Skip to main content

Gruntwork release 2026-01

Guides / Update Guides / Releases / 2026-01

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2026-01. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

boilerplate

v0.11.1

Published: 1/26/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/boilerplate/compare/v0.11.0...v0.11.1

v0.11.0

Published: 1/26/2026 | Release notes

Use release v0.11.1 instead which fixes the deploy pipeline to create release assets.

ProcessTemplate and ProcessTemplateWithContext now take variables.Dependency as a pointer.

Full Changelog: https://github.com/gruntwork-io/boilerplate/compare/v0.10.1...v0.11.0

patcher-cli

v0.17.2

Published: 1/13/2026 | Release notes

v0.17.1

Published: 1/13/2026 | Release notes

pipelines-cli

v0.45.0

Published: 1/26/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.44.0...v0.45.0

v0.44.0

Published: 1/21/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.43.0...v0.44.0

v0.44.0-alpha1

Published: 1/21/2026 | Release notes

v0.43.0

Published: 1/6/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.42.0...v0.43.0

pipelines-credentials

v1.1.0

Published: 1/21/2026 | Release notes

pipelines-workflows

v4.5.0

Published: 1/26/2026 | Release notes

This is a parity release to keep GitLab and GitHub pipelines binaries in sync. There are no expected changes to GitHub functionality.

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v4...v4.5.0

v4.4.0

Published: 1/21/2026 | Release notes

  • Added retries to pipelines-credentials when network errors occur
  • Added support for import count in the Pipelines plan summary comment
  • Fixed a bug where modifications to stack files were not ignored by pipelines ignore_list
  • Fixed a bug where PIPELINES_FEATURE_EXPERIMENT_IGNORE_UNITS_WITHOUT_ENVIRONMENT was not ignoring unit deletions.

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v4...v4.4.0

v4.3.0

Published: 1/7/2026 | Release notes

  • Added new experiment flag PIPELINES_FEATURE_EXPERIMENT_USE_MISE_EXEC_TG_WRAPPER to allow individual units to specify the OpenTofu/Terraform version to use. See the full docs here

  • Fixed a bug where the default branch name for drift detection PRs was not set when running via cron

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v4...v4.3.0

repo-copier

v0.7.1

Published: 1/15/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.7.0...v0.7.1

terraform-aws-architecture-catalog

v4.2.0

Published: 1/22/2026 | Release notes

  • Upgrades all usage of terraform-aws-control-tower to v1.2.0 which brings in support for AWS Provider v6.x.

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v4.1.1...v4.2.0

terraform-aws-ci

v1.1.0

Published: 1/30/2026 | Modules affected: ecs-deploy-runner | Release notes

  • Update terraform-aws-ecs to support AWS Provider v6

v1.0.2

Published: 1/22/2026 | Modules affected: install-jenkins | Release notes

  • Update Jenkins GPG key for January 21, 2026 LTS release

v1.0.1

Published: 1/21/2026 | Modules affected: gruntwork-module-circleci-helpers | Release notes

  • Feat: Improve ci helper usability

v1.0.0

Published: 1/20/2026 | Modules affected: ec2-backup, ecs-deploy-runner-invoke-iam-policy, ecs-deploy-runner, gruntwork-module-circleci-helpers | Release notes

  • Update Dependencies and AWS Provider
  • Add OpenTofu support to installer scripts
  • Update AMI tests and examples to ubuntu 24.04
  • Dropped support for legacy Ubuntu releases
  • ec2-backup
  • ecs-deploy-runner-invoke-iam-policy
  • ecs-deploy-runner
  • gruntwork-module-circleci-helpers
  • iam-policies
  • infrastructure-deploy-script
  • install-jenkins
  • jenkins-server
  • monorepo-helpers

This release marks a significant milestone for the module 🎉 We are officially adopting the Semantic Versioning (SemVer) standard, starting with version v1.0.0. Prior to this release, version tags only incremented patch and minor numbers. Moving forward, all releases should fully comply with the SemVer specification, providing clearer expectations for users regarding changes, compatibility, and upgrade paths.

With the v1.0.0 release, the library module is considered stable. This means that all subsequent changes in the v1.x.x series will be backward-compatible unless a new major version (v2.0.0) is released.

