Gruntwork release 2026-05
Guides / Update Guides / Releases / 2026-05
This page lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2026-05.
For instructions on how to use these updates in your code, check out the updating documentation.
Here are the repos that were updated:
Published: 5/13/2026 | Release notes
Published: 5/21/2026 | Release notes
Published: 5/15/2026 | Release notes
Published: 5/29/2026 | Release notes
Details on user-facing changes will be documented in the release notes for:
Published: 5/15/2026 | Release notes
Details on user-facing changes will be documented in the release notes for:
Published: 5/4/2026 | Release notes
Published: 5/1/2026 | Release notes
Published: 5/21/2026 | Release notes
Published: 5/19/2026 | Release notes
Published: 5/5/2026 | Release notes
The output-counts portion of Plan Summary (introduced in v4.16.1) now renders as a parenthetical sub-summary, making it easier to scan when a plan changes both resources and outputs.
Before:
Plan Summary: 6 to add, 0 to change, 0 to destroy, 5 outputs to add, 0 outputs to change, 0 outputs to destroy
After:
Plan Summary: 6 to add, 0 to change, 0 to destroy (5 outputs to add, 0 to change, 0 to destroy)
Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v4.16.2...v4.16.3
Published: 5/1/2026 | Release notes
A bug in the initial implementation of stack generation consolidation introduced in v4.15.1 has been fixed.
Previously, Pipelines would only generate only the stacks that were strictly impacted my Git diffs without recursively generating all stacks generated by top-level stacks as well. This was a regression from the existing behavior prior to consolidation, and has been fixed.
Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v4...v4.16.2
Published: 5/5/2026 | Release notes
The new --publish-to-registry flag has been added to support automatically publishing to the GitLab OpenTofu/Terraform Module Registry when repository releases are copied into GitLab projects.
Thanks to @gpetras for contributing this feature.
Multiple sources of technical debt were paid off, including addressing linting findings from golangci-lint, upgrading the AWS SDK dependency to v2, upgrading the toolchain used to build repo-copier to Golang 1.26, and removal of unnecessary dependencies.
These changes shouldn't result in any significant user-visible changes.
Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.7.1...v0.8.0
Published: 5/13/2026 | Release notes
Published: 5/15/2026 | Modules affected: - rds, - rds-proxy, - rds-replicas | Release notes
-
rds
-
rds-proxy
-
rds-replicas
-
rds / rds-proxy / rds-replicas: Replace the legacy aws_security_group_rule with one aws_vpc_security_group_ingress_rule / aws_vpc_security_group_egress_rule per CIDR to eliminate the AWS provider create-time race (hashicorp/terraform-provider-aws#38526) that surfaced as waiting for Security Group Rule create: couldn't find resource on first apply (#591). Module inputs and outputs are unchanged. AWS-side end state is identical (same SG, same rules); only the Terraform state representation changed.
Upgrade. State migration is required because the resource addresses changed. See UPGRADING.md for the full guide. Recommended path is patcher upgrade — the repo ships Patcher migrations under .patcher/patches/staged/{rds,rds-proxy,rds-replicas}/ that terraform import the existing AWS rules under their new addresses, producing no destroy/create plan diff. Without Patcher, terraform plan will show a destroy and recreate for each rule; apply in a maintenance window since each rule is briefly removed before recreation.
Behavior note — list ordering. The new resources use count = length(var.…) keyed on count.index, so reordering items in allow_connections_from_*_cidr_blocks (or allow_outbound_*) on a future change will recreate those rule resources, briefly dropping each rule during apply. Treat these lists as ordered. Adding/removing entries at the tail is fine.
-
https://github.com/gruntwork-io/terraform-aws-data-storage/pull/591
-
https://github.com/hashicorp/terraform-provider-aws/issues/38526
Published: 5/1/2026 | Modules affected: eks-aws-auth-merger, eks-cluster-control-plane, eks-ebs-csi-driver, eks-k8s-cluster-autoscaler | Release notes
Default EKS version is 1.35 with this release! Please see the links below for full details of the EKS 1.35 release including new features and any API changes.
