Gruntwork release 2025-07
Guides / Update Guides / Releases / 2025-07
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2025-07. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 7/24/2025 | Release notes
Published: 7/23/2025 | Release notes
Published: 7/23/2025 | Release notes
Published: 7/23/2025 | Release notes
This release was replaced with v0.7.0 as it contained a change that is not backwards compatible
Published: 7/7/2025 | Release notes
Published: 7/8/2025 | Release notes
Published: 7/7/2025 | Release notes
Published: 7/17/2025 | Release notes
Published: 7/9/2025 | Release notes
Published: 7/25/2025 | Release notes
Published: 7/23/2025 | Release notes
Published: 7/9/2025 | Modules affected: modules/security/cleanup-expired-certs | Release notes
- chore: Bump
cleanup-expired-certs python version to python3.13
Published: 7/16/2025 | Modules affected: landingzone/control-tower-app-account-baseline, landingzone/control-tower-security-account-baseline, landingzone/control-tower-landing-zone | Release notes
Published: 7/9/2025 | Modules affected: alb | Release notes
- modules/alb: support IPv6 ingress/egress security group rules
Published: 7/15/2025 | Modules affected: msk | Release notes
- add privatelink (multi vpc connection) support
Published: 7/3/2025 | Modules affected: fail2ban | Release notes
- modules/fail2ban: Changed AWS CLI installation for better support by Ubuntu 24.04+
Published: 7/3/2025 | Modules affected: persistent-ebs-volume | Release notes
- modules/persistent-ebs-volume: Updated to work with newer nvme utility (improved AL2023 compatitiblity)
- tests: Removed Ubuntu 18.04 and added Ubuntu 24.04 to automated compatibility tests
Published: 7/25/2025 | Modules affected: services/eks-cluster | Release notes
> [!IMPORTANT]
> EKS Users: A bug was introduced into the service catalog with the v0.121.0 release. This was due to a variable not being exposed in the service catalog that was added into the terraform-aws-eks library module with version v0.74.0. The new variable must be set to the existing EKS Cluster Security Group Name to avoid a destructive recreation of the Security Group which will fail during an update requiring state manipulation to recover. When updating to this version, you must set the new variable eks_cluster_security_group_name to the existing EKS Cluster Security Group Name to avoid this issue. This change is being back-ported as a patch to every minor version release since v0.121.0 to ensure an upgrade path is available since the bug was introduced.
- Expose new variable
eks_cluster_security_group_name to allow the EKS Control Plane Security Group name to be overridden.
Published: 7/11/2025 | Modules affected: data-stores/ecr-repos | Release notes
- Add support for IAM Roles for the
users_or_roles_to_allow_deny_all_else input
Published: 7/9/2025 | Modules affected: base, data-stores, landingzone, mgmt | Release notes
Updated the following modules to use terraform-aws-security v1.0.1 and terraform-aws-server v1.0.1 which provides better support for AL2023 and Ubuntu 24.04+:
- modules/base/ec2-baseline
- modules/data-stores/rds-replica
- modules/data-stores/rds
- modules/data-stores/s3-bucket
- modules/landingzone/account-baseline-app
- modules/landingzone/account-baseline-root
- modules/landingzone/account-baseline-security
- modules/langinzone/iam-users-and-groups
- modules/mgmt/bastion-host
- modules/mgmt/ecs-deploy-runner
- modules/mgmt/jenkins
- modules/mgmt/openvpn-server
- modules/services/ec2-instance
- modules/services/ec2-instance
Published: 7/4/2025 | Modules affected: services/eks-cluster | Release notes
> This is a backport patch release.
> This release backports a bug fix to ensure users on older minor versions can safely upgrade without encountering the previously introduced issue. This release is part of a coordinated set of backport patches, each targeting a specific minor version since the bug was introduced. The goal is to provide a safe, direct upgrade path for users on any affected minor version, without requiring an immediate jump to the latest release. No other changes are included in this patch beyond the critical fix described below.
