Skip to main content

Gruntwork release 2021-08

Guides / Update Guides / Releases / 2021-08

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2021-08. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

gruntwork

v0.2.4

Published: 8/25/2021 | Release notes

Added support for passing in extra parameters for DNS configuration to the dns register subcommand. Some international domains require additional configuration.

v0.2.3

Published: 8/20/2021 | Release notes

Starting this release, we will publish binaries for darwin/arm64 (Apple Silicon) architecture.

repo-copier

v0.0.17

Published: 8/19/2021 | Release notes

This release contains updates to the formatting of any go code, and an update to documentation on how to run and configure automated tests with the trial license.

  • Replaced gofmt with goimports.
  • Updated documentation to detail how to update trial licenses

terraform-aws-architecture-catalog

v0.0.18

Published: 8/19/2021 | Release notes

(no release notes found)

v0.0.17

Published: 8/19/2021 | Release notes

(no release notes found)

v0.0.16

Published: 8/19/2021 | Release notes

(no release notes found)

terraform-aws-asg

v0.15.1

Published: 8/17/2021 | Modules affected: server-group | Release notes

  • Removed references to deprecated template provider and replaced with official replacements.

terraform-aws-cache

v0.16.1

Published: 8/17/2021 | Modules affected: memcached, redis | Release notes

  • Removed references to deprecated template provider

terraform-aws-ci

v0.38.9

Published: 8/24/2021 | Modules affected: ecs-deploy-runner-standard-configuration, infrastructure-deploy-script | Release notes

  • You can now pass through terragrunt-log-level as command-args in EDR to infrastructure-deploy-script

v0.38.8

Published: 8/20/2021 | Modules affected: ecs-deploy-runner | Release notes

  • Bump to latest kubergrunt version in ecs-deploy-runner container.

v0.38.7

Published: 8/20/2021 | Release notes

  • Updates edrhelpers test assertion with a new expected string value. No functional impact for users.

v0.38.6

Published: 8/20/2021 | Modules affected: ecs-deploy-runner | Release notes

Updates the ecs-deploy-runner Dockerfile to use the correct version of terraform-aws-ci with updated and fixed build scripts.

v0.38.5

Published: 8/18/2021 | Modules affected: ecs-deploy-runner-standard-configuration, infrastructure-deploy-script | Release notes

  • ecs-deploy-runner-standard-configuration

  • infrastructure-deploy-script

  • Support destroy in the CI / CD pipeline. The ecs-deploy-runner-standard-configuration has been updated to support running destroy, plan -destroy, and apply -destroy. The infrastructure-deploy-script has been updated to run destroy operations under certain protections:

    • It validates that the destroy request is only for a path/module that has indeed been deleted in the latest version of the repo for which the script is called.
    • It makes sure that the destroy ref (commit/tag/branch) is indeed in the ancestry path of the main branch.
  • https://github.com/gruntwork-io/terraform-aws-ci/pull/327

v0.38.4

Published: 8/17/2021 | Modules affected: build-helpers, ecs-deploy-runner | Release notes

build-packer-artifact now supports HCL Packer templates. The ecs-deploy-runner Dockerfile has been updated to include hcl2json which is needed by the updated build-packer-artifact.

v0.38.3

Published: 8/13/2021 | Modules affected: ecs-deploy-runner | Release notes

  • ECS Deploy Runner now defaults to installing packer 1.7.4 and terraform-aws-ci version 0.38.2

v0.38.2

Published: 8/9/2021 | Modules affected: build-helpers | Release notes

  • Updated build-packer-artifact to be compatible with provider download specifications from packer 1.7. The script will now call packer init if the target template is non-json and the underlying packer version supports init.

terraform-aws-cis-service-catalog

v0.27.0

Published: 8/27/2021 | Modules affected: landingzone, observability | Release notes

  • This release reverts v0.24.0, updating MFA Delete = false for S3 Buckets.

v0.26.3

Published: 8/27/2021 | Modules affected: networking, observability, security, landingzone | Release notes

  • Update dependency gruntwork-io/terraform-aws-vpc to v0.17.3
  • Update dependency gruntwork-io/terraform-aws-security to v0.54.0
  • Update dependency gruntwork-io/terraform-aws-service-catalog to v0.59.4

v0.26.2

Published: 8/24/2021 | Modules affected: landingzone, security | Release notes

Integrates Macie into the Landing Zone modules. This release also makes the buckets_to_analyze variable optional and defaults it to empty. When buckets_to_analyze has no entry for a particular region, the resource aws_macie2_classification_job will not be created in that region.

v0.26.1

Published: 8/23/2021 | Modules affected: landingzone, networking, observability, security | Release notes

  • macie: Add support for multi-account setup. Add two additional resources to the macie module: aws_macie2_member and aws_macie2_invitation_accepter, whereby adding support for the multi-account setup. The multi-account setup functions in a similar way to Security Hub: administrator account will have a number of aws_macie2_member created in it (in each enabled region), one for each member account. This is controlled by the external_member_accounts variable. Member accounts will each have a aws_macie2_invitation_accepter resource created in them (in each enabled region). This is controlled by the administrator_account_id variable.