Kubernetes 1.35 ("Timbernetes") highlights:
- In-Place Pod Resource Updates graduated to GA — CPU/memory adjustments without pod restarts
- Image Volumes graduated to stable — OCI images mountable as read-only volumes
- PreferSameNode Traffic Distribution graduated to stable
- cgroup v1 support removed — kubelet refuses to start on cgroup v1 by default
- containerd 1.x reaches EOL — 1.35 is the last release supporting it
- IPVS mode in kube-proxy deprecated; migration to nftables encouraged
Official AWS EKS 1.35 Announcement
Amazon EKS Distro Docs
Kubernetes 1.35 Announcement
Kubernetes 1.35 Release Notes
Published: 5/22/2026 | Release notes
- Add test coverage for lb-https-listener-rules example (no functional module changes)
Published: 5/22/2026 | Modules affected: lb-listener-rules | Release notes
- Add support for jwt_validation in the lb listener rules
- Test and tagging improvements
Published: 5/26/2026 | Modules affected: data-stores | Release notes
- data-stores/aurora: expose cluster_monitoring_interval and enable_global_write_forwarding
- Test fixes: restore shared KMS key and add cloud-nuke exclusion
Published: 5/21/2026 | Modules affected: - mgmt/cost-management, - data-stores/aurora, - data-stores/ecr-repos, - data-stores/rds | Release notes
-
mgmt/cost-management
-
data-stores/aurora
-
data-stores/ecr-repos
-
data-stores/rds
-
feat: add mgmt/cost-management service catalog module (#2381). Bundles AWS Budgets (list-driven; default daily + monthly preserves dogfood behavior) and AWS Cost Anomaly Detection. CAD requires the aws.us_east_1 aliased provider.
-
feat(aurora): support pre-existing DB parameter groups (#2387). Adds db_cluster_custom_parameter_group_name and db_instance_custom_parameter_group_name to data-stores/aurora so callers can attach a parameter group they manage outside the module. Mutually exclusive with the existing db_*_custom_parameter_group object inputs.
-
feat: expose force_delete option for ECR repositories module (#2384). Adds a per-repo force_delete option and a matching default_force_delete module variable (defaults to false to preserve existing behavior) in data-stores/ecr-repos.
-
feat(rds): expose Blue/Green deployment toggle (#2389). Adds enable_blue_green_update to data-stores/rds, wired through to the underlying data-storage RDS module. Partially resolves LIB-5105; Aurora coverage is deferred pending upstream Terraform AWS provider support.
Thanks to @ryehowell for contributions to this release.
Published: 5/15/2026 | Modules affected: networking/vpc, services/eks-argocd, services/eks-cluster, services/eks-core-services | Release notes
-
networking/vpc
-
services/eks-argocd
-
services/eks-cluster
-
services/eks-core-services
-
services/eks-karpenter
-
services/eks-workers
-
services/helm-service
-
services/k8s-service
-
Add Default Support for EKS 1.35
-
Bump cluster-autoscaler to v1.35.0
-
Bump terraform-aws-eks library module from v4.5.0 → v4.6.0
Default EKS version is 1.35 with this release! Please see the links below for full details of the EKS 1.35 release including new features and any API changes.
Kubernetes 1.35 ("Timbernetes") highlights:
- In-Place Pod Resource Updates graduated to GA — CPU/memory adjustments without pod restarts
- Image Volumes graduated to stable — OCI images mountable as read-only volumes
- PreferSameNode Traffic Distribution graduated to stable
- cgroup v1 support removed — kubelet refuses to start on cgroup v1 by default
- containerd 1.x reaches EOL — 1.35 is the last release supporting it
- IPVS mode in kube-proxy deprecated; migration to nftables encouraged
> [!NOTE]
> .circleci/config.yml K8S_VERSION and modules/mgmt/jenkins/install.sh DEFAULT_KUBECTL_VERSION are intentionally left at v1.33.x — these install minikube/kubectl in CI/Jenkins and lag EKS support windows.
No breaking changes. The default EKS version has been updated to 1.35. Users pinning a specific version via the kubernetes_version variable are unaffected.
Official AWS EKS 1.35 Announcement
Amazon EKS Distro Docs
Kubernetes 1.35 Announcement
Kubernetes 1.35 Release Notes
Published: 5/15/2026 | Modules affected: networking/vpc, networking/vpc-mgmt, services/eks-cluster | Release notes
- Harden cloud-nuke cleanup CI and bump to
v0.50.0
- Bump
terraform-aws-vpc to v0.28.13 and expose new outputs on networking/vpc and networking/vpc-mgmt
- Expose
eks_cluster_certificate_authority output on services/eks-cluster
Published: 5/12/2026 | Release notes
Published: 5/13/2026 | Modules affected: vpc-mgmt | Release notes
vpc_mgmnt Added output vpc_arn