Gruntwork release 2021-07
Guides / Update Guides / Releases / 2021-07
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2021-07. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 7/23/2021 | Modules affected: asg-rolling-deploy, server-group | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/9/2021 | Release notes
- Add Terraform validation test that will scan the entire repo for Terraform modules and run
terraform init and terraform validate on each. - Replace
gofmt with goimports
Published: 7/26/2021 | Modules affected: memcached, redis | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/14/2021 | Release notes
- Add Terraform Validate test
- Replace
gofmt with goimports
Published: 7/28/2021 | Modules affected: ecs-deploy-runner | Release notes
- Gracefully handle error messages for starting the deploy runner task
Published: 7/27/2021 | Modules affected: ec2-backup, ecs-deploy-runner-invoke-iam-policy, ecs-deploy-runner-standard-configuration, ecs-deploy-runner | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/22/2021 | Modules affected: ecs-deploy-runner | Release notes
- Updated default
terraform-aws-ci version tag used in deploy-runner image to use 0.37.2.
Published: 7/16/2021 | Modules affected: monorepo-helpers, infrastructure-deploy-script | Release notes
Added a new module monorepo-helpers that contains scripts that help with adapting CI/CD pipelines for infrastructure code to monorepo setups. These scripts can be used to setup pipelines that only run tests on the infrastructure modules that changed (as opposed to always running all tests on every change). Refer to the module docs for more info.
Published: 7/15/2021 | Modules affected: infrastructure-deploy-script, ecs-deploy-runner | Release notes
infrastructure-deploy-scriptecs-deploy-runner
- We updated a small comment for better language.
- We made a minor addition to the CODEOWNERS file.
- We bumped some versions so that the ecs-deploy-runner Dockerfile installs newer packages.
Published: 7/13/2021 | Release notes
- Replace
gofmt with goimports in the pre-commit configuration.
Published: 7/8/2021 | Modules affected: terraform-helpers | Release notes
You can now filter in or out deleted folders when calling git-updated-folders. This can be used to implement destroy workflows in your pipelines. Refer to the updated documentation for more information about this feature.
Published: 7/6/2021 | Modules affected: jenkins-server | Release notes
- You can now enable deletion protection for the ALB that is created for the Jenkins server.
Published: 7/19/2021 | Modules affected: landingzone/account-baseline-app, landingzone/account-baseline-root, landingzone/account-baseline-security, networking/vpc | Release notes
- We have changed an upstream module that creates S3 buckets to require MFA when performing delete operations. From this release, only the bucket owner that is logged in as AWS root account can enable MFA Delete feature and perform DELETE actions on S3 buckets. This is a more secure default and the one recommended by the CIS AWS Foundations v1.4 benchmark. This is a backwards incompatible change, so please see the migration guide below. This applies to the
cloudtrail, aws-config-multi-region and account baseline modules. - Dependency updates
- Update dependency gruntwork-io/terraform-aws-security to v0.50.0
- Update dependency gruntwork-io/terraform-aws-service-catalog to v0.50.0
Published: 7/15/2021 | Modules affected: landingzone, security | Release notes
- Added ability to control password policy variables that CIS has no preference on
- Added validation logic to ensure minimum password length can not be set below 14
Published: 7/14/2021 | Modules affected: networking | Release notes
- Fix bug where VPC module did not plumb through the variables for configuring NACL rules for peering.
Published: 7/13/2021 | Modules affected: observability, landingzone, networking | Release notes
- Remove parallelism limit for go tests
- Update CODEOWNERS
- Update dependency gruntwork-io/terraform-aws-monitoring to v0.29.2
- Update dependency gruntwork-io/terraform-aws-service-catalog to v0.44.7
- Replace gofmt with goimports in the pre-commit configuration.
Published: 7/27/2021 | Modules affected: aurora, efs, lambda-cleanup-snapshots, lambda-copy-shared-snapshot | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/22/2021 | Modules affected: aurora | Release notes
- You can now allow major version upgrades on the
aurora module by setting the new allow_major_version_upgrade input variable.
Published: 7/16/2021 | Modules affected: rds | Release notes
Added ability to set backup_retention_period on RDS read replicas via the replica_backup_retention_period input variable.