  • This release also updates a number of dependencies:

    • gruntwork-io/terraform-aws-security to v0.53.7
    • gruntwork-io/terraform-aws-lambda to v0.13.3
    • gruntwork-io/terraform-aws-vpc to v0.17.2
    • gruntwork-io/terraform-aws-monitoring to v0.30.1
    • gruntwork-io/terraform-aws-service-catalog to v0.58.5
  • This release also updates the for-production examples for architecture catalog v0.0.18

v0.26.0

Published: 8/11/2021 | Modules affected: landingzone, networking, observability, security | Release notes

  • Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform 1.0.x!
    • From this release onward, we will only be running tests with Terraform 1.0.x against this repo, so we recommend updating to 1.0.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x.
    • Once all Gruntwork repos have been upgrade to work with 1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

v0.25.1

Published: 8/11/2021 | Modules affected: landingzone, networking, security, observability | Release notes

Add a module for deploying and configuring Amazon Macie.

This release also configures the RenovateBot not to update this repo itself, as well as updates the following dependencies:

  • gruntwork-io/terraform-aws-vpc to v0.17.1
  • gruntwork-io/terraform-aws-security to v0.53.4
  • gruntwork-io/terraform-aws-lambda to v0.13.2
  • gruntwork-io/terraform-aws-service-catalog to v0.56.1

v0.25.0

Published: 8/5/2021 | Modules affected: security, networking, observability, landingzone | Release notes

  • Update the codebase to new multi-region approach. In v0.51.0 of terraform-aws-security, we refactored how we build multi-region modules—that is, those modules that deploy resources across every single AWS region, such as aws-config-multi-region—to no longer create nested provider blocks, and instead, have users pass in providers via the providers map. In this release, we have updated the modules in this repo to use this new release of terraform-aws-security and to use the same behavior with providers. This reduces the number of providers that Terraform must instantiate, making the modules much faster and more stable to use. It also gives you full control over how to authenticate to your various AWS accounts. However, this is a backwards incompatible change, so make sure to read the migration guide below.

  • Update dependency versions: We have updated the versions of a number of dependencies in this repo. Here are the versions that have been updated in this release:

    • Update dependency gruntwork-io/terraform-aws-utilities to v0.6.0
    • Update dependency gruntwork-io/terraform-aws-lambda to v0.13.0
    • Update dependency gruntwork-io/terraform-aws-vpc to v0.17.0
    • Update dependency gruntwork-io/terraform-aws-monitoring to v0.30.0
    • Update dependency gruntwork-io/terraform-aws-security to v0.53.2
    • Update dependency gruntwork-io/terraform-aws-service-catalog to v0.55.1

v0.24.1

Published: 8/3/2021 | Modules affected: networking/vpc | Release notes

  • Override renovate.json ignorePaths so that it won't ignore examples or tests
  • vpc: Expose default security group ID in outputs

terraform-aws-data-storage

v0.21.1

Published: 8/18/2021 | Modules affected: aurora, lambda-cleanup-snapshots, lambda-copy-shared-snapshot, lambda-create-snapshot | Release notes

  • Removed references to template provider and replaced with official alternatives.

terraform-aws-ecs

v0.31.0

Published: 8/30/2021 | Modules affected: ecs-service | Release notes

v0.30.4

Published: 8/25/2021 | Modules affected: ecs-service | Release notes

  • Updated to expose proxy_configuration subblock for the aws_ecs_task_definition resource to support App Mesh.

v0.30.3

Published: 8/18/2021 | Modules affected: ecs-service | Release notes

  • Removed references to the deprecated template provider and replaced with official recommendation.

v0.30.2

Published: 8/11/2021 | Modules affected: ecs-service | Release notes

  • You can now enable the ECS "circuit breaker" feature via the new deployment_circuit_breaker input variable.

terraform-aws-eks

v0.44.6

Published: 8/25/2021 | Modules affected: eks-cluster-control-plane | Release notes

