Gruntwork release 2025-08

Guides / Update Guides / Releases / 2025-08

This page is lists all the updates to the Gruntwork Infrastructure as Code Library that were released in 2025-08. For instructions on how to use these updates in your code, check out the updating documentation.

Here are the repos that were updated:

• boilerplate
• patcher-cli
• pipelines-cli
• pipelines-workflows
• repo-copier
• terraform-aws-architecture-catalog
• terraform-aws-asg
• terraform-aws-control-tower
• terraform-aws-data-storage
• terraform-aws-ecs
• terraform-aws-eks
• terraform-aws-load-balancer
• terraform-aws-messaging
• terraform-aws-monitoring
• terraform-aws-security
• terraform-aws-server
• terraform-aws-service-catalog
• terraform-aws-vpc

boilerplate

v0.9.0

Published: 8/4/2025 | Release notes

Renamed flags:

• --disable-hooks has been renamed to --no-hooks
• --disable-shell has been renamed to --no-shell

To migrate to the new release:

• Replace the --disable-hooks flag with --no-hooks in your scripts or configurations.

• Replace the --disable-shell flag with --no-shell in your scripts or configurations.

• Review the new confirmation prompts for shell and hook executions, as they will require user input.

• feat: Added confirmation for shell and hooks execution in format y/a/n by @denis256 in https://github.com/gruntwork-io/boilerplate/pull/231

• feat: Renamed --disable-hooks to --no-hooks by @denis256 in https://github.com/gruntwork-io/boilerplate/pull/231

• feat: Renamed --disable-shell to --no-shell by @denis256 in https://github.com/gruntwork-io/boilerplate/pull/231

• chore: Dependabot rules have been updated to group dependencies together by @denis256 in https://github.com/gruntwork-io/boilerplate/pull/231

Full Changelog: https://github.com/gruntwork-io/boilerplate/compare/v0.8.1...v0.9.0

patcher-cli

v0.15.2

Published: 8/25/2025 | Release notes

Release duplicated from https://github.com/gruntwork-io/patcher/releases/tag/v0.15.2

v0.15.1

Published: 8/1/2025 | Release notes

Release duplicated from https://github.com/gruntwork-io/patcher/releases/tag/v0.15.1

pipelines-cli

v0.39.6

Published: 8/13/2025 | Release notes

The Pipelines Ignore List now supports excluding Terragrunt units from runs in addition to ignoring changes to them in Git. This change was made to assist customers using the ignore list to ignore Terragrunt units that could not successfully run due to a lack of authentication configuration, etc. in Pipelines.

• Pin gitlab v1 for tests by @Resonance1584 in https://github.com/gruntwork-io/pipelines/pull/446
• chore: Backporting ignore filter on execute by @yhakbar in https://github.com/gruntwork-io/pipelines/pull/445

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.39.5...v0.39.6

v0.39.5

Published: 8/12/2025 | Release notes

Fixes a bug where the version pin introduced in Pipelines v0.39.4 did not allow for patch versions of Terragrunt v0.84. The version semver check has been loosened to support patch versions as well.

• fix: Fixing max TG version check by @yhakbar in https://github.com/gruntwork-io/pipelines/pull/443

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.39.4...v0.39.5

v0.39.4

Published: 8/6/2025 | Release notes

This release introduces a maximum supported Terragrunt version of v0.84 for the v0.39 line of Pipelines.

The v0.40 line of Pipelines will support versions of Terragrunt >= v0.85.

• chore: Adding max version pin by @yhakbar in https://github.com/gruntwork-io/pipelines/pull/440

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.39.3...v0.39.4

v0.39.3

Published: 8/4/2025 | Release notes

• Includes additional debug logging to help troubleshoot sporadic preflight failures in a self-hosted GitLab environment.

Full Changelog: https://github.com/gruntwork-io/pipelines/compare/v0.39.2...v0.39.3

pipelines-workflows

v3.9.5

Published: 8/13/2025 | Release notes

This pulls in:

1. A bug fix for correct handling of patch versions of Terragrunt version v0.84, allowing patch versions (e.g. v0.84.1).
2. An improvement of the Pipelines Ignore List, which now supports excluding Terragrunt units during Execution in addition to ignoring Git changes during Orchestration.

• chore: Bumping Pipelines CLI version to v0.39.6 by @yhakbar in https://github.com/gruntwork-io/pipelines-workflows/pull/145

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v3...v3.9.5

v3.9.4

Published: 8/6/2025 | Release notes

This release introduces a maximum supported Terragrunt version of v0.84 for the v3 line of Pipelines Workflows.

