Skip to main content

Gruntwork release 2024-07

Guides / Update Guides / Releases / 2024-07

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2024-07. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

patcher-cli

v0.9.0

Published: 7/2/2024 | Release notes

This is the next major release of Patcher, which has features designed to support the next version of our promotion workflows.

⭐ Patcher now supports publishing the results of an upgrade as a GitHub Pull Request. ⭐

The update command now supports three additional flags:

  • --publish: Publish the changes to the remote Git repository and open a pull request.
  • --pr-branch: The branch to create.
  • --pr-title: The pull request's title.

You can publish the result of an upgrade like this:

patcher update --non-interactive --update-strategy next-breaking --publish --pr-title "Update Dependencies" --pr-branch "patcher-update-deps"

Patcher will perform the upgrade as usual, check out a new Git branch, commit the changes, push them to GitHub, and open a pull request.

The following environment variables must be configured when using the --publish flag:

  • GIT_AUTHOR_NAME: The Git Author Name. e.g: Patcher CI.
  • GIT_AUTHOR_EMAIL: The Git Author Email. e.g: patcher@gruntwork.io.

Note: You can only use the publish features when using the update command in non-interactive mode.

Patcher now supports Upgrade Plan and Spec files, which make upgrades more deterministic. Previously, a new dependency version could be released while Patcher was upgrading separate accounts (e.g., ' devandstage`). Patcher would correctly promote the change to the next environment, e.g., dev -> stage, but it didn't guarantee the exact version was used.

Here is an overview of each type.

An upgrade plan contains detailed information on all discovered dependencies, their current versions, and available updates. It also contains information about matched files and patterns used for discovery. When you use an upgrade plan with the update command, Patcher will skip resolving dependencies and use the metadata encoded in the plan. You can write an upgrade plan to a file by using the report command with the --output-flag flag:

patcher report --output-plan plan.json
cat plan.json | jq "."

Note: We’ve omitted the contents for brevity.

While an upgrade plan comprehensively represents the current state and all possible updates, an upgrade spec is a simplified, target-orientated representation of the desired end state after an upgrade. It is used to promote consistent upgrades across different environments, even if dependency usages are located in different files.

Here’s the contents of an example spec file:

{
  "IncludeDirPattern": "{*dev*}/**",
  "ExcludeDirPattern": "",
  "Dependencies": [
    {
      "ID": "gruntwork-io/terraform-aws-cis-service-catalog/landingzone/account-baseline-app",
      "Org": "gruntwork-io",
      "Repo": "terraform-aws-cis-service-catalog",
      "Module": "landingzone/account-baseline-app",
      "Constraints": null,
      "TargetSafeVersion": null,
      "TargetBreakingVersion": "0.41.0"
    },
    {
      "ID": "gruntwork-io/terraform-aws-cis-service-catalog/networking/vpc",
      "Org": "gruntwork-io",
      "Repo": "terraform-aws-cis-service-catalog",
      "Module": "networking/vpc",
      "Constraints": null,
      "TargetSafeVersion": null,
      "TargetBreakingVersion": "0.41.0"
    }
  ]
}

The report command has been changed to now show the upgrade spec by default.

The report command can now include or exclude directories used for discovery using double-star glob patterns. This feature can generate a report of outdated dependencies for select accounts. For example you might have a number of "dev" accounts in your infrastructure-live directory e.g: team-alpha-dev-account and team-beta-dev-account. Use the discovery filters to generate a report with dev accounts only:

patcher report --include-dirs "*-dev-*/**" test/fixtures/report/infrastructure-live-cis-large | jq "."

Or generate a report on standalone accounts only. e.g: logs, security, and shared:

patcher report --exclude-dirs "{_*,*-dev-*,*-stage-*,*-prod-*}/**" | jq "."

Previously, the apply command was the only command that supported a dry-run mode when testing patches. Patcher can now simulate all operations when running the update command in non-interactive mode, which makes it especially useful for validating CI test workflows.