  • Updated the kubergrunt version that gets automatically installed to v0.7.9

v0.44.5

Published: 8/20/2021 | Modules affected: eks-cluster-control-plane | Release notes

  • Bump default kubergrunt download URL to the latest version

v0.44.4

Published: 8/19/2021 | Modules affected: eks-container-logs | Release notes

  • Exposed extraFilters helm chart input value with the extra_filters var in the eks-container-logs module.

v0.44.3

Published: 8/13/2021 | Modules affected: eks-k8s-cluster-autoscaler-iam-policy | Release notes

  • Updated Cluster Autoscaler IAM permissions to allow describing launch templates

v0.44.2

Published: 8/13/2021 | Modules affected: eks-cluster-control-plane, eks-cluster-workers-cross-access, eks-k8s-external-dns | Release notes

  • Removed usage of the deprecated template provider and replaced them with HashiCorp recommended replacements.

v0.44.1

Published: 8/13/2021 | Modules affected: eks-aws-auth-merger, eks-cluster-control-plane | Release notes

  • Upgraded dependencies of aws-auth-merger.
  • Updated examples to use packer 1.7 with HCL2.
  • Bumped reference kubergrunt version to 0.7.4.

terraform-aws-lambda

v0.13.3

Published: 8/18/2021 | Modules affected: lambda-edge | Release notes

  • Add a required_providers block to the lambda-edge module so you can pass in a custom provider and not get warnings in Terraform 0.15 and above.

v0.13.2

Published: 8/11/2021 | Modules affected: lambda | Release notes

  • You can now have the lambda module use an existing IAM role, rather than creating a new one, by passing in the IAM role's ARN via the new existing_role_arn input variable.

v0.13.1

Published: 8/9/2021 | Modules affected: lambda-edge, lambda | Release notes

  • Removed usage of the template provider which is now deprecated.

terraform-aws-load-balancer

v0.27.1

Published: 8/17/2021 | Release notes

  • Examples have been updated to not use the deprecated template provider. No changes to modules.

terraform-aws-messaging

v0.7.2

Published: 8/10/2021 | Modules affected: sqs | Release notes

  • Removed references to the deprecated template provider

terraform-aws-monitoring

v0.30.2

Published: 8/30/2021 | Modules affected: alarms/elasticache-redis-alarms | Release notes

  • Fix copy/paste error in the curr_connections and replication-lag alarm names in elasticache-redis-alarms.
  • Several fixes to stabilize automated tests in this repo.

v0.30.1

Published: 8/19/2021 | Modules affected: alarms | Release notes

  • Removed references to deprecated template provider and replaced with official Hashicorp alternatives.

terraform-aws-openvpn

v0.16.1

Published: 8/17/2021 | Release notes

  • Removed references to deprecated template provider in examples (no changes to underlying modules).

terraform-aws-security

v0.54.0

Published: 8/24/2021 | Modules affected: aws-config-bucket, aws-config-multi-region, aws-config, cloudtrail-bucket | Release notes

  • Remove variable enable_lifecycle_rules (introduced at v0.53.1) from Config and Cloudtrail buckets This variable was only being used when mfa_delete=true, to reduce complexity we removed it and mfa_delete is being used as a toggle for the Lifecycle rules.

v0.53.7

Published: 8/19/2021 | Modules affected: private-s3-bucket | Release notes

  • Added a new boolean flag, var.enable_sse, that dictates whether or not to enable SSE on S3 buckets.

v0.53.6

Published: 8/19/2021 | Modules affected: aws-config | Release notes

  • You can now control if the aws-config module tries to attach IAM policies to the IAM role using the new should_attach_sns_policy input variable.

v0.53.5

Published: 8/17/2021 | Modules affected: custom-iam-entity, os-hardening | Release notes

  • Removed references to the deprecated template provider and replaced with official recommendations.

v0.53.4

Published: 8/11/2021 | Modules affected: cloudtrail-bucket, cloudtrail, aws-config-multi-region, aws-config | Release notes

  • Clarifies optional direct usage of cloudtrail-bucket module
  • Explains how to configure the cloudtrail bucket to exist outside of the management account
  • Updates the aws-config module aggregator functionality to work with the aws_region data source and module depends_on. For details, see https://github.com/gruntwork-io/terraform-aws-security/pull/509.

v0.53.3

Published: 8/10/2021 | Modules affected: aws-config-multi-region, aws-config | Release notes

  • Introduced enable_all_regions_for_config_aggregator which can be used to configure whether AWS should set the config aggregator to all regions regardless of opt_in_regions.

