Skip to main content

Gruntwork release 2022-03

Guides / Update Guides / Releases / 2022-03

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2022-03. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

boilerplate

v0.4.3

Published: 3/4/2022 | Release notes

https://github.com/gruntwork-io/boilerplate/pull/98: Implemented the ability to enforce boilerplate version when processing a template. You can now specify a version constraint in your boilerplate templates using the required_version config.

E.g.:

required_version: "~> 0.4.3"

v0.4.3-alpha.1

Published: 3/4/2022 | Release notes

v0.4.2

Published: 3/1/2022 | Release notes

https://github.com/gruntwork-io/boilerplate/pull/95: Bump version of sprig to 3.2.1. You can now use all new functions that were introduced since 2.22.0, such as htpasswd.

v0.4.1

Published: 3/1/2022 | Release notes

https://github.com/gruntwork-io/boilerplate/pull/92: Fixed bug where boilerplate continuously attempts to render templates defined in variable default value. This prevented rendering values that targeted go templates, like GitHub Actions.

terraform-aws-architecture-catalog

v0.0.28

Published: 3/5/2022 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v0.0.27...v0.0.28

terraform-aws-asg

v0.17.4

Published: 3/22/2022 | Modules affected: asg-instance-refresh | Release notes

  • Add support for attaching a launch template to asg with instance refresh

v0.17.3

Published: 3/15/2022 | Modules affected: server-group | Release notes

  • Converted usage of deprecated tags attribute to tag blocks. This change is backward compatible for your resources.
  • Upgraded version of boto3 embedded in the server-group module for rolling deployment script.

v0.17.2

Published: 3/1/2022 | Modules affected: server-group | Release notes

  • Allows attaching permission boundaries to the role attached to the server's group role.

terraform-aws-ci

v0.47.2

Published: 3/16/2022 | Modules affected: ecs-deploy-runner | Release notes

  • Fixed bug where there is a race condition between log group creation and ECS task creation for the ecs-deploy-runner.

v0.47.1

Published: 3/11/2022 | Modules affected: infrastructure-deploy-script, monorepo-helpers | Release notes

  • Exposed ability to install infrastructure-deploy-script and monorepo-helpers without sudo.

v0.47.0

Published: 3/10/2022 | Modules affected: ecs-deploy-runner | Release notes

  • Exposed the ability to configure the CloudWatch Log Group used by the ECS task launched with ecs-deploy-runner.

v0.46.1

Published: 3/9/2022 | Modules affected: infrastructure-deploy-script | Release notes

  • Fixed bug where infrastructure-deploy-script help text did not include overview docs.

v0.46.0

Published: 3/9/2022 | Modules affected: kubernetes-circleci-helpers | Release notes

  • Updated setup-minikube to be compatible with Ubuntu 20.04, instead of the deprecated Ubuntu 16.04 image.

v0.45.4

Published: 3/8/2022 | Modules affected: ecs-deploy-runner | Release notes

  • Exposed the lambda function name of the invoker as an output for ecs-deploy-runner module.

v0.45.3

Published: 3/4/2022 | Modules affected: ecs-deploy-runner | Release notes

  • Synced versions of tags in Dockerfile for ECS Deploy Runner. The versions of installed software are backward compatible.

v0.45.2

Published: 3/4/2022 | Modules affected: ecs-deploy-runner-standard-configuration, gruntwork-module-circleci-helpers | Release notes

  • Updated the ecs-deploy-runner-standard-configuration module to not define a required_providers block, since it doesn't have any provider resources.
  • Updated the standard configuration of ecs-deploy-runner to allow calling --help without option args on scripts within EDR
  • Added the ability to pass through additional flags to go test command when using run-go-tests

terraform-aws-cis-service-catalog

v0.34.0

Published: 3/25/2022 | Modules affected: networking/vpc, networking/vpc-mgmt, landingzone/account-baseline-root, landingzone/account-baseline-security | Release notes

  • Updated dependency gruntwork-io/terraform-aws-service-catalog to v0.85.2.

v0.33.2

Published: 3/17/2022 | Modules affected: networking/vpc-mgmt-network-acls, networking/vpc-app-network-acls | Release notes

  • Fixed bug where the rule numbers were not all relative to the new var.initial_nacl_rule_number input variable.

v0.33.1

Published: 3/17/2022 | Modules affected: networking/vpc, networking/vpc-mgmt, networking/vpc-app-network-acls, networking/vpc-mgmt-network-acls | Release notes

