Gruntwork release 2019-09
Guides / Update Guides / Releases / 2019-09
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2019-09. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 9/24/2019 | Release notes
Published: 9/25/2019 | Modules affected: cloudwatch-logs-metric-filters | Release notes
Published: 9/13/2019 | Modules affected: generate-aws-config | Release notes
This release ships the tool generate-aws-config
which can be used to generate a Terraform module that will provision and configure AWS Config on all enabled regions for the account.
Published: 9/16/2019 | Modules affected: rds | Release notes
- The
rds
module now supports storage auto scaling by allowing you to set a new optional input variable called max_allocated_storage
. To make this work, we have also changed the default storage type from standard
(i.e., magnetic) to gp2
(i.e., SSD). This is a backwards incompatible change; if you were using magnetic storage and wish to keep using it, you can override the default storage type by using the storage_type
input variable.
Published: 9/12/2019 | Modules affected: aurora | Release notes
- Add support for Aurora Global Clusters and include an example.
Published: 9/11/2019 | Modules affected: aurora | Release notes
- Added the
cluster_resource_id
output to the Aurora module.
- Fix for Broken Nightly Builds.
Published: 9/22/2019 | Modules affected: ecs-deploy | Release notes
- Fix a bug in the
run-ecs-task
script where it was not forcing the aws
CLI output to be JSON, so the script would fail if a user had overridden the default on their systems to have text output.
Published: 9/18/2019 | Modules affected: ecs-service-with-alb | Release notes
- Switch the
ecs-service-with-alb
module from using template_file
data sources to local
variables for intermediate variables. This fixes an issue where terraform plan
was incorrectly reporting ECS services being recreated.
Published: 9/9/2019 | Modules affected: ecs-fargate | Release notes
- The
ecs-fargate
module has been updated to only enable ecs deployment check when desired tasks > 0. This allows you to set desired_tasks
to 0 to scale down your service.
- The
ecs-fargate
module has been updated to add task definition ARN as an output, under the name aws_ecs_task_definition_arn
.
Published: 9/20/2019 | Modules affected: eks-cluster-control-plane | Release notes
- Fix a bug in the
upgrade_cluster
script used in the eks-cluster-control-plane
module where the script incorrectly redeployed the plugins when using a region other than us-west-2
, even though the versions were already up to date.
Published: 9/17/2019 | Modules affected: eks-cloudwatch-container-logs, eks-cluster-control-plane | Release notes
- Docs improvements.
- Improves module stability. Specifically, IAM resources now have a 30 second wait to avoid propagation errors.
Published: 9/17/2019 | Modules affected: eks-iam-role-assume-role-policy-for-service-account, eks-cluster-workers, eks-cluster-control-plane | Release notes
Published: 9/17/2019 | Modules affected: eks-cluster-control-plane | Release notes
- The cluster upgrade script that runs to update the Kubernetes plugins installed in the EKS cluster now only updates the components when the versions mismatch.
- The cluster upgrade script can now be turned off by setting the
use_upgrade_cluster_script
input variable to false
.
Published: 9/11/2019 | Modules affected: eks-cluster-control-plane | Release notes
eks-cluster-control-plane
module now supports upgrading Kubernetes components to the expected version for the Kubernetes version deployed on EKS. This is handled using a python script that is run everytime the kubernetes version is updated on the cluster. The deployed versions of each component follows what is described in the official upgrade guide
Additionally, this release includes a few code formatting and example updates that do not affect the underlying modules.
Published: 9/20/2019 | Modules affected: nlb | Release notes
-
nlb
[REMOVED]
-
The nlb
module has been deprecated and removed. When https://github.com/gruntwork-io/module-load-balancer/issues/61 was fixed, the nlb
module reduced to being a thin wrapper over the aws_lb
resource and thus it no longer made sense to maintain the module. Instead, users of the module should update to using the aws_lb
resource directly.
Refer to the provided migration guide for information on how to replace your usage of the nlb
module with the aws_lb
resource, including migrating the state to avoid downtime.
Published: 9/10/2019 | Modules affected: alb | Release notes
-
alb
-
Update how the alb
module calculates the ALB ARN to use locals
instead of a template_file
. The template_file
seemed to interfere with how Terraform calculated the plan
, so if were upgrading from Terraform 0.11, this lead to a plan
output that incorrectly reported that your listeners would be recreated (which could lead to downtime). With this new version, the listeners should be modified in place, without any downtime.
