Skip to main content

Gruntwork release 2019-11

Guides / Update Guides / Releases / 2019-11

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2019-11. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:



Published: 11/27/2019 | Modules affected: redis | Release notes

  • Simplify permutations In the redis module. As the resource names change within the module, this is a backwards incompatible change.

This release is backwards incompatible and to update an existing Redis cluster, use terraform state mv <old_address> <new_address> to ensure that your cluster isn't deleted when you run terraform apply.

Depending on your configuration, your current resource name is one of

  • redis_with_snapshotting_without_auth_token_without_cluster_mode
  • redis_with_snapshotting_without_auth_token_with_cluster_mode
  • redis_with_snapshotting_with_auth_token_without_cluster_mode
  • redis_with_snapshotting_with_auth_token_with_cluster_mode
  • redis_without_snapshotting_without_auth_token_without_cluster_mode
  • redis_without_snapshotting_without_auth_token_with_cluster_mode
  • redis_without_snapshotting_with_auth_token_without_cluster_mode
  • redis_without_snapshotting_with_auth_token_with_cluster_mode

To find out which one it is, run terraform state list.

For example, if your current resource name is module.redis.aws_elasticache_replication_group.redis_without_snapshotting_without_auth_token_with_cluster_mode[0], you can migrate the resource by running:

terraform state mv "module.redis.aws_elasticache_replication_group.redis_without_snapshotting_without_auth_token_with_cluster_mode[0]" module.redis.aws_elasticache_replication_group.redis

Note that you will have to use the quotes around the indexed resource to avoid terraform error no matches found: module.redis....

  • Thanks to @brianbordini for the PR!
  • #40


Published: 11/7/2019 | Modules affected: redis, memcached | Release notes

  • In the memcached and redis modules, we removed the bastion_host_security_group_id variable and added an allow_connections_from_security_groups variable, so you can now pass in a list of security group IDs that can connect to your cache, rather than just one.


v0.0.3: Initial release of wrapper modules

Published: 11/21/2019 | Modules affected: iam-password-policy, cloudwatch-logs-metric-filters, saml-iam-roles, iam-groups | Release notes

This is the initial release of wrapper modules for v1.2.0 of the AWS Foundations Benchmark.



Published: 11/22/2019 | Modules affected: rds, lambda-create-snapshot, aurora | Release notes

  • The aurora module now supports custom names for db subnets and security groups.
  • Updated the README format as per the new design for the Service Catalog.
  • Skip creating final snapshots in aurora tests and examples.
  • Test improvements: Copy examples to separate directories for better isolation.



Published: 11/22/2019 | Modules affected: ecs-service | Release notes

  • Fixed a bug where ECS Auto Scaling was only working for "scale out" but not "scale in."


Published: 11/4/2019 | Modules affected: ecs-service | Release notes

  • Fix bug where ECS service IAM role outputs were incorrectly conditional on var.is_associated_with_elb, ignoring the condition about awsvpc (which is accounted for in local.need_ecs_iam_role_for_elb)
  • ecs-service now outputs service_app_autoscaling_target_resource_id which can be used for creating auto scaling policies.



Published: 11/22/2019 | Modules affected: eks-alb-ingress-controller | Release notes

  • eks-alb-ingress-controller [BACKWARDS INCOMPATIBLE]
  • eks-alb-ingress-controller:
    • Update Helm chart version: 0.1.6 -> 0.1.11
    • Add support for setting Pod priorityClass
    • Add support for enabling and configuring livenessProbe
    • Add support for enabling and configuring readinessProbe
    • Rename resource_name_prefix to eks_cluster_name


  • Rename resource_name_prefix to eks_cluster_name
  • If you are currently setting enable_aws_api_debug_logs, update its value to bool instead of string

Special thanks to @alanbrent for the contribution!



Published: 11/12/2019 | Modules affected: lambda, lambda-edge | Release notes

This consolidates the lambda resources in modules/lambda and modules/lambda-edge, taking advantage of the TF12 features that allow it. This allows for better maintainability of the modules.



Published: 11/12/2019 | Modules affected: alb | Release notes


The two ALB resources used to switch on access logs have now been merged down to one resource. This improves maintainability of the module. As a result of this consolidation, the following feature drift has been resolved on the ALB resource for the no logs flavor:

  • idle_timeout was only defined on alb with logs
  • additional_security_group_ids was only being used on alb with logs

This renames the aws_alb resources as a part of consolidating the two versions down to one. As such, you will need to move the resources in the state file in order to avoid downtime.

NOTE: If you are using terragrunt, the state mv calls should be done using terragrunt instead of terraform.

If you had var.enable_alb_access_logs = true:

export MODULE_ADDRESS=module.alb # This should be the address of the module block used to call `alb`
terraform state mv "$MODULE_ADDRESS.aws_alb.alb_with_logs[0]" "$MODULE_ADDRESS.aws_alb.alb"


export MODULE_ADDRESS=module.alb # This should be the address of the module block used to call `alb`
terraform state mv "$MODULE_ADDRESS.aws_alb.alb_without_logs[0]" "$MODULE_ADDRESS.aws_alb.alb"



Published: 11/28/2019 | Modules affected: vpc-mgmt, vpc-app | Release notes

  • You can now filter which Availability Zones (AZs) are used by the vpc-app and vpc-mgmt modules using the new input variables availability_zone_blacklisted_names, availability_zone_blacklisted_ids, and availability_zone_state.