Published: 7/9/2021 | Release notes
- Replace
go fmt in the pre-commit configuration file with goimports
Published: 7/6/2021 | Modules affected: rds | Release notes
The apply_immediately flag now propagates to the replica instances for the rds module. Previously it was only being set on the leader instance.
Published: 7/26/2021 | Modules affected: ecs-cluster | Release notes
- Added ability to configure
associate_public_ip_address in the Launch Configuration used to manage the ASG for the ECS cluster.
Published: 7/26/2021 | Modules affected: ecs-cluster, ecs-daemon-service, ecs-service | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/15/2021 | Modules affected: ecs-service | Release notes
- A minor update to the CODEOWNERS file.
- We made
load_balancing_algorithm_type configurable.
Published: 7/13/2021 | Release notes
- Add terraform validate test
- Replace
gofmt with goimports
Published: 7/27/2021 | Modules affected: eks-cluster-control-plane, eks-k8s-cluster-autoscaler | Release notes
- The default Kubernetes version deployed by the control plane module has been updated to
1.21. If you wish to maintain backward compatibility with your existing setup, you will want to configure the kubernetes_version parameter to the version of Kubernetes you are currently using. Note that 1.21 requires kubergrunt version 0.7.3 and above. - The default cluster-autoscaler version has been updated to
1.21. If you wish to maintain backward compatibility with your existing setup, you will want to configure the cluster_autoscaler_version input variable.
Published: 7/27/2021 | Modules affected: eks-aws-auth-merger, eks-k8s-role-mapping, eks-cluster-control-plane, eks-alb-ingress-controller-iam-policy | Release notes
- Updated
eks-aws-auth-merger and eks-k8s-role-mapping modules to use kubernetes terraform provider version 2.x. You must update your provider configuration to be compatible with version 2.x. Refer to the official upgrade guide for more information. - Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/27/2021 | Modules affected: eks-k8s-cluster-autoscaler | Release notes
- Added new variable
pod_resources which can be used to control the resource allocation for the cluster-autoscaler.
Published: 7/19/2021 | Modules affected: eks-cluster-managed-workers, eks-cluster-workers | Release notes
- Added ability to pass in an IAM role ARN directly to avoid depending on a data source in the workers modules, which can be a source of perpetual diffs.
Published: 7/12/2021 | Modules affected: eks-aws-auth-merger | Release notes
- Fix RBAC permissions for
aws-auth-merger so that it can create a new aws-auth ConfigMap when it doesn't exist.
Published: 7/9/2021 | Modules affected: eks-cluster-workers | Release notes
Fix undocumented variable multi_instance_overrides so you can also set weighted_capacity. Also add field to documentation.
Note that this introduces a format change - if you were using multi_instance_overrides before, you will need to update your code to use the new format. If you had:
autoscaling_group_configurations = &
asg = &
use_multi_instances_policy = true
spot_allocation_strategy = "capacity-optimized"
multi_instance_overrides = ["t3.micro", "t2.micro"]
&
&
Update the multi_instance_overrides field to:
autoscaling_group_configurations = &
asg = &
use_multi_instances_policy = true
spot_allocation_strategy = "capacity-optimized"
multi_instance_overrides = [&
&
&
Published: 7/8/2021 | Modules affected: eks-cluster-control-plane, eks-container-logs | Release notes
- Add ability to update the aws-for-fluent-bit version that is installed (
var.aws_for_fluent_bit_version)
Published: 7/23/2021 | Modules affected: api-gateway-account-settings, api-gateway-proxy, keep-warm, lambda-edge | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/22/2021 | Modules affected: api-gateway-account-settings, api-gateway-proxy-methods, api-gateway-proxy, lambda | Release notes
Added new modules for configuring API Gateway:
api-gateway-account-settings: This module is a straight port from the terraform-aws-sam repo.api-gateway-proxy: This module can be used to deploy API Gateway to proxy all requests to lambda functions without having to define each method. This module supports basic path based routing for configuring multiple lambda functions under a single API Gateway.api-gateway-proxy-methods: This is a helper module to setup proxy methods to a lambda function on API Gateway.
Refer to the module docs and examples for more information on these new modules.