-
https://github.com/gruntwork-io/module-load-balancer/pull/64
Published: 9/25/2019 | Modules affected: cloudwatch-logs-metric-filters | Release notes
- The
cloudwatch-logs-metric-filters
module uses syntax that wasn't available prior to Terraform version 0.12.6
. This version is now required by the module.
Published: 9/24/2019 | Modules affected: logs/cloudwatch-logs-metric-filters, examples/cloudwatch-to-slack | Release notes
- This release adds the
cloudwatch-logs-metric-filters
module. The module accepts a map of filter objects and creates a metric filter with associated metric alarm. Use this module to monitor a CloudWatch Logs group for a particular pattern and be notified via SNS when the pattern is matched.
- The update also bumps the sns-to-slack example to use an ubuntu18 server
Published: 9/20/2019 | Modules affected: install-openvpn | Release notes
Published: 9/3/2019 | Modules affected: install-openvpn | Release notes
- Fix a bug where command-line arguments were not being passed to the
install-openvpn
script.
Published: 9/26/2019 | Modules affected: cloudtrail | Release notes
- We recently added CloudWatch Logs support to this module. A regression was introduced that causes a perpetual diff on the cloudtrail resource. This release fixes the perpetual diff.
Published: 9/19/2019 | Modules affected: iam-policies | Release notes
- Add state machine permissions to
read_only
policy in iam-policies
module.
Published: 9/13/2019 | Modules affected: aws-config, iam-groups | Release notes
- A new variable,
sns_topic_already_exists
, is now required for the aws-config
module. This addresses an issue with using sns_topic_arn
. If the SNS topic was created in Terraform and the ARN was passed in via interpolation, the module would crash because Terraform can't resolve the count at plan time. We work around this limitation by instead using a boolean value which can be hard coded to true
or false
and thus does not hit this limitation.
- Updated the IAM role in
aws-config
to account for a policy change made by AWS.
- Updated the
iam-admin
group test to use a unique name to avoid conflicts
Published: 9/10/2019 | Modules affected: iam-policies, iam-groups, custom-iam-group, cloudtrail | Release notes
- Added some new policies to the
iam-policies
module: an "IAM admin" policy that permits iam:*
(with MFA) but nothing else, and a new "require MFA" policy. It denies access to all actions except MFA self-management unless an MFA device is already enabled. You can attach this policy to users, groups, or roles alongside other policies that do not have an MFA condition of their own to ensure that an MFA device is be required for any of the combined actions to be allowed. For example, the AWS managed policies do not have an MFA condition, but if you attach this alongside them, MFA will be required.
- Updated
iam-groups
to optionally create an iam-admin
group that uses the policy mentioned above, and also optionally a support
group with access to interact with AWS support (and nothing else).
- Added new
custom-iam-group
module. This module can create a new IAM group and attach a set of policies by ARN or name. It can also ensure that the entire group requires MFA by attaching the "require MFA" policy mentioned above.
- Updated the
cloudtrail
module to optionally have separate names for the CloudWatch Logs Group and IAM role. Previously, the name of the role was based on the log group name.
Published: 9/17/2019 | Modules affected: s3-cloudfront | Release notes
- The
s3-cloudfront
module now supports specifying multiple origin groups, which allows you to specify one or more S3 buckets to use as failovers in case the primary one fails. You can specify the failover buckets using the new input variables failover_buckets
and failover_bucket_website_endpoints
.
Published: 9/16/2019 | Release notes
run-pex-as-resource
run-pex-as-data-source
The run-pex-as-resource
and run-pex-as-data-source
modules now exposes a variable (enabled
) that can be used to conditionally decide whether or not to execute the pex resource. This is helpful when you want to support disabling script execution in your modules.
Published: 9/10/2019 | Release notes
The run-pex-as-resource
module now exposes the null_resource
triggers and the execution environment variable settings so that you can override them.
Published: 9/11/2019 | Modules affected: vpc-mgmt | Release notes
- The
vpc-mgmt
module now adds a Name
tag to its NAT Gateway(s) and allows you to specify custom tags via the optional nat_gateway_custom_tags
input variable.