Gruntwork release 2021-01
Guides / Update Guides / Releases / 2021-01
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2021-01. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 1/25/2021 | Release notes
Published: 1/29/2021 | Release notes
Published: 1/29/2021 | Release notes
Published: 1/27/2021 | Release notes
Published: 1/21/2021 | Release notes
Published: 1/21/2021 | Release notes
Published: 1/19/2021 | Release notes
Published: 1/16/2021 | Release notes
Published: 1/7/2021 | Release notes
- Fixes GitLab repo configuration
- Adds blueprint for RDS
Published: 1/28/2021 | Modules affected: asg-rolling-deploy, server-group | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
Published: 1/13/2021 | Modules affected: server-group | Release notes
- Custom tags you pass to the
server-group module via the custom_tags input variable will now be applied to the IAM role too.
Published: 1/29/2021 | Modules affected: None | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
Published: 1/27/2021 | Modules affected: ecs-deploy-runner | Release notes
- Fix an interpolation-only expression so we no longer get a deprecation warning from Terraform.
Published: 1/26/2021 | Modules affected: jenkins-server | Release notes
Fix bug in jenkins-server where it errors out when snapshot_id is not provided.
Published: 1/4/2021 | Modules affected: ecs-deploy-runner | Release notes
Fixes a bug in the ecs-deploy-runner module where the IAM permissions to grant access to the repository_credentials_secrets_manager_arn Secrets Manager entry to the ECS task execution role was not being configured.
Published: 1/21/2021 | Modules affected: vpc-app-network-acls, vpc-mgmt-network-acls | Release notes
- Refactor the NACL modules to allow specifying different CIDR blocks per subnet tier for allowing remote admin (e.g., SSH/RDP) access. This is important as the IP addresses you see in public subnets will be different than those in private subnets. This was a backwards incompatible change, so make sure to read the migration guide below.
Published: 1/18/2021 | Modules affected: vpc-app-network-acls, vpc-mgmt-network-acls | Release notes
- The two new modules
vpc-app-network-acls and vpc-mgmt-network-acls were made on top of the existing modules from terraform-aws-vpc. They ensure that no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports, as per the 5.1 requirement of CIS AWS Foundations Benchmark.
We are publishing soon a migration guide from CIS 1.2.0 to 1.3.0!
Published: 1/29/2021 | Modules affected: aurora, efs, lambda-create-snapshot, rds | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
Published: 1/29/2021 | Modules affected: ecs-cluster, ecs-daemon-service, ecs-deploy, ecs-fargate | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
Published: 1/27/2021 | Modules affected: ecs-service | Release notes
Published: 1/19/2021 | Modules affected: ecs-service, ecs-cluster | Release notes
- We added parameters to supply existing IAM roles for the
ecs-service module. These will be used in place of creating a new role: existing_ecs_task_role_name and existing_ecs_task_execution_role_name. - Small documentation corrections.
Published: 1/29/2021 | Modules affected: eks-cluster-control-plane, eks-cluster-managed-workers | Release notes
- You can now turn off the default Fargate IAM Role created by the
eks-cluster-control-plane module using the create_default_fargate_iam_role input variable. - You can now selectively control which Node Groups use the
instance_types attribute on the Node Group or on the Launch Template by setting the instance_types attribute to null. - You can now hard code the open ID connect provider thumbprint in the
eks-cluster-control-plane module. This is useful if you are in an airgapped environment that requires HTTP requests to route through a proxy.
Published: 1/21/2021 | Modules affected: eks-cluster-control-plane, eks-aws-auth-merger | Release notes
- The
aws-auth-merger app now uses an informer for watching the config maps, making it more robust to connectivity issues and API refresh problems.
Published: 1/12/2021 | Modules affected: eks-alb-ingress-controller, eks-container-logs, eks-k8s-cluster-autoscaler, eks-k8s-external-dns | Release notes
The core services modules are now compatible with helm provider 2.x. Note that support for helm provider 1.x is dropped. You will need to update your provider blocks to ensure they pull in the 2.x series of the provider in order to update to this release.
Published: 1/6/2021 | Modules affected: eks-cluster-control-plane | Release notes
- This release is a minor bugfix to use the latest kubergrunt (v0.6.9) required dependency.
Published: 1/27/2021 | Modules affected: (none) | Release notes
- Updated the
elk-multi-cluster example to show how you can dynamically source the authentication hash from secrets manager when configuring readonlyrest in the Elasticsearch cluster. - Fixed CircleCI contexts
- Added a TF placeholder for TFC/TFE/PMR
- Fixed internal link references in the docs
Published: 1/28/2021 | Modules affected: sqs | Release notes
- You can now set custom tags for the dead letter queue using the new
custom_dlq_tags input variable.
Published: 1/29/2021 | Modules affected: alarms, logs, metrics | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
Published: 1/29/2021 | Modules affected: init-openvpn, backup-openvpn-pki, install-openvpn, openvpn-admin | Release notes
- We have added support for Ubuntu 20.04 in testing and dropped support for Ubuntu 16.04
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
Published: 1/28/2021 | Modules affected: ssh-grunt | Release notes
- Warn user and error out if ec2-instance-connect is installed
Published: 1/27/2021 | Modules affected: private-s3-bucket | Release notes
- Adds a new input to the
private-s3-bucket module to configure CORS.
