Skip to main content

Gruntwork release 2021-03

Guides / Update Guides / Releases / 2021-03

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2021-03. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

gruntwork

v0.2.0

Published: 3/12/2021 | Release notes

This is a major update to the CLI that is oriented around the functionality of the Landing Zone Reference Architecture. Major changes include:

  • Drop support for GCP
  • Drop support for creating TLS certs
  • Drop support for creating GitHub repos (this is now handled in the gruntwork-clients org)
  • Adds support for creating secrets for the VCS tokens

Also undergoes a sort of rebranding of a "generic gruntwork CLI tool" to being specific to the ref arch. The README is updated with all the details.

repo-copier

v0.0.16

Published: 3/29/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/89: Added a new --max-stack-bytes parameter to configure the maximum amount of memory that can be used by a single goroutine stack, and set the default to 2GB (instead of 1GB). The Git library we use under the hood can use a lot of memory for very large repos, so this can be used to increase the max memory available to avoid stack overflow / OOM errors.

v0.0.15

Published: 3/25/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/88: Fix a bug where the --disable-pull-request-protection and --disable-fast-forward-protection arguments didn't work properly if BitBucket was configured with a custom context path.

v0.0.14

Published: 3/23/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/87: You can now optionally have repo-copier disable branch protection and rewrite protection by passing the --disable-pull-request-protection and/or --disable-fast-forward-protection flags, respectively.

v0.0.13

Published: 3/18/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/76:

  • repo-copier will now convert pull requests and issues into Markdown files that get copied to the destination.
  • Added release date for each release in CHANGELOG.md.
  • Added ability to copy branches.

v0.0.12

Published: 3/9/2021 | Release notes

https://github.com/gruntwork-io/repo-copier/pull/82: Explicitly set the name and email when creating tags to avoid confusing errors if those values are not defined in .gitconfig.

terraform-aws-architecture-catalog

v0.0.3

Published: 3/1/2021 | Release notes

  • Adds command for setting up TLS for the sample app
  • Initial implementation of the deployer command
  • Unit test for aws-vault based authentication
  • Hook up generate ec2 key pairs to state machine
  • Add memcached
  • Add command to create db secrets
  • Make genedrsecrets operation idempotent
  • Make secrets manager entry get a unique name
  • VCS secrets should be in shared account, not security
  • Add deploy logs baseline to the statemachine
  • Fix typo in comment
  • Add placeholder.tf for TFC/TFE/PMR
  • Shared account baseline
  • Fixes for generating db config
  • Generate vault config in a loop
  • Update .gitignore
  • Use new key ID when rekeying
  • Add missing stages to README
  • Fix rekeysecrets test issue
  • Deploy shared secrets policy and Build EDR containers stages
  • Update placeholder docs to make more sense in this repo
  • Use same secret key when generating vars as secret gen
  • Add DeployEDR stage
  • Add helper command to trigger aws-vault exec and fix bug with MFA prompt
  • Fix unhandled error in edrsecrets
  • Add step to query for and upload VCS/GitHub PAT
  • Trim any ALB names over 32 characters
  • Add pipeline stages for generating db and sample app secrets
  • Assert the required binaries exist before running deploy
  • Make sure to set RDSEngineVersion
  • Handle terraform version strings <0.13
  • Find and call build scripts
  • Improve comment on aws.GetAuthEnvVars
  • Support custom default branches for ECS deploy runner
  • Reverse the github pat logic
  • Fix bug where we invoke the root folder template, not blueprint
  • Update dbconfig.go to not include @ symbol in pw
  • Split DeployEDR stage to DeployAllBaseline and DeployEDR
  • DeployAll stage
  • Refarch-deployer sanity checker: account access and route53 domains
  • Create function for getting all accounts from a form
  • Add IP allow list to refarch-deployer
  • Backend domain name depends on the app server cluster type
  • Fix comment to be consistent with what is checking
  • Add ASG service blueprint
  • Add better error messages for concurrent deploy functions
  • Show struct fields when debug printing parsed form
  • Post-deploy checks
  • Pre-flight check vault config
  • Add EKS templates and blueprint
  • Fix EKS testing
  • Bump service catalog version and take advantage of scratch paths
  • Preflight checks: duplicate aws certs
  • Adds Jenkins blueprint
  • Small improvement to deployment speed
  • Disjoint App VPC CIDR
  • Fix wrong var name in eks-cluster module
  • Bump service catalog version
  • Fix EKS and Aurora
  • Implement fixes for Jenkinsfile
  • Fix sample app linkage to memcached

