Gruntwork release 2017-08
Guides / Update Guides / Releases / 2017-08
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2017-08. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 8/20/2017 | Release notes
Published: 8/13/2017 | Release notes
Published: 8/15/2017 | Release notes
https://github.com/gruntwork-io/module-asg/pull/9: The server-group module now applies the tags you pass in via custom_tags to all resources that support tags: the security group, the ENIs, and the EBS volumes. Note that this is a backwards incompatible change, as the custom_tags parameter is now a plain map rather than a list of maps.
Published: 8/15/2017 | Release notes
Published: 8/28/2017 | Release notes
- BUG FIX: Release v0.2.9 had a bug where
var.snapshot_identifier did not work for Aurora instances that used encryption. That is now fixed.
Published: 8/26/2017 | Release notes
- UPDATE/#24: Previously, it was not possible to launch an Aurora cluster from a snapshot. The
aurora module now accepts a new var, snapshot_identifier, which is the Snapshot ID from which you'd like to launch a new Aurora cluster.
NOTE: This release a has a bug! Please use v0.2.10 instead.
Published: 8/10/2017 | Release notes
- NEW FEATURE/BREAKING CHANGE: The
ecs-service-with-alb module now supports host-based routing! In addition, we used this opportunity to simplify the interface to the module. The major change is that you now specify ALB Listener Rules using Terraform code in the same Terraform file that calls the ecs-service-with-alb module, giving users total flexibility on routing rules. (#37)
NOTE: This release also updates the ECS Cluster module so that it no longer adds a rule to the ALB Security Group to allow outbound traffic from the ALB to the ECS Cluster. That's because, as of v0.6.0 of the ALB Module, the ALB now enables all outbound traffic by default.
Therefore, be sure to also upgrade to v0.6.0 or higher of module alb when using this release!
Published: 8/9/2017 | Release notes
- UPDATE: The
alb module adds a new output value, listener_arns, that merges the maps in the output values http_listener_arns, https_listener_non_acm_cert_arns , and https_listener_acm_cert_arns (#17).
Published: 8/8/2017 | Release notes
- BREAKING CHANGE: The module
alb now opens all outbound ports by default. You can preserve the previous default behavior of opening no outbound ports by default by explicitly setting var.allow_all_outbound = false when calling this module. Although the previous default was slightly more secure, several users didn't realize the additional steps they needed to take to correctly use the ALB, so we feel this new default behavior is a better balance between security and convenience. (#16)
Additional Background
Previously, when you created an ALB, by default, its Security Group blocked all outbound traffic. When you added an ALB to an ECS Cluster, the ECS Cluster module updated the ALB's Security Group to allow outbound traffic only to the specific ECS Cluster being created.
But this proved to be confusing to people and didn't give us much security benefit anyway, so with this release, we change the default behavior of the ALB module to allow all outbound connections by default. At the same time, we updated the ECS Cluster module to no longer modify the ALB's Security Group to allow outbound connections from the ALB to the ECS Cluster since the ALB now allows all outbound traffic by default.
Therefore, if you use this release or higher with an ECS Cluster, be sure to use v0.6.0 or higher of that module as well!
Published: 8/10/2017 | Release notes
Published: 8/8/2017 | Release notes
- BREAKING CHANGE: Due to a recent Amazon API change, the
load-balancer-logs module no longer worked correctly. This release fixes that, however if you upgrade simply by bumping the version, Terraform will prompt you to destroy and re-create your existing S3 Bucket, which will destroy all existing logs! To avoid this, use terraform state mv <SOURCE> <DESTINATION> before running terraform apply with this module version.
For example:
terraform state mv module.alb_access_logs_bucket.aws_s3_bucket.access_logs_with_logs_archived module.alb_access_logs_bucket.aws_s3_bucket.access_logs_with_logs_archived_and_deleted
You can run terraform plan before the above to know the new destination to move the source to. Also, ensure that you don't change any variables that'll force a new ALB creation.
For assistance, please contact Gruntwork support. (#33)
Published: 8/31/2017 | Release notes
This release fixes an issue where previous versions of OpenVPN did not setup permissions correctly for the openvpn-server-Users IAM Group. Now, a user with zero privileges in an AWS account can get all the permissions they need to create an OpenVPN user profile solely by their IAM User account being a member of the openvpn-server-Users IAM Group. (#18)
Upgrade Instructions:
- Add the variables
aws_region and aws_account_id when calling the openvpn-server module in your Terraform code.
- Run
terragrunt apply to upgrade.
Published: 8/20/2017 | Release notes
https://github.com/gruntwork-io/package-openvpn/pull/17
Fix several issues:
- Fix the apt repo URL for installing OpenVPN. It's not clear what happened to the old URL, but when you ran
install-openvpn, you would get the error 404 Not Found [IP: 104.20.194.50 80].
- The
push route configuration in server.conf had a syntactic issue where the word route was outside of double quotes.
- Reduce logging verbosity for OpenVPN to production levels.
Published: 8/28/2017 | Release notes
- UPDATE: The
os-hardening module is now updated to support Terraform 0.10.x.
Published: 8/14/2017 | Release notes
Published: 8/13/2017 | Release notes
Published: 8/8/2017 | Release notes
https://github.com/gruntwork-io/module-server/pull/14:
- Added a new
attach-eni script which can be used to attach an ENI to an EC2 Instance.
- Updated the
mount-ebs-volume script so it can automatically find an attach an EBS Volume that has the same tag as the EC2 Instance. This is handy when you create EBS Volumes and Instances in matching "pairs."
Published: 8/20/2017 | Release notes
https://github.com/gruntwork-io/module-vpc/pull/27, https://github.com/gruntwork-io/module-vpc/pull/28.
THIS IS A BACKWARDS INCOMPATIBLE RELEASE. READ ON FOR INSTRUCTIONS.
This release fixes two bugs:
-
AWS now has 6 or more Availability Zones (AZs) in some regions (e.g., us-east-1) and the spacing between CIDR blocks that vpc-app and vpc-mgmt were using is no longer sufficient. To avoid these CIDR blocks from overlapping, we have increased the spacing from 5 to 10. If you are already using vpc-app or vpc-mgmt and want to preserve the CIDR blocks you were using before (highly recommended!), you must set the new input variable subnet_spacing to 5. Otherwise, Terraform will try to delete all your subnets and create new ones with the new CIDR blocks.
-
Release v0.2.1 of module-vpc made specifying the num_availability_zones parameter optional. Unfortunately, due to a bug, if you omitted this parameter, instead of creating subnets in every available AZ, the vpc-app and vpc-mgmt modules only created subnets in a single AZ. This has now been fixed.
Published: 8/20/2017 | Release notes
UPDATE: DO NOT USE THIS RELEASE. IT CONTAINS A BAD BUG. SEE #27 FOR DETAILS.
https://github.com/gruntwork-io/module-vpc/pull/26: Fix a bug where the num_availability_zones output variable would report the wrong value (-1) if you didn't set the optional num_availability_zones input variable.
Published: 8/8/2017 | Release notes
UPDATE: DO NOT USE THIS RELEASE. IT CONTAINS A BAD BUG. SEE #27 FOR DETAILS.
- UPDATE: The modules
vpc-app and vpc-mgmt now make var.num_availability_zones optional. If it's non-empty, the created VPC will only use the specified number of Availability Zones, not all Availability Zones. Otherwise, the VPC will be created to use all Availability Zones. As an example, us-east-1 now has 6 Availability Zones, but users may wish to utilize just 3 of them. This release if fully backwards-compatible. (#22)
Published: 8/1/2017 | Release notes
Published: 8/1/2017 | Release notes