Releases: cloudposse/terraform-aws-config
Releases · cloudposse/terraform-aws-config
v1.5.3
fix(main.tf): handle enabled boolean in manage_rules @mikedizon (#124)
## whatuse enabled boolean in managed_rules variable
why
aws_config_config_rule resources were still being created despite enabled being set to false
🤖 Automatic Updates
Migrate new test account @osterman (#122)
## what - Update `.github/settings.yml` - Update `.github/chatops.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level to getterratestenvironment - Migrate to new
testaccount
References
- DEV-388 Automate clean up of test account in new organization
- DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
- DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @osterman (#121)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#120)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#117)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write @osterman (#114)
## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PRwhy
- So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#113)
## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repowhy
- Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#112)
## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` actionwhy
- The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @osterman (#111)
## what - Update workflows (`.github/workflows/settings.yaml`)why
- Support new readme generation workflow.
- Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#109)
## what- Install latest GitHub Action Workflows
why
- Use shared workflows from
cldouposse/.githubrepository - Simplify management of workflows from centralized hub of configuration
Add GitHub Settings @osterman (#104)
## what - Install a repository config (`.github/settings.yaml`)why
- Programmatically manage GitHub repo settings
Update Scaffolding @osterman (#101)
## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergifywhy
- Upstream template changed in the
.githubrepo - Work better with repository rulesets
- Modernize look & feel
Update Scaffolding @osterman (#100)
## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergifywhy
- Upstream template changed in the
.githubrepo - Work better with repository rulesets
- Modernize look & feel
Contributors
mikedizon and osterman
Assets 2
v1.5.2
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#92)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Update Terraform cloudposse/iam-role/aws to v0.19.0 @renovate (#89)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/iam-role/aws (source) | module | minor | 0.15.0 -> 0.19.0 |
Release Notes
cloudposse/terraform-aws-iam-role (cloudposse/iam-role/aws)
v0.19.0
IAM Role name length limit @goruha (#58)
what
- Fix IAM role name length limit
why
- Fix IAM role name length limited to 64
Sync github @max-lobur (#54)
Rebuild github dir from the template
v0.18.0
- No changes
v0.17.0
Update main.tf @karinatitov (#50)
have a chance to configure the name of the policy
what
- With this change i want to have an ability to provide a custom name for the policy
why
- the resources i'm working with were not created in the same way this module assumes
- to have a chance to configure the name of the policy
git.io->cloudposse.tools update @dylanbannon (#46)
what and why
Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.
References
- DEV-143
v0.16.2
🚀 Enhancements
Add enabled check to data source @nitrocode (#45)
what
- Add enabled check to data source
- Add TestExamplesCompleteDisabled check
why
- Prevent creation if enabled is false
references
v0.16.1
🚀 Enhancements
Disabling all tags in all iam resources @jamengual (#44)
what
- In https://github.com/cloudposse/terraform-aws-iam-role/pull/43 I added the option to disable role tags but in environments where roles are created under very strict controls, the policy tags for the roles sometimes can't be tagged. This change disable tags for all IAM related resources.
why
- to disable tags for role-related things. Use one variable instead of two.
references
v0.16.0
Making tags for roles optional @jamengual (#43)
what
- Make role tags optional
why
- Restrictive policy boundaries do not allow tag roles in highly secure environments.
Contributors
osterman, renovate, and cloudpossebot
Assets 2
v1.5.1
🚀 Enhancements
resolve deprecation warning in conformance_pack sub-module @gpetras (#76)
what
When using the conformance pack module via examples/hipaa I get the following deprecation warning:
$ terraform plan -var-file=fixtures.us-east-2.tfvars
[snip]
Plan: 16 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ config_recorder_id = (known after apply)
+ storage_bucket_arn = (known after apply)
+ storage_bucket_id = (known after apply)
╷
│ Warning: Deprecated attribute
│
│ on ../../modules/conformance-pack/main.tf line 12, in resource "aws_config_conformance_pack" "default":
│ 12: template_body = data.http.conformance_pack.body
│
│ The attribute "body" is deprecated. Refer to the provider documentation for details.
╵
why
The body parameter in the Terraform http data resource has been deprecated in favor of request_body
references
https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http
🤖 Automatic Updates
Update Terraform cloudposse/config/yaml to v1.0.2 @renovate (#88)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/config/yaml (source) | module | patch | 1.0.1 -> 1.0.2 |
Release Notes
cloudposse/terraform-yaml-config (cloudposse/config/yaml)
v1.0.2
git.io->cloudposse.tools update @dylanbannon (#21)
what and why
Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.
References
- DEV-143
🚀 Enhancements
Use cloudposse/template provider @nitrocode (#25)
what
- Use cloudposse/template provider
why
- The new cloudposse/template provider has a darwin arm binary for M1 laptops
references
Contributors
renovate and gpetras
Assets 2
v1.5.0
added recording_mode{} attribute @AdamTylerLynch (#87)
what
Added recording_mode block.
Requesting maintainer guidance on properly defining the inputs as a practitioner would expect. The way it is defined now feels odd, requiring a variable assignment and then a list for recording_mode_override.
Example:
##---------------------------------------------------
## AWS Config to monitor compliance
##---------------------------------------------------
module "config" {
source = "cloudposse/terraform-aws-config/aws"
name = "${local.name}-config-${data.aws_caller_identity.current.account_id}"
namespace = local.namespace
s3_bucket_id = module.log_storage.bucket_id
s3_bucket_arn = module.log_storage.bucket_arn
global_resource_collector_region = data.aws_region.current.name
create_iam_role = true
recording_mode = {
recording_frequency = "DAILY"
recording_mode_override = {
description = "Override for specific resource types"
recording_frequency = "CONTINUOUS"
resource_types = ["AWS::EC2::Instance"]
}
}
}
why
This feature allows for cost optimization. Adds the ability to leverage Periodic recording VS continious.
references
git.io->cloudposse.tools update @dylanbannon (#55)
what and why
Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.
References
- DEV-143
Contributors
AdamTylerLynch and dylanbannon
Assets 2
v1.4.0
Add support for organization aggregator @IslamHeggy (#85)
what
- Extended the module functionality to include organization wide aggregator
- Add the ability to create/pass new IAM role for the organization aggregator
- Handled default IAM role cases vs organization aggregator IAM role. So they don't depend on each other
why
- The current default way is attaching accounts using account ids and there is no way to use organization wide aggregator and it's really hard to maintain large number of accounts when using organizations.
references
Contributors
IslamHeggy
Assets 2
v1.3.0
This is done to avoid exposure as the data.http.id (which contains the URL) in the logs.
Added the MacOS .DS_Store files to .gitignore
what
- The access token is now passed in a http header
- Added the MacOS .DS_Store files to .gitignore
why
- This is done to avoid exposure as the data.http.id (which contains the URL) in the logs.
v1.2.0
Added the option to use access tokens @boris-dyga-SM (#80)
That feature allows to access private GitHub repos, where custom conformance packs could be stored
what
- updates to the conformance_pack submodule
- added the acess_token variable (defaults to empty string)
- when provided its value is implemented in the conformance pack URL allowing to access private GitHub repos
why
- sometimes customized conformance packs are stored in repos with restricted access
references
Contributors
boris-dyga-SM
Assets 2
v1.1.0
v1.0.0
Support AWS Provider V5 @max-lobur (#72)
what
Support AWS Provider V5
Linter fixes
why
Maintenance
references
https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0
Sync github @max-lobur (#67)
Rebuild github dir from the template
Contributors
max-lobur
Assets 2
v0.18.0
- No changes