Skip to main content

Gruntwork release 2021-12

Guides / Update Guides / Releases / 2021-12

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2021-12. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:



Published: 12/2/2021 | Release notes

Added support for ensuring the service quota limits are set to a sufficiently high enough value in the new accounts to support deployment of the Reference Architecture.



Published: 12/17/2021 | Release notes

  • Fix "no commit found for SHA" error that would come up in certain cases when copying repos.
  • The default behavior of --force-overwrite is now to overwrite Git history in the existing repo instead of deleting the repo entirely and recreating it. If you wish to delete and recreate, you now also need to pass --force-recreate.


Published: 12/9/2021 | Release notes Remove --copy-deps flag, as it had performance issues and bugs, and with little-to-no usage, wasn't worth fixing.



Published: 12/17/2021 | Modules affected: asg-rolling-deploy | Release notes

  • We've updated the version of the boto library used in the asg-rolling-deploy module from 1.7.10 to 1.20.24 to fix a compatibility issue with python 3.10 (while still maintaining backwards compatibility with older python 3.7+ releases). However, this new version of boto DOES NOT WORK WITH PYTHON 2. Python 2 was sunsetted on January 1, 2020, so hopefully, you've already migrated off of it, but if you haven't, you will now need to to use this version of the asg-rolling-deploy module.



Published: 12/10/2021 | Modules affected: kubernetes-circleci-helpers | Release notes

  • Fixed bug where setup-minikube script sometimes ended up with an interactive prompt.
  • Updated setup-minikube to install the version v1.24.0 by default.
  • Updated setup-minikube to require at least minikube version v1.10.0. If you are relying on an older minikube version, update your usage to match the newer version prior to upgrading the script.


Published: 12/1/2021 | Modules affected: ec2-backup | Release notes

  • Updated ec2-backup runtime to nodejs14.x



Published: 12/17/2021 | Modules affected: networking/vpc, networking/vpc-mgmt, landingzone | Release notes

  • Updated dependency gruntwork-io/terraform-aws-vpc to v0.18.6
  • Updated dependency gruntwork-io/terraform-aws-service-catalog to v0.65.4
  • Fixed CIS non-compliance of the default NACL created for the VPC.



Published: 12/14/2021 | Modules affected: aurora | Release notes

  • Added support for restoring an Aurora cluster using a Point-in-Time restore. Refer to the variable documentation for restore_source_cluster_identifier for more details.


Published: 12/13/2021 | Modules affected: aurora | Release notes

Fixed a bug where major version upgrades were broken for Postgres Aurora clusters.


Published: 12/8/2021 | Modules affected: backup-plan, backup-vault, rds | Release notes

  • Added support for managing AWS Backup service.
  • Exposed ability to attach additional security groups to the RDS instance



Published: 12/17/2021 | Modules affected: ecs-service | Release notes

  • Added the ability to configure the runtime_platform block, extending support for Graviton2/Operating system family.



Published: 12/16/2021 | Modules affected: eks-k8s-cluster-autoscaler | Release notes

  • Exposed the ability to set priorityClassName on k8s cluster-autoscaler (via the pod_priority_class_name input variable).


Published: 12/15/2021 | Modules affected: eks-cloudwatch-agent | Release notes


Published: 12/8/2021 | Modules affected: eks-k8s-cluster-autoscaler, eks-cluster-managed-workers | Release notes

  • Upgraded helm chart version for cluster-autoscaler to include updated permissions.
  • Exposed the ability to set force_update_version on the managed node group in the eks-cluster-managed-workers module.



Published: 12/8/2021 | Modules affected: lambda | Release notes

  • Exposed the ability to set custom tags and name on the IAM role created for the Lambda function.


Published: 12/3/2021 | Modules affected: lambda | Release notes

  • Added the ability to attach additional security groups to the lambda function (using the new input variable additional_security_group_ids).