Version numbers will now follow the format MAJOR.MINOR.PATCH

  • MAJOR: Incremented for breaking changes or incompatible API changes.
  • MINOR: Incremented for new, backward-compatible features.
  • PATCH: Incremented for backward-compatible bug fixes.

Users can now rely on the v1.x.x series to remain backward-compatible. Breaking changes should only occur in a future v2.0.0 release.

Each release will include detailed notes indicating whether changes are breaking, additive, or bug fixes, as per SemVer guidelines.

Full Changelog: https://github.com/gruntwork-io/terraform-aws-ci/compare/v0.59.11...v1.0.0

terraform-aws-control-tower

v1.3.0

Published: 1/22/2026 | Modules affected: landingzone | Release notes

  • landingzone/control-tower-multi-account-factory-async: Account factory drift detection filtering options
    • No filtering: all accounts are updated using set concurrency
    • Filter to managed accounts only: managed accounts (filtered by tag) are updated using set concurrency; all untagged accounts are ignored
    • Filter with priority mode: Managed accounts (filtered by tag) are updated first using desired concurrency; all untagged accounts are updated after managed accounts using lower concurrency (1)

v1.2.0

Published: 1/16/2026 | Modules affected: aws-sso/sso-groups, aws-sso/sso-permission-sets, landingzone/control-tower-app-account-baseline, landingzone/control-tower-execution-role | Release notes

  • Update AWS provider lock to 6.x (< 7.0.0)

terraform-aws-data-storage

v0.45.0

Published: 1/18/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-data-storage/compare/v0.44.0...v0.45.0

terraform-aws-eks

v3.4.0

Published: 1/25/2026 | Modules affected: eks-cluster-control-plane | Release notes

The eks-cluster-control-plane module now supports providing an existing IAM roles for the cluster and an existing EKS Cluster security group instead of always creating new ones:

  • New variable: cluster_iam_role_arn - Optionally provide an existing IAM role for the EKS cluster
  • New variable: cluster_security_group_id - Optionally provide an existing security group for the cluster control plane

Both variables default to null, maintaining existing behavior where resources are created automatically.

> [!WARNING] > #### State Migration > This release includes a moved.tf file that handles automatic state migration for existing users. > When upgrading: > - No manual intervention required - Terraform will automatically migrate resource addresses > - No cluster recreation for existing deployments > - Resources are migrated from non-indexed to indexed addresses (e.g., aws_iam_role.eks → aws_iam_role.eks[0]) > #### IAM Role Immutability > The cluster_iam_role_arn can ONLY be set during initial cluster creation. Changing the IAM role on an existing cluster will DESTROY and RECREATE the cluster (destructive operation). This is an AWS API constraint - IAM roles are immutable after cluster creation. Use this variable only for new clusters or when you specifically intend to recreate an existing cluster. > > The cluster_security_group_id can be updated in-place without cluster recreation via the AWS UpdateClusterConfig API.

v3.3.0

Published: 1/12/2026 | Modules affected: eks-container-logs | Release notes

  • Update eks-container-logs to use terraform-aws-monitoring v1.3.0 for full support of AWS Provider v6.x
  • Add new variables volumes and volume_mounts to eks-container-logs that provides more flexibility by allowing users to mount multiple volumes for fluent-bit ingestion
  • Test and example fixes

terraform-aws-lambda

v1.3.0

Published: 1/8/2026 | Modules affected: api-gateway-account-settings, api-gateway-proxy, keep-warm, lambda | Release notes

  • feat: Update AWS provider constraints to support v6.0+

terraform-aws-messaging

v1.0.3

Published: 1/15/2026 | Modules affected: msk, sns, kinesis-firehose | Release notes

  • fix: Update Kafka versions to AWS MSK supported versions
  • fix: Change delivery_policy variable type from any to string
  • fix: Add enable_client_unauthenticated variable and multi-auth documentation
  • fix: Make kinesis_source_configuration optional in kinesis-firehose module

terraform-aws-monitoring

v1.3.1

Published: 1/30/2026 | Modules affected: logs | Release notes

  • Update terraform-aws-security to support AWS Provider v6

terraform-aws-openvpn

v0.27.12

Published: 1/27/2026 | Modules affected: openvpn-server | Release notes

  • Added KMS key support for EBS root volume encryption

terraform-aws-security

v1.3.0

Published: 1/22/2026 | Modules affected: auto-update, aws-config-bucket, aws-config-multi-region, aws-config-rules | Release notes

This release marks the v6 provider upgrade as well as the inclusion of several new regions AWS has added over the last few months.

terraform-aws-server

v1.0.4

Published: 1/20/2026 | Modules affected: attach-eni, ec2-backup, single-server | Release notes

  • Update providers to v6

Special thanks to the following users for their contribution!

