Skip to main content

Gruntwork release 2024-07

Guides / Update Guides / Releases / 2024-07

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2024-07. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

patcher-cli

v0.9.0

Published: 7/2/2024 | Release notes

This is the next major release of Patcher, which has features designed to support the next version of our promotion workflows.

⭐ Patcher now supports publishing the results of an upgrade as a GitHub Pull Request. ⭐

The update command now supports three additional flags:

  • --publish: Publish the changes to the remote Git repository and open a pull request.
  • --pr-branch: The branch to create.
  • --pr-title: The pull request's title.

You can publish the result of an upgrade like this:

patcher update --non-interactive --update-strategy next-breaking --publish --pr-title "Update Dependencies" --pr-branch "patcher-update-deps"

Patcher will perform the upgrade as usual, check out a new Git branch, commit the changes, push them to GitHub, and open a pull request.

The following environment variables must be configured when using the --publish flag:

  • GIT_AUTHOR_NAME: The Git Author Name. e.g: Patcher CI.
  • GIT_AUTHOR_EMAIL: The Git Author Email. e.g: patcher@gruntwork.io.

Note: You can only use the publish features when using the update command in non-interactive mode.

Patcher now supports Upgrade Plan and Spec files, which make upgrades more deterministic. Previously, a new dependency version could be released while Patcher was upgrading separate accounts (e.g., ' devandstage`). Patcher would correctly promote the change to the next environment, e.g., dev -> stage, but it didn't guarantee the exact version was used.

Here is an overview of each type.

An upgrade plan contains detailed information on all discovered dependencies, their current versions, and available updates. It also contains information about matched files and patterns used for discovery. When you use an upgrade plan with the update command, Patcher will skip resolving dependencies and use the metadata encoded in the plan. You can write an upgrade plan to a file by using the report command with the --output-flag flag:

patcher report --output-plan plan.json
cat plan.json | jq "."

Note: We’ve omitted the contents for brevity.

While an upgrade plan comprehensively represents the current state and all possible updates, an upgrade spec is a simplified, target-orientated representation of the desired end state after an upgrade. It is used to promote consistent upgrades across different environments, even if dependency usages are located in different files.

Here’s the contents of an example spec file:

{
  "IncludeDirPattern": "{*dev*}/**",
  "ExcludeDirPattern": "",
  "Dependencies": [
    {
      "ID": "gruntwork-io/terraform-aws-cis-service-catalog/landingzone/account-baseline-app",
      "Org": "gruntwork-io",
      "Repo": "terraform-aws-cis-service-catalog",
      "Module": "landingzone/account-baseline-app",
      "Constraints": null,
      "TargetSafeVersion": null,
      "TargetBreakingVersion": "0.41.0"
    },
    {
      "ID": "gruntwork-io/terraform-aws-cis-service-catalog/networking/vpc",
      "Org": "gruntwork-io",
      "Repo": "terraform-aws-cis-service-catalog",
      "Module": "networking/vpc",
      "Constraints": null,
      "TargetSafeVersion": null,
      "TargetBreakingVersion": "0.41.0"
    }
  ]
}

The report command has been changed to now show the upgrade spec by default.

The report command can now include or exclude directories used for discovery using double-star glob patterns. This feature can generate a report of outdated dependencies for select accounts. For example you might have a number of "dev" accounts in your infrastructure-live directory e.g: team-alpha-dev-account and team-beta-dev-account. Use the discovery filters to generate a report with dev accounts only:

patcher report --include-dirs "*-dev-*/**" test/fixtures/report/infrastructure-live-cis-large | jq "."

Or generate a report on standalone accounts only. e.g: logs, security, and shared:

patcher report --exclude-dirs "{_*,*-dev-*,*-stage-*,*-prod-*}/**" | jq "."

Previously, the apply command was the only command that supported a dry-run mode when testing patches. Patcher can now simulate all operations when running the update command in non-interactive mode, which makes it especially useful for validating CI test workflows.

You can invoke the dry run mode by specifying the --dry-run flag:

patcher update --non-interactive --update-strategy next-breaking --dry-run
  • Add the ability to include or exclude report command dependencies.
  • Add support for outputting plan and spec files.
  • Add support for publishing pull requests using the update command.
  • Add support for a global dry-run mode to simulate operations.
  • Change the report command to output upgrade specifications.
  • Bump upstream dependencies.

Full Changelog: https://github.com/gruntwork-io/patcher-cli/compare/v0.8.4...v0.9.0

pipelines-cli

v0.23.1

Published: 7/31/2024 | Release notes

v0.23.0

Published: 7/31/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.22.0...v0.23.0

v0.23.0-rc4

Published: 7/30/2024 | Release notes

Internal use only

v0.23.0-rc3

Published: 7/30/2024 | Release notes

Internal use only

v0.23.0-rc2

Published: 7/29/2024 | Release notes

Internal use only

v0.23.0-rc1

Published: 7/26/2024 | Release notes

For internal use only

v0.22.0

Published: 7/24/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.21.2...v0.22.0

v0.21.2

Published: 7/23/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.21.1...v0.21.2

v0.21.1

Published: 7/19/2024 | Release notes

v0.21.0

Published: 7/18/2024 | Release notes

The aws_accounts block has now become a nested configuration in the new aws block. The intention behind this change is to provide a more generic location for storage of AWS configurations.

While this is a breaking change, it is not currently in use by any customers in production.

