Skip to main content

Gruntwork release 2019-06

Guides / Update Guides / Releases / 2019-06

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2019-06. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

terraform-aws-asg

v0.7.1

Published: 6/20/2019 | Modules affected: server-group | Release notes

  • Fix bug where var.enable_elastic_ips was not properly used in the conditional logic to control Route 53 records in modules/server-group. This led to syntax errors when you had the right inputs to enable the resource.

v0.7.0

Published: 6/11/2019 | Modules affected: server-group, asg-rolling-deploy | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

terraform-aws-cache

v0.6.1

Published: 6/24/2019 | Modules affected: redis | Release notes

  • redis

This release fixes a bug where the module errors on the output if you set both replication_group_size and cluster_modes input variables in the redis module.

v0.6.0

Published: 6/11/2019 | Modules affected: redis, memcached | Release notes

  • redis [BACKWARDS INCOMPATIBLE]
  • memcached [BACKWARDS INCOMPATIBLE]

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

terraform-aws-ci

v0.14.0

Published: 6/22/2019 | Modules affected: jenkins-server, iam-policies, ec2-backup | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

v0.13.16

Published: 6/18/2019 | Modules affected: jenkins-server | Release notes

  • Add a variable for aws_alb_target_group.health_check.matcher to the jenkins-server module.

v0.13.15

Published: 6/4/2019 | Modules affected: install-jenkins, jenkins-server | Release notes

  • Use latest jenkins version, because the package repo is throttling super old version
  • Update CODEOWNERS
  • Fix test summary and use different port
  • jenkins-server: allow additional target group to be specified
  • bug: fix duplicate description attribute in jenkins module

terraform-aws-data-storage

v0.9.0

Published: 6/17/2019 | Modules affected: rds, lambda-share-snapshot, lambda-create-snapshot, lambda-copy-shared-snapshot | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

v0.8.9

Published: 6/14/2019 | Modules affected: rds | Release notes

  • When allow_connections_from_cidr_blocks is empty, do not create the allow_connections_from_cidr_blocks security rule.

terraform-aws-ecs

v0.14.0

Published: 6/21/2019 | Modules affected: ecs-service, ecs-service-with-discovery, ecs-service-with-alb, ecs-fargate | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

v0.13.5

Published: 6/13/2019 | Modules affected: ecs-cluster, ecs-service, ecs-service-with-discovery, ecs-service-with-alb | Release notes

This release introduces the ability to extend the AWS principals that can assume the ECS task role. For each module that provisions an ECS task, there is a new variable additional_task_assume_role_policy_principals that allows you to extend the list of allowed principals.

terraform-aws-eks

v0.5.5

Published: 6/20/2019 | Modules affected: eks-k8s-role-mapping | Release notes

  • Fix bug where IAM to RBAC mapping did not work with capital letters in the entity name. This caused login issues because the script would naively use the IAM role / user name as the Kubernetes username, which were invalid when they contained upper case letters.
  • Documentation updates and fixes.

terraform-aws-elk

v0.3.1

Published: 6/21/2019 | Modules affected: install-logstash, install-filebeat, install-collectd, auto-discovery | Release notes

This release fixes a bug in the install scripts where for some base AMIs, the install script could hang on a user prompt that will never be answered in the context of the automation script during apt-get upgrade.

v0.3.0

Published: 6/19/2019 | Modules affected: elasticsearch-cluster-backup | Release notes

  • elasticsearch-cluster-backup [BACKWARDS INCOMPATIBLE]

This release fixes a bug where AWS region of the s3 bucket was hardcoded to us-east-1 in the elasticsearch-cluster-backup module. With this change, the elasticsearch-cluster-backup module now takes in a new required input variable region.