terraform-aws-asg

v0.12.1

Published: 3/8/2021 | Modules affected: server-group | Release notes

  • Replace usage of null_data_source with locals to resolve deprecation warning.

v0.12.0

Published: 3/5/2021 | Modules affected: asg-rolling-deploy, server-group | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
    • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
    • Once all Gruntwork repos have been upgrade to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

terraform-aws-cache

v0.13.0

Published: 3/18/2021 | Modules affected: memcached, redis | Release notes

Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!

From this release onward, this repo will be running tests with Terraform 0.14.x, so we recommend updating to 0.14.x soon! All modules still support Terraform 0.12.26 and above (by using features like required_providers and source URLs).

Once all Gruntwork repositories have been updated to support Terraform 0.14.x, a newsletter announcement will be published via the Gruntwork Newsletter & a migration guide will be published on our website.

terraform-aws-ci

v0.31.1

Published: 3/30/2021 | Modules affected: ecs-deploy-runner, infrastructure-deployer | Release notes

  • Fixes a bug in the ecs-deploy-runner fargate runtime where it did not support running scripts with no args.

v0.31.0

Published: 3/12/2021 | Modules affected: gruntwork-module-circleci-helpers | Release notes

  • build-go-binaries now supports building arbitrary os and architecture combinations with the new --osarch flag.
  • build-go-binaries now defaults to building the following binaries: darwin/amd64, darwin/arm64, linux/amd64, linux/386, linux/arm64, windows/amd64, windows/386. Note that this release drops building darwin/386 binaries. If you need those binaries built, you must explicitly pass it in to --osarch.

v0.30.0

Published: 3/8/2021 | Modules affected: ecs-deploy-runner, ecs-deploy-runner-standard-configuration, infrastructure-deployer | Release notes

  • You can now build docker images against a specific commit SHA in the ECS Deploy Runner using the --sha argument to build-docker-image script.
  • Prior to this release all scripts in ECS Deploy Runner had automatically allowed the --help option. Starting this release, this behavior has been corrected. If you wish to continue to allow --help to your scripts, add it to allowed_options in the script configuration.

terraform-aws-cis-service-catalog

v0.13.0

Published: 3/29/2021 | Modules affected: aws-config-multi-region, networking/vpc, networking/vpc-mgmt | Release notes

  • Flow logs are now always created in modules vpc and vpc-mgmt. To achieve this, these two modules no longer expose the variable create_flow_logs.

  • Exposed more necessary properties and removed variables allowing configuration for the CIS version of aws-config-multi-region module:

    • added config_name, should_create_sns_topic, sns_topic_name, kms_key_arn to main.tf
    • removed enable_root_account_mfa_rule from variables.tf

v0.12.0

Published: 3/25/2021 | Modules affected: networking/vpc, networking/vpc-mgmt, networking/vpc-app-network-acls, networking/vpc-mgmt-network-acls | Release notes

This release adds new modules for VPC and Management VPC, and integrates them with existing Network ACL modules, thus creating AWS CIS-compliant VPC modules.

