Simplify permutations In the redis module. As the resource names change within the module, this is a backwards incompatible change.
This release is backwards incompatible and to update an existing Redis cluster, use terraform state mv <old_address> <new_address> to ensure that your cluster isn't deleted when you run terraform apply.
Depending on your configuration, your current resource name is one of
To find out which one it is, run terraform state list.
For example, if your current resource name is module.redis.aws_elasticache_replication_group.redis_without_snapshotting_without_auth_token_with_cluster_mode[0], you can migrate the resource by running:
terraform state mv"module.redis.aws_elasticache_replication_group.redis_without_snapshotting_without_auth_token_with_cluster_mode[0]" module.redis.aws_elasticache_replication_group.redis
Note that you will have to use the quotes around the indexed resource to avoid terraform error no matches found: module.redis....
In the memcached and redis modules, we removed the bastion_host_security_group_id variable and added an allow_connections_from_security_groups variable, so you can now pass in a list of security group IDs that can connect to your cache, rather than just one.
Fix bug where ECS service IAM role outputs were incorrectly conditional on var.is_associated_with_elb, ignoring the condition about awsvpc (which is accounted for in local.need_ecs_iam_role_for_elb)
ecs-service now outputs service_app_autoscaling_target_resource_id which can be used for creating auto scaling policies.
This consolidates the lambda resources in modules/lambda and modules/lambda-edge, taking advantage of the TF12 features that allow it. This allows for better maintainability of the modules.
The two ALB resources used to switch on access logs have now been merged down to one resource. This improves maintainability of the module. As a result of this consolidation, the following feature drift has been resolved on the ALB resource for the no logs flavor:
idle_timeout was only defined on alb with logs
additional_security_group_ids was only being used on alb with logs
This renames the aws_alb resources as a part of consolidating the two versions down to one. As such, you will need to move the resources in the state file in order to avoid downtime.
NOTE: If you are using terragrunt, the state mv calls should be done using terragrunt instead of terraform.
If you had var.enable_alb_access_logs = true:
export MODULE_ADDRESS=module.alb # This should be the address of the module block used to call `alb` terraform state mv "$MODULE_ADDRESS.aws_alb.alb_with_logs[0]" "$MODULE_ADDRESS.aws_alb.alb"
Otherwise:
export MODULE_ADDRESS=module.alb # This should be the address of the module block used to call `alb` terraform state mv "$MODULE_ADDRESS.aws_alb.alb_without_logs[0]" "$MODULE_ADDRESS.aws_alb.alb"
You can now filter which Availability Zones (AZs) are used by the vpc-app and vpc-mgmt modules using the new input variables availability_zone_blacklisted_names, availability_zone_blacklisted_ids, and availability_zone_state.