v1.16.0 🌈

Changes

🚀 Features

• Feature | Create DataScience account, set up permission sets and assignments @diego-ojeda-binbash (#562)
• Feature | AWS Cloudwatch Synthetics layer added @juanmatias (#552)

✨ Enhancements

• Enhancement | BBL-563 k8s eks addons moved to their own layer in acordance to the new EKS Ref Arch components doc @juanmatias (#549)
• Enhancement | Use latest version of tf-state module @martingaleano (#563)
• Enhancement | base-network: Update terraform provider and module versions and constraints @crcedenop (#555)

🐛 Bug Fixes

• Fix | Description in the feature request github issue template @borland667 (#556)
• Fix | Route53 Hosted Zone Output fixed @joseapeinado (#550)
• Fix | DemoApps workflows and remove old EKS layers @diego-ojeda-binbash (#560)
• Fix | shared vpn-server data source missing index @exequielrafaela (#570)

📝 Documentation

• doc | Update README.md broken link @exequielrafaela (#567)

v1.15.0 🌈

Overview

We are excited to announce the latest release of the Leverage Reference Architecture for AWS. This release introduces a range of new features, enhancements, and bug fixes, aimed at improving the functionality and user experience of our AWS infrastructure management tool.

🚀 New Features

• Layer Dependency Checker: Introduces a tool for checking dependencies between terraform layers, simplifying the management of complex infrastructures. Implemented by @juanmatias in PR #538.

• Start/Stop Module Update: Points the start/stop module to a modified updated version maintained by binbash, providing improved control over resource usage. Implemented by @juanmatias in PR #542.

• EC2 Fleet with EBS Attachment: Allows for the provisioning of EC2 fleets with attached EBS volumes, offering expanded storage solutions. Implemented by @juanmatias in PR #540.

• Cost Reporting Tool: Implements a tool for detailed cost reporting and analysis, aiding in budget management. Implemented by @joseapeinado in PR #535.

• EKS EFS Add-on in DemoApps: Adds an EFS file system provisioning layer to EKS in DemoApps, enhancing storage capabilities. Implemented by @diego-ojeda-binbash in PR #537.

• AWS Q Permission for DevOps Role: Adds permissions for AWS Q to the DevOps role, expanding the role's access and capabilities for this new GenAI based AWS assistant. Implemented by @crcedenop in PR #539.

• Cluster Over-provisioning controller for EKS in DemoApps: Adds over-provisioning controller capabilities to EKS clusters in DemoApps, optimizing resource allocation. Implemented by @diego-ojeda-binbash in PR #532.

✨ Enhancements

• EKS Additions: Includes ArgoCD notifications and kube Prometheus stack in EKS, enhancing monitoring and deployment capabilities. Implemented by @angelofenoglio in PR #534.

• Toolbox Image Version Bump: Updates the toolbox image version to 1.3.5-0.1.12, ensuring compatibility and performance improvements. Implemented by @angelofenoglio in PR #526.

🐛 Bug Fixes

• Cost Management Budget Threshold Update: Fixes issues related to budget threshold settings in cost management, enhancing accuracy and reliability. Implemented by @marcosgacosta in PR #545.

• Account Assignment Module Version Update: Resolves API errors by updating the account_assignment module version. Implemented by @rodriguez-matias in PR #528.

---

This release reflects our commitment to continuously improving the Leverage Reference Architecture for AWS, making cloud infrastructure management more efficient and user-friendly. We encourage users to explore these new features and enhancements and provide feedback for future improvements.

v1.14.0 🌈

Changes

🚀 Features

• Feature | management/global/base-identities Marketplace & AWS IQ users updated @exequielrafaela (#525)
• Feature | add binbash.co dns hosted zone + redirect from binbash.com.ar @exequielrafaela (#520)
• Feature | [POC] Security Tool Wazuh @diego-ojeda-binbash (#506)

✨ Enhancements

• Enhancement | Use a custom VPC Flow Logs format on both EKS DevStg VPCs @diego-ojeda-binbash (#522)
• Enhancement | ISSUE-495 | Enhancement: sync LZ Template into Ref-Arch Mgmt Org layer @rodriguez-matias (#509)
• Enhancement | RDS snap export s3 @eze-godoy (#517)
• Enhancement | EKS DemoApps upgrade plus Add-ons @diego-ojeda-binbash (#510)

🐛 Bug Fixes

• Fix | FluentBit defaults to ensure they create indices by day instead o… @diego-ojeda-binbash (#513)
• Fix | ISSUE-521: add github OIDC thumbprints @rodriguez-matias (#523)
• Fix | EKS DemoApps Add-ons implementation which was failing at cluster … @diego-ojeda-binbash (#515)
• Fix | removing apps-devstg/us-east-1/databases-mysql duplicated layer @exequielrafaela (#514)

v1.13.0 🌈

Changes

🚀 Features

• Feature | feature add reference secret manager implementation demoapps @marianod92 (#503)
• Feature | adding axel.mainel user via AWS IdC (sso) @exequielrafaela (#504)
• Feature | Add export to S3 module @lgallard (#488)
• Feature | adding martin.galeano user via AWS IdC (sso) @exequielrafaela (#502)
• Feature | LEWW-93 | shared-base-dns: create dns record for google search console @rodriguez-matias (#496)
• Feature | Enable ALB access logs for EKS clusters @Franr (#484)
• Feature | Add FinOps tools @diego-ojeda-binbash (#492)
• Feature | Add SSO DevOps role as an admin of the DemoApps cluster @diego-ojeda-binbash (#490)
• Feature | Migrate from JumpCloud to AWS IAM Identity Center (SSO) @diego-ojeda-binbash (#481)
• Feature | Enhancement | Implement VPC Flow logs on EKS VPCs @Franr (#478)
• Feature | BBL-535 | Sync RDS Postgres layer @angelofenoglio (#463)