The v4 line of Pipelines Workflows will support versions of Terragrunt >= v0.85.

• chore: Bumping Pipelines CLI version to v0.39.4 by @yhakbar in https://github.com/gruntwork-io/pipelines-workflows/pull/144

Full Changelog: https://github.com/gruntwork-io/pipelines-workflows/compare/v3...v3.9.4

repo-copier

v0.6.5

Published: 8/29/2025 | Release notes

• chore: tag validation against working tree by @denis256 in https://github.com/gruntwork-io/repo-copier/pull/294

Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.6.4...v0.6.5

v0.6.4

Published: 8/27/2025 | Release notes

• chore: referenced tags validation by @denis256 in https://github.com/gruntwork-io/repo-copier/pull/293

Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.6.3...v0.6.4

v0.6.3

Published: 8/15/2025 | Release notes

• chore: dependabot config for merging dependencies by @denis256 in https://github.com/gruntwork-io/repo-copier/pull/291
• chore: correct spelling errors by @denis256 in https://github.com/gruntwork-io/repo-copier/pull/292

Full Changelog: https://github.com/gruntwork-io/repo-copier/compare/v0.6.2...v0.6.3

terraform-aws-architecture-catalog

v3.1.2

Published: 8/26/2025 | Release notes

• LIB-2545 Update root-pipelines-apply-role and root-pipelines-plan-role (templates/gruntwork-landing-zone/_envcommon/landingzone) with permissions required by new control-tower-multi-account-factory-async module.
• Updated single-account-baseline template to optionally include a pipelines HCL environment config for the new account.
• Deprecates remaining Pipelines v2 templates infra-live-root, infra-live-github-base & devops-foundations-infrastructure-live-delegated
• Bump Terragrunt and OpenTofu versions in boilerplate and mise.toml
• DEV-1024
  • devops-foundations-infrastructure-live-root template to use combine gruntwork-landing-zone template and blueprint components for pipelines artifacts to support code reuse across GitHub and GitLab.
  • devops-foundations-infrastructure-live-access-control template to support code reuse across GitHub and GitLab.
  • single-account-baseline template to support code reuse across GitHub and GitLab.

Full Changelog: https://github.com/gruntwork-io/terraform-aws-architecture-catalog/compare/v3.1.1...v3.1.2

terraform-aws-asg

v1.0.2

Published: 8/1/2025 | Modules affected: server-group | Release notes

• modules/server_group: Ensure var.custom_tags are applied to EC2 instances

terraform-aws-control-tower

v1.0.1

Published: 8/28/2025 | Modules affected: landingzone | Release notes

• landingzone/control-tower-multi-account-factory-async: allow portfolio region to be specified via var.portfolio_region or inherit from AWS_REGION env var

v1.0.0

Published: 8/26/2025 | Release notes

• No changes with this release, moving to v1.x.x SemVer standard

This release marks a significant milestone for the module 🎉 We are officially adopting the Semantic Versioning (SemVer) standard, starting with version v1.0.0. Prior to this release, version tags only incremented patch and minor numbers. Moving forward, all releases should fully comply with the SemVer specification, providing clearer expectations for users regarding changes, compatibility, and upgrade paths.

With the v1.0.0 release, the library module is considered stable. This means that all subsequent changes in the v1.x.x series will be backward-compatible unless a new major version (v2.0.0) is released.

Version numbers will now follow the format MAJOR.MINOR.PATCH

• MAJOR: Incremented for breaking changes or incompatible API changes.
• MINOR: Incremented for new, backward-compatible features.
• PATCH: Incremented for backward-compatible bug fixes.

Users can now rely on the v1.x.x series to remain backward-compatible. Breaking changes should only occur in a future v2.0.0 release.

