Skip to main content

Gruntwork release 2021-01

Guides / Update Guides / Releases / 2021-01

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2021-01. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

gruntkms

v0.0.9

Published: 1/25/2021 | Release notes

https://github.com/gruntwork-io/gruntkms/pull/27: Updated the version of the AWS Go SDK used in gruntkms to pull in the latest features, such as better support for AWS SSO in AWS CLI v2.

repo-copier

v0.0.7

Published: 1/29/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/59: Fix one more bug with updating cross-references.

v0.0.6

Published: 1/29/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/57: Add unit tests and fix a URL updating bug.

v0.0.5

Published: 1/27/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/53: Fix bugs in handling single quotes when updating internal cross-references.

https://github.com/gruntwork-io/repo-copier/pull/54: Update the logic to replace all links by default and output a report at the end of links that were replaced, but the underlying repo was not copied.

https://github.com/gruntwork-io/repo-copier/pull/55: We now only build amd64 binaries, as Go no longer supports 386 binaries for all platforms.

v0.0.4

Published: 1/21/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/51: Run all Git operations concurrently to speed things up even more.

v0.0.3

Published: 1/21/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/48: Handle renamed repos; copy all tags by default; small performance tweaks.

v0.0.2

Published: 1/19/2021 | Release notes

v0.0.1

Published: 1/16/2021 | Release notes

First release!

terraform-aws-architecture-catalog

v0.0.2

Published: 1/7/2021 | Release notes

  • Fixes GitLab repo configuration
  • Adds blueprint for RDS

terraform-aws-asg

v0.11.2

Published: 1/28/2021 | Modules affected: asg-rolling-deploy, server-group | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.

v0.11.1

Published: 1/13/2021 | Modules affected: server-group | Release notes

  • Custom tags you pass to the server-group module via the custom_tags input variable will now be applied to the IAM role too.

terraform-aws-cache

v0.10.2

Published: 1/29/2021 | Modules affected: None | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.

terraform-aws-ci

v0.29.8

Published: 1/27/2021 | Modules affected: ecs-deploy-runner | Release notes

  • Fix an interpolation-only expression so we no longer get a deprecation warning from Terraform.

v0.29.7

Published: 1/26/2021 | Modules affected: jenkins-server | Release notes

Fix bug in jenkins-server where it errors out when snapshot_id is not provided.

v0.29.6

Published: 1/4/2021 | Modules affected: ecs-deploy-runner | Release notes

Fixes a bug in the ecs-deploy-runner module where the IAM permissions to grant access to the repository_credentials_secrets_manager_arn Secrets Manager entry to the ECS task execution role was not being configured.

terraform-aws-cis-service-catalog

v0.10.0

Published: 1/21/2021 | Modules affected: vpc-app-network-acls, vpc-mgmt-network-acls | Release notes

  • Refactor the NACL modules to allow specifying different CIDR blocks per subnet tier for allowing remote admin (e.g., SSH/RDP) access. This is important as the IP addresses you see in public subnets will be different than those in private subnets. This was a backwards incompatible change, so make sure to read the migration guide below.

v0.9.3

Published: 1/18/2021 | Modules affected: vpc-app-network-acls, vpc-mgmt-network-acls | Release notes

  • The two new modules vpc-app-network-acls and vpc-mgmt-network-acls were made on top of the existing modules from terraform-aws-vpc. They ensure that no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports, as per the 5.1 requirement of CIS AWS Foundations Benchmark.

We are publishing soon a migration guide from CIS 1.2.0 to 1.3.0!

terraform-aws-data-storage

v0.17.2

Published: 1/29/2021 | Modules affected: aurora, efs, lambda-create-snapshot, rds | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.

terraform-aws-ecs

v0.24.1

Published: 1/29/2021 | Modules affected: ecs-cluster, ecs-daemon-service, ecs-deploy, ecs-fargate | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.

v0.24.0

Published: 1/27/2021 | Modules affected: ecs-service | Release notes

v0.23.4

Published: 1/19/2021 | Modules affected: ecs-service, ecs-cluster | Release notes

  • We added parameters to supply existing IAM roles for the ecs-service module. These will be used in place of creating a new role: existing_ecs_task_role_name and existing_ecs_task_execution_role_name.
  • Small documentation corrections.

terraform-aws-eks

v0.32.2

Published: 1/29/2021 | Modules affected: eks-cluster-control-plane, eks-cluster-managed-workers | Release notes

  • You can now turn off the default Fargate IAM Role created by the eks-cluster-control-plane module using the create_default_fargate_iam_role input variable.
  • You can now selectively control which Node Groups use the instance_types attribute on the Node Group or on the Launch Template by setting the instance_types attribute to null.
  • You can now hard code the open ID connect provider thumbprint in the eks-cluster-control-plane module. This is useful if you are in an airgapped environment that requires HTTP requests to route through a proxy.

v0.32.1

Published: 1/21/2021 | Modules affected: eks-cluster-control-plane, eks-aws-auth-merger | Release notes

  • The aws-auth-merger app now uses an informer for watching the config maps, making it more robust to connectivity issues and API refresh problems.

v0.32.0

Published: 1/12/2021 | Modules affected: eks-alb-ingress-controller, eks-container-logs, eks-k8s-cluster-autoscaler, eks-k8s-external-dns | Release notes

The core services modules are now compatible with helm provider 2.x. Note that support for helm provider 1.x is dropped. You will need to update your provider blocks to ensure they pull in the 2.x series of the provider in order to update to this release.

v0.31.3

Published: 1/6/2021 | Modules affected: eks-cluster-control-plane | Release notes

  • This release is a minor bugfix to use the latest kubergrunt (v0.6.9) required dependency.

terraform-aws-elk

v0.7.1

Published: 1/27/2021 | Modules affected: (none) | Release notes

  • Updated the elk-multi-cluster example to show how you can dynamically source the authentication hash from secrets manager when configuring readonlyrest in the Elasticsearch cluster.
  • Fixed CircleCI contexts
  • Added a TF placeholder for TFC/TFE/PMR
  • Fixed internal link references in the docs

terraform-aws-messaging

v0.4.2

Published: 1/28/2021 | Modules affected: sqs | Release notes

  • You can now set custom tags for the dead letter queue using the new custom_dlq_tags input variable.

terraform-aws-monitoring

v0.24.1

Published: 1/29/2021 | Modules affected: alarms, logs, metrics | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.

terraform-aws-openvpn

v0.13.1

Published: 1/29/2021 | Modules affected: init-openvpn, backup-openvpn-pki, install-openvpn, openvpn-admin | Release notes

  • We have added support for Ubuntu 20.04 in testing and dropped support for Ubuntu 16.04
  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.

terraform-aws-security

v0.44.9

Published: 1/28/2021 | Modules affected: ssh-grunt | Release notes

  • Warn user and error out if ec2-instance-connect is installed

v0.44.8

Published: 1/27/2021 | Modules affected: private-s3-bucket | Release notes

  • Adds a new input to the private-s3-bucket module to configure CORS.

v0.44.7

Published: 1/19/2021 | Modules affected: auto-update, aws-config-rules, aws-config, aws-organizations | Release notes

  • Fixes broken links on the website's repo browser by using root-relative links for README & LICENSE file references.

terraform-aws-server

v0.10.1

Published: 1/29/2021 | Modules affected: attach-eni, ec2-backup, persistent-ebs-volume, route53-helpers | Release notes

v0.10.0

Published: 1/8/2021 | Modules affected: attach-eni | Release notes

  • All the modules now support Ubuntu 20.04. Note that starting this release, support for Ubuntu 16.04 is dropped.
  • Fix a bug with CentOS 7.9 that prevented the public IP from being restored when attaching a new ENI to the instance.

NOTE: Starting this release, the attach-eni module no longer works with Ubuntu 16.04. Please upgrade to Ubuntu 18.04 or 20.04.

terraform-aws-service-catalog

v0.17.1

Published: 1/28/2021 | Modules affected: base, data-stores, landingzone, mgmt | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.

v0.17.0

Published: 1/27/2021 | Modules affected: data-stores/elasticsearch, mgmt/ecs-deploy-runner, mgmt/jenkins, services/ecs-cluster | Release notes