terraform-aws-lambda

v0.6.0

Published: 6/14/2019 | Modules affected: scheduled-lambda-job, lambda, lambda-edge, keep-warm | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

terraform-aws-load-balancer

v0.14.1

Published: 6/20/2019 | Modules affected: nlb | Release notes

  • nlb

Fixes a bug that arises when using terraform >=0.12.2 with the nlb module. Specifically, the access_logs subblock requires a valid bucket and prefix to be specified if the block is included, regardless of enabled flag. This release fixes it so that you can still pass in a null or empty bucket and prefix even if the access logs are disabled.

v0.14.0

Published: 6/11/2019 | Modules affected: alb, nlb, acm-tls-certificate | Release notes

  • alb [BACKWARDS INCOMPATIBLE]
  • nlb [BACKWARDS INCOMPATIBLE]
  • acm-tls-certificate [BACKWARDS INCOMPATIBLE]

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

terraform-aws-messaging

v0.3.0

Published: 6/13/2019 | Modules affected: kinesis, sns, sqs | Release notes

  • kinesis [BACKWARDS INCOMPATIBLE]
  • sns [BACKWARDS INCOMPATIBLE]
  • sqs [BACKWARDS INCOMPATIBLE]

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

terraform-aws-monitoring

v0.13.2

Published: 6/27/2019 | Modules affected: cloudwatch-dashboard-metric-widget | Release notes

  • Fix type constraint on the metrics variable of the cloudwatch-dashboard-metric-widget module to allow non-string types in the inner list, including map values.

v0.13.1

Published: 6/24/2019 | Modules affected: logs/cloudwatch-log-aggregation-scripts | Release notes

  • This release verifies compatibility of various module scripts in the repo with Ubuntu 18.04. Prior to this version, all modules except for logs/cloudwatch-log-aggregation-scripts worked with Ubuntu 18.04. This release fixes the logs/cloudwatch-log-aggregation-scripts module to also be compatible with Ubuntu 18.04.

v0.13.0

Published: 6/21/2019 | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

v0.12.7

Published: 6/20/2019 | Modules affected: alarms | Release notes

  • #95: Fix default statistic for asg-memory-alarms

v0.12.6

Published: 6/11/2019 | Modules affected: alarms/sqs-alarms | Release notes

  • alarms/sqs-alarms
  • Fix the period setting for the SQS alarm to use a minimum of 5 minutes rather than 1 minute, as SQS metrics are only collected once every 5 minutes, so trying to alert more often doesn't work.

Thanks to @bendavies for the PR!

terraform-aws-openvpn

v0.9.2

Published: 6/26/2019 | Modules affected: init-openvpn | Release notes

  • Populate DNS server from proper location on Ubuntu 18.04. This should fix DNS resolution on client machines.

v0.9.1

Published: 6/20/2019 | Modules affected: openvpn-server | Release notes

  • Fix bug where the IAM role for the openvpn server did not have a lifecycle config for create_before_destroy, leading to issues when trying to do a rolling update.

v0.9.0

Published: 6/18/2019 | Modules affected: openvpn-server | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

v0.8.2

Published: 6/18/2019 | Modules affected: openvpn-server | Release notes

This release introduces the ability to set an expiration lifecycle on the objects in the S3 backup bucket for the openvpn-server module. To enable expiration, set the enable_backup_bucket_noncurrent_version_expiration input variable to true. You can configure the days to expiration using the input variable backup_bucket_noncurrent_version_expiration_days (defaults to 30).

v0.8.1

Published: 6/17/2019 | Modules affected: install-openvpn | Release notes

  • install-openvpn has been updated to support ubuntu 18.04.

terraform-aws-sam

v0.2.0

Published: 6/25/2019 | Modules affected: gruntsam, api-gateway-account-settings | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module. For gruntsam, this means the generated code is only compatible with terraform 0.12.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module vars.tf file to double check if the 0 value has been converted to a null.

terraform-aws-security

v0.17.1

Published: 6/26/2019 | Modules affected: ssh-grunt | Release notes

  • Fix a bug where the crontab configured by ssh-grunt install was missing the --force-user-deletion flag.

