Skip to main content

Gruntwork release 2024-02

Guides / Update Guides / Releases / 2024-02

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2024-02. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

boilerplate

v0.5.10

Published: 2/13/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/boilerplate/compare/v0.5.9...v0.5.10

pipelines-cli

v0.5.6

Published: 2/16/2024 | Release notes

v0.5.5

Published: 2/15/2024 | Release notes

v0.5.4

Published: 2/15/2024 | Release notes

v0.5.3

Published: 2/15/2024 | Release notes

v0.5.2

Published: 2/14/2024 | Release notes

repo-copier

v0.5.3

Published: 2/28/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.5.2...v0.5.3

v0.5.2

Published: 2/14/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.5.1...v0.5.2

v0.5.1

Published: 2/14/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.5.0...v0.5.1

v0.5.0

Published: 2/2/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.4.4...v0.5.0

terraform-aws-architecture-catalog

v2.0.0-beta

Published: 2/7/2024 | Release notes

This release introduces a couple changes that significantly alter how the architecture catalog works with respect to the templates for vended accounts.

  1. The account vending process now supports delegated infrastructure-live repositories. These are repositories that are granted limited control over a subset of the total AWS accounts managed within a central infrastructure-live repository. These delegated repositories currently include the following: a. SDLC repositories: These are repositories that control the Software Delivery Lifecycle (dev/stage/prod) for particular teams. The baselines for the relevant accounts are still managed within the main infrastructure-live repository, but the application workloads can now be managed by infrastructure-live-<TEAM NAME> repositories that only have control over their particular workloads. b. Sandbox repositories: These are repositories that are vended by the main infrastructure-live repository and are the same as the SDLC repositories with the exception that they only have one account.

  2. IAM roles used for CI within infrastructure-pipelines have been renamed to better reflect the limits of their capabilities and to introduce a new set of roles that are assumed exclusively by infrastructure-pipelines when configuration updates are made in delegated repos.

  3. A new set of IAM roles called pipelines-pre-auth roles have been added as a control mechanism for authorizing requests made to the infrastructure-pipelines repository from infrastructure-live repositories. This is done by the controls documented here.

  4. Automatically looking up Control Tower provisioning artifact ID instead of requiring it to be passed as input.

  5. Added check to ensure that infrastructure-live repos do not dispatch workflows to infrastructure-pipelines if they are behind main to ensure the integrity of pipelines-execute actions.

  6. Added retries for intermittent errors that can be encountered when using Control Tower modules for provisioning Macie resources.

  7. Increased default timeout for Control Tower.

  8. Added retries for state locks to ensure that concurrent attempts to make the same state update wait instead of immediately failing.

  9. Added logic to ensure that state resources are provisioned prior to attempts to make updates in new accounts.

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v1.3.3...v2.0.0

terraform-aws-cis-service-catalog

v0.49.2

Published: 2/22/2024 | Modules affected: landingzone | Release notes

v0.49.1

Published: 2/21/2024 | Modules affected: networking | Release notes

  • Enhancement/ Blackhole ENI name, description, and tags

v0.49.0

Published: 2/12/2024 | Modules affected: networking | Release notes

  • Enhancement/customizable blackhole routes. This release allows for full customization of blackhole routes on a per subnet basis.

The following variables have been removed:

create_blackhole_route blackhole_route_table_names blackhole_cidr_block

The following variables have been added: blackhole_routes

v0.48.4

Published: 2/9/2024 | Modules affected: landingzone/account-baseline-app, networking | Release notes

  • Make SecurityHub optional. Default to enabling to remain backwards compatible.
  • Format Terraform in networking

terraform-aws-control-tower

v0.5.4

Published: 2/29/2024 | Modules affected: templates/landingzone/boilerplate-single-account-baseline | Release notes

v0.5.3

Published: 2/29/2024 | Modules affected: templates/landingzone/boilerplate-single-account-baseline | Release notes

v0.5.2

Published: 2/29/2024 | Release notes

v0.5.1

Published: 2/28/2024 | Release notes

v0.5.0

Published: 2/27/2024 | Modules affected: templates/landingzone/boilerplate-single-account-factory | Release notes

Overriding/setting module configuration for generating baselines after creating a new account should now happen in one central location: the infra-pipelines workflow file that invokes the single-account-baseline template.

v0.4.6

Published: 2/26/2024 | Modules affected: templates/landingzone/boilerplate-single-account-baseline | Release notes

v0.4.5

Published: 2/23/2024 | Modules affected: landingzone/control-tower-app-account-baseline, landingzone/control-tower-security-account-baseline | Release notes

v0.4.4

Published: 2/21/2024 | Modules affected: landingzone/control-tower-account-factory | Release notes

v0.4.3

Published: 2/9/2024 | Modules affected: landingzone/control-tower-app-account-baseline | Release notes