You can invoke the dry run mode by specifying the --dry-run flag:

patcher update --non-interactive --update-strategy next-breaking --dry-run
  • Add the ability to include or exclude report command dependencies.
  • Add support for outputting plan and spec files.
  • Add support for publishing pull requests using the update command.
  • Add support for a global dry-run mode to simulate operations.
  • Change the report command to output upgrade specifications.
  • Bump upstream dependencies.

Full Changelog: https://github.com/gruntwork-io/patcher-cli/compare/v0.8.4...v0.9.0

pipelines-actions

v1.9.0

Published: 7/26/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines-actions/compare/v1.8.0...v1.9.0

v1.8.0

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines-actions/compare/v1.7.1...v1.8.0

v1.7.1

Published: 7/16/2024 | Release notes

  • Bugfix - Default arch_catalog_repo_url had a typo.

Full Changelog: https://github.com/gruntwork-io/pipelines-actions/compare/v1.7.0...v1.7.1

v1.7.0

Published: 7/15/2024 | Release notes

  • Fixes for provisioning delegated repositories.
  • Removal of unnecessary Plan Summary section on comments for applies.

Full Changelog: https://github.com/gruntwork-io/pipelines-actions/compare/v1.6.1...v1.7.0

v1.6.1

Published: 7/10/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines-actions/compare/v1.6.0...v1.6.1

v1.6.0

Published: 7/9/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines-actions/compare/v1.5.0...v1.6.0

v1.5.0

Published: 7/8/2024 | Release notes

This version of pipelines-actions introduces a new architecture for how we manage state for updating comments with the results of plans/applies. The prior architecture included a central mutex to "lock" a state file to ensure that state was consistent across multiple parallel-jobs. The issue with the mutex is locking and unlocking was slow, and with many jobs in parallel (20+) could introduce severe delays to overall pipelines runs. The updated architecture uploads a distinct artifact per job, which then gets aggregated when updating the comment. This removes the need for any central locking and results in a ~20s speedup for small pipelines runs, and a dramatic speedup for large jobs.

Full Changelog: https://github.com/gruntwork-io/pipelines-actions/compare/v1.4.0...v1.5.0

v1.4.0

Published: 7/2/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines-actions/compare/v1.3.4...v1.4.0

pipelines-cli

v0.23.1

Published: 7/31/2024 | Release notes

v0.23.0

Published: 7/31/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.22.0...v0.23.0

v0.22.0

Published: 7/24/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.21.2...v0.22.0

v0.21.2

Published: 7/23/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.21.1...v0.21.2

v0.21.1

Published: 7/19/2024 | Release notes

v0.21.0

Published: 7/18/2024 | Release notes

The aws_accounts block has now become a nested configuration in the new aws block. The intention behind this change is to provide a more generic location for storage of AWS configurations.

While this is a breaking change, it is not currently in use by any customers in production.

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.20.0...v0.21.0

v0.20.0

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.19.3...v0.20.0

v0.19.3

Published: 7/16/2024 | Release notes

v0.19.2

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.19.1...v0.19.2

v0.19.1

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.19.0...v0.19.1

v0.19.0

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.18.0...v0.19.0

v0.18.0

Published: 7/16/2024 | Release notes

The telemetry disclosure has been removed when running in CI. This warning was a valuable disclosure for some folks, but cluttered the logs and users didn't find it valuable to have the disclosure continuously emitted.

Addressing usage feedback, the following has changed in Pipelines HCL configurations:

  • The authentication_profile block has been removed. Authentication configurations must now always be directly defined where authentication is specified.
  • The plan_iam_role and apply_iam_role attributes now utilize fully qualified ARNs instead of just the role name.