Note that this release moves the vpc-app-network-acls and vpc-mgmt-network-acls modules under the networking folder. When updating to this version, make sure to update the module path as well.

v0.11.4

Published: 3/19/2021 | Modules affected: cloudwatch-logs-metric-filters, cloudtrail | Release notes

Cloudtrail SNS topics can now be encrypted via the new benchmark_alarm_sns_topic_kms_master_key_id variable.

v0.11.2

Published: 3/11/2021 | Modules affected: aws-config-multi-region | Release notes

  • New module: aws-config-multi-region. This module has the IAM password policy checks for CIS.

v0.11.1

Published: 3/11/2021 | Modules affected: iam-password-policy | Release notes

  • Update IAM password policy to CIS v1.3. Some password restrictions no longer apply.

v0.11.0

Published: 3/9/2021 | Modules affected: aws-securityhub, cleanup-expired-certs, cloudtrail, cloudwatch-logs-metric-filters | Release notes

This release updates versions of several underlying modules, including several backwards incompatible upgrades. Please see the Migration guide section for manual steps necessary to perform the upgrade.

Other changes in this release:

  • Documentation Improvements
  • Internal test fixes
  • required_version and required_providers added to all terraform modules
  • Added script to disassociate from Security Hub
  • Added Renovate bot

terraform-aws-data-storage

v0.18.1

Published: 3/23/2021 | Modules affected: redshift | Release notes

  • Set ignore_changes on the snapshot_identifier param in the redshift module so that you can properly restore Redshift clusters from snapshots.

v0.18.0

Published: 3/18/2021 | Modules affected: aurora, efs, lambda-cleanup-snapshots, lambda-copy-shared-snapshot | Release notes

Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!

From this release onward, this repo will be running tests with Terraform 0.14.x, so we recommend updating to 0.14.x soon!

All modules still support Terraform 0.12.26 and above (by using features like required_providers and source URLs)

Once all Gruntwork repositories have been updated to support Terraform 0.14.x, a newsletter announcement will be published via the Gruntwork Newsletter & a migration guide will be published on our website

v0.17.4

Published: 3/2/2021 | Modules affected: redshift | Release notes

Allow restoring snapshots from different AWS accounts using the news snapshot_cluster_identifier and snapshot_owner_account variables.

terraform-aws-ecs

v0.26.1

Published: 3/30/2021 | Modules affected: ecs-service | Release notes

  • Fix a bug where the aws_ecs_task_definition for the canary task was not setting the execution_role_arn param.

v0.26.0

Published: 3/30/2021 | Modules affected: ecs-daemon-service, ecs-service | Release notes

  • Fix the volumes param in the ecs-service and ecs-daemon-service modules so that volumes can be updated safely, support optional params, and support the docker_volume_configuration. This is a breaking change, so make sure to see the Migration Guide below for how to upgrade.

v0.25.3

Published: 3/1/2021 | Modules affected: ecs-service | Release notes

  • Now allows for a custom prefix for the ECS task IAM role name in the custom_iam_role_name_prefix variable.
  • Fixes a typo in the name of the ECS task execution policy (task-excution-policy => task-execution-policy). Note that this change will cause the policy to be recreated, but will not cause downtime for any ECS service.

terraform-aws-eks

v0.34.0

Published: 3/31/2021 | Modules affected: eks-k8s-cluster-autoscaler, eks-k8s-external-dns, eks-k8s-cluster-autoscaler-iam-policy | Release notes

  • You can now customize the external-dns service to directly configure the list of sources it watches for using the sources input variable. Note that as a part of this change, the enable_istio flag has been removed.
  • You can now configure the external-dns service to only watch for resources in a specific namespace using the endpoints_namespace input variable.
  • You can now grant the cluster-autoscaler service to query and manipulate any ASGs with the tag k8s.io/cluster-autoscaler/CLUSTER_NAME instead of the set of ASGs that were passed in. This IAM permission is applied when cluster_autoscaler_absolute_arns = false.
  • You can now configure the eks-k8s-cluster-autoscaler module to create a Fargate Profile but use an existing Fargate execution role that is created in the same terraform configuration. Previously this led to an error due to count values not being available at plan time.

v0.33.1

Published: 3/24/2021 | Modules affected: eks-alb-ingress-controller, eks-cluster-workers | Release notes

