Skip to main content

Gruntwork release 2021-02

Guides / Update Guides / Releases / 2021-02

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2021-02. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:



Published: 2/9/2021 | Release notes



Published: 2/4/2021 | Release notes

Since this repo is solely used for examples/demonstrations, and NOT meant for direct production use, we simply publish all changes at v0.0.1, with a date marker for when it was published.

Updated all module versions to the latest. Most of these were backwards compatible changes, except for the EKS / Helm updates, as we have switched to Helm provider v2. Refer to the Migration Guide down below for details.

Most modules solely require a version number bump. The one exception is that if you're using EKS and Helm, Helm provider version 2 has come out, and some minor code changes are required to use it. See the terraform-aws-eks v0.32.0 release notes for instructions.



Published: 2/16/2021 | Release notes Remove unnecessary API requests, speeding up incremental update. Add support for copying from multiple GitHub orgs. Gruntwork owned/maintained repos from the hashicorp org will now be copied by default when using the github connector.


Published: 2/10/2021 | Release notes Handle fatal and non-fatal errors separately. Add support for incremental updates, so you can run repo-copier in a cron job. Also, added support for --force-overwrite to force overwriting existing contents. Add more unit tests.


Published: 2/5/2021 | Release notes Add support for custom context paths, port numbers, and other URL tweaks in BitBucket.


Published: 2/4/2021 | Release notes Fix bug with how assets were packaged that caused an error when running repo-copier. Add support for a GitHub connector, which allows you to copy code directly from GitHub, so you don't need S3 as an intermediary. Add support for specifying proxies for each connector via --proxy-url params.



Published: 2/26/2021 | Modules affected: redis | Release notes

  • AWS ElastiCache, and the Terraform AWS provider, have changed how reader endpoints work (context), which broke the read_endpoints output variable in the redis module. In this release, we've fixed this issue, and updated to use the new terminology and type from AWS / Terraform: the output variable is now called reader_endpoint and is a single value instead of a list.


Published: 2/9/2021 | Modules affected: redis | Release notes

  • Several months ago, AWS made a backward-incompatible change related to the Elasticache Replication Group Multi-AZ behavior, introducing a new MultiAZEnabled toggle. This means that, the last several months, if you deployed Redis with with enable_automatic_failover set to true, but did not have this MultiAZEnabled flag—which wasn't exposed in Terraform's AWS provider—Redis would be deployed into only a single AZ. This issue was fixed in AWS provider 3.26, and in this release, we now expose a new enable_multi_az variable in the redis module so that you can configure this property. This is a backwards incompatible change, so please see the migration guide below.



Published: 2/26/2021 | Modules affected: ecs-deploy-runner | Release notes

  • Fix tag handling for ref in kaniko - build-docker-image


Published: 2/25/2021 | Modules affected: ecs-deploy-runner | Release notes

The default version of tools installed in the deploy runner has been updated:

  • Kaniko: v1.5.1
  • Kubergrunt: v0.6.10
  • Kubectl: v1.19.1


Published: 2/24/2021 | Modules affected: jenkins-server | Release notes

  • You can now configure IOPS for the Jenkins EBS volume by setting the new ebs_volume_iops input parameter. Note that you'll also need to set the ebs_volume_type input parameter (which existed before) to io1.


Published: 2/11/2021 | Modules affected: ecs-deploy-runner | Release notes

  • Use correct version of terraform-aws-ci in Dockerfile for the deploy-runner.


Published: 2/8/2021 | Modules affected: ecs-deploy-runner-standard-configuration, ecs-deploy-runner, gruntwork-module-circleci-helpers | Release notes

  • Fixes a bug in the arg checker for ecs-deploy-runner
  • The EDR Dockerfile now installs kubectl so that it may be used with kubergrunt and EKS.


Published: 2/5/2021 | Modules affected: ecs-deploy-runner, aws-helpers, build-helpers, check-url | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
  • Update the default Dockerfile in ecs-deploy-runner to use Kubergrunt v0.6.9.



Published: 2/8/2021 | Modules affected: rds | Release notes

  • Adds support for different primary/replica storage types in RDS.



Published: 2/26/2021 | Modules affected: ecs-cluster | Release notes

  • Exposes the enable_monitoring option to allow enabling/disabling of detailed monitoring for EC2 instances in ECS clusters.


Published: 2/23/2021 | Modules affected: ecs-service | Release notes

  • Fix bug where the ecs-service module produces Error: Inconsistent conditional result types on the IAM role.