  • Updated the vpc-mgmt-network-acls and vpc-app-network-acls modules to expose the ability to configure the initial rule number used for the rules. This allows a user to set a sufficiently high number to provide more head room for inserting higher priority rules.

v0.33.0

Published: 3/15/2022 | Modules affected: landingzone/account-baseline-root, landingzone/account-baseline-security, landingzone/account-baseline-app, security/macie | Release notes

Updated the macie module to allow configuring and managing the Macie CloudWatch Log Group within Terraform. This allows a user to configure encryption settings for the Log Group or retention settings.

v0.32.5

Published: 3/14/2022 | Modules affected: landingzone/account-baseline-root | Release notes

  • Updated account-baseline-root module to allow to use external accounts as the administrator account for macie and securityhub.

terraform-aws-data-storage

v0.23.2

Published: 3/17/2022 | Modules affected: rds | Release notes

  • Update versions of tools in circleci
  • Add support for Oracle parameter groups in the RDS module.

terraform-aws-ecs

v0.32.1

Published: 3/15/2022 | Modules affected: ecs-cluster, ecs-scripts | Release notes

  • Exposed configuration parameters for restricting IMDS endpoints on EC2 instances in ECS cluster. Refer to the new enable_imds and use_imdsv1 input parameters for more information.

terraform-aws-eks

v0.50.3

Published: 3/31/2022 | Modules affected: eks-cluster-control-plane | Release notes

  • Fix kubergrunt arguments when syncing core components

v0.50.2

Published: 3/23/2022 | Modules affected: eks-cluster-control-plane | Release notes

  • eks-cluster-control-plane

  • Add support for managing EKS add-ons. Note that customized VPC CNI configurations (e.g., enabling prefix delegation) is not fully supported with add-ons as the automated add-on lifecycles could potentially undo the configuration changes. As such, it is not recommended to use EKS add-ons if you wish to use the VPC CNI customization features.

  • Update deprecated circleci images to latest

v0.50.1

Published: 3/8/2022 | Modules affected: eks-cluster-workers | Release notes

  • Exposed ability to configure EBS IOPS and Throughput parameters for self managed ASG workers.

v0.50.0

Published: 3/7/2022 | Modules affected: eks-cluster-workers | Release notes

  • Exposed the ability to configure detailed monitoring per ASG, instead of only on all ASGs. This change is only backward incompatible if you were using the asg_enable_detailed_monitoring input variable - refer to the migration guide down below for more info.

terraform-aws-lambda

v0.18.2

Published: 3/8/2022 | Modules affected: scheduled-lambda-job | Release notes

  • Exposed the ability to specify input json for scheduled-lambda-job when periodically invoking lambda function.

v0.18.1

Published: 3/7/2022 | Modules affected: lambda-edge, lambda | Release notes

  • The modules for Lambda and Lambda Edge functions can now have optional CloudWatch logs subscription

terraform-aws-load-balancer

v0.28.1

Published: 3/18/2022 | Modules affected: acm-tls-certificate, alb | Release notes

  • Exposed the ability to set a custom ALB log prefix for ALB logs.

terraform-aws-monitoring

v0.33.0

Published: 3/24/2022 | Modules affected: alarms, logs/load-balancer-access-logs | Release notes

  • A few things were cleaned up and updated.
  • The logs/load-balancer-access-logs module has been updated to support the recently changed private-s3-bucket module in terraform-aws-security, which now supports the Terraform AWS 4.x provider.

v0.32.1

Published: 3/11/2022 | Modules affected: alarms | Release notes

  • Added metric dimensions for ec2-disk-alarms

v0.32.0

Published: 3/3/2022 | Modules affected: alarms/asg-disk-alarms, alarms/ec2-disk-alarms | Release notes

Fixed bug where disk alarms for ASG and EC2 were using an incorrect metric dimension to filter the metrics.

v0.31.1

Published: 3/1/2022 | Modules affected: alarms | Release notes

  • Added InstanceType optional var to ec2-memory-alarms

terraform-aws-openvpn

v0.23.0

Published: 3/24/2022 | Modules affected: openvpn-server | Release notes

The openvpn-server module has been updated to support the recently changed private-s3-bucket module in terraform-aws-security, which now supports the Terraform AWS 4.x provider.

terraform-aws-security

v0.63.1

Published: 3/25/2022 | Modules affected: cloudtrail-bucket, cloudtrail, kms-master-key | Release notes

  • Exposed the ability to specify additional service principals that should be granted for CloudTrail key. This is useful for granting access to additional services for different needs, such as to CloudWatch for setting up log metric filters correctly.

v0.63.0

Published: 3/24/2022 | Modules affected: private-s3-bucket, aws-config-bucket, aws-config-multi-region, aws-config-rules | Release notes

Changes to support Terraform AWS 4.x provider in the private-S3-bucket module.

