Gruntwork release 2019-10
Guides / Update Guides / Releases / 2019-10
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2019-10. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 10/31/2019 | Modules affected: redis | Release notes
- Allow custom names for subnet and security group
Published: 10/29/2019 | Modules affected: redis, memcached | Release notes
- The
memcached version now sets the default version to 1.5.16. We were using 1.4.24 before, but that's no longer supported. If you wish to use a different version, use the memcached_version input variable. - The
redis module now sets the default version to 5.0.5. We were using 2.8.24 before, but that's now quite out of date. If you wish to use a different version, use the redis_version input variable.
Published: 10/17/2019 | Modules affected: gruntwork-module-circleci-helpers, circleci-helpers | Release notes
The go environment setup scripts have been updated with go modules support. As a part of this, glide is no longer supported. Note that you will need to update the flags to continue use with dep. Refer to the migration guide below for more details.
Published: 10/17/2019 | Modules affected: aurora | Release notes
Fix bug where apply_immediately was ignored for cluster instances in the aurora module.
Published: 10/10/2019 | Modules affected: rds | Release notes
- The
rds module now allows you to export various logs to CloudWatch depending on the database engine.
Published: 10/31/2019 | Modules affected: ecs-cluster, ecs-service, ecs-service-with-discovery, ecs-service-with-alb | Release notes
This release consolidates ecs-service-with-alb, ecs-service-with-discovery, ecs-service, and ecs-fargate into one module. As a part of this, features that were only available in one of the flavors are now available in all flavors. Users of the old modules will see the following feature enhancements:
- You can now set up an App AutoScaling Target in all flavors, which will allow you to configure AutoScaling Policies on the ECS Service. Previously this was not available in
ecs-service. - You can now fully setup the
awsvpc network mode in all flavors. Specifically, the subnets and security groups of the ECS task are now configurable. Previously this was only available on ecs-fargate and ecs-service-with-discovery. - You can now setup a canary deployment in all flavors. Previously this was only available on
ecs-service and ecs-service-with-alb. - You can now attach volumes on your ECS tasks in all flavors. Previously this was not available in
ecs-service-with-discovery.
Published: 10/26/2019 | Modules affected: ecs-fargate | Release notes
ecs-fargate now supports ECS Service Discovery.
Published: 10/2/2019 | Modules affected: ecs-service-with-alb | Release notes
Add support for slow start to ecs-service-with-alb. You can set a delay in seconds (using input variable alb_slow_start) that controls how long the load balancer should wait before starting to send requests to the targets.
Published: 10/1/2019 | Modules affected: ecs-cluster | Release notes
EC2 based ECS clusters will now use gp2 as the root volume. If you would like the old behavior (e.g to avoid a redeploy), you can set cluster_instance_root_volume_type to standard.
Published: 10/31/2019 | Modules affected: eks-cluster-workers | Release notes
You can now set enable detailed metrics gathering for the ASGs using the new var.enabled_metrics variable on the eks-cluster-workers module.
Published: 10/24/2019 | Modules affected: eks-k8s-cluster-autoscaler, eks-k8s-cluster-autoscaler-iam-policy, eks-cluster-workers | Release notes
This release introduces support for Kubernetes cluster-autoscaler, a Kubernetes application that manages autoscaling for your EKS cluster workers. This can be used to automatically scale up or down your worker pools based on demand from Pods.
Check out the updated README for instructions on how to setup the cluster autoscaler for your worker pools.
Published: 10/18/2019 | Modules affected: eks-k8s-role-mapping, eks-cluster-control-plane | Release notes
References to package-terraform-utilities have been switched to using HTTPS based URLs for the source property from SSH based.
Published: 10/17/2019 | Modules affected: eks-k8s-external-dns | Release notes
- You can now enable istio gateway support on the
external-dns app deployed with the eks-k8s-external-dns module.
Published: 10/17/2019 | Modules affected: eks-cluster-control-plane, eks-alb-ingress-controller | Release notes
- Fix a bug with the
eks-alb-ingress-controller module where you could end up with a perpetual diff in the plan. - Fix a regression bug with
eks-cluster-control-plane where it returned the information on the EKS cluster before the API came up (as checked by null_resource.wait_for_api). This could lead to issues in your terraform code if you were chaining an API request immediately following the creation of the EKS cluster.
Published: 10/16/2019 | Modules affected: eks-cluster-workers | Release notes
- Add ability to include suffix in the resource name
Published: 10/11/2019 | Modules affected: eks-cloudwatch-container-logs | Release notes
This fixes a bug with eks-cloudwatch-container-logs, where fluentd was redeployed on every apply.
Published: 10/9/2019 | Modules affected: eks-cluster-control-plane | Release notes
This release exposes the ability to tag the EKS cluster using the custom_tags_eks_cluster input variable on eks-cluster-control-plane. Note that you will need to be using AWS provider version >=2.31.0.