  • You can now force detach policies on destroy for the IAM role created with self managed workers through the eks-cluster-workers module.

terraform-aws-kafka

v0.7.1

Published: 3/18/2021 | Modules affected: kafka-cluster, confluent-tools-cluster | Release notes

  • You can now configure which CloudWatch metrics to enable for the ASGs in the kafka-cluster and confluent-tools-cluster modules using the new enabled_metrics input variable.

terraform-aws-lambda

v0.10.0

Published: 3/12/2021 | Modules affected: keep-warm, lambda-edge, lambda, scheduled-lambda-job | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
    • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
    • Once all Gruntwork repos have been upgraded to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

terraform-aws-load-balancer

v0.23.0

Published: 3/31/2021 | Modules affected: lb-listener-rules, acm-tls-certificate, alb, nlb | Release notes

  • Fix bug where the listener_arns attribute was ignored on each rules map in the lb-listener-rules module.
  • Update all repo cross references to the current name.

v0.22.0

Published: 3/12/2021 | Modules affected: acm-tls-certificate, alb, lb-listener-rules | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
    • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
    • Once all Gruntwork repos have been upgraded to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

terraform-aws-messaging

v0.5.0

Published: 3/18/2021 | Modules affected: kinesis, sns, sqs | Release notes

Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!

From this release onward, this repo will be running tests with Terraform 0.14.x, so we recommend updating to 0.14.x soon!

All modules still support Terraform 0.12.26 and above (by using features like required_providers and source URLs).

Once all Gruntwork repositories have been updated to support Terraform 0.14.x, a newsletter announcement will be published via the Gruntwork Newsletter & a migration guide will be published on our website.

v0.4.4

Published: 3/9/2021 | Modules affected: sns | Release notes

  • Fix a bug where the sns module would show errors with output variable access when create_resources was set to false.

terraform-aws-monitoring

v0.26.0

Published: 3/29/2021 | Modules affected: agents/cloudwatch-agent | Release notes

  • All the modules except for logs/cloudwatch-log-aggregation-scripts have been tested for compatibility with Ubuntu 20.04. If you wish to use the log aggregation scripts on Ubuntu 20.04, migrate to the new Unified CloudWatch Agent using the agents/cloudwatch-agent module.

  • This release introduces a new module (agents/cloudwatch-agent) for installing and configuring the Unified CloudWatch Agent which can be used for sending both metrics and logs to CloudWatch. This module replaces the logs/cloudwatch-log-aggregation-scripts and metrics/cloudwatch-memory-disk-metrics-scripts module, as the single agent is able to fulfill both purposes.

v0.25.0

Published: 3/18/2021 | Release notes

Releasing a new minor version for this repo to mark forward-only compatibility with Terraform 0.14.x!

From release v0.24.2, this repo will be running tests with Terraform 0.14.x, so we recommend updating to 0.14.x soon! All modules still support Terraform 0.12.26 and above (by using features like required_providers and source URLs).

Once all Gruntwork repositories have been updated to support Terraform 0.14.x, a newsletter announcement will be published via the Gruntwork Newsletter & a migration guide will be published on our website.

For more details, please refer to the release notes from Terraform 0.14 release

v0.24.2

Published: 3/18/2021 | Modules affected: alarms, logs, logs/cloudwatch-logs-metric-filters, metrics | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!

    From this release onward, this repo will be running tests with Terraform 0.14.x, so we recommend updating to 0.14.x soon!

    All modules still support Terraform 0.12.26 and above (by using features like required_providers and source URLs).

    Once all Gruntwork repositories have been updated to support Terraform 0.14.x, a newsletter announcement will be published via the Gruntwork Newsletter & a migration guide will be published on our website.

  • SNS topics can now be encrypted in cloudwatch-logs-metric-filters by providing a sns_topic_kms_master_key_id variable.

terraform-aws-security

v0.46.2

Published: 3/30/2021 | Modules affected: account-baseline-root | Release notes

  • Fixes an issue in account-baseline-root introduced in v0.45.6 when creating an organization. The module will now sleep for enough time to allow the Organization and child accounts be created.

v0.46.1

Published: 3/30/2021 | Modules affected: iam-policies, iam-groups, cross-acount-iam-roles, account-baseline-root | Release notes

  • Update the read-only policy in the iam-policies module to the latest permissions for Amazon Elasticsearch. Note that this will also affect the modules that rely on iam-policies, including iam-groups and cross-account-iam-roles.
  • Fix a typo in the account-baseline-root README.

v0.46.0

Published: 3/29/2021 | Modules affected: account-baseline-app, account-baseline-root, account-baseline-security, aws-config-bucket | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
    • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
    • Once all Gruntwork repos have been upgrade to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

v0.45.8

Published: 3/26/2021 | Modules affected: iam-policies, iam-groups, cross-account-iam-roles, account-baseline-root | Release notes

  • Update the billing IAM policy to use the AWS-managed billing policy under the hood (so it's always up to date), but still layer the MFA requirement on top. This will also affect the modules that use this policy under the hood, including the billing IAM group in the iam-groups module and the billing IAM role in the cross-account-iam-roles module.
    • NOTE: Using account-baseline-root with this release results in insufficient permissions on the CloudTrail S3 bucket. Use v0.48.1 or later instead. The cloudtrail-bucket, cloudtrail, and account-baseline-root modules now all expose a new cloudtrail_organization_id input variable that you can use to configure an organization-wide CloudTrail.

v0.45.7

Published: 3/24/2021 | Modules affected: iam-user-password-policy | Release notes

  • Add create_resources variable to iam-user-password-policy module

v0.45.6

Published: 3/24/2021 | Modules affected: account-baseline-root | Release notes

This release fixes a bug in the account-baseline-root module in which certain changes to the child account configuration would result in permissions errors.

v0.45.5

Published: 3/23/2021 | Modules affected: account-baseline-root, aws-organizations, cloudtrail, aws-config | Release notes

  • Fix conditional formatting at account-baseline-root and aws-organizations.
  • Improve Cloudtrail test: fix swaped assert.Equal parameters.
  • Pin Cloudtrail to AWS provider 3 to standardize behavior.
  • Do not call data when create_resources = false in the aws-config module.

v0.45.4

Published: 3/10/2021 | Modules affected: guardduty-multi-region, guardduty | Release notes

  • Exposed the ability to encrypt the SNS topic in the Guard Duty modules with a KMS CMK.

v0.45.3

Published: 3/8/2021 | Modules affected: account-baseline-app, account-baseline-root, account-baseline-security, cloudtrail | Release notes

  • NOTE: The Organizations Trail functionality in this release contains a bug related to insufficient S3 permissions. Use v0.48.1 or later instead. Capability to create an Organization Trail when using the account-baseline modules. To use an Organization Trail, set cloudtrail_is_organization_trail=true in account-baseline-root, then set enable_cloudtrail=false in account-baseline-security and account-baseline-app since the Organization Trail in the root account will automatically set up trails for the member accounts. Note that CloudTrail logs will still be sent to the bucket in the logs account.

v0.45.2

Published: 3/3/2021 | Modules affected: cross-account-iam-roles, iam-groups | Release notes

  • The modules iam-groups and cross-account-iam-roles can be disabled via var.create_resources.

v0.45.1

Published: 3/2/2021 | Modules affected: aws-config-multi-region, ebs-encryption-multi-region, guardduty-multi-region, iam-access-analyzer-multi-region | Release notes

  • Fix bug where ap-northeast-3 was recently promoted to a full region, but is not yet supported by terraform.

terraform-aws-server

v0.11.0

Published: 3/5/2021 | Modules affected: ec2-backup, single-server | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
    • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
    • Once all Gruntwork repos have been upgrade to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

terraform-aws-service-catalog

v0.25.0

Published: 3/25/2021 | Modules affected: networking/vpc-mgmt | Release notes

A few of the variables in the vpc-mgmt module had default values configured and were thus optional, when they should have been required. This release removes these defaults values thus making the variables required. In the unlikely case that you previously relied on these defaults, you will have to make changes to explicitly supply values for these variables.