Each release will include detailed notes indicating whether changes are breaking, additive, or bug fixes, as per SemVer guidelines.

v0.8.8

Published: 8/26/2025 | Modules affected: modules/landingzone | Release notes

• New modules control-tower-account-factory-async, control-tower-multi-account-factory-async and control-tower-provisioned-product-artifact-updater
  • The standard synchronous approach to provisioning or updating AWS accounts via Control Tower can lead to lengthy OpenTofu/Terraform runs, especially when Control Tower APIs are slow or when updating a large number of accounts. More importantly, certain types of "drift" caused by Control Tower changes are difficult to reconcile using OpenTofu/Terraform alone.
  • These new module implement an asynchronous approach by deploying infrastructure (EventBridge, SQS, Lambda, and AWS Step Functions) that monitors for certain API calls. When relevant API calls are made (UpdateProvisioningArtifact and UpgradeProduct), the Lambda is triggered to complete the update process independently of OpenTofu/Terraform.

terraform-aws-data-storage

v0.41.0

Published: 8/15/2025 | Modules affected: lambda-cleanup-snapshots, lambda-create-snapshot, lambda-share-snapshot, backup-vault | Release notes

• fix: update MySQL version and add missing Lambda module outputs
• Air Gapped Vault Support
• Revert "feat: add password_wo option to RDS module"

v0.40.7

Published: 8/7/2025 | Modules affected: redshift, rds, aurora | Release notes

• Add maintance_track_name to redshift module.
• fix(rds): support use of aws_partition selection for RDS
• Fix Redshift cluster creation error by updating deprecated instance type
• feat(aurora): add delete_automated_backups parameter support
• feat: add password_wo option to RDS module

terraform-aws-ecs

v1.1.0

Published: 8/26/2025 | Modules affected: ecs-cluster, ecs-daemon-service, ecs-service, ecs-task-scheduler | Release notes

• Updated IAM service roles to remove overly restrictive aws:SourceAccount condition from the ECS service role
  • This resolves sts:AssumeRole errors that previously prevented the ECS scheduler from performing essential tasks like deregistering targets, which caused deployment failures and services to remain in a "draining" state.

terraform-aws-eks

v1.4.0

Published: 8/29/2025 | Modules affected: eks-aws-auth-merger, eks-cluster-control-plane | Release notes

• Update examples to use AL2023
• Bump kubergrunt version to v0.18.1
• Bump eks-aws-auth-merger to use Go 1.24.0

v1.3.0

Published: 8/27/2025 | Modules affected: eks-cluster-workers | Release notes

• Add documentation for karpenter to eks auto migration
• Add support for secondary storage drives

v1.2.0

Published: 8/13/2025 | Modules affected: eks-k8s-cluster-autoscaler | Release notes

• Update default Helm Chart release version from 9.21.0 to 9.46.6 for the cluster-autoscaler.

terraform-aws-load-balancer

v1.0.2

Published: 8/13/2025 | Modules affected: lb-listener-rules | Release notes

• Fix Typo on LB Listener Rules related to authentication_request_extra_params

terraform-aws-messaging

v1.0.2

Published: 8/17/2025 | Release notes

• feat: Update AWS provider constraints to support v6.0+ by @james03160927 in https://github.com/gruntwork-io/terraform-aws-messaging/pull/183

Full Changelog: https://github.com/gruntwork-io/terraform-aws-messaging/compare/v1.0.1...v1.0.2

terraform-aws-monitoring

v1.0.2

Published: 8/27/2025 | Modules affected: agents, alarms | Release notes

• agents: Add network metrics monitoring via CloudWatch Agent ethtool plugin
• alarms: Update python version from python3.9 to python3.12

terraform-aws-security

v1.0.3

Published: 8/7/2025 | Modules affected: cloudtrail | Release notes

• cloudtrail-bucket: Added proper parameterization for cloudtrail module.

v1.0.2

Published: 8/5/2025 | Modules affected: cloudtrail-bucket | Release notes

• cloudtrail-bucket: Enable custom archiving storage class via var.archive_storage_class

terraform-aws-server

v1.0.2

Published: 8/14/2025 | Modules affected: single-server | Release notes

• Doc redirects fixed.
• feat: add support for custom KMS key for root volume encryption

terraform-aws-service-catalog

v0.127.9

Published: 8/28/2025 | Modules affected: services, networking | Release notes

• services/ec2-instance: propagate root_volume_kms_key_id to ec2-instance module
• networking/sns-topics: update to use python3.12 (from 3.9)

v0.127.8

Published: 8/19/2025 | Modules affected: networking | Release notes

• Added Private Hosted Zone (PHZ) records.

v0.127.7

Published: 8/15/2025 | Modules affected: services | Release notes

• Bump lb-listener-rules to fix typo in load-balancer-repo

terraform-aws-vpc

v0.28.7

Published: 8/12/2025 | Modules affected: network-firewall | Release notes

• Added outputs network_firewall_id and network_firewall_arn to network-firewall module.