Published: 12/17/2021 | Modules affected: aws-config-multi-region, ebs-encryption-multi-region, guardduty-multi-region, iam-access-analyzer-multi-region | Release notes

Added support for new AWS region (ap-southeast-3 Jakarta) to multiregion modules. As a result, you will need to add this region to your list of region providers.

Add the following to your for terraform:

provider "aws" {
region = "ap-southeast-3"
alias = "ap_southeast_3"

# Skip credential validation and account ID retrieval for disabled or restricted regions
skip_credentials_validation = contains(coalesce(var.opt_in_regions, []), "ap-southeast-3") ? false : true
skip_requesting_account_id = contains(coalesce(var.opt_in_regions, []), "ap-southeast-3") ? false : true

For terragrunt, add ap-southeast-3 to the all_aws_regions local variable.


Published: 12/16/2021 | Modules affected: private-s3-bucket, iam-access-analyzer-multi-region, iam-users | Release notes

  • Updated management of S3 bucket replication configuration to use the aws_s3_bucket_replication_configuration resource so that users can have more control over the replication configuration.
  • Fixes to documentation and examples.



Published: 12/17/2021 | Modules affected: landingzone | Release notes

  • Added the ability to configure an OpenID Connect Provider for GitHub Actions to use to authenticate to AWS in LandingZone (account-baseline-app and account-baseline-security).


Published: 12/15/2021 | Modules affected: networking | Release notes

  • Updated terraform-aws-vpc to v0.18.5 and exposed ability to disable binding of default NACLs with subnets.


Published: 12/14/2021 | Modules affected: services, networking | Release notes

  • Updated dependency terraform-aws-vpc version to 0.18.4


Published: 12/10/2021 | Modules affected: data-stores | Release notes

  • Added the ability to configure ECR lifecycle polices


Published: 12/10/2021 | Modules affected: mgmt, services, data-stores | Release notes

  • Fixed bug where allow_ssh_from_cidr was hardcoded to true in openvpn-server module. This will now be set to false if the allow_ssh_from_cidr_list list is empty.
  • Added iam_role_id and iam_role_name outputs to ec2-instance module
  • Added the ability to configure S3 lifecycle rules to the private-s3-bucket module.
  • Added the ability to configure cross region replication in the ecr-repos module.


Published: 12/7/2021 | Modules affected: data-stores | Release notes

  • Remove renovate.json
  • Add bucket_kms_key_arn variable for SSE-KMS in s3-bucket module


Published: 12/2/2021 | Modules affected: services | Release notes

  • Exposed the ID of the common security group created for Managed Node Groups in the eks-cluster and eks-workers module.


Published: 12/2/2021 | Modules affected: services/eks-cluster, services/eks-workers | Release notes

  • Exposed ability to specify additional security groups for the EKS cluster workers (using the new input var additional_security_groups_for_workers). As a part of this change, the input var additional_security_groups on eks-cluster module has been renamed to additional_security_groups_for_control_plane.



Published: 12/17/2021 | Modules affected: vpc-peering-cross-accounts-requester | Release notes

  • Updated to add the ability to configure allow_remote_vpc_dns_resolution on the VPC peering requester


Published: 12/15/2021 | Modules affected: vpc-app, vpc-mgmt | Release notes

  • Added the ability to manage the default NACLs, but restrict association of subnets so that the subnets can be associated with a different NACL.


Published: 12/13/2021 | Modules affected: vpc-app, vpc-mgmt | Release notes

  • Updated vpc-app module count calls to be more robust to changes.
  • Updated vpc-mgmt module to allow you to manage the default Route Table, Security Group, and Network ACLs.


Published: 12/7/2021 | Modules affected: vpc-app | Release notes

  • vpc-app: Add explicit Default Route Table tag


Published: 12/6/2021 | Modules affected: vpc-interface-endpoint | Release notes

  • vpc-interface-endpoint: Fix typos in service names


Published: 12/1/2021 | Modules affected: vpc-app | Release notes

  • Support multiple route tables for the public subnets