> If you are upgrading from any version since v0.121.0, please read the instructions below carefully.
> [!IMPORTANT]
> EKS Users: A bug was introduced in the service catalog with the v0.121.0 release. This was due to a variable not being exposed in the service catalog that was added into the terraform-aws-eks library module with version v0.74.0.
>
> Impact: The new variable must be set to the existing EKS Cluster Security Group Name to avoid a destructive recreation of the Security Group, which will fail during an update and require state manipulation to recover.
>
> Action Required: When updating to this version, you must set the new variable eks_cluster_security_group_name to the existing EKS Cluster Security Group Name to avoid this issue.
If you have questions or need help with the upgrade, please open an issue or a support ticket.
Published: 7/4/2025 | Modules affected: services/eks-cluster | Release notes
> This is a backport patch release.
> This release backports a bug fix to ensure users on older minor versions can safely upgrade without encountering the previously introduced issue. This release is part of a coordinated set of backport patches, each targeting a specific minor version since the bug was introduced. The goal is to provide a safe, direct upgrade path for users on any affected minor version, without requiring an immediate jump to the latest release. No other changes are included in this patch beyond the critical fix described below.
> If you are upgrading from any version since v0.121.0, please read the instructions below carefully.
> [!IMPORTANT]
> EKS Users: A bug was introduced in the service catalog with the v0.121.0 release. This was due to a variable not being exposed in the service catalog that was added into the terraform-aws-eks library module with version v0.74.0.
>
> Impact: The new variable must be set to the existing EKS Cluster Security Group Name to avoid a destructive recreation of the Security Group, which will fail during an update and require state manipulation to recover.
>
> Action Required: When updating to this version, you must set the new variable eks_cluster_security_group_name to the existing EKS Cluster Security Group Name to avoid this issue.
If you have questions or need help with the upgrade, please open an issue or a support ticket.
Published: 7/4/2025 | Modules affected: services/eks-cluster | Release notes
> This is a backport patch release.
> This release backports a bug fix to ensure users on older minor versions can safely upgrade without encountering the previously introduced issue. This release is part of a coordinated set of backport patches, each targeting a specific minor version since the bug was introduced. The goal is to provide a safe, direct upgrade path for users on any affected minor version, without requiring an immediate jump to the latest release. No other changes are included in this patch beyond the critical fix described below.
> If you are upgrading from any version since v0.121.0, please read the instructions below carefully.
> [!IMPORTANT]
> EKS Users: A bug was introduced in the service catalog with the v0.121.0 release. This was due to a variable not being exposed in the service catalog that was added into the terraform-aws-eks library module with version v0.74.0.
>
> Impact: The new variable must be set to the existing EKS Cluster Security Group Name to avoid a destructive recreation of the Security Group, which will fail during an update and require state manipulation to recover.
>
> Action Required: When updating to this version, you must set the new variable eks_cluster_security_group_name to the existing EKS Cluster Security Group Name to avoid this issue.
If you have questions or need help with the upgrade, please open an issue or a support ticket.
Published: 7/4/2025 | Modules affected: services/eks-cluster | Release notes
> This is a backport patch release.
> This release backports a bug fix to ensure users on older minor versions can safely upgrade without encountering the previously introduced issue. This release is part of a coordinated set of backport patches, each targeting a specific minor version since the bug was introduced. The goal is to provide a safe, direct upgrade path for users on any affected minor version, without requiring an immediate jump to the latest release. No other changes are included in this patch beyond the critical fix described below.
> If you are upgrading from any version since v0.121.0, please read the instructions below carefully.
> [!IMPORTANT]
> EKS Users: A bug was introduced in the service catalog with the v0.121.0 release. This was due to a variable not being exposed in the service catalog that was added into the terraform-aws-eks library module with version v0.74.0.
>
> Impact: The new variable must be set to the existing EKS Cluster Security Group Name to avoid a destructive recreation of the Security Group, which will fail during an update and require state manipulation to recover.
