Skip to main content

Gruntwork release 2026-03

Guides / Update Guides / Releases / 2026-03

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2026-03. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

boilerplate

v0.15.0

Published: 3/23/2026 | Release notes

Added support for recursive dependencies to the manifest to ensure that nested and ancestor dependencies are properly processed and resolved. Additional testing has also been included to verify this behavior.

Note that although this isn't a breaking change, this does require an update to the manifest schema, and as such you'll want to ensure that your manifest parsing isn't impacted. Due to the fact that a field has only been added, this risk is minimal if you use a modern YAML/JSON parser.

Full Changelog: https://github.com/gruntwork-io/boilerplate/compare/v0.14.0...v0.15.0

v0.14.0

Published: 3/20/2026 | Release notes

Dependencies in templates now generate concurrently by default, with the option to run sequentially or with different concurrency limits using the --parallelism flag.

This will be a breaking change for any templates that relied on dependencies generating in the exact order in which they are defined in templates (e.g. if multiple dependencies generate the same file, expecting later dependencies to overwrite earlier ones).

For more information read the for_each documentation.

Full Changelog: https://github.com/gruntwork-io/boilerplate/compare/v0.13.0...v0.14.0

v0.13.0

Published: 3/20/2026 | Release notes

Boilerplate can now produce a manifest file that records every file generated during a run, along with SHA256 checksums. Enable it with the new --manifest flag:

boilerplate \
    --template-url ./templates/service \
    --output-folder ./output \
    --non-interactive \
    --manifest

This creates a boilerplate-manifest.yaml in the output directory containing:

  • File inventory — every generated file with its relative path and sha256: checksum
  • Source checksum — a checksum of the template source (git commit SHA or directory hash)
  • Variables & dependencies — the resolved variable values and dependency tree used during the run
  • Schema version — a URL pointing to a published https://boilerplate.gruntwork.io/schemas/manifest/v1/schema.json for easy validation

The manifest format is auto-detected from the file extension: .json produces JSON, everything else produces YAML. To write to a custom path, use --manifest-file:

boilerplate \
    --template-url ./templates/service \
    --output-folder ./output \
    --non-interactive \
    --manifest-file ./reports/manifest.json

This is useful for auditing which files came from a template, drift detection by comparing checksums after the fact, and CI/CD pipelines that need to programmatically consume the list of generated files in downstream steps.

See https://boilerplate.gruntwork.io/advanced/manifest/ for details.

The validation package is now exported directly, so consumers of Boilerplate as a library can import validation instead of relying on the re-export through the variables package.

  • Added a docs homepage, Windows support page, and terminology page

  • Fixed miscellaneous docs bugs

  • Removed CircleCI configuration

  • Fixed tests to avoid relying on the current branch existing in the remote

Full Changelog: https://github.com/gruntwork-io/boilerplate/compare/v0.12.1...v0.13.0

pipelines-cli

v0.48.1

Published: 3/25/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.48.0...v0.48.1

v0.48.0

Published: 3/4/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.47.0...v0.48.0

pipelines-credentials

v1.3.0

Published: 3/6/2026 | Release notes

v1.2.1

Published: 3/3/2026 | Release notes

pipelines-workflows

v4.10.1

Published: 3/25/2026 | Release notes

🐛 Terragrunt stack directories are now excluded from Terragrunt discovery if they are ignored by the Pipelines ignore list or PIPELINES_FEATURE_EXPERIMENT_IGNORE_UNITS_WITHOUT_ENVIRONMENT. This affects the startup of Terragrunt during the Plan/Apply, but does not affect stack generation.

🐛 Fixed the text at the bottom of Plan comments to correctly say pull request instead of merge request.

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v4...v4.10.1

v4.10.0

Published: 3/11/2026 | Release notes

🐛 Fixed a panic in Account Factory when account creation fails 🐛 Fixed some retry cases in pipelines-credentials not retrying 🔩 Added graceful handling of free tier limits 🔩 Internal telemetry updates

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v4.9.0...v4.10.0

terraform-aws-cache

v1.0.5

Published: 3/30/2026 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-cache/compare/v1.0.4...v1.0.5

terraform-aws-eks

v4.3.0

Published: 3/26/2026 | Modules affected: eks-alb-ingress-controller | Release notes

  • Add extra_args support to eks-alb-ingress-controller for feature gates.

v4.2.0

Published: 3/17/2026 | Modules affected: eks-alb-ingress-controller-iam-policy | Release notes

  • Update ALB (LB) Ingress Controller IAM Policy to support v2.11.0 and v2.13.0.

