Skip to main content

Gruntwork release 2017-11

Guides / Update Guides / Releases / 2017-11

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2017-11. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:



Published: 11/28/2017 | Release notes Show better instructions after TLS certs have been requested.


Published: 11/28/2017 | Release notes You can now use gruntwork to request free TLS certs from ACM for your domain names.


Published: 11/27/2017 | Release notes The gruntwork CLI can now register domain names for use with the Reference Architecture.


Published: 11/24/2017 | Release notes When looking up accounts by name, gruntwork will now detect if multiple accounts have the same name and prompt the user to pick one.


Published: 11/22/2017 | Release notes Update the docs and CLI to indicate BitBucket and GitLab are not yet supported.


Published: 11/21/2017 | Release notes Switch to managed policies instead of custom ones.


Published: 11/21/2017 | Release notes Users can now choose to give Gruntwork employees either admin or read-only access. MFA is now required for Gruntwork employees. Fix a bug with revoking access.


Published: 11/17/2017 | Release notes



Published: 11/29/2017 | Release notes You can now specify custom tags for your Redis and cluster and security group.


Published: 11/29/2017 | Release notes Put in a workaround for a bug in Terraform ( related to parameter_group_name always showing a diff when you run plan and causing errors when you run apply.



Published: 11/30/2017 | Release notes


Published: 11/28/2017 | Release notes


Published: 11/7/2017 | Release notes The gruntwork-module-circleci-helpers now support using dep instead of Glide for Go dependency management. You can enable this by passing the --use-go-dep flag to configure-environment-for-gruntwork-module. These changes should be backwards compatible, but we now install Go 1.9.2 by default, so marking this release as v0.4.0 just in case.



Published: 11/29/2017 | Release notes


Published: 11/29/2017 | Release notes Put in a workaround for a bug in Terraform ( related to parameter_group_name always showing a diff when you run plan and causing errors when you run apply.


Published: 11/2/2017 | Release notes The aurora module now exposes engine and engine_version parameters so you have more control over what type of Aurora engine you're running (e.g., you can use the Postgres-compatible one).



Published: 11/20/2017 | Release notes We've converted the https_listener_ports_and_ssl_certs and https_listener_ports_and_acm_ssl_certs input variables on the alb module from maps to lists of maps. The problem with using maps is that in Go—which Terraform uses under the hood—the iteration order for maps is (intentionally) randomized, so with multiple ports and certs in these variables, you would get spurious diffs in the plan command as Terraform would swap their order and assume listeners had to created/destroyed. By using lists, we can make the sort order consistent.

Upgrade instructions for https_listener_ports_and_ssl_certs

Old https_listener_ports_and_ssl_certs format:

https_listener_ports_and_ssl_certs = {
"443" = "arn:aws:iam::123456789012:server-certificate/ProdServerCert"

New https_listener_ports_and_ssl_certs format:

https_listener_ports_and_ssl_certs = [
port = 443
tls_arn = "arn:aws:iam::123456789012:server-certificate/ProdServerCert"

Upgrade instructions for https_listener_ports_and_acm_ssl_certs

Old https_listener_ports_and_acm_ssl_certs format:

https_listener_ports_and_acm_ssl_certs = {
"443" = "*"

New https_listener_ports_and_acm_ssl_certs format:

https_listener_ports_and_acm_ssl_certs = [
port = 443
tls_domain_name = "*"



Published: 11/30/2017 | Release notes If you set the cluster_size param of the mongodb-cluster module to 0, it will now create no resources whatsoever. Since Terraform doesn't allow you to use count with module directly, this provides a convenient way to disable the mongodb-cluster module in certain environments (e.g., disable the backup jobs in pre-prod environments).


Published: 11/30/2017 | Release notes Undo pip workaround so that Packer builds pass again.



Published: 11/29/2017 | Release notes


Published: 11/8/2017 | Release notes

  • #60: The aws-auth tool will now work correctly, even if a local user has configured AWS CLI commands to output in tables instead of JSON.


Published: 11/7/2017 | Release notes ssh-iam will now do a better job of reporting error messages if it reads an OS user that is missing the "comment field", which ssh-iam uses for storing the IAM user name.


Published: 11/6/2017 | Release notes

  1. You can now disable the full-access IAM group in the iam-groups module using the should_create_iam_group_full_access parameter.

  2. The iam-groups module now outputs the ARNs and names of the ssh-iam groups.



Published: 11/3/2017 | Release notes Add output for private persistence subnet with proper naming convention.


Published: 11/2/2017 | Release notes Added VPC endpoints for DynamoDB, so all your DynamoDB calls now stay within the VPC rather than going over the public Internet.