Skip to main content

Gruntwork release 2019-12

Guides / Update Guides / Releases / 2019-12

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2019-12. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

boilerplate

v0.2.26

Published: 12/17/2019 | Release notes

https://github.com/gruntwork-io/boilerplate/pull/54: Introduce include, a helper function that will render another file through the templating engine and output the contents.

infrastructure-live-acme

v0.0.1

Published: 12/11/2019 | Release notes

(no release notes found)

infrastructure-live-multi-account-acme

v0.0.1

Published: 12/11/2019 | Release notes

(no release notes found)

infrastructure-modules-acme

v0.0.1

Published: 12/17/2019 | Release notes

Since this repo is solely used for examples/demonstrations, and NOT meant for direct production use, we simply publish all changes at v0.0.1.

infrastructure-modules-multi-account-acme

v0.0.1

Published: 12/17/2019 | Release notes

Since this repo is solely used for examples/demonstrations, and NOT meant for direct production use, we simply publish all changes at v0.0.1.

terraform-aws-ci

v0.16.2

Published: 12/14/2019 | Modules affected: ec2-backup | Release notes

  • Updated the ec2-backup module to run on NodeJS 12 instead of 8, as version 8 is going EOL in February, 2020.

v0.16.1

Published: 12/12/2019 | Modules affected: terraform-helpers | Release notes

This release fixes two bugs with terraform-update-variable:

  • Fixes bug where errors with running terraform fmt caused the tfvars file to be cleared out.
  • Fixes bug where string matching for the variable name was too relaxed, causing it to ignore prefixes. E.g tag would match both tag and canary_tag.

terraform-aws-cis-service-catalog

v0.3.0

Published: 12/20/2019 | Modules affected: cloudtrail, cloudwatch-logs-metric-filters, aws-securityhub | Release notes

v0.2.2

Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes

custom-iam-entity module now supports creating policies to grant full access to arbitrary services that may not have AWS managed policies.

v0.2.1

Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes

Bump module-security custom-iam-entity to latest version to pull in fix for newer versions of terraform.

v0.2.0

Published: 12/17/2019 | Modules affected: iam-password-policy | Release notes

iam-password-policy module no longer embeds the provider configuration, similar to the other modules in this repository. This allows users to better customize the provider setup.

v0.1.1

Published: 12/17/2019 | Modules affected: cloudtrail, generate-aws-config, aws-config | Release notes

This release includes the following bug fixes:

  • Address terraform deprecation warnings in the aws-config module caused by referring to providers as strings.
  • Fix bug where cloudtrail module can fail as it attempts to create the access logging bucket even when s3_bucket_already_exists is set to true.

v0.1.0

Published: 12/5/2019 | Modules affected: generate-aws-config, aws-config | Release notes

Starting this release, the generate-aws-config should no longer be used to manage your AWS Config configurations. Instead, use the newly introduced aws-config terraform module, which will properly handle the enabled regions without relying on code generation. This module is a version of the generated module from generate-aws-config with the ability to disable module calls for regions that are opted out.

terraform-aws-data-storage

v0.11.1

Published: 12/11/2019 | Modules affected: lambda-cleanup-snapshots | Release notes

Fix bug where the clean up snapshots Lambda function did not get the right permissions due to a misconfiguration of the DescribeDBClusterSnapshots IAM policy.

v0.11.0

Published: 12/4/2019 | Modules affected: aurora | Release notes

  • The aurora module now configures cluster instances with (a) create_before_destroy = true, to ensure new instances are created before old ones are removed and (b) ignore_changes = [engine_version], to ensure updates to engine_version will flow from the aws_rds_cluster.

terraform-aws-eks

v0.11.1

Published: 12/16/2019 | Modules affected: eks-alb-ingress-controller | Release notes

You can now provide lifecycle hooks to the eks-alb-ingress-controller module to execute arbitrary code on destroy of the module.

v0.11.0

Published: 12/4/2019 | Modules affected: eks-vpc-tags | Release notes

The VPC subnet tags generated for EKS by eks-vpc-tags now supports multiple EKS clusters.

terraform-aws-lambda

v0.7.1

Published: 12/6/2019 | Modules affected: lambda, lambda-edge | Release notes

  • You can now add tags to your Lambda functions using the new tags input variable on the lambda and lambda-edge modules.

terraform-aws-load-balancer

v0.16.2

Published: 12/9/2019 | Modules affected: acm-tls-certificate | Release notes

  • acm-tls-certificate

  • This release makes the ACM certificate validation creation optional in acm-tls-certificate.