Variables affected: aws_region, vpc_name, cidr_block, num_nat_gateways.

v0.24.2

Published: 3/24/2021 | Modules affected: mgmt, services | Release notes

  • Packer templates have been updated to accept an instance_type variable. The value of that variable will be used to determine the EC2 instance type used by the Packer builder. This is to work around issues where the default type, t3.micro, is unavailable in some regions/AZs.

v0.24.1

Published: 3/24/2021 | Modules affected: mgmt/jenkins, networking/vpc-mgmt | Release notes

  • Update dependency gruntwork-io/terragrunt to v0.28.16
  • Update dependency gruntwork-io/terraform-aws-vpc to 0.14.4 in the vpc-mgmt module

v0.24.0

Published: 3/24/2021 | Modules affected: data-stores | Release notes

  • The s3-bucket now sets the access_logging_bucket param to null by default. This makes it easier to use the module with Terragrunt. This is a backwards incompatible change because, if you don't set access_logging_bucket any more, this module will no longer create an access logging bucket by default.

v0.23.3

Published: 3/24/2021 | Modules affected: data-stores | Release notes

  • You can now set tags in the s3-bucket service using the new tags input variable.

v0.23.2

Published: 3/22/2021 | Modules affected: networking | Release notes

  • Expose a number of missing fields in the alb service that you can now optionally configure:
    • allow_all_outbound
    • idle_timeout
    • drop_invalid_header_fields
    • custom_tags
    • default_action_content_type
    • default_action_body
    • default_action_status_code
    • acm_cert_statuses
    • acm_cert_types

v0.23.1

Published: 3/18/2021 | Modules affected: networking/vpc, networking/vpc-mgmt | Release notes

  • vpc and vpc-mgmt now expose the vpc_ready output parameter

v0.23.0

Published: 3/16/2021 | Modules affected: data-stores/redis, networking/alb, networking/vpc, networking/vpc-mgmt | Release notes

  • Update dependency gruntwork-io/terraform-aws-cache to v0.11.0. Several months ago, AWS made a backward-incompatible change related to the Elasticache Replication Group Multi-AZ behavior, introducing a new MultiAZEnabled toggle. This means that, the last several months, if you deployed Redis with with enable_automatic_failover set to true, but did not have this MultiAZEnabled flag—which wasn't exposed in Terraform's AWS provider—Redis would be deployed into only a single AZ. This issue was fixed in AWS provider 3.26, and in this release, we now expose a new enable_multi_az variable in the redis module so that you can configure this property. This change is backwards incompatible: you must pass in enable_multi_az. To avoid a rebuild of your cluster, you can set it to null.
  • Creation of network ACLs is now optional in both vpc and vpc-mgmt services.
  • Update dependency gruntwork-io/terraform-aws-load-balancer to v0.22.0
  • Update default version of gruntwork-io/terragrunt installed on CI servers to v0.28.11

v0.22.0

Published: 3/12/2021 | Modules affected: mgmt/jenkins | Release notes

  • The default version of Jenkins that gets installed by the jenkins module has been updated to the latest LTS release (2.235.5 => 2.263.4). The version update contains backwards incompatible changes within Jenkins. Refer to the upgrade guides for 2.249.x and 2.263.x to make sure your build jobs are compatible before rotating your servers.

v0.21.0

Published: 3/10/2021 | Modules affected: networking/alb | Release notes

You can now configure multiple domain names to route to the ALB. This is useful if you want to use host based routing for your services.

