This release adds support for specifying multiple target groups with the ECS service, allowing you to link multiple ALBs and NLBs with your service. See the new docker-service-with-alb-and-nlb example for an example of how to associate multiple ALB/NLBs with the service.
Note that this is a backwards incompatible change. Review the migration guide below for how to migrate to this version without downtime.
You can now disable module calls to eks-cluster-managed-workers by setting create_resources = false. This allows you to implement conditional logic to turn on or off a module block in your terraform module.
You can now specify the docker repository to use for sourcing the cluster-autoscaler. Recent versions of the cluster-autoscaler is now region sensitive and you must pull from the corresponding repository.
NOTE: This release will cause a redeploy of the cluster-autoscaler, but since it is a stateless application, there is no risk of loss of data or functionality during the transition.
When upgrading from Kubernetes version 1.13 to 1.15, the coredns containers get updated to the latest version. In the newer versions of coredns, the configuration has a backwards incompatible change that was previously unhandled in the upgrade scripts. This release fixes that issue such that it will reformat the configuration to match expectations of later coredns versions.
The lambda-edge module will now apply tags passed to it via the tags input variable to its IAM role.
The lambda module will now apply tags passed to it via the tags input variable to its IAM role and Security Group.
The scheduled-lambda-job module now exposes a new tags input variable which can be used to apply tags to the CloudWatch Event Rule it creates. This module now also outputs the Event Rule ARN and schedule via the output variables event_rule_arn and event_rule_schedule, respectively.
This release introduces improvements to the module, including the ability to look up Route53 public zones by name when a hosted_zone_id is not supplied.
This release also introduces 3 new optional variables to assist with keeping your config dry:
global_tags - tags that will be applied to all certificates
default_verify_certificate - set to true to verify all your certificates
default_create_verification_record - set to true to create the necessary DNS records for certificate verification
Added datapoints_to_alarm variable to ecs-service-alarms module: Addresses the module 'ecs-service-alarms' didn't pass through customizations to the variable 'datapoints_to_alarm'.
In the sns-to-slack module, resources can now be optionally created using the create_resources boolean variable. Set the variable to false to have the module create no resources. This weird parameter exists solely because Terraform does not support conditional modules. Therefore, this is a hack to allow you to conditionally decide if the Lambda function and other resources should be created or not.
Fix a bug in the alb-alarms module where for "low" thresholds (e.g., low request count) it was using GreaterThanThreshold instead of LessThanThreshold.
ssh-grunt sync every 5 minutes by default rather than every 30 minutes.
The cloudtrail and kms-master-key modules now accept a dependencies variable. This can be used to create a dependency between this module and resources created outside of this module. For example, you might need to create a dependency between the cloudtrail module and an IAM user created using the iam-user module because you want to name the user in the KMS key policy.
dependencies = values(module.iam_users.user_arns)
Now each resource in the cloudtrail module will depend on these ARNs.
The multi-region modules (aws-config-multi-region, guardduty-multi-region, and kms-master-key-multi-region) have been updated to use the recently released aws_regions data source. Previously, regions were discovered with the get-enabled-regions python program.
The behavior of ssh-grunt has changed with regards to its handling of duplicate users. Previously, if multiple IAM users resulted in the same clean OS username (e.g. ben and ben@gruntwork.io both result in ben for the OS username), ssh-grunt would exit with an error. This had the unfortunate side effect of requiring the administrator to log in as the default user to diagnose the issue.
The behavior has changed such that processing will now continue for all other IAM users. If a duplicate occurs, neither wins (in the example above, neither ben nor ben@gruntwork.io would win), but any additional users will still sync.
You can now grant Service Principals (e.g., "s3.amazonaws.com") access to your KMS CMKs by setting the cmk_service_principals parameter and specifying the actions those Service Principals will be allowed to do via a new service_principal_actions input variable.
All the parameters passed to the customer_master_keys variable of the kms-master-key module are now optional instead of required. The module will now only add IAM policy statements for the parameters that are actually set.
Since AWS provider 2.0, setting num_days_after_which_delete_log_data = 0 no longer works and leads to a provider schema error. This meant that there was no way to configure S3 buckets to never delete data. Starting with this release, you can now prevent deletion of data in S3 for aws-config and cloudtrail by setting the respective variables to null.
Fully rely on Python to determine the path separator. This is an internal refactor to make the code cleaner and safer and should have no impact on external behavior.
This new module allows to create a VPC Interface Endpoint to connect services within your VPC without needing to create NAT Gateways neither private gateway. Previously, only VPC Gateway Endpoints (S3 and DynamoDB) were permitted.