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.17.9...v0.18.0

v0.17.9

Published: 7/12/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.17.8...v0.17.9

v0.17.9-alpha

Published: 7/12/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.17.8...v0.17.9-alpha

v0.17.8

Published: 7/12/2024 | Release notes

v0.17.7

Published: 7/11/2024 | Release notes

v0.17.6-alpha

Published: 7/11/2024 | Release notes

v0.17.6

Published: 7/11/2024 | Release notes

v0.17.5

Published: 7/10/2024 | Release notes

v0.17.4

Published: 7/10/2024 | Release notes

v0.17.3

Published: 7/10/2024 | Release notes

v0.17.2

Published: 7/10/2024 | Release notes

v0.17.1

Published: 7/10/2024 | Release notes

v0.17.0

Published: 7/9/2024 | Release notes

v0.16.1

Published: 7/9/2024 | Release notes

v0.16.0

Published: 7/8/2024 | Release notes

v0.15.1-alpha2

Published: 7/3/2024 | Release notes

v0.15.1-alpha

Published: 7/3/2024 | Release notes

v0.15.1

Published: 7/3/2024 | Release notes

v0.15.0

Published: 7/3/2024 | Release notes

v0.14.0

Published: 7/2/2024 | Release notes

pipelines-workflows

v2

Published: 7/2/2024 | Release notes

This is a floating release tracking the latest release with major version 2.

v2.5.0

Published: 7/30/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v2...v2.5.0

v2.4.0

Published: 7/19/2024 | Release notes

This pulls in a change to Pipelines HCL Configuration as Code system to segment the aws_accounts block into an accounts block nested as the aws block.

While this is a breaking change, it is not in use by any customers at the moment, and should be safe to use without modification.

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v2.3.3...v2.4.0

v2.3.3

Published: 7/16/2024 | Release notes

This pulls in a rename of the pipelines HCL configuration block for Pipelines to repository via updates to the pipelines-cli.

In addition, it pulls in changes to pipelines-actions which result in a new CATALOG_TAGS value being used during repository vending. This allows for central management of AWS cost allocation tags for delegated repositories.

Some plumbing changes have been done in addition to improve the configurability of the TF_BINARY configuration, making it easier to decide whether you want to use OpenTofu or Terraform.

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v2...v2.3.3

v2.3.2

Published: 7/16/2024 | Release notes

v2.3.1

Published: 7/16/2024 | Release notes

v2.3.0

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v2.2.1...v2.3.0

v2.2.1

Published: 7/8/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v2...v2.2.0

v2.1.0

Published: 7/3/2024 | Release notes

Take special note of the changes in https://github.com/gruntwork-io/pipelines-workflows/pull/45. It introduces significant changes to how Pipelines workflows operate, and should be evaluated carefully when considering an upgrade to this release.

In particular, https://github.com/gruntwork-io/pipelines-workflows/pull/45 changes the behavior of the EnvCommonChanged job. Pipelines Orchestrate will no longer emit a single job for each AWS account, looking for relevant updates to an _envcommon file that has changed. Instead, a single job will be emitted from the root of the repository that will look for changes throughout the repository. This change leverages the new capabilities released as of v2.0.0 where Terragrunt will dynamically assume the correct role in a given directory through integration with Pipelines.

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v1.6.0...v2.1.0

v2.0.0

Published: 7/2/2024 | Release notes

This release introduces the concept of "hooks" in pipelines-root.yml as a mechanism to customize the account factory workflows. The intention is that consumers will fork pipelines-workflows, add a step to checkout their own actions repository (or their own fork of pipelines-actions), and then change the "uses" block in the pre/post steps to point to their customized workflows.

We're actively trying to balance providing a highly extensible mechanism for users to adapt pipelines to their needs, whilst also maintaining upgrade-ability down the line. We hope that by encouraging customizations to live in separate actions that future updates to pipelines-root.yml will not cause significant merge conflicts, and that updates to pipelines-actions can continue to be pulled in via a version bump, even in a highly customized environment.

This release includes a breaking change requiring that a minimum version of v0.59.5 for Terragrunt is used in CI.

This is due to the fact that Pipelines now integrates with the newly available dynamic authentication capabilities in Terragrunt.