Published: 2/4/2021 | Modules affected: ecs-service | Release notes

This release removes the service_autoscaling_iam_role_arn output from the ecs-service module. This output should have been removed in the v0.24.0 release, but it was mistakenly left in place.



Published: 2/25/2021 | Modules affected: eks-cluster-control-plane, eks-k8s-cluster-autoscaler | Release notes

Bump default k8s version to 1.19. If you wish to use Kubernetes version 1.19 with EKS, you must update kubergrunt to version 0.6.10 or newer. Note that If you were using the default (that is, you were not passing in kubernetes_version), you will need to explicitly pass in kubernetes_version = "1.18" to avoid inadvertently upgrading the EKS cluster.


Published: 2/12/2021 | Modules affected: eks-cluster-workers, eks-cluster-control-plane | Release notes

  • Fix bug where workers module requires eks_control_plane_security_group_id when create_resources is false
  • Add support for stringing dependencies to the Control Plane service fargate profile


Published: 2/11/2021 | Modules affected: eks-k8s-cluster-autoscaler-iam-policy, eks-k8s-cluster-autoscaler | Release notes

  • Fix bug where the labels used to schedule the eks-k8s-cluster-autoscaler on fargate was incorrect.
  • Allow deploying eks-k8s-cluster-autoscaler without any ASGs.



Published: 2/15/2021 | Modules affected: alb | Release notes

  • You can now configure the ACM cert statuses and types the alb module will search for using the new acm_cert_statuses and acm_cert_types input variables. This allows you to use the alb module with both AWS-issued and imported ACM certs.



Published: 2/15/2021 | Modules affected: sns | Release notes

  • You can now configure a custom KMS CMK to use with the sns module using the new kms_master_key_id input variable.



Published: 2/23/2021 | Modules affected: ssh-grunt, account-baseline-app, account-baseline-security, aws-config-multi-region | Release notes

  • The documentation for ssh-grunt has been updated to suggest using apt-get purge instead of apt-get remove when removing ec2-instance-connect.
  • Corrected two bugs related to AWS Config, one of which causes a *backwards incompatible** change in the account-baseline-app and account-baseline-security modules.
  1. Fixes opt_in_regions to work correctly when aggregating AWS config in multiple accounts.
  2. Backwards incompatible: updates account-baseline-app and account-baseline-security to send notifications to the SNS topic in the Logs account. This was the intended configuration but a bug caused the topics to always be created in each region of each account. This bug has been corrected.


Published: 2/1/2021 | Modules affected: account-baseline-root, auto-update, aws-auth, aws-config-bucket | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.



Published: 2/24/2021 | Modules affected: single-server | Release notes

  • You can now force the single-server module to detach IAM policies from the IAM role on delete by setting the new input variable force_detach_policies to true. If you attach policies to the IAM role using the aws_iam_policy_attachment resource and you are modifying the role name or path, the force_detach_policies argument must be set to true and applied before attempting the operation, otherwise you will encounter a DeleteConflict error. The aws_iam_role_policy_attachment resource (recommended) does not have this requirement.



Published: 2/25/2021 | Modules affected: services/eks-cluster, services/ecs-fargate-cluster, services/ecs-service, mgmt | Release notes

  • The default kubernetes version deployed by eks-cluster is now 1.19. If you were using the default before (that is, you were not setting kubernetes_version explicitly in your variables), you will need to set it to 1.17 to avoid a cluster upgrade. Note that to use 1.19, you will need to update your kubergrunt installation to at least v0.6.10.
  • Fixed typo in README for landingzone/gruntwork-access
  • Update dependency gruntwork-io/terratest to v0.32.8
  • Update dependency gruntwork-io/terragrunt to v0.28.7
  • You can now launch a Fargate based ECS cluster using the ecs-fargate-cluster module.
  • You can now launch a VPC network based ECS service by configuring the network_configuration and network_mode parameters. This allows you to successfully deploy your ECS service on Fargate.


Published: 2/23/2021 | Modules affected: landingzone, base, data-stores, mgmt | Release notes

  • Fixes issue with AWS Config SNS topics
  • Update dependency gruntwork-io/terraform-aws-security to v0.45.0
  • Update dependency gruntwork-io/terraform-aws-ecs to v0.25.1
  • Expose custom_tags for public_static_website
  • Bump k8s-service module to helm 2.x provider


Published: 2/23/2021 | Modules affected: services, networking | Release notes

  • Bump AWS provider version for ACM
  • Fix destroy ordering of resources for eks-cluster. NOTE: updating the eks-cluster module will reveal a destroy of the null_resource.delete_autocreated_aws_auth resource. This is expected, and is safe to roll out without downtime. Similarly, there will be an update to the aws-auth ConfigMap to remove an extraneous label that is no longer necessary.


