Replaces bastion_host_security_group_id with allow_connections_from_security_groups array to allow specifying more than one security group. This change is backward incompatible and you need to include bastion_host_security_group_id in the allow_connections_from_security_groups array to get this to work
https://github.com/gruntwork-io/module-data-storage/pull/36: If you wish to make your Aurora database accessible from the public Internet, you can now set the publicly_accessible flag to true (WARNING: NOT RECOMMENDED FOR PRODUCTION USAGE!!). The default is false, which means the database is only accessible from within the VPC, which is much more secure.
https://github.com/gruntwork-io/module-ecs/pull/58: You can now use spot instances with your ECS cluster by setting the cluster_instance_spot_price parameter to the maximum bid price you want to use on the EC2 Spot Market!
NOTE: due to a bug in Terraform, if you update an existing cluster with a spot price, you might see an error like this when you run apply:
* module.ecs_cluster.aws_launch_configuration.ecs: aws_launch_configuration.ecs: diffs didn't match during apply. This is a bug with Terraform and should be reported as a GitHub Issue.
Running apply a second time seems to complete without errors.
We've updated the Kafka module to include support for Confluent Schema Registry, REST Proxy, and Kafka Connect! These services also include support for SSL. We've also introduced a new, simpler configuration file approach where you can specify any number of well-defined "replacement variables" that will automatically be updated when you call the appropriate run-xxx script at boot in user data (e.g. run-schema-registry).
Unfortunately, our automated tests consistently fail for Amazon Linux only, and we encountered what appear to be several bugs with Schema Registry itself in how forwarding is handled. Diagnosing these issues has proven to be very trying because after we make a fix, it takes another 45 minutes for a full build to complete, leading to an incredibly long feedback loop.
As a result, we're marking this as pre-release. That means that you are free to begin using this code, but you should know that, until our automated tests pass, you may encounter subtle issues, especially around forwarding from non-master nodes.
Going forward, we will immediately be investing in a new approach to writing modules that makes our cycle time about 10x faster. In particular, we intend to run the Confluent Stack using Docker Compose for local testing so that we can restart it multiple times without having to wait either for Packer to build a new AMI or for AWS to launch a whole cluster of EC2 Instances. Stay tuned!
Refactor the auto-generated code by creating the aws_api_gateway_rest_api resource external to the modules in order allow additional resources to be added via Terraform. Additionally, split the auto-generated code into two separate modules to allow for deployment of multiple api gateway stages separately from the definition of the resources.
THIS VERSION IS NOT BACKWARDS COMPATIBLE AND ANY CODE REFERENCING AUTO-GENERATED MODULES WILL NEED TO BE UPDATED.
https://github.com/gruntwork-io/module-security/pull/74: Add a new module called ssh-iam-selinux-policy. If you are using ssh-iam on CentOS, you should install this module so that SELinux doesn't prevent ssh-iam from working!
The s3-static-website module now enables server-side encryption by default. The encryption settings can be configured by a new input variable called server_side_encryption_configuration. If you'd like to disable server-side encryption, set server_side_encryption_configuration = [].
#23: Previously, we installed mvn (Maven) using yum and found that this actually installs the OpenJDK along with it! In some cases, OpenJDK even became the default Java installation, over the Oracle JDK we had already installed. This release updates our Maven installation method so that it no longer installs OpenJDK.
#22: This repo now has its own standalone "bash commons" module.
Recently, we've begun introducing Docker containers into our repos to enable a much faster cycle time when building the module. As part of this effort, we've consolidated all our generic bash functions into a "bash commons" library that can be shared among multiple modules in this repo.
With this update we place the bash-commons libraries into their own module. Although the interface to all the script modules in this repo remains unchanged, you now have to gruntwork-install the bash-commons module in order for many of the modules to work. You can install the bash-commons module like this: