Gruntwork release 2019-12
Guides / Update Guides / Releases / 2019-12
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2019-12. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 12/17/2019 | Release notes
Published: 12/11/2019 | Release notes
Published: 12/11/2019 | Release notes
Published: 12/17/2019 | Release notes
Since this repo is solely used for examples/demonstrations, and NOT meant for direct production use, we simply publish all changes at v0.0.1.
Published: 12/17/2019 | Release notes
Since this repo is solely used for examples/demonstrations, and NOT meant for direct production use, we simply publish all changes at v0.0.1.
Published: 12/14/2019 | Modules affected: ec2-backup | Release notes
- Updated the
ec2-backup module to run on NodeJS 12 instead of 8, as version 8 is going EOL in February, 2020.
Published: 12/12/2019 | Modules affected: terraform-helpers | Release notes
This release fixes two bugs with terraform-update-variable:
- Fixes bug where errors with running
terraform fmt caused the tfvars file to be cleared out. - Fixes bug where string matching for the variable name was too relaxed, causing it to ignore prefixes. E.g
tag would match both tag and canary_tag.
Published: 12/20/2019 | Modules affected: cloudtrail, cloudwatch-logs-metric-filters, aws-securityhub | Release notes
Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes
custom-iam-entity module now supports creating policies to grant full access to arbitrary services that may not have AWS managed policies.
Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes
Bump module-security custom-iam-entity to latest version to pull in fix for newer versions of terraform.
Published: 12/17/2019 | Modules affected: iam-password-policy | Release notes
iam-password-policy module no longer embeds the provider configuration, similar to the other modules in this repository. This allows users to better customize the provider setup.
Published: 12/17/2019 | Modules affected: cloudtrail, generate-aws-config, aws-config | Release notes
This release includes the following bug fixes:
- Address
terraform deprecation warnings in the aws-config module caused by referring to providers as strings. - Fix bug where
cloudtrail module can fail as it attempts to create the access logging bucket even when s3_bucket_already_exists is set to true.
Published: 12/5/2019 | Modules affected: generate-aws-config, aws-config | Release notes
Starting this release, the generate-aws-config should no longer be used to manage your AWS Config configurations. Instead, use the newly introduced aws-config terraform module, which will properly handle the enabled regions without relying on code generation. This module is a version of the generated module from generate-aws-config with the ability to disable module calls for regions that are opted out.
Published: 12/11/2019 | Modules affected: lambda-cleanup-snapshots | Release notes
Fix bug where the clean up snapshots Lambda function did not get the right permissions due to a misconfiguration of the DescribeDBClusterSnapshots IAM policy.
Published: 12/4/2019 | Modules affected: aurora | Release notes
- The
aurora module now configures cluster instances with (a) create_before_destroy = true, to ensure new instances are created before old ones are removed and (b) ignore_changes = [engine_version], to ensure updates to engine_version will flow from the aws_rds_cluster.
Published: 12/16/2019 | Modules affected: eks-alb-ingress-controller | Release notes
You can now provide lifecycle hooks to the eks-alb-ingress-controller module to execute arbitrary code on destroy of the module.
Published: 12/4/2019 | Modules affected: eks-vpc-tags | Release notes
The VPC subnet tags generated for EKS by eks-vpc-tags now supports multiple EKS clusters.
Published: 12/6/2019 | Modules affected: lambda, lambda-edge | Release notes
- You can now add tags to your Lambda functions using the new
tags input variable on the lambda and lambda-edge modules.
Published: 12/9/2019 | Modules affected: acm-tls-certificate | Release notes
- This release makes the ACM certificate validation creation optional in
acm-tls-certificate.
Special thanks to @scottclk for the contribution!
Published: 12/2/2019 | Modules affected: acm-tls-certificate | Release notes
- This release makes Route53 verification record creation optional in
acm-tls-certificate.
Special thanks to @scottclk for the contribution!
Published: 12/19/2019 | Modules affected: sns | Release notes
- Adds a
create_resources boolean flag, which works similarly as setting count to 1 or 0, which is necessary as terraform does not yet support this feature for modules.
Published: 12/20/2019 | Modules affected: logs/cloudwatch-logs-metric-filters | Release notes
The cloudwatch-logs-metric-filters module no longer configures an aws provider, and thus no longer needs the aws_region input variable. This also means that you will need to configure your provider outside of the module, which in turn allows you to customize the provider to your needs.
Published: 12/20/2019 | Modules affected: cloudtrail, ssh-grunt, aws-organizations, aws-organizations-config-rules | Release notes
This release includes:
- Fixes to documentation and variable descriptions
- Remove the unneeded
aws_region variable in the cloudtrail module. This variable was not used in the module, so you can safely omit it from the module parameters.
Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes
custom-iam-entity module now supports creating policies to grant full access to arbitrary services that may not have AWS managed policies.
Published: 12/17/2019 | Modules affected: cloudtrail | Release notes
The cloudtrail module will no longer attempt to create the server access logging S3 bucket if s3_bucket_already_exists is set to true, even if enable_s3_server_access_logging is true.
Published: 12/13/2019 | Modules affected: aws-organizations-config-rules | Release notes
aws-organizations-config-rules [NEW]
- New
aws-organizations-config-rules module allows you to configure a best-practices set of AWS Organization level managed config rules
Published: 12/11/2019 | Modules affected: aws-organizations | Release notes
- New AWS Organizations module allows you to create and manage your AWS Organization and child AWS accounts as code.
Published: 12/5/2019 | Modules affected: aws-config | Release notes
aws-config module now supports conditional logic to turn off all resources in the module. When you set the create_resources input variable to false, no resources will be created by the module. This is useful to conditionally turn off the module call in your code.
Additionally, this fixes a bug where the AWS provider was being configured within the aws-config module. This makes the module less flexible for use since you can't override the provider configuration. As a result, the aws-config module no longer needs the aws_region parameter to be passed in.
Published: 12/17/2019 | Modules affected: single-server | Release notes
- The
single-server module accepts a new variable, monitoring which determines whether the instance has detailed monitoring enabled. Note that enabling detailed monitoring results in additional costs. See the CloudWatch Pricing page for details.
Published: 12/18/2019 | Modules affected: s3-cloudfront | Release notes
- Use new input variable
wait_for_deployment to tell Terraform whether it should wait for Cloudfront to finish deploying the distribution. If true, the module will wait for the distribution status to change from InProgress to Deployed. Setting this to false will skip the process.
- Thank you to @danakim for the PR!
Published: 12/11/2019 | Modules affected: s3-cloudfront | Release notes
- Due to a change in AWS, the
s3-cloudfront module was not able to send CloudFront access logs to the S3 bucket. This has now been fixed by updating the policy on that S3 bucket. Note that due to a Terraform or AWS bug, you need to set use_cloudfront_arn_for_bucket_policy to true in old AWS accounts and use_cloudfront_arn_for_bucket_policy to false in old accounts, or you'll get a perpetual diff from the plan output.
Published: 12/19/2019 | Release notes
run-pex-as-resource now supports configuring a destroy provisioner that runs the pex on destroy of the resource.
Published: 12/5/2019 | Release notes
enabled-aws-regions [NEW]
This release introduces the enabled-aws-regions module, which returns all enabled regions for an account. This is useful for designing modules that need to enable a specific resource or module on all regions of the account.
Published: 12/14/2019 | Modules affected: vpc-mgmt, vpc-app | Release notes
This release introduces the ability to tag just the VPC, but not any of the other resources in the module using the vpc_custom_tags input variable.