parameter to 0.
- In the redis module, the
parameter_group_name
variable is now optional.
Published: 9/9/2016 | Release notes
- The redis module now properly handles boolean values for the input variable
enable_automatic_failover
.
Published: 9/9/2016 | Release notes
- The redis module would error out if the input variable
name
contained a hyphen or dash. This should now be fixed. Note, however, that Terraform 0.7.x had some bugs with CloudFormation (which we use under the hood to create the redis replication group) that have been fixed as of Terraform 0.7.3, so you must use Terraform 0.7.3 to use the redis module!
Published: 9/1/2016 | Release notes
BREAKING CHANGE: We have updated this module to support Terraform 0.7 features.
Changes in modules/redis
:
- The input variables
subnet_ids
and allow_connections_from_cidr_blocks
are now lists.
- The output variable
read_endpoints
is now a list.
Changes in modules/memcached
:
- The input variables
subnet_ids
and allow_connections_from_cidr_blocks
are now lists.
- The output variable
cache_addresses
is now a list.
Published: 9/14/2016 | Release notes
- The
build-packer-artifact
script no longer checks for AWS environment variables. This check was unnecessary, since Packer does it itself. Moreover, the script is often used on an EC2 Instance where credentials are available via an IAM role rather than environment variables.
Published: 9/10/2016 | Release notes
- Added a new
scheduled-lambda-job
module that can be used to run AWS Lambda on a periodic basis. This is useful for background jobs, such as taking snapshots of servers.
- BUGFIX: The
configure-environment-for-gruntwork-module
now properly overwrites previous installs of Terraform, Packer, and Glide and doesn't get stuck asking for a user prompt.
Published: 9/2/2016 | Release notes
git-add-commit-push
now uses git status --porcelain
to determine if there are changes to commit.
Published: 9/2/2016 | Release notes
- Fix a bug in the
git-add-commit-push
where it would incorrectly identify unstaged changes.
Published: 9/1/2016 | Release notes
- Fix a bug in
docs-generator
where it did not copy binary files, such as images, correctly
Published: 9/1/2016 | Release notes
BREAKING CHANGE: We have updated this module to support Terraform 0.7 features.
modules/aurora
changes:
- No longer takes an
availability_zones
input variable.
- Input variables
subnet_ids
and allow_connections_from_cidr_blocks
are now both lists.
- Output variables
instance_endpoints
and instance_ids
are now both lists.
modules/rds
changes:
- Input variables
subnet_ids
and allow_connections_from_cidr_blocks
are now both lists.
- Output variables
read_replica_endpoints
and read_replica_ids
are now both lists.
Published: 9/1/2016 | Release notes
BREAKING CHANGE: We have updated this module to support Terraform 0.7 features.
In modules/ecs-cluster
:
- Input variable
vpc_subnet_ids
is now a list.
Published: 9/14/2016 | Release notes
- In the elasticsearch-alarms module, we've increased the default
low_cpu_credit_balance_period
value to 15 minutes. That metric is reported only roughly once every 5 minutes, and with the original setting, if the metric took too long, the alarm would keep flipping between OK and INSUFFICIENT_DATA. This new value should fix that issue.
Published: 9/13/2016 | Release notes
Two changes to the elasticsearch-alarms module:
- The
account_id
param has been renamed to aws_account_id
- The default threshold for the low disk space alarm is now 1024 instead of 100
Published: 9/13/2016 | Release notes
- Add a new elasticsearch-alarms module that trigger alarms for an Elasticsearch cluster when CPU usage or heap usage gets too high, storage space gets too low, or the cluster goes into yellow or red status
Published: 9/12/2016 | Release notes
- Added two new modules that provide CloudWatch alarms for ElastiCache: elasticache-redis-alarms and elasticache-memcached-alarms
Published: 9/11/2016 | Release notes
- The rds-alarms module now accepts an
is_aurora
parameter. Set it to true if you're using the module with Aurora so that the module doesn't create unnecessary disk space alarms (since Aurora automatically expands available disk space)
Published: 9/11/2016 | Release notes
- BREAKING CHANGE: The input variables for the
rds-alarms
module have changed from a single rds_instance_id
to a list called rds_instance_ids
, plus a second variable called num_rds_instance_ids
that specifies the length of rds_instance_ids
. This allows you to add alarms to an RDS instance and all of its replicas.