Note that this is a backwards incompatible change: as a part of this change, the input variable domain_name has been converted to a list and renamed to domain_names. Similarly, the output alb_dns_name has been converted to a list and renamed to alb_dns_names. You will need to update your configuration to use the new variable and outputs.

v0.20.6

Published: 3/9/2021 | Modules affected: data-stores/aurora, landingzone | Release notes

  • The Aurora module now exposes the ability to export Aurora DB cluster logs to CloudWatch Logs via the enabled_cloudwatch_logs_exports variable.
  • The account-baseline-root module now supports CloudTrail Organization trails. See the complete description in the v0.45.3 release of the terraform-aws-security repo.

v0.20.5

Published: 3/8/2021 | Modules affected: services, mgmt | Release notes

  • Support empty list for secrets_access in ecs-service
  • Output aws-auth-merger namespace name
  • Update dependency gruntwork-io/terraform-aws-ci to v0.30.0

v0.20.4

Published: 3/5/2021 | Modules affected: services | Release notes

  • Use usable_fargate_subnet_ids for aws-auth-merger fargate profile

v0.20.3

Published: 3/4/2021 | Modules affected: landingzone | Release notes

  • Update terraform-aws-security in the account-baseline-root to v0.45.2

v0.20.2

Published: 3/2/2021 | Modules affected: base, data-stores, landingzone, mgmt | Release notes

  • Update dependency gruntwork-io/terraform-aws-security to v0.45.1 (fix for ap-northeast-3 in multi region modules)

v0.20.1

Published: 3/1/2021 | Modules affected: services, data-stores, landingzone | Release notes

  • Allow creating bastion-host with no domain name.
  • Allow specifying custom tags with RDS and Aurora.
  • Allow specifying custom database parameters for RDS and Aurora.
  • Add ability to manage service linked role for elasticsearch in the module
  • Disable 'data' when not using config or cloudtrail in account-baseline-root
  • Add ability to configure encryption at rest and custom tags on elasticsearch

terraform-aws-static-assets

v0.8.0

Published: 3/18/2021 | Modules affected: s3-static-website, | Release notes

Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!

From this release onward, this repo will be running tests with Terraform 0.14.x, so we recommend updating to 0.14.x soon! All modules still support Terraform 0.12.26 and above (by using features like required_providers and source URLs).

Once all Gruntwork repositories have been updated to support Terraform 0.14.x, a newsletter announcement will be published via the Gruntwork Newsletter & a migration guide will be published on our website.

terraform-aws-vpc

v0.14.4

Published: 3/24/2021 | Modules affected: vpc-mgmt-network-acls | Release notes

If create_resources was set to false in the vpc-mgmt-network-acls module, the module would break due to attempting to index empty lists. This release fixes that bug.

v0.14.3

Published: 3/17/2021 | Modules affected: vpc-app | Release notes

  • Older versions of Terraform could not use lists with ternary syntax, so we had to use split and join to work around it. This should not be a problem in current Terraform versions, so we've removed the workaround in this release. There should be no change in behavior, other than, as a nice side effect, plan output should work better now for NAT Gateways.

v0.14.2

Published: 3/16/2021 | Modules affected: vpc-mgmt-network-acls | Release notes

Support for optional resource creation via the create_resources parameter was added to vpc-mgmt-network-acls.

v0.14.1

Published: 3/15/2021 | Modules affected: network-acl-inbound, network-acl-outbound, vpc-app-network-acls | Release notes

  • Support for optional resource creation via the create_resources parameter was added to the following modules: network-acl-inbound, network-acl-outbound, vpc-app-network-acls

v0.14.0

Published: 3/5/2021 | Modules affected: network-acl-inbound, network-acl-outbound, vpc-app-network-acls, vpc-app | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
    • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
    • Once all Gruntwork repos have been upgrade to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

terraform-aws-zookeeper

v0.9.0

Published: 3/25/2021 | Modules affected: exhibitor-shared-config, zookeeper-cluster, zookeeper-iam-permissions, zookeeper-security-group-rules | Release notes

  • Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
    • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
    • Once all Gruntwork repos have been upgrade to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.