Gruntwork release 2022-08
Guides / Update Guides / Releases / 2022-08
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2022-08. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 8/2/2022 | Release notes
Published: 8/24/2022 | Release notes
Fix a bug causing the git ref used to fetch the boilerplate template for the form wizard to be out of date.
Published: 8/22/2022 | Release notes
This release adds two new commands:
gruntwork vault login - quickly log into any account defined in your aws-vault account profiles gruntwork vault exec - quickly execute an arbitrary command against any account defined in your aws-vault account profiles
These commands are intended to be used in conjunction with the gruntwork vault generate command, for scaffolding aws-vault account profiles from your infrastructure-live repository.
Published: 8/17/2022 | Release notes
This release adds a new command gruntwork vault generate that assists you in generating valid aws-vault account profiles for your Ref Arch AWS accounts, to ease login and executing commands.
Published: 8/4/2022 | Release notes
Published: 8/2/2022 | Release notes
Published: 8/2/2022 | Release notes
(none)
- No functional changes were introduced in this release!
- Updated incorrect go package reference.
Published: 8/2/2022 | Modules affected: memcached, redis | Release notes
- Some housekeeping updates.
- Unlock AWS provider v4. Require minimum 3.75.1. This update includes a few tests that make sure upgrading to this module from the last release is easy. However, you may need to bump your AWS provider version. See the migration guide notes below for more.
Published: 8/12/2022 | Modules affected: terraform-helpers | Release notes
- Updated
terraform-update-variable to make the formatting step optional, allowing you to run it without terraform being available in the PATH.
Published: 8/3/2022 | Modules affected: ecs-deploy-runner-standard-configuration, ecs-deploy-runner | Release notes
- Added support in
build-docker-image ECS Deploy Runner script for injecting docker buildkit compatible secrets into Kaniko builds via the --env-secret parameter.
Published: 8/2/2022 | Release notes
- Improvements to upgrade testing
Published: 8/4/2022 | Modules affected: ecs-deploy-runner-with-steampipe, steampipe-runner | Release notes
Published: 8/11/2022 | Modules affected: landingzone/account-baseline-app, landingzone/account-baseline-root, landingzone/account-baseline-security, networking/vpc-mgmt | Release notes
- Updated for-production examples for Reference Architecture
- Updated dependencies:
terraform-aws-service-catalog: v0.95.0 to v0.96.1
- Unlocked AWS provider v4. Require minimum 3.75.1.
- In v0.39.0, we missed several module updates in the underlying
terraform-aws-service-catalog dependency of this repo. - That has been remedied in gruntwork-io/terraform-aws-service-catalog@v0.96.1 (release).
- Now we've updated all references in
terraform-aws-cis-service-catalog to point to the latest, AWS Provider v4 unlocked, version of terraform-aws-service-catalog. - No configuration changes are required by you. Please see the migration guide below.
Published: 8/4/2022 | Modules affected: landingzone/account-baseline-app, landingzone/account-baseline-root, landingzone/account-baseline-security, networking/vpc-mgmt | Release notes
- Update dependencies:
terraform-aws-service-catalog: v0.94.0 to v0.95.0terraform-aws-monitoring: v0.35.2 to v0.35.3- Various test dependencies
Published: 8/3/2022 | Modules affected: landingzone/account-baseline-app, landingzone/account-baseline-root, landingzone/account-baseline-security, security/aws-securityhub | Release notes
- Renamed variable
associate_to_master_account_id to associate_to_admin_account_id in aws-securityhub module to align with latest AWS documentation.
Published: 8/2/2022 | Modules affected: landingzone/account-baseline-app, landingzone/account-baseline-root, landingzone/account-baseline-security, networking/vpc | Release notes
- Unlock AWS provider v4. Require minimum 3.75.1. This update includes a few tests that make sure upgrading to this module from the last release is easy. However, you may need to bump your AWS provider version. See the migration guide notes below for more info.
Published: 8/18/2022 | Modules affected: ecs-cluster | Release notes
- Updated
ecs-cluster module to use the aws_ecs_cluster_capacity_providers to avoid the need for a python script on destroy.
Published: 8/4/2022 | Modules affected: ecs-cluster, ecs-daemon-service, ecs-service | Release notes
- Internal housekeeping changes
- Added patch for
v0.32.0 - Added patch for
v0.33.0 - Updated code owners
- Added patch for
v0.31.0
- Unlock AWS provider v4. Require minimum 3.75.1. This update includes a few tests that make sure upgrading to this module from the last release is easy. However, you may need to bump your AWS provider version. See the migration guide notes below for more.
Published: 8/8/2022 | Modules affected: eks-alb-ingress-controller, eks-alb-ingress-controller-iam-policy, eks-aws-auth-merger, eks-cloudwatch-agent | Release notes
- Housekeeping fixes:
- Fixed Helm link in
alb-ingress-controller README - Fixed contributing docs link
- Updated code owners
- Unlock AWS provider v4. Require minimum 3.75.1. This update includes a few tests that make sure upgrading to this module from the last release is easy. However, you may need to bump your AWS provider version. See the migration guide notes below for more.
Published: 8/3/2022 | Modules affected: run-lambda-entrypoint | Release notes
- Updated
run-lambda-entrypoint CLI to support loading Secrets Manager entries by name instead of ARN. You can now pass a Secrets Manager name to the _ARN environment variables that the entrypoint CLI supports.
Published: 8/2/2022 | Release notes
- No functional changes were introduced with this release!
- Updated incorrect go package reference.
