Gruntwork release 2019-12
Guides / Update Guides / Releases / 2019-12
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2019-12. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 12/17/2019 | Release notes
Published: 12/11/2019 | Release notes
Published: 12/11/2019 | Release notes
Published: 12/17/2019 | Release notes
Since this repo is solely used for examples/demonstrations, and NOT meant for direct production use, we simply publish all changes at v0.0.1.
Published: 12/17/2019 | Release notes
Since this repo is solely used for examples/demonstrations, and NOT meant for direct production use, we simply publish all changes at v0.0.1.
Published: 12/14/2019 | Modules affected: ec2-backup | Release notes
- Updated the
ec2-backup
module to run on NodeJS 12 instead of 8, as version 8 is going EOL in February, 2020.
Published: 12/12/2019 | Modules affected: terraform-helpers | Release notes
This release fixes two bugs with terraform-update-variable
:
- Fixes bug where errors with running
terraform fmt
caused the tfvars file to be cleared out.
- Fixes bug where string matching for the variable name was too relaxed, causing it to ignore prefixes. E.g
tag
would match both tag
and canary_tag
.
Published: 12/20/2019 | Modules affected: cloudtrail, cloudwatch-logs-metric-filters, aws-securityhub | Release notes
Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes
custom-iam-entity
module now supports creating policies to grant full access to arbitrary services that may not have AWS managed policies.
Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes
Bump module-security custom-iam-entity
to latest version to pull in fix for newer versions of terraform.
Published: 12/17/2019 | Modules affected: iam-password-policy | Release notes
iam-password-policy
module no longer embeds the provider configuration, similar to the other modules in this repository. This allows users to better customize the provider setup.
Published: 12/17/2019 | Modules affected: cloudtrail, generate-aws-config, aws-config | Release notes
This release includes the following bug fixes:
- Address
terraform
deprecation warnings in the aws-config
module caused by referring to providers as strings.
- Fix bug where
cloudtrail
module can fail as it attempts to create the access logging bucket even when s3_bucket_already_exists
is set to true
.
Published: 12/5/2019 | Modules affected: generate-aws-config, aws-config | Release notes
Starting this release, the generate-aws-config
should no longer be used to manage your AWS Config configurations. Instead, use the newly introduced aws-config
terraform module, which will properly handle the enabled regions without relying on code generation. This module is a version of the generated module from generate-aws-config
with the ability to disable module calls for regions that are opted out.
Published: 12/11/2019 | Modules affected: lambda-cleanup-snapshots | Release notes
Fix bug where the clean up snapshots Lambda function did not get the right permissions due to a misconfiguration of the DescribeDBClusterSnapshots
IAM policy.
Published: 12/4/2019 | Modules affected: aurora | Release notes
- The
aurora
module now configures cluster instances with (a) create_before_destroy = true
, to ensure new instances are created before old ones are removed and (b) ignore_changes = [engine_version]
, to ensure updates to engine_version
will flow from the aws_rds_cluster.
Published: 12/16/2019 | Modules affected: eks-alb-ingress-controller | Release notes
You can now provide lifecycle hooks to the eks-alb-ingress-controller
module to execute arbitrary code on destroy of the module.
Published: 12/4/2019 | Modules affected: eks-vpc-tags | Release notes
The VPC subnet tags generated for EKS by eks-vpc-tags
now supports multiple EKS clusters.
Published: 12/6/2019 | Modules affected: lambda, lambda-edge | Release notes
- You can now add tags to your Lambda functions using the new
tags
input variable on the lambda
and lambda-edge
modules.
Published: 12/9/2019 | Modules affected: acm-tls-certificate | Release notes
Special thanks to @scottclk for the contribution!
Published: 12/2/2019 | Modules affected: acm-tls-certificate | Release notes
Special thanks to @scottclk for the contribution!
Published: 12/19/2019 | Modules affected: sns | Release notes
- Adds a
create_resources
boolean flag, which works similarly as setting count
to 1 or 0, which is necessary as terraform does not yet support this feature for modules.
Published: 12/20/2019 | Modules affected: logs/cloudwatch-logs-metric-filters | Release notes
The cloudwatch-logs-metric-filters
module no longer configures an aws provider, and thus no longer needs the aws_region
input variable. This also means that you will need to configure your provider outside of the module, which in turn allows you to customize the provider to your needs.
Published: 12/20/2019 | Modules affected: cloudtrail, ssh-grunt, aws-organizations, aws-organizations-config-rules | Release notes
This release includes:
- Fixes to documentation and variable descriptions
- Remove the unneeded
aws_region
variable in the cloudtrail
module. This variable was not used in the module, so you can safely omit it from the module parameters.
Published: 12/18/2019 | Modules affected: custom-iam-entity | Release notes
custom-iam-entity
module now supports creating policies to grant full access to arbitrary services that may not have AWS managed policies.
Published: 12/17/2019 | Modules affected: cloudtrail | Release notes
The cloudtrail
module will no longer attempt to create the server access logging S3 bucket if s3_bucket_already_exists
is set to true
, even if enable_s3_server_access_logging
is true
.
Published: 12/13/2019 | Modules affected: aws-organizations-config-rules | Release notes
Published: 12/11/2019 | Modules affected: aws-organizations | Release notes
Published: 12/5/2019 | Modules affected: aws-config | Release notes
aws-config
module now supports conditional logic to turn off all resources in the module. When you set the create_resources
input variable to false
, no resources will be created by the module. This is useful to conditionally turn off the module call in your code.
Additionally, this fixes a bug where the AWS provider was being configured within the aws-config
module. This makes the module less flexible for use since you can't override the provider configuration. As a result, the aws-config
module no longer needs the aws_region
parameter to be passed in.
Published: 12/17/2019 | Modules affected: single-server | Release notes
- The
single-server
module accepts a new variable, monitoring
which determines whether the instance has detailed monitoring enabled. Note that enabling detailed monitoring results in additional costs. See the CloudWatch Pricing page for details.
Published: 12/18/2019 | Modules affected: s3-cloudfront | Release notes
- Thank you to @danakim for the PR!
Published: 12/11/2019 | Modules affected: s3-cloudfront | Release notes
- Due to a change in AWS, the
s3-cloudfront
module was not able to send CloudFront access logs to the S3 bucket. This has now been fixed by updating the policy on that S3 bucket. Note that due to a Terraform or AWS bug, you need to set use_cloudfront_arn_for_bucket_policy
to true
in old AWS accounts and use_cloudfront_arn_for_bucket_policy
to false
in old accounts, or you'll get a perpetual diff from the plan
output.
Published: 12/19/2019 | Release notes
run-pex-as-resource
now supports configuring a destroy
provisioner that runs the pex on destroy of the resource.
Published: 12/5/2019 | Release notes
enabled-aws-regions
[NEW]
This release introduces the enabled-aws-regions
module, which returns all enabled regions for an account. This is useful for designing modules that need to enable a specific resource or module on all regions of the account.
Published: 12/14/2019 | Modules affected: vpc-mgmt, vpc-app | Release notes
This release introduces the ability to tag just the VPC, but not any of the other resources in the module using the vpc_custom_tags
input variable.