  • You can now configure the update timeout for the elasticsearch module using the new update_timeout input variable. The default timeout has been increased from 60m to 90m, as we were seeing some intermittent timeouts on creation.
  • Bumped the terraform-aws-ci version number in the mgmt modules. This is mainly to pick up a fix for the jenkins module related to the default snapshot_id value.
  • Removed a depends_on clause from the ecs-cluster module which was causing recent Terraform versions to exit with an error. This depends_on wasn't necessary in the first place.
  • Updated the eks-core-services module to the 2.x version of the Helm provider. This is a backwards incompatible change. See the migration guide below.
  • Updated the required_version constraint on the k8s-namepsace to >= 0.12.26. This was missed during the Terraform 0.13 upgrade.

v0.16.0

Published: 1/20/2021 | Modules affected: mgmt, networking, services/eks-cluster, services/eks-core-services | Release notes

  • Updates gruntwork-io/module-ci to v0.29.6
  • Updates gruntwork-io/kubergrunt to v0.6.9
  • Update gruntwork-io/terraform-kubernetes-namespace to v0.1.1
  • Adds primary_host output for rds
  • Introduces ability to add custom IAM policies to the asg-service module.
  • Updates gruntwork-io/module-asg to v0.11.1
  • Updates gruntwork-io/terratest to v0.31.4
  • Updates gruntwork-io/module-ecs to v0.23.4
  • Updates gruntwork-io/terragrunt to v0.27.1
  • Removes unused variable from memcached
  • Updates gruntwork-io/module-security to v0.44.7
  • Updates gruntwork-io/terraform-aws-eks to v0.32.0. This update is backwards incompatible. Please refer to the terraform-aws-eks release notes for more information.
  • Updates gruntwork-io/module-server to v0.10.0.

v0.15.4

Published: 1/6/2021 | Modules affected: landingzone | Release notes

  • Updated the landingzone/account-baseline-root & landingzone/account-baseline-security modules to include the new iam-access-analyzer module in order to be compliant with CIS 1.3.0. The additional iam-access-analyzer module is disabled by default to aid consistency and backwards compatibility between versions of the landingzone.
  • Updated the related examples to showcase how the landingzone module could use the iam-access-analyzer module. To enable the use of this feature, users will need to set enable_iam_access_analyzer to true in the variables.tf for each of these modules or examples.
  • Once all our libraries are upgraded and tested to be compatible with CIS 1.3.0 we’ll publish a migration guide to help you update.

v0.15.3

Published: 1/5/2021 | Modules affected: networking | Release notes

  • Updated the vpc service to expose several optional parameters available in the underlying vpc-app module that were not exposed before:
    • custom_tags, vpc_custom_tags, public_subnet_custom_tags, private_app_subnet_custom_tags, private_persistence_subnet_custom_tags, and nat_gateway_custom_tags for setting custom tags on the various resources in the VPC.
    • create_public_subnets, create_private_app_subnets, and create_private_persistence_subnets for enabling / disabling the various subnet tiers in the VPC.
    • default_security_group_ingress_rules, default_security_group_egress_rules, default_nacl_ingress_rules, default_nacl_egress_rules for configuring the default ingress and egress rules for the Default Security Group and Default Network ACL.

v0.15.2

Published: 1/4/2021 | Modules affected: services/public-static-website | Release notes

You can now pass in the hosted_zone_id directly as opposed to looking it up via domain names when configuring route 53 records in the public-static-website module.

terraform-aws-utilities

v0.3.2

Published: 1/12/2021 | Modules affected: request-quota-increase | Release notes

  • CircleCI improvements: Fix CircleCI Contexts and switch from Dep to Go Modules
  • [NEW MODULE] Request quota increase for an AWS resource

terraform-aws-vpc

v0.13.0

Published: 1/29/2021 | Modules affected: vpc-app | Release notes

In v0.12.3, we added support for managing the default network ACL. However, we also associated the default NACL with the subnets in the VPC. This caused a perpetual diff problem for users that manage the network ACLs separately, such as when using the vpc-app-network-acls module.

In this release, we have updated the behavior to not explicitly apply the default network ACL by default.

v0.12.5

Published: 1/29/2021 | Modules affected: network-acl-inbound, vpc-app, vpc-dns-forwarder-rules, vpc-flow-logs | Release notes

  • We recently renamed most of our repos to follow the Terraform Registry convention of terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.