terraform-aws-load-balancer

v1.2.1

Published: 3/10/2026 | Modules affected: acm-tls-certificate | Release notes

  • Added export attribute support to the options block in the acm-tls-certificate module, enabling users to create exportable ACM certificates

v1.2.0

Published: 3/10/2026 | Modules affected: acm-tls-certificate | Release notes

  • Added certificate_transparency_logging_preference (as part of var.acm_tls_certificates) to modules/acm-tls-certificate

terraform-aws-security

v1.4.0

Published: 3/12/2026 | Modules affected: account-alternate-contact, s3-account-public-access-block, s3-tls-enforcement-scp | Release notes

  • New modules to support CIS AWS Foundations Benchmark v3.0.0

terraform-aws-service-catalog

v2.2.0

Published: 3/30/2026 | Modules affected: networking/vpc, services/eks-argocd, services/eks-cluster, services/eks-core-services | Release notes

  • Expose exclude_ports_from_inbound_all in VPC module
  • Add gw: namespaced tagging and scheduled cloud-nuke cleanup
  • Bump terraform-aws-eks to v4.3.0 (from v4.0.0), pulling in changes from v4.1.0, v4.2.0, and v4.3.0:
    • v4.1.0: Add attach_default_iam_policies toggle to eks-cluster-managed-workers to optionally skip attaching default IAM policies to the Managed Node Group IAM role
    • v4.2.0: Update ALB Ingress Controller IAM policy to support AWS Load Balancer Controller v2.11.0 and v2.13.0
    • v4.3.0: Add extra_args support to eks-alb-ingress-controller for passing feature gates and other controller flags
  • Add managed_node_group_attach_default_iam_policies variable to eks-workers — set to false when using an existing IAM role that already has the required policies (AmazonEKSWorkerNodePolicy, AmazonEKS_CNI_Policy, AmazonEC2ContainerRegistryReadOnly) attached
  • Add alb_ingress_controller_extra_args variable to eks-core-services — pass additional arguments to the AWS Load Balancer Controller, e.g. feature gates like --feature-gates=NLBGatewayAPI=true,ALBGatewayAPI=true
  • Add extra_args passthrough for ALB ingress controller

v2.1.0

Published: 3/11/2026 | Modules affected: networking, services | Release notes

  • Updated terraform-aws-load-balancer to v1.2.1 across all module references
  • networking/route53:
    • Add support for the ACM certificate export option, allowing users to create exportable certificates by setting export = "ENABLED" on their public zones or service discovery namespaces
    • Bump the AWS provider minimum version to >= 6.4.0 as required by the export option
  • Test CI updates

v2.0.0

Published: 3/4/2026 | Modules affected: networking/vpc, services/eks-argocd, services/eks-cluster, services/eks-core-services | Release notes

  • networking/vpc

  • services/eks-argocd

  • services/eks-cluster

  • services/eks-core-services

  • services/eks-karpenter

  • services/eks-workers

  • services/helm-service

  • services/k8s-service

  • Bump terraform-aws-eks to v4.0.0

  • Remove the kubergrunt dependency completely from the service catalog, as it has been removed from terraform-aws-eks in v4.0.0

  • Replace all kubergrunt EKS token fetching with aws eks get-token CLI

  • Remove all kubergrunt-related variables from modules and examples

  • Remove kubergrunt installation from CI, Jenkins AMI builds, and test helpers

  • Update documentation to remove kubergrunt references

> [!WARNING] > #### Breaking Changes > - All kubergrunt-related variables have been removed. If you are currently passing any of the removed variables listed below, you must remove them from your Terraform configurations. > - EKS token fetching now always uses aws eks get-token. Ensure the AWS CLI is available in your environment. > - VPC CNI customization via kubergrunt is no longer supported. Use EKS managed add-ons with the enable_eks_addons variable instead. > - Core component syncing via kubergrunt upgrade scripts is no longer supported. Use EKS managed add-ons instead. > > Removed variables from eks-cluster module: > - use_kubergrunt_verification > - kubergrunt_download_url > - use_kubergrunt_sync_components (previously use_upgrade_cluster_script) > - upgrade_cluster_script_wait_for_rollout > - upgrade_cluster_script_skip_coredns > - upgrade_cluster_script_skip_kube_proxy > - upgrade_cluster_script_skip_vpc_cni > - use_vpc_cni_customize_script > - vpc_cni_enable_prefix_delegation > - vpc_cni_warm_ip_target > - vpc_cni_minimum_ip_target > > Removed variables from eks-cluster, eks-core-services, eks-workers, and example modules: > - use_kubergrunt_to_fetch_token