terraform-aws-server

v0.13.3

Published: 8/18/2021 | Modules affected: single-server | Release notes

  • Added variable for passing a map of tags to set on the root volume.

v0.13.2

Published: 8/10/2021 | Release notes

  • Removed references to deprecated template provider

v0.13.1

Published: 8/3/2021 | Modules affected: single-server | Release notes

  • You can now configure the single-server module to point the Route 53 DNS record at the private IP of the EIP rather than the public IP by setting the new dns_uses_private_ip variable to true.

terraform-aws-service-catalog

v0.59.4

Published: 8/26/2021 | Modules affected: services | Release notes

  • Update ecs-service module with newly added inputs to configure App Mesh behavior

v0.59.3

Published: 8/25/2021 | Modules affected: landingzone/account-baseline-security | Release notes

Optionally create service-linked roles for security account using var.service_linked_roles.

v0.59.2

Published: 8/25/2021 | Modules affected: services | Release notes

  • Updated eks-workers module to allow specifying per Managed Node Group (MNG) --kublet-extra-args. You can now configure eks_kubelet_extra_args on each MNG group to override the extra args that should be passed to the underlying kubelet process. You can also configure different user data boot scripts for each worker by setting the cloud_init_parts field on the MNG configuration.

v0.59.1

Published: 8/24/2021 | Modules affected: services | Release notes

  • Updated eks-workers module to allow specifying per ASG --kublet-extra-args. You can now configure eks_kubelet_extra_args on each ASG group to override the extra args that should be passed to the underlying kubelet process. You can also configure different user data boot scripts for each worker by setting the cloud_init_parts field on the ASG configuration.

v0.59.0

Published: 8/24/2021 | Modules affected: data-stores, landingzone, networking | Release notes

  • Set MFA Delete to false by default on S3 buckets [BACKWARDS INCOMPATIBLE]
  • Adding apply_default_nacl_rules to the VPC module

v0.58.5

Published: 8/20/2021 | Modules affected: data-stores/s3-bucket, mgmt | Release notes

  • Add a new boolean flag, var.enable_sse, that dictates whether or not to enable SSE on S3 buckets.
  • Update dependency gruntwork-io/terraform-aws-ci to v0.38.6

v0.58.4

Published: 8/20/2021 | Modules affected: mgmt, networking, services, base | Release notes

  • Added ability to configure additional filters on fluent-bit in eks-core-services module
  • Update dependency gruntwork-io/kubergrunt to v0.7.6
  • Update dependency gruntwork-io/terraform-aws-eks to v0.44.4
  • Update dependency gruntwork-io/terraform-aws-ci to v0.38.5
  • Update dependency gruntwork-io/terraform-aws-server to v0.13.3
  • Update dependency gruntwork-io/terraform-aws-monitoring to v0.30.1
  • Update dependency gruntwork-io/terraform-aws-data-storage to v0.21.1
  • Update dependency gruntwork-io/terraform-aws-openvpn to v0.16.1
  • Update dependency gruntwork-io/terraform-aws-asg to v0.15.1
  • Update dependency gruntwork-io/terraform-aws-cache to v0.16.1
  • Update dependency gruntwork-io/terraform-aws-load-balancer to v0.27.1
  • Update dependency gruntwork-io/terraform-aws-ecs to v0.30.3
  • Update dependency gruntwork-io/terraform-aws-messaging to v0.7.2
  • Update dependency gruntwork-io/terraform-aws-vpc to v0.17.2

v0.58.3

Published: 8/19/2021 | Modules affected: data-stores | Release notes

  • Add support for passing CORS Rules via var.cors_rules

v0.58.2

Published: 8/19/2021 | Modules affected: services/ec2-instance | Release notes

  • When you set dns_zone_is_private to true, the ec2-instance module will now associate the private IP of the instance with the Route 53 private zone.

v0.58.1

Published: 8/19/2021 | Modules affected: mgmt, base, services | Release notes

  • Allow the Elastic IP to not be created in the ec2-instance module.
  • The following dependencies were updated to:
    • Update dependency gruntwork-io/terragrunt to v0.31.5
    • Update dependency gruntwork-io/terraform-aws-server to v0.13.2
    • Update dependency gruntwork-io/terraform-aws-lambda to v0.13.3
    • Update dependency gruntwork-io/terraform-aws-ci to v0.38.4
    • Update dependency gruntwork-io/gruntwork-installer to v0.0.37

v0.58.0

Published: 8/17/2021 | Modules affected: services | Release notes

  • Added the ability to track external Fargate Profile executor IAM roles in the aws-auth configmap
  • Fixed bug where managed node groups could not be updated post deployment due to an error message about MIME format.
  • Fixed bug where using managed node groups sometimes caused an error with IAM roles for self managed ASGs.
  • Fixed bug where baseline IAM policies for various services were not being attached to managed node groups.