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.20.0...v0.21.0

v0.20.0

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.19.3...v0.20.0

v0.19.3

Published: 7/16/2024 | Release notes

v0.19.2

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.19.1...v0.19.2

v0.19.1

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.19.0...v0.19.1

v0.19.0

Published: 7/16/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.18.0...v0.19.0

v0.18.0

Published: 7/16/2024 | Release notes

The telemetry disclosure has been removed when running in CI. This warning was a valuable disclosure for some folks, but cluttered the logs and users didn't find it valuable to have the disclosure continuously emitted.

Addressing usage feedback, the following has changed in Pipelines HCL configurations:

  • The authentication_profile block has been removed. Authentication configurations must now always be directly defined where authentication is specified.
  • The plan_iam_role and apply_iam_role attributes now utilize fully qualified ARNs instead of just the role name.

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.17.9...v0.18.0

v0.17.9

Published: 7/12/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.17.8...v0.17.9

v0.17.9-alpha

Published: 7/12/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.17.8...v0.17.9-alpha

v0.17.8

Published: 7/12/2024 | Release notes

v0.17.7

Published: 7/11/2024 | Release notes

v0.17.6-alpha

Published: 7/11/2024 | Release notes

v0.17.6

Published: 7/11/2024 | Release notes

v0.17.5

Published: 7/10/2024 | Release notes

v0.17.4

Published: 7/10/2024 | Release notes

v0.17.3

Published: 7/10/2024 | Release notes

v0.17.2

Published: 7/10/2024 | Release notes

v0.17.1

Published: 7/10/2024 | Release notes

v0.17.0

Published: 7/9/2024 | Release notes

v0.16.1

Published: 7/9/2024 | Release notes

v0.16.0

Published: 7/8/2024 | Release notes

v0.15.1-alpha2

Published: 7/3/2024 | Release notes

v0.15.1-alpha

Published: 7/3/2024 | Release notes

v0.15.1

Published: 7/3/2024 | Release notes

v0.15.0

Published: 7/3/2024 | Release notes

v0.14.0

Published: 7/2/2024 | Release notes

terraform-aws-architecture-catalog

v2.10.0

Published: 7/26/2024 | Release notes

v2.9.1

Published: 7/19/2024 | Release notes

v2.9.0

Published: 7/17/2024 | Release notes

v2.8.0

Published: 7/17/2024 | Release notes

v2.7.0

Published: 7/16/2024 | Release notes

v2.6.1

Published: 7/13/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v2.6.0...v2.6.1

v2.6.0

Published: 7/12/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v2.5.0...v2.6.0

v2.5.0

Published: 7/11/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v2.4.0...v2.5.0

v2.4.0

Published: 7/2/2024 | Release notes

terraform-aws-cis-service-catalog

v0.52.1

Published: 7/16/2024 | Modules affected: data-stores/rds | Release notes

  • Bump rds module

terraform-aws-control-tower

v0.7.10

Published: 7/31/2024 | Modules affected: landingzone | Release notes

  • Add module to create Landing Zone via IaC

v0.7.9

Published: 7/30/2024 | Modules affected: landingzone | Release notes

  • force quote account_id as it no longer is coming out as a string. This fixes account vends where account_id's start with a 0

v0.7.8

Published: 7/15/2024 | Modules affected: landingzone | Release notes

  • feat: Propagate guardduty_findings_kms_key_service_principals

v0.7.7

Published: 7/12/2024 | Modules affected: aws-sso | Release notes

Doc only change- fix sso docs, add 2 examples

terraform-aws-data-storage

v0.38.0

Published: 8/1/2024 | Release notes

Full Changelog: https://github.com/gruntwork-io/terraform-aws-data-storage/compare/v0.37.3...v0.38.0

terraform-aws-ecs

v0.38.1

Published: 7/23/2024 | Modules affected: ecs-daemon-service, ecs-service, ecs-cluster | Release notes

  • Added support for managed_draining variable recently added to the aws_ecs_capacity_provider resource
  • Cleanup of terrascan and dependabot

terraform-aws-eks

v0.67.8

Published: 7/24/2024 | Modules affected: eks-k8s-karpenter, eks-cluster-managed-workers | Release notes

  • Bump AWS Provider Min Version for Karpenter Module
  • Allow configuring the ami source

v0.67.7

Published: 7/15/2024 | Modules affected: eks-cluster-control-plane, eks-container-logs | Release notes

  • Update VPC CNI example to use EKS Addons
  • Bump up base monitoring module on eks-container-logs

terraform-aws-monitoring

v0.36.21

Published: 7/8/2024 | Modules affected: logs | Release notes

  • Added missing PutRetentionPolicy

terraform-aws-service-catalog

v0.112.19

Published: 7/23/2024 | Modules affected: data-stores | Release notes

  • data-stores/rds: fix module variable optional attrs for backwards compatibility with Terraform < 1.2

v0.112.18

Published: 7/15/2024 | Modules affected: services/ecs-service | Release notes

  • ecs-service: Update lb_listener_rules module fix a missing authenticate_cognito attribute

v0.112.17

Published: 7/12/2024 | Modules affected: data-stores/ecr-repos | Release notes

  • ECR cross account access ecr:ListTagsForResource

v0.112.16

Published: 7/9/2024 | Modules affected: landingzone | Release notes

  • feat: Propagate kms_key_service_principals

v0.112.15

Published: 7/3/2024 | Modules affected: data-stores | Release notes

  • SME-1100 Fix RDS and Aurora managed pw functionality

terrapatch-cli

v0.1.6

Published: 7/2/2024 | Release notes

  • Bumped internal dependencies and fixed CI workflows