For most, this entails making an update to the .mise.toml file in the root of the repository where Pipelines runs.

While this is the minimum version required, take note of the bug fix introduced in v0.59.7. If you are using the get_aws_account_id function in your Terragrunt configurations, you are advised to upgrade to this version to incorporate that bug fix.

For Pipelines users that allowlist specific actions, version 2.0 includes the following new actions

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v1...v2.0.0

terraform-aws-architecture-catalog

v2.10.0

Published: 7/26/2024 | Release notes

v2.9.1

Published: 7/19/2024 | Release notes

v2.9.0

Published: 7/17/2024 | Release notes

v2.8.0

Published: 7/17/2024 | Release notes

v2.7.0

Published: 7/16/2024 | Release notes

v2.6.1

Published: 7/13/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v2.6.0...v2.6.1

v2.6.0

Published: 7/12/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v2.5.0...v2.6.0

v2.5.0

Published: 7/11/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v2.4.0...v2.5.0

v2.4.0

Published: 7/2/2024 | Release notes

terraform-aws-cis-service-catalog

v0.52.1

Published: 7/16/2024 | Modules affected: data-stores/rds | Release notes

  • Bump rds module

terraform-aws-control-tower

v0.7.10

Published: 7/31/2024 | Modules affected: landingzone | Release notes

  • Add module to create Landing Zone via IaC

v0.7.9

Published: 7/30/2024 | Modules affected: landingzone | Release notes

  • force quote account_id as it no longer is coming out as a string. This fixes account vends where account_id's start with a 0

v0.7.8

Published: 7/15/2024 | Modules affected: landingzone | Release notes

  • feat: Propagate guardduty_findings_kms_key_service_principals

v0.7.7

Published: 7/12/2024 | Modules affected: aws-sso | Release notes

Doc only change- fix sso docs, add 2 examples

terraform-aws-data-storage

v0.38.0

Published: 8/1/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-data-storage/compare/v0.37.3...v0.38.0

terraform-aws-ecs

v0.38.1

Published: 7/23/2024 | Modules affected: ecs-daemon-service, ecs-service, ecs-cluster | Release notes

  • Added support for managed_draining variable recently added to the aws_ecs_capacity_provider resource
  • Cleanup of terrascan and dependabot

terraform-aws-eks

v0.67.8

Published: 7/24/2024 | Modules affected: eks-k8s-karpenter, eks-cluster-managed-workers | Release notes

  • Bump AWS Provider Min Version for Karpenter Module
  • Allow configuring the ami source

v0.67.7

Published: 7/15/2024 | Modules affected: eks-cluster-control-plane, eks-container-logs | Release notes

  • Update VPC CNI example to use EKS Addons
  • Bump up base monitoring module on eks-container-logs

terraform-aws-monitoring

v0.36.21

Published: 7/8/2024 | Modules affected: logs | Release notes

  • Added missing PutRetentionPolicy

terraform-aws-service-catalog

v0.112.19

Published: 7/23/2024 | Modules affected: data-stores | Release notes

  • data-stores/rds: fix module variable optional attrs for backwards compatibility with Terraform < 1.2

v0.112.18

Published: 7/15/2024 | Modules affected: services/ecs-service | Release notes

  • ecs-service: Update lb_listener_rules module fix a missing authenticate_cognito attribute

v0.112.17

Published: 7/12/2024 | Modules affected: data-stores/ecr-repos | Release notes

  • ECR cross account access ecr:ListTagsForResource

v0.112.16

Published: 7/9/2024 | Modules affected: landingzone | Release notes

  • feat: Propagate kms_key_service_principals

v0.112.15

Published: 7/3/2024 | Modules affected: data-stores | Release notes

  • SME-1100 Fix RDS and Aurora managed pw functionality

terrapatch-cli

v0.1.6

Published: 7/2/2024 | Release notes

  • Bumped internal dependencies and fixed CI workflows