>
> Action Required: When updating to this version, you must set the new variable eks_cluster_security_group_name to the existing EKS Cluster Security Group Name to avoid this issue.
If you have questions or need help with the upgrade, please open an issue or a support ticket.
Published: 7/4/2025 | Modules affected: services/eks-cluster | Release notes
> This is a backport patch release.
> This release backports a bug fix to ensure users on older minor versions can safely upgrade without encountering the previously introduced issue. This release is part of a coordinated set of backport patches, each targeting a specific minor version since the bug was introduced. The goal is to provide a safe, direct upgrade path for users on any affected minor version, without requiring an immediate jump to the latest release. No other changes are included in this patch beyond the critical fix described below.
> If you are upgrading from any version since v0.121.0, please read the instructions below carefully.
> [!IMPORTANT]
> EKS Users: A bug was introduced in the service catalog with the v0.121.0 release. This was due to a variable not being exposed in the service catalog that was added into the terraform-aws-eks library module with version v0.74.0.
>
> Impact: The new variable must be set to the existing EKS Cluster Security Group Name to avoid a destructive recreation of the Security Group, which will fail during an update and require state manipulation to recover.
>
> Action Required: When updating to this version, you must set the new variable eks_cluster_security_group_name to the existing EKS Cluster Security Group Name to avoid this issue.
If you have questions or need help with the upgrade, please open an issue or a support ticket.
Published: 7/3/2025 | Modules affected: services/eks-cluster | Release notes
> [!IMPORTANT]
> EKS Users: A bug was introduced into the service catalog with the v0.121.0 release. This was due to a variable not being exposed in the service catalog that was added into the terraform-aws-eks library module with version v0.74.0. The new variable must be set to the existing EKS Cluster Security Group Name to avoid a destructive recreation of the Security Group which will fail during an update requiring state manipulation to recover. When updating to this version, you must set the new variable eks_cluster_security_group_name to the existing EKS Cluster Security Group Name to avoid this issue. This change is being back-ported as a patch to every minor version release since v0.121.0 to ensure an upgrade path is available since the bug was introduced.
- Expose new variable
eks_cluster_security_group_name to allow the EKS Control Plane Security Group name to be overridden.
Published: 7/3/2025 | Modules affected: services/eks-cluster | Release notes
> This is a backport patch release.
> This release backports a bug fix to ensure users on older minor versions can safely upgrade without encountering the previously introduced issue. This release is part of a coordinated set of backport patches, each targeting a specific minor version since the bug was introduced. The goal is to provide a safe, direct upgrade path for users on any affected minor version, without requiring an immediate jump to the latest release. No other changes are included in this patch beyond the critical fix described below.
> If you are upgrading from any version since v0.121.0, please read the instructions below carefully.
> [!IMPORTANT]
> EKS Users: A bug was introduced in the service catalog with the v0.121.0 release. This was due to a variable not being exposed in the service catalog that was added into the terraform-aws-eks library module with version v0.74.0.
>
> Impact: The new variable must be set to the existing EKS Cluster Security Group Name to avoid a destructive recreation of the Security Group, which will fail during an update and require state manipulation to recover.
>
> Action Required: When updating to this version, you must set the new variable eks_cluster_security_group_name to the existing EKS Cluster Security Group Name to avoid this issue.
If you have questions or need help with the upgrade, please open an issue or a support ticket.
Published: 7/1/2025 | Modules affected: services | Release notes
- services/asg-service: Updated to use latest modules and specifically pulls in new functionality that allows desired_capacity to be set to null
Published: 7/17/2025 | Modules affected: cloudfront | Release notes
- fix: use correct attribute for realtime_log_config_arn
- fix: correct strict_transport_security variable reference
Published: 7/14/2025 | Modules affected: cloudfront | Release notes
- Bump golang.org/x/net from 0.36.0 to 0.38.0 in /test
- Update
default_cache_behavior.preload type from string to bool
Published: 7/3/2025 | Modules affected: transit-gateway | Release notes
- SME-3222: Added Security Group Referencing Support