  • @odgrim

terraform-aws-service-catalog

v0.149.0

Published: 1/23/2026 | Modules affected: data-stores | Release notes

  • Add IPv6 support for RDS and Aurora modules

v0.148.0

Published: 1/21/2026 | Modules affected: networking/sns-topics | Release notes

  • Upgrade terraform-aws-messaging to v1.0.3 to support AWS provider v6.x
  • Expose the following variables in the networking/sns-topics module:
    • message_retention_period
    • content_based_deduplication
    • enable_fifo
    • http_failure_feedback_role_arn
    • http_success_feedback_role_arn
    • delivery_policy
    • tags

v0.147.0

Published: 1/20/2026 | Modules affected: mgmt/jenkins, networking/vpc, services/eks-argocd, services/eks-cluster | Release notes

  • mgmt/jenkins

  • networking/vpc

  • services/eks-argocd

  • services/eks-cluster

  • services/eks-core-services

  • services/eks-karpenter

  • services/eks-workers

  • services/helm-service

  • services/k8s-service

  • Add Default Support for EKS 1.33

  • Drop support for Amazon Linux 2 (AL2) EKS Worker Nodes

  • Bump terraform-aws-eks library module from v2.1.1v3.1.2

Default EKS version is 1.33 with this release! Please see the links below for full details of the EKS 1.33 release including new features and any API changes.

> [!IMPORTANT] > Amazon Linux 2 (AL2) Support Dropped > > EKS 1.33 will not provide pre-built optimized Amazon Linux 2 (AL2) Amazon Machine Images (AMIs). If you are currently using AL2-based worker nodes, you will need to migrate to Amazon Linux 2023 (AL2023) before upgrading to EKS 1.33. > > See the AL2 to AL2023 Migration Guide for detailed migration instructions.

Official AWS EKS 1.33 Announcement Amazon EKS Distro Docs Kubernetes 1.33 Announcement Kubernetes 1.33 Release Notes

v0.146.3

Published: 1/16/2026 | Modules affected: data-stores/rds | Release notes

  • Expose additional variables for data-stores/rds module:
    • high_read_latency_treat_missing_data
    • high_write_latency_treat_missing_data

v0.146.2

Published: 1/12/2026 | Modules affected: services/ecs-cluster | Release notes

  • Expose custom_iam_role_name for ECS Cluster in services/ecs-cluster module

v0.146.1

Published: 1/12/2026 | Modules affected: data-stores/aurora, data-stores/elasticsearch, services/eks-cluster | Release notes

  • Remove Aurora Serverless v1 test
  • Add gp3 throughput variable to elasticsearch module
  • Add the ability to configure CloudWatch alarms for the EKS worker ASGs

v0.146.0

Published: 1/6/2026 | Modules affected: modules/data-stores/aurora, modules/data-stores/rds, modules/data-stores/rds-replica, modules/data-stores/memcached | Release notes

  • Upgrade terraform-aws-data-storage and terraform-aws-cache modules
    • Upgrade terraform-aws-data-storage from v0.38.1-v0.41.1 → v0.44.0
    • Upgrade terraform-aws-cache from v0.22.8 → v1.0.4
    • Open AWS Provider to &lt; 7.0.0
  • Add the option to set additional security groups to the ALB module

terraform-aws-utilities

v1.0.0

Published: 1/15/2026 | Modules affected: instance-type, request-quota-increase | Release notes

  • LIB-3910: Update provider to V6
  • LIB-3490: Update AMIs and packages

terraform-aws-vpc

v0.28.10

Published: 1/13/2026 | Modules affected: vpc-flow-logs | Release notes

  • Upgraded module reference