Published: 10/9/2019 | Modules affected: eks-vpc-tags, eks-cluster-workers | Release notes
Add support for multiple ASGs in eks-cluster-workers so that you can manage one ASG per AZ. This is necessary for the cluster-autoscaler to work.
Published: 10/29/2019 | Modules affected: alarms/asg-disk-alarms | Release notes
- The
asg-disk-alarms module now allows you to configure how to handle the INSUFFICIENT_DATA state via the treat_missing_data input variable.
Published: 10/26/2019 | Modules affected: alarms/elasticsearch-alarms | Release notes
This release updates the elasticsearch-alarms module to include all AWS recommended alarms, as documented at https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/cloudwatch-alarms.html
The additional alarms are monitoring these metrics:
- ClusterIndexWritesBlocked
- Nodes
- MasterCPUUtilization + MasterJVMMemoryPressure (only relevant for clusters using master nodes)
- KMSKeyError + KMSKeyInaccessible (only relevant if using data encryption)
The alarms are defaulted to use the values that AWS recommend.
Published: 10/17/2019 | Modules affected: load-balancer-access-logs | Release notes
- allow bucket policy override in module load-balancer-access-logs
Published: 10/18/2019 | Modules affected: openvpn-server | Release notes
The EIP resource in openvpn-server is now optional. You can set the enable_eip flag to false to prevent the module from provisioning an EIP.
Published: 10/24/2019 | Modules affected: custom-iam-entity, cloudtrail | Release notes
- This release fixes an issue that was introduced in Terraform version 0.12.11 in which indexed references to null resources cause an error. The issue is described in detail in hashicorp/terraform#23140. The change is backwards compatible with earlier revisions of TF 0.12.
Published: 10/23/2019 | Modules affected: ssh-grunt | Release notes
- This release bumps the version of Go used with ssh-grunt from 1.11 to 1.13.3 to address an issue with long delays under certain (mysterious) conditions. This build was tested successfully as
v0.20.1-alpha.1.
Published: 10/14/2019 | Modules affected: custom-iam-group, custom-iam-entity, saml-iam-roles, cross-account-iam-roles | Release notes
- The recently-created
custom-iam-group module has been renamed to custom-iam-entity. The new module has support for creating roles in addition to groups. - The
saml-iam-roles and cross-account-iam-roles modules now support tags. Use a map of tags to create tagged roles. For example:
tags = {
Department = "IT"
Environment = "Production"
}
Published: 10/2/2019 | Modules affected: saml-iam-roles, cross-account-iam-roles | Release notes
- In
v0.18.6, we introduced the iam-admin policy for IAM groups. The policy allows administration of IAM without full administrator privileges. This update extends the iam-admin to work with SAML and cross-account roles for users that do not use IAM groups.
Published: 10/23/2019 | Modules affected: attach-eni | Release notes
Fix regression bug introduced in v0.7.4 with attach-eni, where some error messages were being swallowed in the script.
Published: 10/18/2019 | Modules affected: attach-eni | Release notes
The attach-eni script now supports Amazon Linux 2. This release also fixes a bug that prevented the script from working with CentOS 7.
Published: 10/1/2019 | Modules affected: s3-static-website | Release notes
- Allow use of cloudfront s3 user for s3 origin access via
cloudfront_origin_access_identity_s3_canonical_user_id variable.
Published: 10/14/2019 | Modules affected: vpc-mgmt-network-acls | Release notes
NACLs setup using vpc-mgmt-network-acls for the mgmt VPC will now allow outbound UDP 53 from the private subnets.
Published: 10/3/2019 | Modules affected: vpc-peering | Release notes
- The
vpc-peering module now exposes an auto_accept variable that allows you to specify if it auto-accepts peering connections or not.
Published: 10/23/2019 | Modules affected: k8s-tiller | Release notes
Fix regression bug from v0.6.0, where kubergrunt expects base64 encoded data, but we decode the data before passing it through.
Published: 10/22/2019 | Modules affected: k8s-tiller | Release notes
The local-exec calls for k8s-tiller have been updated to be compatible with Windows. Note that this requires Powershell.
Published: 10/21/2019 | Modules affected: k8s-service-account, k8s-namespace, k8s-namespace-roles | Release notes
Fixes a regression bug introduced in k8s-namespace and k8s-namespace-roles with the behavior of create_resources. Starting with terraform v0.12.11, referencing resource index 0 of those that were not created with count = 0 is an error where as before it was null. This means that we need to add a conditional for referencing those resources to only index into it when count > 0.
This release also adds the create_resources parameter to k8s-service-account.
Published: 10/9/2019 | Modules affected: k8s-tiller | Release notes
Listening on localhost is now optional. To disable localhost listening, set the tiller_listen_localhost input variable to false.