Published: 2/22/2021 | Modules affected: services/ecs-cluster | Release notes

Fixes a bug in the ecs-cluster module to allow SSH from CIDR blocks to work correctly.


Published: 2/22/2021 | Modules affected: networking | Release notes

  • Do better parallelism control in bastion host testing
  • Fix malformed required_providers block in VPC module


Published: 2/22/2021 | Modules affected: data-stores | Release notes

  • You can now set custom tags for the rds module.


Published: 2/18/2021 | Modules affected: data-stores, mgmt | Release notes

  • Fix RDS port docs to not mislead about default port.
  • bastion-host module can now be deployed with no domain


Published: 2/17/2021 | Modules affected: services | Release notes

  • Expose labels and annotations for kubernetes namespaces


Published: 2/16/2021 | Modules affected: services | Release notes

  • Expose tagging capabilities for the EKS cluster control plane


Published: 2/16/2021 | Modules affected: networking, services, data-stores | Release notes

  • Allow specifying disallow list of availability zones for EKS
  • Expose deletion_protection parameter for Aurora


Published: 2/12/2021 | Modules affected: mgmt/jenkins | Release notes

  • Adds the ability to grant KMS key permissions for the Jenkins IAM role using the var.ebs_kms_key_arn and var.ebs_kms_key_arn_is_alias variables.


Published: 2/11/2021 | Modules affected: mgmt, services | Release notes

  • Update default terragrunt version installed in jenkins to v0.28.3.
  • Fix labels for scheduling EKS core services on fargate


Published: 2/10/2021 | Modules affected: services/k8s-service | Release notes

  • You can now configure tmpfs volumes in your kubernetes services using the scratch_paths input variable.


Published: 2/9/2021 | Modules affected: data-stores, mgmt, networking, base | Release notes

  • Update dependency gruntwork-io/terraform-aws-data-storage to v0.17.3
  • Update dependency gruntwork-io/terraform-aws-ci to v0.29.10
  • Update dependency gruntwork-io/terraform-aws-vpc to v0.13.1
  • The ec2-baseline module will now remove the ec2-instance-connect package if ssh-grunt is enabled. For more information on why this is, see here.


Published: 2/8/2021 | Modules affected: services/ecs-service, services/ecs-cluster | Release notes

  • Update dependency gruntwork-io/terraform-aws-ecs v0.24.1 => v0.25.0 (release notes). As a part of this change, the output service_autoscaling_iam_role_arn was removed from the ecs-service module.


Published: 2/1/2021 | Modules affected: networking, mgmt, services, base | Release notes

All nested module dependencies have been updated to the latest upstream versions. We've also resolved warnings related to deprecated variable interpolation syntax.

  • Updated dependency gruntwork-io/terraform-aws-vpc to v0.13.0
  • Updated dependency gruntwork-io/gruntwork-installer to v0.0.32
  • Updated dependency gruntwork-io/terraform-aws-monitoring to v0.24.1
  • Updated dependency gruntwork-io/terraform-aws-server to v0.10.1
  • Updated dependency gruntwork-io/terraform-aws-openvpn to v0.13.1
  • Updated dependency gruntwork-io/terraform-aws-data-storage to v0.17.2
  • Updated dependency gruntwork-io/terraform-aws-cache to v0.10.2
  • Updated dependency gruntwork-io/terraform-aws-asg to v0.11.2
  • Updated dependency gruntwork-io/terraform-aws-ecs to v0.24.1
  • Updated dependency gruntwork-io/terratest to v0.32.1
  • Updated dependency gruntwork-io/terraform-aws-security to v0.44.10
  • Updated dependency gruntwork-io/terraform-aws-ci to v0.29.8
  • Updated dependency gruntwork-io/gruntkms to v0.0.9
  • Updated dependency gruntwork-io/terragrunt to v0.27.4
  • Updated dependency gruntwork-io/terraform-aws-eks to v0.32.2



Published: 2/23/2021 | Modules affected: executable-dependency, instance-type, join-path, list-remove | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
    • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
    • Once all Gruntwork repos have been upgrade to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
  • Remove docker key from machine config
  • Add for TFC/TFE/PMR
  • Lock PIP's version to be smaller than 21.0



Published: 2/8/2021 | Modules affected: vpc-app | Release notes

  • You can now get the ID of the default security group in the VPC using the default_security_group_id output variable.