Published: 7/9/2021 | Release notes
- Add Terraform validation test that will scan the entire repo for Terraform modules and run terraform init and terraform validate on each.
- Replace
go fmt in the pre-commit configuration file with goimports
Published: 7/23/2021 | Modules affected: acm-tls-certificate, alb, lb-listener-rules | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/13/2021 | Modules affected: acm-tls-certificate | Release notes
- Fix a bug that was introduced in
v0.26.2, where the domain validation options filter was case sensitive, when the domain names are not.
Published: 7/13/2021 | Modules affected: acm-tls-certificate | Release notes
- Fix timeout bug when
acm-tls-certificates with Subject Alternative Names are created with verification records.
Published: 7/9/2021 | Release notes
- Add Terraform validation test that will scan the entire repo for Terraform modules and run terraform init and terraform validate on each.
- Replace
go fmt in the pre-commit configuration file with goimports
Published: 7/29/2021 | Modules affected: kinesis | Release notes
- You can now configure consumer deletion in the
kinesis module using the new enforce_consumer_deletion input variable.
Published: 7/26/2021 | Modules affected: kinesis, sns, sqs | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/22/2021 | Modules affected: sqs | Release notes
- You can now configure deduplication and FIFO throughput limits on the
sqs module using the new deduplication_scope and fifo_throughput_limit input variables, respectively.
Published: 7/9/2021 | Release notes
- Add Terraform validation test that will scan the entire repo for Terraform modules and run terraform init and terraform validate on each.
- Replace
go fmt in the pre-commit configuration file with goimports
Published: 7/26/2021 | Modules affected: alarms, logs, metrics | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/14/2021 | Release notes
- Replace
gofmt with goimports
Published: 7/1/2021 | Modules affected: alarms/elasticache-redis-alarms | Release notes
- The
elasticache-redis-alarms module now supports several additional alarms:- Engine CPU usage: now on by default.
- Cluster swap usage: now on by default.
- Cluster memory usage: only enabled if you set
monitor_database_memory_usage_percentage to true. - Connection count: only enabled if you set
monitor_curr_connections to true. - Replication lag: only enabled if you set
monitor_replication_lag to true.
Published: 7/26/2021 | Modules affected: openvpn-server | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/9/2021 | Modules affected: openvpn-admin | Release notes
- Add Terraform validation test that will scan the entire repo for Terraform modules and run terraform init and terraform validate on each.
- Replace
go fmt in the pre-commit configuration file with goimports
Published: 7/28/2021 | Modules affected: api-gateway-account-settings | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/13/2021 | Modules affected: gruntsam | Release notes
- Add Terraform Validate test
- Replace
gofmt with goimports
Published: 7/29/2021 | Modules affected: cloudtrail, private-s3-bucket | Release notes
- Add Cloudtrail tags to the Cloudwatch Log Group
- Improve docs for MFA Delete (private-s3-bucket)
Published: 7/26/2021 | Modules affected: aws-config-bucket, aws-config-multi-region, aws-config, cloudtrail-bucket | Release notes
- Set MFA Delete to false by default. This release reverts v0.50.0. There is a manual step required to enable MFA Delete in the S3 bucket, so it is not possible to create a bucket with
mfa_delete = true by default. Read more about it at the private-s3-bucket README.
Published: 7/23/2021 | Modules affected: aws-config-bucket, aws-config-multi-region, aws-config-rules, aws-config | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/23/2021 | Modules affected: custom-iam-entity, aws-config-multi-region, ebs-encryption-multi-region, guardduty-multi-region | Release notes
- We have removed the
opt_out_regions input variable from all the multi-region modules (e.g., aws-config-multi-region). This should have been done in v0.51.0, but was accidentally missed. If you were setting this variable before, please remove it from your code, and instead, exclude those regions from opt_in_regions (which is now a required parameter). - We have updated the examples to not include
ap-northeast-3 in opt_in_regions. This is a brand new AWS region and many services, such as AWS Config, are not yet fully supported in that region. We recommend excluding it from your opt_in_regions variables too, as otherwise, you may get a number of confusing errors. - Update
custom-iam-entity with a backward compatibility fix for the changes in https://github.com/gruntwork-io/terraform-aws-security/pull/502. This allows you to update to this version without making any changes in your code.
