Gruntwork release 2019-09
Guides / Update Guides / Releases / 2019-09
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2019-09. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 9/24/2019 | Release notes
Published: 9/25/2019 | Modules affected: cloudwatch-logs-metric-filters | Release notes
Published: 9/13/2019 | Modules affected: generate-aws-config | Release notes
This release ships the tool generate-aws-config which can be used to generate a Terraform module that will provision and configure AWS Config on all enabled regions for the account.
Published: 9/16/2019 | Modules affected: rds | Release notes
- The
rds module now supports storage auto scaling by allowing you to set a new optional input variable called max_allocated_storage. To make this work, we have also changed the default storage type from standard (i.e., magnetic) to gp2 (i.e., SSD). This is a backwards incompatible change; if you were using magnetic storage and wish to keep using it, you can override the default storage type by using the storage_type input variable.
Published: 9/12/2019 | Modules affected: aurora | Release notes
- Add support for Aurora Global Clusters and include an example.
Published: 9/11/2019 | Modules affected: aurora | Release notes
- Added the
cluster_resource_id output to the Aurora module.
- Fix for Broken Nightly Builds.
Published: 9/22/2019 | Modules affected: ecs-deploy | Release notes
- Fix a bug in the
run-ecs-task script where it was not forcing the aws CLI output to be JSON, so the script would fail if a user had overridden the default on their systems to have text output.
Published: 9/18/2019 | Modules affected: ecs-service-with-alb | Release notes
- Switch the
ecs-service-with-alb module from using template_file data sources to local variables for intermediate variables. This fixes an issue where terraform plan was incorrectly reporting ECS services being recreated.
Published: 9/9/2019 | Modules affected: ecs-fargate | Release notes
- The
ecs-fargate module has been updated to only enable ecs deployment check when desired tasks > 0. This allows you to set desired_tasks to 0 to scale down your service.
- The
ecs-fargate module has been updated to add task definition ARN as an output, under the name aws_ecs_task_definition_arn.
Published: 9/20/2019 | Modules affected: eks-cluster-control-plane | Release notes
- Fix a bug in the
upgrade_cluster script used in the eks-cluster-control-plane module where the script incorrectly redeployed the plugins when using a region other than us-west-2, even though the versions were already up to date.
Published: 9/17/2019 | Modules affected: eks-cloudwatch-container-logs, eks-cluster-control-plane | Release notes
- Docs improvements.
- Improves module stability. Specifically, IAM resources now have a 30 second wait to avoid propagation errors.
Published: 9/17/2019 | Modules affected: eks-iam-role-assume-role-policy-for-service-account, eks-cluster-workers, eks-cluster-control-plane | Release notes
Published: 9/17/2019 | Modules affected: eks-cluster-control-plane | Release notes
- The cluster upgrade script that runs to update the Kubernetes plugins installed in the EKS cluster now only updates the components when the versions mismatch.
- The cluster upgrade script can now be turned off by setting the
use_upgrade_cluster_script input variable to false.
Published: 9/11/2019 | Modules affected: eks-cluster-control-plane | Release notes
eks-cluster-control-plane module now supports upgrading Kubernetes components to the expected version for the Kubernetes version deployed on EKS. This is handled using a python script that is run everytime the kubernetes version is updated on the cluster. The deployed versions of each component follows what is described in the official upgrade guide
Additionally, this release includes a few code formatting and example updates that do not affect the underlying modules.
Published: 9/20/2019 | Modules affected: nlb | Release notes
-
nlb [REMOVED]
-
The nlb module has been deprecated and removed. When https://github.com/gruntwork-io/module-load-balancer/issues/61 was fixed, the nlb module reduced to being a thin wrapper over the aws_lb resource and thus it no longer made sense to maintain the module. Instead, users of the module should update to using the aws_lb resource directly.
Refer to the provided migration guide for information on how to replace your usage of the nlb module with the aws_lb resource, including migrating the state to avoid downtime.
Published: 9/10/2019 | Modules affected: alb | Release notes
-
alb
-
Update how the alb module calculates the ALB ARN to use locals instead of a template_file. The template_file seemed to interfere with how Terraform calculated the plan, so if were upgrading from Terraform 0.11, this lead to a plan output that incorrectly reported that your listeners would be recreated (which could lead to downtime). With this new version, the listeners should be modified in place, without any downtime.