This release updates the private-s3-bucket module and other modules in this repo that use private-s3-bucket.

v0.62.5

Published: 3/21/2022 | Modules affected: secrets-manager-resource-policies | Release notes

  • Added secretsmanager:DescribeSecret and secretsmanager:GetResourcePolicy to read-only permissions.

v0.62.4

Published: 3/14/2022 | Modules affected: kms-master-key-multi-region | Release notes

  • Fixed bug where setting replica_regions = ["*"] in a conditional did not have the intended effect.

v0.62.3

Published: 3/4/2022 | Modules affected: custom-iam-entity, cloudtrail | Release notes

  • Added the ability to set custom conditions on assume role for custom-iam-entity via the new assume_role_custom_conditions input variable.
  • Exposed the ability to configure advanced_event_selectors in cloudtrail module via the new advanced_event_selectors input variable.

terraform-aws-server

v0.14.2

Published: 3/11/2022 | Modules affected: single-server | Release notes

  • Allow to add specific seperate tags for SG, IAM or EIP

terraform-aws-service-catalog

v0.85.2

Published: 3/25/2022 | Modules affected: mgmt/tailscale-subnet-router | Release notes

  • Added a new module to deploy Tailscale Subnet Routers in a VPC. Refer to the module documentation for more information.

v0.85.1

Published: 3/24/2022 | Modules affected: services/lambda, data-stores/ecr-repos | Release notes

  • Exposed the ability to bind custom iam policies to the lambda service IAM role
  • Added the ability to configure ECR repo to grant access to create lambda functions externally

v0.85.0

Published: 3/17/2022 | Modules affected: mgmt/ecs-deploy-runner, base/ec2-baseline, data-stores/rds, data-stores/aurora | Release notes

  • Updated ecs-deploy-runner to manage the CloudWatch Log Group associated with ECS Tasks in Terraform and exposed the variables to configure it.
  • Updated dependencies
    • terraform-aws-monitoring to v0.32.1
    • terraform-aws-ecs to v0.32.1
    • terraform-aws-security to v0.62.4
    • terraform-aws-ci to v0.47.2

v0.84.4

Published: 3/15/2022 | Modules affected: data-stores/redis, base/ec2-baseline, services/ec2-instance, services/k8s-service | Release notes

  • Exposed the 'auth_token' parameter in redis module to allow configuring password protected redis instances.
  • Update dependency terraform-aws-server to v0.14.2

v0.84.3

Published: 3/11/2022 | Modules affected: mgmt/ecs-deploy-runner | Release notes

  • Exposed ability to set up periodic background job to invoke ecs-deploy-runner. This can be used to run various tasks on a periodic basis in the background, such as running terragrunt run-all plan on a regular basis to detect infrastructure drift.

v0.84.2

Published: 3/10/2022 | Modules affected: services/lambda | Release notes

  • Exposed the set_source_code_hash parameter in the services/lambda module.

v0.84.1

Published: 3/9/2022 | Modules affected: landingzone/account-baseline-root, services/eks-cluster, services/eks-workers | Release notes

  • Exposed the ability to link GitHub Actions to the root account via the account-baseline-root module.
  • Exposed the ability to configure EBS IOPS and THROUGHPUT parameters for EKS self managed ASG workers.

v0.84.0

Published: 3/9/2022 | Modules affected: services/lambda, mgmt/openvpn-server, services/eks-workers, services/eks-cluster | Release notes

  • Exposed ability to configure CloudWatch subscriptions for services/lambda.
  • Enabled detailed monitoring for EKS Managed Node Group and self managed ASG instances. You can configure this using the new parameters to configure it.
  • Update various dependencies:
    • terraform-aws-lambda to v0.18.2
    • terraform-aws-eks to v0.50.1
    • terraform-aws-openvpn to v0.22.0
    • terraform-aws-ci to v0.45.4
  • Updated versions of tools installed in the jenkins server by default
    • helm to v3.8.0
    • terraform to v1.1.7
    • packer to v1.8.0
    • terragrunt to v0.36.3
  • Minor simplification of a local variable in account-baseline-root
  • Updated miscellaneous dependencies used in Terratest (no impact to modules)

v0.83.0

Published: 3/5/2022 | Modules affected: mgmt/bastion-host, services/ec2-instance, base/ec2-baseline, mgmt/ecs-deploy-runner | Release notes