Published: 7/14/2021 | Modules affected: codegen/generator, aws-config-multi-region, ebs-encryption-multi-region, guard-duty-multi-region | Release notes
- We have refactored all our multi-region modules (the ones that have
-multi-region in the name) to no longer create nested provider blocks. Instead, providers must be passed in now via the providers map. This reduces the number of providers that Terraform must instantiate, making the multi-region modules much faster and more stable to use. It also gives you full control over how to authenticate to your various AWS accounts. However, this is a backwards incompatible change, so make sure to read the migration guide below. - To update the multi-region modules, we updated the Golang
generator code too. It no longer creates nested provider blocks or the local.all_regions variable and no longer supports a SeedRegion param. However, it does support new params to configure Terraform and AWS provider version constraints. These changes are also backwards incompatible, so make sure to read the migration guide below. - We've fixed small bugs in the
aws-config, aws-config-bucket, and kms-master-key modules so they no longer create data sources when create_resources is set to false.
Published: 7/9/2021 | Modules affected: ssh-grunt | Release notes
- Replace
go fmt in the pre-commit configuration with goimports
Published: 7/1/2021 | Modules affected: aws-config-bucket, aws-config-multi-region, aws-config, cloudtrail-bucket | Release notes
- Set
mfa_delete = true for S3 buckets [BACKWARDS INCOMPATIBLE]
For the private-s3-bucket module, and all modules that depend on it (e.g., aws-config-bucket, cloudtrail-bucket), we have changed the default for MFA delete to be enabled. This is a more secure default and the one recommended by the CIS AWS Foundations v1.4 benchmark. This is a backwards incompatible change, so please see the migration guide below.
Published: 7/23/2021 | Modules affected: ec2-backup, single-server | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/22/2021 | Modules affected: single-server | Release notes
- Added ability to set
secondary_private_ips variable.
Published: 7/14/2021 | Release notes
- Add Terraform validate test
- Replace
gofmt with goimports
Published: 7/28/2021 | Modules affected: services/eks-cluster, services/eks-core-services, services/k8s-service, services | Release notes
- Updated modules to use kubernetes terraform provider version 2.x. You must update your provider configuration to be compatible with version 2.x. Refer to the official upgrade guide for more information.
- For terraform, update your
kubernetes provider block. - For terragrunt, update your
generate block to support kubernetes provider 2.x.
- Update dependency versions: We have updated the versions of a number of dependencies in this repo. Most of these are related to our on-going Terraform 1.0 upgrade. We still have a few more modules to go, so we recommend waiting a little longer, and waiting for our official announcement and upgrade guide before upgrading to 1.0. Here are the versions that have been updated in this release:
- Update dependency gruntwork-io/terraform-aws-ci to v0.38.0
- Update dependency gruntwork-io/terraform-aws-data-storage to v0.21.0
- Update dependency gruntwork-io/terraform-aws-monitoring to v0.30.0
- Update dependency gruntwork-io/terraform-aws-eks to v0.43.0
Published: 7/27/2021 | Modules affected: networking, services, mgmt, data-stores | Release notes
Update account-baseline-xxx modules to new multi-region approach. In v0.51.0 of terraform-aws-security, we refactored how we build multi-region modules—that is, those modules that deploy resources across every single AWS region, such as aws-config-multi-region—to no longer create nested provider blocks, and instead, have users pass in providers via the providers map. In this release, we have updated the account-baseline-xxx modules (e.g., account-baseline-root) to use this new release of terraform-aws-security and to use the same behavior with providers. This reduces the number of providers that Terraform must instantiate, making the account-baseline-xxx modules much faster and more stable to use. It also gives you full control over how to authenticate to your various AWS accounts. However, this is a backwards incompatible change, so make sure to read the migration guide below.