Special thanks to @scottclk for the contribution!

v0.16.1

Published: 12/2/2019 | Modules affected: acm-tls-certificate | Release notes

  • acm-tls-certificate

  • This release makes Route53 verification record creation optional in acm-tls-certificate.

Special thanks to @scottclk for the contribution!

  • #68

terraform-aws-messaging

v0.3.1

Published: 12/19/2019 | Modules affected: sns | Release notes

  • Adds a create_resources boolean flag, which works similarly as setting count to 1 or 0, which is necessary as terraform does not yet support this feature for modules.

terraform-aws-monitoring

v0.15.0

Published: 12/20/2019 | Modules affected: logs/cloudwatch-logs-metric-filters | Release notes

The cloudwatch-logs-metric-filters module no longer configures an aws provider, and thus no longer needs the aws_region input variable. This also means that you will need to configure your provider outside of the module, which in turn allows you to customize the provider to your needs.

terraform-aws-security

v0.22.0

Published: 12/20/2019 | Modules affected: cloudtrail, ssh-grunt, aws-organizations, aws-organizations-config-rules | Release notes

This release includes:

  • Fixes to documentation and variable descriptions
  • Remove the unneeded aws_region variable in the cloudtrail module. This variable was not used in the module, so you can safely omit it from the module parameters.

v0.21.4

Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes

custom-iam-entity module now supports creating policies to grant full access to arbitrary services that may not have AWS managed policies.

v0.21.3

Published: 12/17/2019 | Modules affected: cloudtrail | Release notes

The cloudtrail module will no longer attempt to create the server access logging S3 bucket if s3_bucket_already_exists is set to true, even if enable_s3_server_access_logging is true.

v0.21.2

Published: 12/13/2019 | Modules affected: aws-organizations-config-rules | Release notes

v0.21.1

Published: 12/11/2019 | Modules affected: aws-organizations | Release notes

v0.21.0

Published: 12/5/2019 | Modules affected: aws-config | Release notes

aws-config module now supports conditional logic to turn off all resources in the module. When you set the create_resources input variable to false, no resources will be created by the module. This is useful to conditionally turn off the module call in your code.

Additionally, this fixes a bug where the AWS provider was being configured within the aws-config module. This makes the module less flexible for use since you can't override the provider configuration. As a result, the aws-config module no longer needs the aws_region parameter to be passed in.

terraform-aws-server

v0.7.6: Introduce variable to enable detailed monitoring

Published: 12/17/2019 | Modules affected: single-server | Release notes

  • The single-server module accepts a new variable, monitoring which determines whether the instance has detailed monitoring enabled. Note that enabling detailed monitoring results in additional costs. See the CloudWatch Pricing page for details.

terraform-aws-static-assets

v0.5.7

Published: 12/18/2019 | Modules affected: s3-cloudfront | Release notes

  • s3-cloudfront

  • Use new input variable wait_for_deployment to tell Terraform whether it should wait for Cloudfront to finish deploying the distribution. If true, the module will wait for the distribution status to change from InProgress to Deployed. Setting this to false will skip the process.

  • Thank you to @danakim for the PR!

v0.5.6

Published: 12/11/2019 | Modules affected: s3-cloudfront | Release notes

  • Due to a change in AWS, the s3-cloudfront module was not able to send CloudFront access logs to the S3 bucket. This has now been fixed by updating the policy on that S3 bucket. Note that due to a Terraform or AWS bug, you need to set use_cloudfront_arn_for_bucket_policy to true in old AWS accounts and use_cloudfront_arn_for_bucket_policy to false in old accounts, or you'll get a perpetual diff from the plan output.

terraform-aws-utilities

v0.1.5

Published: 12/19/2019 | Release notes

  • run-pex-as-resource

run-pex-as-resource now supports configuring a destroy provisioner that runs the pex on destroy of the resource.

v0.1.4

Published: 12/5/2019 | Release notes

  • enabled-aws-regions [NEW]

This release introduces the enabled-aws-regions module, which returns all enabled regions for an account. This is useful for designing modules that need to enable a specific resource or module on all regions of the account.

terraform-aws-vpc

v0.7.8

Published: 12/14/2019 | Modules affected: vpc-mgmt, vpc-app | Release notes

This release introduces the ability to tag just the VPC, but not any of the other resources in the module using the vpc_custom_tags input variable.