Gruntwork release 2019-11
Guides / Update Guides / Releases / 2019-11
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2019-11. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 11/27/2019 | Modules affected: redis | Release notes
This release is backwards incompatible and to update an existing Redis cluster, use terraform state mv <old_address> <new_address> to ensure that your cluster isn't deleted when you run terraform apply.
Depending on your configuration, your current resource name is one of
redis_with_snapshotting_without_auth_token_without_cluster_moderedis_with_snapshotting_without_auth_token_with_cluster_moderedis_with_snapshotting_with_auth_token_without_cluster_moderedis_with_snapshotting_with_auth_token_with_cluster_moderedis_without_snapshotting_without_auth_token_without_cluster_moderedis_without_snapshotting_without_auth_token_with_cluster_moderedis_without_snapshotting_with_auth_token_without_cluster_moderedis_without_snapshotting_with_auth_token_with_cluster_mode
To find out which one it is, run terraform state list.
For example, if your current resource name is module.redis.aws_elasticache_replication_group.redis_without_snapshotting_without_auth_token_with_cluster_mode[0], you can migrate the resource by running:
terraform state mv "module.redis.aws_elasticache_replication_group.redis_without_snapshotting_without_auth_token_with_cluster_mode[0]" module.redis.aws_elasticache_replication_group.redis
Note that you will have to use the quotes around the indexed resource to avoid terraform error no matches found: module.redis....
- Thanks to @brianbordini for the PR!
Published: 11/7/2019 | Modules affected: redis, memcached | Release notes
- In the
memcached and redis modules, we removed the bastion_host_security_group_id variable and added an allow_connections_from_security_groups variable, so you can now pass in a list of security group IDs that can connect to your cache, rather than just one.
Published: 11/21/2019 | Modules affected: iam-password-policy, cloudwatch-logs-metric-filters, saml-iam-roles, iam-groups | Release notes
This is the initial release of wrapper modules for v1.2.0 of the AWS Foundations Benchmark.
Published: 11/22/2019 | Modules affected: rds, lambda-create-snapshot, aurora | Release notes
- The
aurora module now supports custom names for db subnets and security groups.
- Updated the README format as per the new design for the Service Catalog.
- Skip creating final snapshots in aurora tests and examples.
- Test improvements: Copy examples to separate directories for better isolation.
Published: 11/22/2019 | Modules affected: ecs-service | Release notes
- Fixed a bug where ECS Auto Scaling was only working for "scale out" but not "scale in."
Published: 11/4/2019 | Modules affected: ecs-service | Release notes
- Fix bug where ECS service IAM role outputs were incorrectly conditional on
var.is_associated_with_elb, ignoring the condition about awsvpc (which is accounted for in local.need_ecs_iam_role_for_elb)
ecs-service now outputs service_app_autoscaling_target_resource_id which can be used for creating auto scaling policies.
Published: 11/22/2019 | Modules affected: eks-alb-ingress-controller | Release notes
eks-alb-ingress-controller:
- Rename
resource_name_prefix to eks_cluster_name
- If you are currently setting
enable_aws_api_debug_logs, update its value to bool instead of string
Special thanks to @alanbrent for the contribution!
Published: 11/12/2019 | Modules affected: lambda, lambda-edge | Release notes
This consolidates the lambda resources in modules/lambda and modules/lambda-edge, taking advantage of the TF12 features that allow it. This allows for better maintainability of the modules.
Published: 11/12/2019 | Modules affected: alb | Release notes
The two ALB resources used to switch on access logs have now been merged down to one resource. This improves maintainability of the module. As a result of this consolidation, the following feature drift has been resolved on the ALB resource for the no logs flavor:
idle_timeout was only defined on alb with logsadditional_security_group_ids was only being used on alb with logs
This renames the aws_alb resources as a part of consolidating the two versions down to one. As such, you will need to move the resources in the state file in order to avoid downtime.
NOTE: If you are using terragrunt, the state mv calls should be done using terragrunt instead of terraform.
If you had var.enable_alb_access_logs = true:
export MODULE_ADDRESS=module.alb # This should be the address of the module block used to call `alb`
terraform state mv "$MODULE_ADDRESS.aws_alb.alb_with_logs[0]" "$MODULE_ADDRESS.aws_alb.alb"
Otherwise:
export MODULE_ADDRESS=module.alb # This should be the address of the module block used to call `alb`
terraform state mv "$MODULE_ADDRESS.aws_alb.alb_without_logs[0]" "$MODULE_ADDRESS.aws_alb.alb"
Published: 11/28/2019 | Modules affected: vpc-mgmt, vpc-app | Release notes
- You can now filter which Availability Zones (AZs) are used by the
vpc-app and vpc-mgmt modules using the new input variables availability_zone_blacklisted_names, availability_zone_blacklisted_ids, and availability_zone_state.