Published: 8/1/2022 | Modules affected: alb, acm-tls-certificate, lb-listener-rules | Release notes
- Unlock AWS provider v4. Require minimum 3.75.1. This update includes a few tests that make sure upgrading to this module from the last release is easy. However, you may need to bump your AWS provider version. See the migration guide notes below for more.
Published: 8/2/2022 | Release notes
- No functional changes were introduced in this release!
- Updated incorrect go package reference.
Published: 8/1/2022 | Modules affected: kinesis, msk, sns-sqs-connection, sns | Release notes
- Unlock AWS provider v4. Require minimum 3.75.1. This update includes a few tests that make sure upgrading to this module from the last release is easy. However, you may need to bump your AWS provider version. See the migration guide notes below for more.
Published: 8/26/2022 | Modules affected: logs | Release notes
modules/logs updated to only install logrotate from source if the RPM isn't already installed
Published: 8/18/2022 | Modules affected: alarms/alb-alarms, alarms/alb-target-group-alarms, alarms/asg-cpu-alarms, alarms/asg-disk-alarms | Release notes
- Updated all alarms module to expose
treat_missing_data as a configurable parameter.
Published: 8/4/2022 | Modules affected: All | Release notes
- Renamed legacy
vars.tf files to variables.tf.
Published: 8/10/2022 | Modules affected: openvpn-admin | Release notes
- Update dependencies of
openvpn-admin utility to support usage with AWS SSO.
Published: 8/8/2022 | Release notes
- Add retroactive patches for backward incompatible versions
v0.20.0 to v0.24.0
Published: 8/2/2022 | Release notes
- No functional changes were introduced in this release!
- Updated incorrect go package reference
Published: 8/1/2022 | Modules affected: ec2-backup, single-server | Release notes
- Unlock AWS provider v4. Require minimum 3.75.1. This update includes a few tests that make sure upgrading to this module from the last release is easy. However, you may need to bump your AWS provider version. See the migration guide notes below for more.
Published: 8/19/2022 | Modules affected: services/k8s-service, landingzone/account-baseline-root, mgmt/terraform-aws-openvpn, mgmt/jenkins | Release notes
- Exposed the
cleanup_on_fail parameter in k8s-service module's helm_release resource. - Updated
landingzone/account-baseline-root to expose advanced_event_selectors for Cloudtrail as cloudtrail_advanced_event_selectors. - Updated
rds module to make the option_group_name parameter configurable. - Updated
jenkins to allow configuring without a Route53 entry. - Updated dependencies:
terraform-aws-openvpn: v0.24.1 to v0.24.3
Published: 8/11/2022 | Release notes
- Unlock AWS Provider v4. Require minimum 3.75.1. In https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.96.0, we missed a few spots. This release updates the above modules with the same minimum version of 3.75.1, with no upper limit. These updates arose from bumping the following underlying library modules:
terraform-aws-serverterraform-aws-load-balancerterraform-aws-cacheterraform-aws-messaging
Special thanks to @lorelei-rupp-imprivata for catching this issue!
Published: 8/9/2022 | Modules affected: services, base, data-stores, landingzone | Release notes
- Module dependency updates, to unlock Terraform AWS Provider v4:
- Update Terraform github.com/gruntwork-io/terraform-aws-eks to v0.53.0
- Update Terraform github.com/gruntwork-io/terraform-aws-ecs to v0.34.0
- Unlock AWS provider v4. Require minimum 3.75.1. This update includes a few tests that make sure upgrading to this module from the last release is easy. However, you may need to bump your AWS provider version. See the migration guide notes below for more.
Published: 8/5/2022 | Modules affected: base/ec2-baseline, services/ec2-instance, mgmt/jenkins, mgmt/bastion-host | Release notes
- Exposed the ability to set AWS Tags on the resources managed by the
ecs-deploy-runner module. - Updated dependencies:
terraform-aws-monitoring: v0.35.2 to v0.35.3- Updated test dependencies.
- Updated
for-production example to the latest iteration of the Reference Architecture.
Published: 8/4/2022 | Modules affected: networking/sns-topics, base/ec2-baseline, services/ec2-instance, mgmt/jenkins | Release notes
- Updated dependencies:
terraform-aws-ci: v0.50.3 to v0.50.6terraform-aws-monitoring: v0.34.1 to v0.35.2
- Updated
sns-topics module to require passing through the Slack webhook URL using AWS Secrets Manager instead of directly as module variables. This is to treat the webhook URL more like a Secret as recommended by Slack.
Published: 8/3/2022 | Modules affected: data-stores/aurora, data-stores/rds, landingzone/account-baseline-app, landingzone/account-baseline-root | Release notes
- Updated dependency
terraform-aws-data-storage from v0.24.0 to v0.24.2 - Exposed new parameters to pass through permission boundaries to IAM Roles managed by the
account-baseline modules.
Published: 8/2/2022 | Modules affected: data-stores/aurora, services/public-static-website | Release notes
- Updated
aurora module to output the generated security group ID. - Updated the website S3 bucket created in the
public-static-website module with additional security configurations when operating in private bucket mode. The following changes are backward compatible with existing websites.- The bucket will now configure blocking of public access for the objects.
- The bucket will now enforce encryption of data in transit (only accessible over TLS).
- Added support for configuring CloudFront Functions, a more performant and lightweight alternative to Lambda@Edge, with static websites.
- Added support for implementing default directory indexing for private S3 bucket backed static websites.
- Added instructions to README on how to perform a blue-green deployment of Aurora.
Published: 8/16/2022 | Modules affected: s3-cloudfront | Release notes
- Add support for s3 buckets with v4 Auth