-
https://github.com/gruntwork-io/module-load-balancer/pull/64
Published: 9/25/2019 | Modules affected: cloudwatch-logs-metric-filters | Release notes
- The
cloudwatch-logs-metric-filters module uses syntax that wasn't available prior to Terraform version 0.12.6. This version is now required by the module.
Published: 9/24/2019 | Modules affected: logs/cloudwatch-logs-metric-filters, examples/cloudwatch-to-slack | Release notes
- This release adds the
cloudwatch-logs-metric-filters module. The module accepts a map of filter objects and creates a metric filter with associated metric alarm. Use this module to monitor a CloudWatch Logs group for a particular pattern and be notified via SNS when the pattern is matched.
- The update also bumps the sns-to-slack example to use an ubuntu18 server
Published: 9/20/2019 | Modules affected: install-openvpn | Release notes
Published: 9/3/2019 | Modules affected: install-openvpn | Release notes
- Fix a bug where command-line arguments were not being passed to the
install-openvpn script.
Published: 9/26/2019 | Modules affected: cloudtrail | Release notes
- We recently added CloudWatch Logs support to this module. A regression was introduced that causes a perpetual diff on the cloudtrail resource. This release fixes the perpetual diff.
Published: 9/19/2019 | Modules affected: iam-policies | Release notes
- Add state machine permissions to
read_only policy in iam-policies module.
Published: 9/13/2019 | Modules affected: aws-config, iam-groups | Release notes
- A new variable,
sns_topic_already_exists, is now required for the aws-config module. This addresses an issue with using sns_topic_arn. If the SNS topic was created in Terraform and the ARN was passed in via interpolation, the module would crash because Terraform can't resolve the count at plan time. We work around this limitation by instead using a boolean value which can be hard coded to true or false and thus does not hit this limitation.
- Updated the IAM role in
aws-config to account for a policy change made by AWS.
- Updated the
iam-admin group test to use a unique name to avoid conflicts
Published: 9/10/2019 | Modules affected: iam-policies, iam-groups, custom-iam-group, cloudtrail | Release notes
- Added some new policies to the
iam-policies module: an "IAM admin" policy that permits iam:* (with MFA) but nothing else, and a new "require MFA" policy. It denies access to all actions except MFA self-management unless an MFA device is already enabled. You can attach this policy to users, groups, or roles alongside other policies that do not have an MFA condition of their own to ensure that an MFA device is be required for any of the combined actions to be allowed. For example, the AWS managed policies do not have an MFA condition, but if you attach this alongside them, MFA will be required.
- Updated
iam-groups to optionally create an iam-admin group that uses the policy mentioned above, and also optionally a support group with access to interact with AWS support (and nothing else).
- Added new
custom-iam-group module. This module can create a new IAM group and attach a set of policies by ARN or name. It can also ensure that the entire group requires MFA by attaching the "require MFA" policy mentioned above.
- Updated the
cloudtrail module to optionally have separate names for the CloudWatch Logs Group and IAM role. Previously, the name of the role was based on the log group name.
Published: 9/17/2019 | Modules affected: s3-cloudfront | Release notes
- The
s3-cloudfront module now supports specifying multiple origin groups, which allows you to specify one or more S3 buckets to use as failovers in case the primary one fails. You can specify the failover buckets using the new input variables failover_buckets and failover_bucket_website_endpoints.
Published: 9/16/2019 | Release notes
run-pex-as-resourcerun-pex-as-data-source
The run-pex-as-resource and run-pex-as-data-source modules now exposes a variable (enabled) that can be used to conditionally decide whether or not to execute the pex resource. This is helpful when you want to support disabling script execution in your modules.
Published: 9/10/2019 | Release notes
The run-pex-as-resource module now exposes the null_resource triggers and the execution environment variable settings so that you can override them.
Published: 9/11/2019 | Modules affected: vpc-mgmt | Release notes
- The
vpc-mgmt module now adds a Name tag to its NAT Gateway(s) and allows you to specify custom tags via the optional nat_gateway_custom_tags input variable.