Update dependency versions: We have updated the versions of a number of dependencies in this repo. Most of these are related to our on-going Terraform 1.0 upgrade. We still have a few more modules to go, so we recommend waiting a little longer, and waiting for our official announcement and upgrade guide before upgrading to 1.0. Here are the versions that have been updated in this release:
- Update dependency
gruntwork-io/terraform-aws-messaging to v0.7.0 - Update dependency
gruntwork-io/terraform-aws-lambda to v0.13.0 - Update dependency
gruntwork-io/kubergrunt to v0.7.3 - Update dependency
gruntwork-io/terratest to v0.37.1 - Update dependency
gruntwork-io/terraform-aws-ci to v0.37.8 - Update dependency
gruntwork-io/terraform-aws-data-storage to v0.20.5 - Update dependency
gruntwork-io/terraform-aws-asg to v0.15.0 - Update dependency
gruntwork-io/terraform-aws-vpc to v0.17.0 - Update dependency
gruntwork-io/terraform-aws-server to v0.13.0 - Update dependency
gruntwork-io/terraform-aws-load-balancer to v0.27.0 - Update dependency
gruntwork-io/terraform-aws-cache to v0.16.0 - Update dependency
gruntwork-io/terraform-aws-ecs to v0.30.1 - Update dependency
gruntwork-io/terraform-aws-static-assets to v0.11.0 - Update dependency
gruntwork-io/terraform-aws-openvpn to v0.16.0 - Update dependency
gruntwork-io/terraform-aws-server to v0.12.3 - Update dependency
gruntwork-io/terraform-aws-monitoring to v0.29.3 - Update dependency
gruntwork-io/terraform-aws-ci to v0.37.7
Published: 7/22/2021 | Modules affected: networking/vpc, networking, mgmt | Release notes
- Update dependency gruntwork-io/terragrunt to v0.31.1
- Update dependency gruntwork-io/terraform-aws-vpc to v0.16.0. This is a backward incompatible update. Refer to the underlying release note for more information on the update.
Published: 7/20/2021 | Modules affected: services, data-stores, networking, mgmt | Release notes
- Update dependency gruntwork-io/terraform-aws-eks to v0.42.2
- Updated docs and comments for a few variables in
eks-cluster and route53. - All packer templates have been updated to take in an
availability_zone variable, which can be used to specify which AZ to use when spinning up the build instance. This is useful to avoid problematic AZs that do not have standard instance types available.
Published: 7/16/2021 | Modules affected: services, data-stores | Release notes
- Added ability to configure
replica_backup_retention_period. This can be used to enable automated backups of RDS read replica instances. - Update dependency gruntwork-io/terraform-kubernetes-namespace to v0.3.1
- Update dependency gruntwork-io/terraform-aws-cache to v0.15.1
- Update dependency gruntwork-io/terraform-aws-data-storage to v0.20.4
Published: 7/16/2021 | Modules affected: services/ecs-service | Release notes
Exposes the ability to pass through volumes (including EFS volumes) to the wrapped ecs-service module.
Published: 7/15/2021 | Modules affected: services, data-stores | Release notes
- We made it easier to pass in EC2 instance type for the ECS packer template.
- We lightly refactored test_helpers.go, so that changes to test_helpers.go doesn't trigger so many full-suite test runs in the future.
- In the modules/data-stores/elasticsearch, we added support for custom endpoints.
Published: 7/14/2021 | Modules affected: networking/route53 | Release notes
Added ability to associate multiple VPCs to private route 53 hosted zone. This is a backward incompatible change. Refer to the migration guide below for how to update to this version.
Published: 7/14/2021 | Modules affected: services, networking, mgmt, base | Release notes
- Fix bug where
eks-cluster errors out when trying to lookup IAM role for Managed Node Groups or Self Managed Workers after having none. route53 module now supports creating NS records for creating delegated public hosted zones.- Update dependency gruntwork-io/terraform-aws-lambda to v0.11.2
- Update dependency gruntwork-io/terraform-aws-messaging to v0.6.1
- Update dependency gruntwork-io/terraform-aws-openvpn to v0.15.3
- Update dependency gruntwork-io/terraform-aws-static-assets to v0.10.1
- Update dependency gruntwork-io/terraform-aws-monitoring to v0.29.2
- Update dependency gruntwork-io/terraform-aws-security to v0.50.1
- Update dependency gruntwork-io/terraform-aws-load-balancer to v0.26.3
Published: 7/13/2021 | Modules affected: networking, services | Release notes
- Update dependency gruntwork-io/terraform-aws-eks to v0.42.1. With this change, you can now configure self managed workers to use multiple instance types for a single pool (using the newly exposed
multi_instances_overrides attribute).
