https://github.com/gruntwork-io/gruntkms/pull/16: Update all dependency versions, including updating to the latest AWS Go SDK. This should ensure gruntkms works with the latest AWS metadata endpoints, including the ECS Task metadata endpoints.
This release contains implementations for the following modules:
eks-vpc-tags: A module exporting common tags necessary for VPC resources in order to have a functional EKS environment. Refer to the updated eks-cluster example for reference on how to use the tags exported by this module.
This release is not intended to be used in production, as core features of a production grade infrastructure is still missing. This is currently intended to be used for development and learning purposes so that you can plan out a migration to Gruntwork modules for managing EKS.
This release is not tested with windows. Please file any bugs/issues you run into on the issue tracker.
This initial release contains implementations for the following modules:
eks-cluster-control-plane: Provision an EKS cluster resource with recommended IAM policies and security groups that can be extended.
eks-cluster-workers: Provision a set of EC2 instances that EKS can use as worker nodes.
eks-k8s-role-mapping: Map AWS IAM roles to Kubernetes RBAC roles to allow authentication and authorization to Kubernetes via AWS credentials.
install-eks-aws-iam-authenticator: Prebuilt binaries for the AWS IAM Authenticator for Kubernetes that can be installed without a working golang environment. This binary is used to support authenticating to EKS by providing IAM roles to the EKS cluster's Kubernetes API.
k8s-scripts: Helper scripts to configure kubectl and helm on the various flavors of Kubernetes clusters.
This initial release is not intended to be used in production, as core features of a production grade infrastructure is still missing. This is currently intended to be used for development and learning purposes so that you can plan out a migration to Gruntwork modules for managing EKS.
This initial release is not tested with windows. Please file any bugs/issues you run into on the issue tracker.
To update your existing encryption enabled RDS cluster (which most likely uses serverless engine mode, else you'd have run into an error), simply run:
terragrunt state mv module.<module-name>.aws_rds_cluster.cluster_with_encryption module.<module-name>.aws_rds_cluster.cluster_with_encryption_serverless
Add support for Aurora serverless: You can now set the engine_mode parameter to provisioned or serverless. You can also set scaling configuration settings using the scaling_configuration_xxx parameters.
Add support for deletion protection: You can set deletion_protection to true to prevent a database from being deleted by accident.
Preliminary windows support for check-ecs-service-deployment script by using python as opposed to bash for the entrypoint. Also rebuilds the binaries to include windows versions of the dependencies.
The cross-account-iam roles module now exposes an optional allow_houston_cli_access_from_other_account_arns parameter that allows you to specify the ARNs of other AWS accounts that will be allowed to call the CLI endpoints in Gruntwork Houston.
The iam-groups module now exposes an optional should_create_iam_group_houston_cli_users parameter that, if set to true, will create an IAM Group with permissions that grants its users permissions to call the CLI endpoints in Gruntwork Houston.
The iam-policies module now exposes an output called houston_cli_permissions that creates the permissions necessary to call the CLI endpoints in Gruntwork Houston.
The s3-cloudfront module will now automatically create an AAAA alias record (in addition to the A record it always created) if is_ipv6_enabled and create_route53_entries are both set to true. This is necessary so your static websites work over IPv6.
https://github.com/gruntwork-io/package-static-assets/pull/13: Expose force_destroy_website and force_destroy_redirect flags in the s3-static-website module. You can use these flags to force the module S3 buckets in the module to be destroyed, even if they still have content in them.