  • Exposed ability to set ebs_optimized on bastion-host and ec2-instance module. This new variable defaults to true.
  • Exposed additional parameters for restoring an Aurora RDS Database from a snapshot (restore_type and copy_tags_to_snapshot).
  • Added the ability to extend the ECS Deploy Runner with additional container images via the new additional_container_images input variable.
  • Fixed bug where elb_target_group_deregistration_delay was not being passed through in ecs-service module.
  • Updated various dependencies:
    • terraform-aws-security to v0.62.3
    • terraform-aws-ci to v0.45.3
    • terraform-aws-asg to v0.17.2
    • terraform-aws-cache to v0.17.0
    • terraform-aws-data-storage to v0.23.1
    • terraform-aws-ecs to v0.32.0
    • terraform-aws-messaging to v0.8.1
    • terraform-aws-load-balancer to v0.28.0
    • terraform-aws-server to v0.14.1
    • terraform-aws-monitoring to v0.32.0
    • terraform-aws-static-assets to v0.13.0
    • terraform-aws-vpc to v0.20.2
    • terraform-kubernetes-namespace to v0.5.0
    • terraform-aws-utilities to v0.7.0

v0.82.1

Published: 3/4/2022 | Modules affected: networking/vpc-mgmt | Release notes

  • Exposed iam_role_permissions_boundary to vpc-mgmt module.

v0.82.0

Published: 3/3/2022 | Modules affected: networking/vpc, networking/vpc-mgmt | Release notes

  • Exposed the ability to configure permission boundaries on the IAM role for VPC flow logs via the iam_role_permissions_boundary input parameter.
  • Updated dependency terraform-aws-vpc to v0.20.1.

v0.81.0

Published: 3/3/2022 | Modules affected: mgmt/jenkins, base/ec2-baseline, data-stores/aurora, data-stores/elasticsearch | Release notes

  • Updated dependency terraform-aws-monitoring to v0.32.0
  • Fixed bug in ASG and EC2 disk alarms where the metric dimensions were incompatible with the CloudWatch Agent.
  • Exposed the ability to configure Performance Insights for an RDS database using the new performance_insights_enabled input variable.

terraform-aws-static-assets

v0.13.2

Published: 3/29/2022 | Release notes

  • Fix example cloudfront-s3-private-with-custom-bucket-policy

v0.13.1

Published: 3/23/2022 | Modules affected: s3-static-website | Release notes

  • Adds ability to override S3 bucket ownership and bucket policy

terraform-aws-vpc

v0.21.0

Published: 3/24/2022 | Modules affected: vpc-flow-logs | Release notes

  • vpc-flow-logs [Functionally Backward Compatible]

The vpc-flow-logs module has been updated to support the recently changed private-s3-bucket module in terraform-aws-security, which now supports the Terraform AWS 4.x provider.

Point your module source to this release (v0.21.0), run terraform init -upgrade, and run terraform apply.

When you run terraform apply there should be no destroyed or recreated resources. You will see newly created resources and sometimes in-place modifications.

This is a functionally backward compatible upgrade, verified with partially automated upgrade testing. Upgrade testing was done to ensure that running init/plan/apply on previously deployed modules will not run into issues when you upgrade to this version of the modules.

  • No configuration changes are required.
  • The AWS provider version must be bumped to at least 3.75.0.

You can bump the provider by running terraform init with the -upgrade flag, as in terraform init -upgrade. See HashiCorp's guide on upgrading providers for more details.

v0.20.4

Published: 3/17/2022 | Modules affected: vpc-app-network-acls, vpc-mgmt-network-acls | Release notes

  • Fixed bug where the rule numbers were not all relative to the new initial_nacl_rule_number input variable.

v0.20.3

Published: 3/17/2022 | Modules affected: vpc-flow-logs, vpc-app-network-acls, vpc-mgmt-network-acls | Release notes

  • Updated type table documentation for the additional_s3_bucket_policy_statements input variable.
  • Updated the vpc-mgmt-network-acls and vpc-app-network-acls modules to expose the ability to configure the initial rule number used for the rules. This allows a user to set a sufficiently high number to provide more head room for inserting higher priority rules.

v0.20.2

Published: 3/4/2022 | Modules affected: vpc-flow-logs | Release notes

  • Added the ability to configure additional bucket policies on the VPC flow logs bucket using the new additional_s3_bucket_policy_statements input variable.