  • Make Security Hub optional

terraform-aws-ecs

v0.35.15

Published: 2/19/2024 | Modules affected: ecs-service | Release notes

  • add support for codedeploy

terraform-aws-load-balancer

v0.29.22

Published: 2/19/2024 | Modules affected: lb-listener-rules | Release notes

  • Adds option to ignore tg changes making it compatible with blue/green deployments

terraform-aws-monitoring

v0.36.13

Published: 2/23/2024 | Modules affected: alarms | Release notes

  • Add var to allow setting treat_missing_data for lambda-alarms

v0.36.12

Published: 2/13/2024 | Modules affected: metrics, alarms | Release notes

  • metrics cleanup: Remove Amazon Linux 1 example and remove non-existent cloudwatch-agent flags from README
  • route53-health-check-alarms: fix bug with HTTP_STR_MATCH and HTTPS_STR_MATCH type

terraform-aws-security

v0.71.1

Published: 2/16/2024 | Modules affected: guardduty-bucket, kms-master-key | Release notes

  • New guardduty-bucketmodule intended for exporting GuardDuty findings to S3.
  • Add a new optional parameter to kms-master-key cmk_service_principals: additional_principals - list of additional service principals. Useful when, for example, granting access to opt-in region service endpoints (e.g. guardduty.me-south-1.amazonaws.com).

v0.71.0

Published: 2/9/2024 | Modules affected: guardduty-multi-region, guardduty | Release notes

  • guardduty-multi-region
  • guardduty

Implement multiple GuardDuty features:

  • GuardDuty admin account delegation
  • Managing member accounts (manual and automatic) and accepting invitations.
  • Managing organization level GuardDuty protections/features
  • Managing findings S3 export
  • Remove guardduty_detector_account_id from guardduty module. The guardduty-multi-region never used that output.

The guardduty module removes the output guardduty_detector_account_id. Remove the output where it is used.

terraform-aws-service-catalog

v0.109.5

Published: 2/29/2024 | Modules affected: networking | Release notes

  • enhancement/blackhole eni private IP

v0.109.4

Published: 2/21/2024 | Modules affected: networking | Release notes

  • Enhancement/Blackhole ENI Naming and Tags

v0.109.3

Published: 2/21/2024 | Modules affected: landingzone | Release notes

v0.109.2

Published: 2/21/2024 | Modules affected: services/ecs-service | Release notes

  • Add variable listener_rule_ids which allows external listener rules to be created prior to ECS service creation
  • Updates module version of ecs-service to v0.35.15
  • Updates module version of lb-listener-rules to v0.29.22 and adds ignore_changes_to_target_groups variable

v0.109.1

Published: 2/14/2024 | Modules affected: services | Release notes

  • services/ecs-service: expose vars platform_version and deployment_controller

v0.109.0

Published: 2/12/2024 | Modules affected: networking | Release notes

  • Enhancement/customizable blackhole routes. This release allows for full customization of blackhole routes on a per subnet basis.

The following variables have been removed:

create_blackhole_route blackhole_route_table_names blackhole_cidr_block

The following variables have been added: blackhole_routes

v0.108.6

Published: 2/9/2024 | Modules affected: services | Release notes

  • Updated the ecs-cluster to expose EBS storage type

v0.108.5

Published: 2/6/2024 | Modules affected: services, mgmt | Release notes

  • eks-workers: clarify Packer template params
  • mgmt/jenkins: add IMDSv2 support to

terraform-aws-static-assets

v0.18.1

Published: 2/28/2024 | Modules affected: s3-cloudfront | Release notes

  • s3-cloudfront: support multiple s3 origins

terraform-aws-utilities

v0.10.0

Published: 2/21/2024 | Modules affected: request-quota-increase | Release notes

  • request-quota-increase [BACKWARD INCOMPATIBLE]

  • Add codegen for adjustable quotas and allow arbitrary quota requests in request-quota-increase

  • Fix upgrade-tests (CI Module)

  • Update CODEOWNERS

  • Add Terrascan to CI

The input resources_to_increase in request-quota-increase was removed. Change the input values to use quota-specific input variables, e.g.

module "quota_increase" {
source = "git::git@github.com:gruntwork-io/terraform-aws-utilities.git//modules/quota-increase?ref=<VERSION>"

vpc_rules_per_network_acl = 30
vpc_nat_gateways_per_availability_zone = 30
}

terraform-aws-vpc

v0.26.18

Published: 2/27/2024 | Modules affected: transit-gateway | Release notes

Update the outputs of the Transit Gateway module.