https://github.com/gruntwork-io/boilerplate/pull/40: boilerplate should now check types after rendering variables, which allows you to use interpolations in non-string variables without getting a type error.
https://github.com/gruntwork-io/module-asg/pull/9: The server-group module now applies the tags you pass in via custom_tags to all resources that support tags: the security group, the ENIs, and the EBS volumes. Note that this is a backwards incompatible change, as the custom_tags parameter is now a plain map rather than a list of maps.
https://github.com/gruntwork-io/module-asg/pull/8: Added a new server-group module that you can use to run a fixed-size cluster of servers that can automatically attach EBS Volumes and ENIs, do zero-downtime rolling deployment, and automatically replace failed servers. Check out the server-group module docs for more details.
UPDATE/#24: Previously, it was not possible to launch an Aurora cluster from a snapshot. The aurora module now accepts a new var, snapshot_identifier, which is the Snapshot ID from which you'd like to launch a new Aurora cluster.
NOTE: This release a has a bug! Please use v0.2.10 instead.
NEW FEATURE/BREAKING CHANGE: The ecs-service-with-alb module now supports host-based routing! In addition, we used this opportunity to simplify the interface to the module. The major change is that you now specify ALB Listener Rules using Terraform code in the same Terraform file that calls the ecs-service-with-alb module, giving users total flexibility on routing rules. (#37)
UPDATE: The alb module adds a new output value, listener_arns, that merges the maps in the output values http_listener_arns, https_listener_non_acm_cert_arns , and https_listener_acm_cert_arns (#17).
BREAKING CHANGE: The module alb now opens all outbound ports by default. You can preserve the previous default behavior of opening no outbound ports by default by explicitly setting var.allow_all_outbound = false when calling this module. Although the previous default was slightly more secure, several users didn't realize the additional steps they needed to take to correctly use the ALB, so we feel this new default behavior is a better balance between security and convenience. (#16)
Additional Background
Previously, when you created an ALB, by default, its Security Group blocked all outbound traffic. When you added an ALB to an ECS Cluster, the ECS Cluster module updated the ALB's Security Group to allow outbound traffic only to the specific ECS Cluster being created.
But this proved to be confusing to people and didn't give us much security benefit anyway, so with this release, we change the default behavior of the ALB module to allow all outbound connections by default. At the same time, we updated the ECS Cluster module to no longer modify the ALB's Security Group to allow outbound connections from the ALB to the ECS Cluster since the ALB now allows all outbound traffic by default.
Therefore, if you use this release or higher with an ECS Cluster, be sure to use v0.6.0 or higher of that module as well!
BREAKING CHANGE: Due to a recent Amazon API change, the load-balancer-logs module no longer worked correctly. This release fixes that, however if you upgrade simply by bumping the version, Terraform will prompt you to destroy and re-create your existing S3 Bucket, which will destroy all existing logs! To avoid this, use terraform state mv <SOURCE> <DESTINATION>before running terraform apply with this module version.
For example:
terraform state mv module.alb_access_logs_bucket.aws_s3_bucket.access_logs_with_logs_archived module.alb_access_logs_bucket.aws_s3_bucket.access_logs_with_logs_archived_and_deleted
You can run terraform plan before the above to know the new destination to move the source to. Also, ensure that you don't change any variables that'll force a new ALB creation.
For assistance, please contact Gruntwork support. (#33)
This release fixes an issue where previous versions of OpenVPN did not setup permissions correctly for the openvpn-server-Users IAM Group. Now, a user with zero privileges in an AWS account can get all the permissions they need to create an OpenVPN user profile solely by their IAM User account being a member of the openvpn-server-Users IAM Group. (#18)
Upgrade Instructions:
Add the variables aws_region and aws_account_id when calling the openvpn-server module in your Terraform code.
Fix the apt repo URL for installing OpenVPN. It's not clear what happened to the old URL, but when you ran install-openvpn, you would get the error 404 Not Found [IP: 104.20.194.50 80].
The push route configuration in server.conf had a syntactic issue where the word route was outside of double quotes.
Reduce logging verbosity for OpenVPN to production levels.
Added a new attach-eni script which can be used to attach an ENI to an EC2 Instance.
Updated the mount-ebs-volume script so it can automatically find an attach an EBS Volume that has the same tag as the EC2 Instance. This is handy when you create EBS Volumes and Instances in matching "pairs."
THIS IS A BACKWARDS INCOMPATIBLE RELEASE. READ ON FOR INSTRUCTIONS.
This release fixes two bugs:
AWS now has 6 or more Availability Zones (AZs) in some regions (e.g., us-east-1) and the spacing between CIDR blocks that vpc-app and vpc-mgmt were using is no longer sufficient. To avoid these CIDR blocks from overlapping, we have increased the spacing from 5 to 10. If you are already using vpc-app or vpc-mgmt and want to preserve the CIDR blocks you were using before (highly recommended!), you must set the new input variable subnet_spacing to 5. Otherwise, Terraform will try to delete all your subnets and create new ones with the new CIDR blocks.
Release v0.2.1 of module-vpc made specifying the num_availability_zones parameter optional. Unfortunately, due to a bug, if you omitted this parameter, instead of creating subnets in every available AZ, the vpc-app and vpc-mgmt modules only created subnets in a single AZ. This has now been fixed.
UPDATE: DO NOT USE THIS RELEASE. IT CONTAINS A BAD BUG. SEE #27 FOR DETAILS.
https://github.com/gruntwork-io/module-vpc/pull/26: Fix a bug where the num_availability_zones output variable would report the wrong value (-1) if you didn't set the optional num_availability_zones input variable.
UPDATE: DO NOT USE THIS RELEASE. IT CONTAINS A BAD BUG. SEE #27 FOR DETAILS.
UPDATE: The modules vpc-app and vpc-mgmt now make var.num_availability_zones optional. If it's non-empty, the created VPC will only use the specified number of Availability Zones, not all Availability Zones. Otherwise, the VPC will be created to use all Availability Zones. As an example, us-east-1 now has 6 Availability Zones, but users may wish to utilize just 3 of them. This release if fully backwards-compatible. (#22)