v0.17.0

Published: 6/24/2019 | Modules affected: ssm-healthchecks-iam-permissions, saml-iam-roles, os-hardening, kms-master-key | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

v0.16.6

Published: 6/21/2019 | Modules affected: ssm-healthchecks-iam-permissions | Release notes

This release introduces a new module ssm-healthchecks-iam-permissions which provides IAM policies that you can attach to instance profiles that grants the EC2 instance the requisite permissions to run SSM healthchecks, which are enabled by default on many base AWS AMIs such as Ubuntu.

v0.16.5

Published: 6/14/2019 | Modules affected: kms-master-key | Release notes

  • Allow cross account usage for CMK keys by granting the requisite IAM permissions to allow an external account to grant access to the KMS key to IAM entities within that account. You can use the new cmk_external_user_iam_arns input variable to specify which accounts should have this capability.

terraform-aws-server

v0.7.0

Published: 6/11/2019 | Modules affected: single-server | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

v0.6.2

Published: 6/6/2019 | Modules affected: attach-eni | Release notes

The attach-eni script is now compatible with Ubuntu 18.04.

terraform-aws-utilities

v0.1.1

Published: 6/13/2019 | Release notes

  • prepare-pex-environment

This fixes a bug that was introduced in upgrading to terraform 0.12, where prepare-pex-environment always returned the python3 version of the pex.

v0.1.0

Published: 6/6/2019 | Release notes

  • intermediate-variable [REMOVED]
  • list-remove [BREAKING]
  • join-path [BREAKING]
  • operating-system [BREAKING]
  • prepare-pex-environment [BREAKING]
  • require-executable [BREAKING]
  • run-pex-as-data-source [BREAKING]
  • run-pex-as-resource [BREAKING]

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

Additionally, we have deprecated and removed the intermediate-variable module in this release. This module has been superseded by terraform local values. To upgrade, switch usage of intermediate-variable with locals.

terraform-aws-vpc

v0.6.0

Published: 6/11/2019 | Modules affected: vpc-peering, vpc-peering-external, vpc-mgmt, vpc-mgmt-network-acls | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

v0.5.8

Published: 6/7/2019 | Modules affected: vpc-mgmt, vpc-app | Release notes

  • var.custom_tags now propagate to EIP resources created in the VPCs.

terraform-aws-zookeeper

v0.6.0

Published: 6/18/2019 | Modules affected: zookeeper-cluster, exhibitor-shared-config, zookeeper-iam-permissions, zookeeper-security-group-rules | Release notes

  • zookeeper-cluster [BACKWARDS INCOMPATIBLE]
  • exhibitor-shared-config [BACKWARDS INCOMPATIBLE]
  • zookeeper-iam-permissions [BACKWARDS INCOMPATIBLE]
  • zookeeper-security-group-rules [BACKWARDS INCOMPATIBLE]

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

terraform-kubernetes-helm

v0.5.0

Published: 6/11/2019 | Modules affected: k8s-tiller, k8s-tiller-tls-certs, k8s-service-account, k8s-namespace | Release notes

All the modules are now terraform 0.12.0 compatible. Note that this means the modules are no longer compatible with terraform 0.11 and under. Starting this release, you must use terraform 0.12.0 or greater to use this module.

All the module variables have been updated to use concrete types based on the new type system introduced in terraform 0.12.0. You can learn more about the types in the official documentation.

Note that as part of this, we switched to using null to indicate unset values when passing them through to resources. If you were previously using a 0 value ("" for strings and 0 for numbers), review the module variables.tf file to double check if the 0 value has been converted to a null.

Note: there is one major interface change due to the upgrade. For the TLS modules, we no longer cannot pass through the subject info of the TLS cert as an inline block due to type issues. The main issue here is with the street_address attribute, which is of type list(string). To support the types, the street_address must be provided as newline delimited string, which will be later converted to list(string).