Published: 9/10/2016 | Release notes
- Fix a bug in the ec2-disk-alarms module where it wouldn't allow you to create multiple alarms for the same EC2 Instance. The module now gives a unique name to each alarm so that you can have an alarm for multiple volumes on the same instance.
Published: 9/10/2016 | Release notes
- The
run-cloudwatch-logs-agent.sh
script now supports a new parameter called --extra-log-file
, which allows you to specify custom log files to send to CloudWatch (in addition to syslog, which is sent by default). For example, you can easily add the nginx error log by specifying --extra-log-file kern=/var/log/kern.log
.
Published: 9/3/2016 | Release notes
- Add CloudWatch Logs support for CentOS 7
Published: 9/2/2016 | Release notes
- Fix how the ELB access logs module sets the S3 bucket policy so that you don't get a diff every time you run
terraform plan
Published: 9/1/2016 | Release notes
BREAKING CHANGE: We have updated this module to support Terraform 0.7 features.
- All input variables named
alarm_sns_topic_arns
and instance_ids
are now lists.
Published: 10/1/2016 | Release notes
- NEW MODULE: In this release, we introduce the
cloudtrail
module, a streamlined way to setup AWS CloudTrail!
Published: 9/29/2016 | Release notes
- BREAKING CHANGE: We updated the
kms-master-key
module with a few changes:
- Previously, terraform would unnecessarily update the Key Policy on every
terraform apply
. This didn't break anything, but it confusingly reported 1 resource as being modified when in fact nothing was changed. This has now been fixed using the new data.aws_iam_policy_document.
- The var
key_root_user_iam_arns
has been replaced with var.allow_manage_key_permissions_with_iam
(accepts true/false) to better reflect the significance of setting this value. Note that the var aws_account_id
is also now required.
- The vars
key_administrator_iam_arns
and key_user_iam_arns
have been renamed to cmk_administrator_iam_arns
and cmk_user_iam_arns
to more accurately reflect that these vars grant access to a Customer Master Key (CMK).
- There is a new required input variable called
aws_account_id
.
Published: 9/27/2016 | Release notes
- We've added a new module,
iam-groups
that configures a best-practices set of IAM Groups and corresponding IAM Policies (permissions) you can use to better manage the security of your AWS account.
Published: 9/12/2016 | Release notes
- On boot,
ssh-iam
now waits 90 seconds before executing to try to give other services (e.g. the EC2 metadata service) a chance to start. This should hopefully ensure that ssh-iam
doesn't hit any errors when it configures SSH access on boot and you don't have to wait for the next cron job to run (by default, they run every 30m) before SSH access works.
Published: 9/2/2016 | Release notes
BREAKING CHANGE: We have updated this module to support Terraform 0.7 features.
- In
modules/kms-master-key
, the input variables key_administrator_iam_arns
, key_user_iam_arns
, and key_root_user_iam_arns
are now all lists.
Published: 9/1/2016 | Release notes
Published: 9/10/2016 | Release notes
- The single-server module now allows you to enable/disable CIDR-based SSH access by setting the input variable
allow_ssh_from_cidr
to true
or false
(for backwards compatibility, the default value is true
).
- The single-server module now allows you to enable/disable security group-based SSH access by setting the input variable
allow_ssh_from_security_group
to true
or false
(for backwards compatibility, the default value is false
) and setting allow_ssh_from_security_group_id
to the ID of the security group.
Published: 9/2/2016 | Release notes
BREAKING CHANGE: We have updated this module to support Terraform 0.7 features.
- In
modules/single-server
, the input variable allow_ssh_from_cidr_list
is now a list.
Published: 9/29/2016 | Release notes
- The vpc-app and vpc-mgmt modules now allow you to pass in the IDs of virtual gateways to propagate into route tables. This is useful for propagating VPN routes. Use
private_propagating_vgws
and persistence_propagating_vgws
in vpc-app and private_propagating_vgws
in vpc-mgmt.