Published: 1/19/2021 | Modules affected: auto-update, aws-config-rules, aws-config, aws-organizations | Release notes
- Fixes broken links on the website's repo browser by using root-relative links for README & LICENSE file references.
Published: 1/29/2021 | Modules affected: attach-eni, ec2-backup, persistent-ebs-volume, route53-helpers | Release notes
Published: 1/8/2021 | Modules affected: attach-eni | Release notes
- All the modules now support Ubuntu 20.04. Note that starting this release, support for Ubuntu 16.04 is dropped.
- Fix a bug with CentOS 7.9 that prevented the public IP from being restored when attaching a new ENI to the instance.
NOTE: Starting this release, the attach-eni module no longer works with Ubuntu 16.04. Please upgrade to Ubuntu 18.04 or 20.04.
Published: 1/28/2021 | Modules affected: base, data-stores, landingzone, mgmt | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
Published: 1/27/2021 | Modules affected: data-stores/elasticsearch, mgmt/ecs-deploy-runner, mgmt/jenkins, services/ecs-cluster | Release notes
- You can now configure the update timeout for the
elasticsearch module using the new update_timeout input variable. The default timeout has been increased from 60m to 90m, as we were seeing some intermittent timeouts on creation. - Bumped the
terraform-aws-ci version number in the mgmt modules. This is mainly to pick up a fix for the jenkins module related to the default snapshot_id value. - Removed a
depends_on clause from the ecs-cluster module which was causing recent Terraform versions to exit with an error. This depends_on wasn't necessary in the first place. - Updated the
eks-core-services module to the 2.x version of the Helm provider. This is a backwards incompatible change. See the migration guide below. - Updated the
required_version constraint on the k8s-namepsace to >= 0.12.26. This was missed during the Terraform 0.13 upgrade.
Published: 1/20/2021 | Modules affected: mgmt, networking, services/eks-cluster, services/eks-core-services | Release notes
- Updates gruntwork-io/module-ci to v0.29.6
- Updates gruntwork-io/kubergrunt to v0.6.9
- Update gruntwork-io/terraform-kubernetes-namespace to v0.1.1
- Adds primary_host output for rds
- Introduces ability to add custom IAM policies to the asg-service module.
- Updates gruntwork-io/module-asg to v0.11.1
- Updates gruntwork-io/terratest to v0.31.4
- Updates gruntwork-io/module-ecs to v0.23.4
- Updates gruntwork-io/terragrunt to v0.27.1
- Removes unused variable from memcached
- Updates gruntwork-io/module-security to v0.44.7
- Updates gruntwork-io/terraform-aws-eks to v0.32.0. This update is backwards incompatible. Please refer to the terraform-aws-eks release notes for more information.
- Updates gruntwork-io/module-server to v0.10.0.
Published: 1/6/2021 | Modules affected: landingzone | Release notes
- Updated the
landingzone/account-baseline-root & landingzone/account-baseline-security modules to include the new iam-access-analyzer module in order to be compliant with CIS 1.3.0. The additional iam-access-analyzer module is disabled by default to aid consistency and backwards compatibility between versions of the landingzone. - Updated the related examples to showcase how the
landingzone module could use the iam-access-analyzer module. To enable the use of this feature, users will need to set enable_iam_access_analyzer to true in the variables.tf for each of these modules or examples. - Once all our libraries are upgraded and tested to be compatible with CIS 1.3.0 we’ll publish a migration guide to help you update.
Published: 1/5/2021 | Modules affected: networking | Release notes
- Updated the
vpc service to expose several optional parameters available in the underlying vpc-app module that were not exposed before:custom_tags, vpc_custom_tags, public_subnet_custom_tags, private_app_subnet_custom_tags, private_persistence_subnet_custom_tags, and nat_gateway_custom_tags for setting custom tags on the various resources in the VPC.create_public_subnets, create_private_app_subnets, and create_private_persistence_subnets for enabling / disabling the various subnet tiers in the VPC.default_security_group_ingress_rules, default_security_group_egress_rules, default_nacl_ingress_rules, default_nacl_egress_rules for configuring the default ingress and egress rules for the Default Security Group and Default Network ACL.
Published: 1/4/2021 | Modules affected: services/public-static-website | Release notes
You can now pass in the hosted_zone_id directly as opposed to looking it up via domain names when configuring route 53 records in the public-static-website module.
Published: 1/12/2021 | Modules affected: request-quota-increase | Release notes
- CircleCI improvements: Fix CircleCI Contexts and switch from Dep to Go Modules
- [NEW MODULE] Request quota increase for an AWS resource
Published: 1/29/2021 | Modules affected: vpc-app | Release notes
In v0.12.3, we added support for managing the default network ACL. However, we also associated the default NACL with the subnets in the VPC. This caused a perpetual diff problem for users that manage the network ACLs separately, such as when using the vpc-app-network-acls module.
In this release, we have updated the behavior to not explicitly apply the default network ACL by default.
Published: 1/29/2021 | Modules affected: network-acl-inbound, vpc-app, vpc-dns-forwarder-rules, vpc-flow-logs | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.