Published: 7/13/2021 | Modules affected: services, base, mgmt, data-stores | Release notes
- Update dependency gruntwork-io/terraform-aws-asg to v0.14.3
- Update dependency gruntwork-io/terraform-aws-server to v0.12.2
- Update dependency gruntwork-io/terraform-aws-data-storage to v0.20.3
- Update dependency gruntwork-io/kubergrunt to v0.7.2
- Update dependency gruntwork-io/terratest to v0.36.5
- Update dependency gruntwork-io/terraform-aws-vpc to v0.15.6
- Update dependency gruntwork-io/terraform-aws-ci to v0.37.5
- Replace
gofmt with goimports
Published: 7/13/2021 | Modules affected: services/k8s-service | Release notes
k8s-service now exposes a way to configure side car containers.
Published: 7/13/2021 | Modules affected: mgmt/jenkins | Release notes
- Jenkins server AMI now contains aws-auth
Published: 7/9/2021 | Modules affected: services/eks-cluster, services/eks-workers | Release notes
You can now attach custom security group rules to the EKS worker pool managed by eks-cluster and eks-workers. For eks-workers module, use the new custom_ingress_security_group_rules and custom_egress_security_group_rules input variables. For eks-cluster, use the new custom_worker_ingress_security_group_rules and custom_worker_egress_security_group_rules input variables.
Published: 7/9/2021 | Modules affected: landingzone/iam-users-and-groups | Release notes
- Add new module for managing IAM Users and Groups only in Landing Zone. Refer to the module docs for more information on when you might want to use this over the same feature in
account-baseline-security.
Published: 7/9/2021 | Modules affected: networking, services, base, mgmt | Release notes
- Fix bug in
services/ec2-instance where ip-lockdown referenced a non-existant user. - Expose
root_volume_size configuration option for services/ec2-instance - Fix bug where the build permissions were not being attached to the Jenkins IAM role.
- Fix various typos in docs and comments
Published: 7/7/2021 | Modules affected: data-stores/s3, landingzone/account-baseline-app, landingzone/account-baseline-root, landingzone/account-baseline-security | Release notes
- Add docs on why we are not using module count/for_each for the
eks-worker modules - Add docs on the IAM roles and
aws-auth for eks-workers - Update dependency gruntwork-io/terraform-aws-security to v0.50.0 [BACKWARDS INCOMPATIBLE]
Published: 7/26/2021 | Modules affected: s3-cloudfront, s3-static-website | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/9/2021 | Release notes
- Add Terraform validation test that will scan the entire repo for Terraform modules and run terraform init and terraform validate on each.
- Replace
go fmt in the pre-commit configuration with goimports
Published: 7/23/2021 | Modules affected: executable-dependency, instance-type, join-path, list-remove | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/9/2021 | Release notes
Replace gofmt with goimports
Published: 7/23/2021 | Modules affected: network-acl-inbound, network-acl-outbound, vpc-app-network-acls, vpc-app | Release notes
- Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform
1.0.x! - From this release onward, we will only be running tests with Terraform
1.0.x against this repo, so we recommend updating to 1.0.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x. - Once all Gruntwork repos have been upgrade to work with
1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
Published: 7/20/2021 | Modules affected: vpc-app | Release notes
Fixed bug with configuring default NACLs, where default NACLs were applied and configured even when apply_default_nacl_rules was false. Now the default NACLs are only touched and updated if apply_default_nacl_rules is true.
NOTE: This change is backward compatible, but marked as backward incompatible for informational purposes. When updating to this version with apply_default_nacl_rules = false (the default), the resource aws_default_network_acl.default will be destroyed. This resource is a special resource in Terraform, where destroying the resource has no effect on AWS. The default NACL will remain intact in AWS, with the last rule that was applied to it.
Published: 7/19/2021 | Modules affected: vpc-app, vpc-peering-cross-accounts-requester | Release notes
- Added the ability to specify availability zones to use for the subnets directly to
vpc-app module. - Added the ability to configure timeouts on route resources.
- Minor internal changes to
vpc-app implementation which will have no effect on existing infrastructure.
Published: 7/13/2021 | Release notes
- Add Terraform validate test
- Replace
gofmt with goimports