v0.57.0

Published: 8/16/2021 | Modules affected: networking, services | Release notes

  • The default Kubernetes version deployed by the eks-cluster module has been updated to 1.21. If you wish to maintain backward compatibility with your existing setup, you will want to configure the kubernetes_version parameter to the version of Kubernetes you are currently using. Note that 1.21 requires kubergrunt version 0.7.3 and above.
  • The default Kubernetes version used by the EKS worker packer template has been updated to 1.21. If you wish to maintain backward compatibility with your existing setup, you will want to configured the kubernetes_version packer parameter to the version of Kubernetes you are currently using.
  • The default cluster-autoscaler version has been updated to 1.21 in the eks-core-services module. If you wish to maintain backward compatibility with your existing setup, you will want to configure the cluster_autoscaler_version input variable.

v0.56.2

Published: 8/12/2021 | Modules affected: services | Release notes

  • Added support for configuring Horizontal Pod Autoscaler (via the horizontal_pod_autoscaler input variable) and overriding chart inputs (via the override_chart_inputs input variable).

v0.56.1

Published: 8/11/2021 | Modules affected: services | Release notes

  • Exposed additional_security_group_ids in ec2-instance module

v0.56.0

Published: 8/10/2021 | Modules affected: base, services/ecs-cluster, services/eks-workers, mgmt/ecs-deploy-runner | Release notes

  • [BACKWARD INCOMPATIBLE] This release updates all the Packer templates to HCL2. See the Getting started guide from HashiCorp for details on HCL2.
  • Template data sources have been moved to local values to avoid dependency issues.
  • The for-production examples have been updated.
  • The test finder logic has been moved to the terraform-aws-ci repo.

v0.55.3

Published: 8/9/2021 | Modules affected: mgmt, services | Release notes

  • Increase default max resources for ecs-deploy-runner
  • wrap with trimspace to we dont keep changing userdata, This changes fixes a perpetual diff that could occur on the userdata field.

v0.55.2

Published: 8/6/2021 | Modules affected: mgmt | Release notes

  • Expose variable from inner module to bastion host

v0.55.1

Published: 8/4/2021 | Modules affected: mgmt | Release notes

  • install gruntkms in jenkins

v0.55.0

Published: 8/3/2021 | Modules affected: services, mgmt, networking, base | Release notes

  • Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform 1.0.x!

    • From this release onward, we will only be running tests with Terraform 1.0.x against this repo, so we recommend updating to 1.0.x soon!
    • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x.
    • Once all Gruntwork repos have been upgrade to work with 1.0.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
  • Fixed a bug in the ec2-instance service module that prevented customization of the EBS volumes.

  • The following dependencies were updated to:

    • Update dependency gruntwork-io/terratest to v0.37.2
    • Update dependency gruntwork-io/terraform-kubernetes-namespace to v0.4.0
    • Update dependency gruntwork-io/terraform-aws-utilities to v0.6.0
    • Update dependency gruntwork-io/terraform-aws-ci to v0.38.1
    • Update dependency gruntwork-io/aws-sample-app to v0.0.4
    • Update dependency gruntwork-io/terragrunt to v0.31.2
    • Update dependency gruntwork-io/terraform-aws-messaging to v0.7.1

terraform-aws-static-assets

v0.12.0

Published: 8/24/2021 | Modules affected: s3-cloudfront | Release notes

Updated the s3-cloudfront module to create the S3 bucket for access logs using the private-s3-bucket module under the hood. This adds several extra layers of protection for the access logs bucket, including blocking all public access, enabling encryption at rest, and requiring encryption in transit. This is a backwards incompatible change, so see the migration guide for upgrade instructions.

terraform-aws-vpc

v0.17.3

Published: 8/25/2021 | Modules affected: vpc-interface-endpoint | Release notes

  • Add VPC Interface Endpoint for Redshift Data API Service

v0.17.2

Published: 8/20/2021 | Modules affected: vpc-interface-endpoint | Release notes

  • The vpc-interface-endpoint module can now automatically create a security group that allows HTTPS ingress to the endpoints from your VPC if you set create_https_security_group to true.

v0.17.1

Published: 8/10/2021 | Modules affected: vpc-interface-endpoint, vpc-app, vpc-mgmt | Release notes

  • Added support for EBS and Lambda interface endpoints.
  • Removed usage of the deprecated template provider.