✨ Enhancements

• Enhancement | Update build.env for latests 1.2.7-0.1.7 features and fixes @exequielrafaela (#494)
• Enhancement | Grant SSO Devops role permissions on SecretsManager @diego-ojeda-binbash (#491)
• Enhancement | tools-cloud-nuke: Update versions constraint @rodriguez-matias (#489)
• Enhancement | Remove SecOps role @eze-godoy (#487)
• Enhancement | base-dns: Update versions constraint @rodriguez-matias (#475)
• Enhancement | ISSUE-3 updated toolbox version @juanmatias (#479)
• Enhancement | container-registry : Update versions constraint @rodriguez-matias (#473)
• Enhancement | Chore: Update ArgoCD deployment definition to allow Web Terminal in UI @angelofenoglio (#472)
• Enhancement | Update build.env @juanmatias (#471)
• Enhancement | Issue 3 fitting demoapps needs @juanmatias (#470)
• Enhancement | Update build.env @juanmatias (#469)
• Enhancement | Github Self-Hosted runner module updated @juanmatias (#464)

🐛 Bug Fixes

• Fix | readme.md links @exequielrafaela (#505)

📝 Documentation

• Doc | Clarify Pritunl VPN server https/ssl cert renewal steps @Franr (#480)
• Doc | mananagement aws organizations layer README.md merge @exequielrafaela (#467)

v1.12.0 🌈

🚀 Features

• Feature | Add Kube Prometheus Stack to the DemoApps @diego-ojeda-binbash (#462)
• Feature | Add configuration required for AWS WAFv2 logging @marianod92 (#449)

✨ Enhancements

• Enhancement | notifications: Update versions constraint + Update module version @rodriguez-matias (#459)
• Enhancement | ISSUE-460 Toolbox version fixed @juanmatias (#461)
• Enhancement | ISSUE-152 Refactored RefArch-CLI-Toolbox test @juanmatias (#458)
• Enhancement | base-network: Update versions constraint + Update module version @rodriguez-matias (#450)
• Enhancement | base-identities: Update versions constraint + Update module version @rodriguez-matias (#454)
• Enhancement | security-base: Update versions constraint @rodriguez-matias (#453)
• Enhancement | security-keys: Update versions constraint + Update module version @rodriguez-matias (#451)
• Enhancement | BBL-541: cost optimization - update natgw and cloudwatch @rodriguez-matias (#452)
• Enhancement | security-audit / Update versions constraint + Update module version @rodriguez-matias (#442)
• Enhancement | Added MarketplaceSeller SSO assignment and permission set @mpagnucco (#448)
• Enhancement | Admin Group policies on Management Account @eze-godoy (#455)

🐛 Bug Fixes

• Fix | ConsoleSignInWithoutMfaCount false positive on Management Account @eze-godoy (#456)
• Fix | Issue 40 test cli refarch failing @juanmatias (#444)

📝 Documentation

• Doc | improve tools vpn server inline comments + aws-organization README.md added @exequielrafaela (#447)
• Doc | Add example to generate SSH keys @diego-ojeda-binbash (#443)

v1.11.0 🌈

Changes

🚀 Features

• Feature | GitHub Actions OIDC integration and more @diego-ojeda-binbash (#438)
• Feature | Implement ArgoCD worflows in K8s clusters @angelofenoglio (#434)
• Feature | Implement external-secrets for Apps-DevStg K8s-EKS cluster @angelofenoglio (#416)
• Feature | Add AWS Guardduty Kubernetes and Malware Protection @marianod92 (#435)

✨ Enhancements

• Enhancement | DemoApps Google Microservices @diego-ojeda-binbash (#439)
• Enhancement | Upgrade node-exporter version and add Security Group Rules @marianod92 (#437)
• Enhancement | Rename Prometheus & Grafana folder @marianod92 (#436)
• Enhancement | Add the enhancements category to our release template l… @exequielrafaela (#433)

🐛 Bug Fixes

• Fix | 'ConsoleSignInWithoutMfaCount' false positive alarm when users access via SSO @diego-ojeda-binbash (#441)

v1.10.0 🌈

Changes

🚀 Features

• Enhancement | Upgrade tfstate-backend cross-account layer version aws provider 4.0 @damianleys (#432)
• Enhancement | Upgrade tfstate-backend version to add public access block to the replication bucket @damianleys (#431)
• Feature | Security WAFv2 with demo ALB @marianod92 (#428)
• Feature | Workflow and layer to test leverage CLI @angelofenoglio (#427)
• Enhancement | implementing aws inspector2 @damianleys (#426)
• Enhancement | Update AWS Required Providers & Update WAFv2 Module Version @marianod92 (#425)
• Feature | apps-devstg/databases-aurora/ Update versions constraint + Update modules version @rodriguez-matias (#424)
• Enhancement | Management IAM admins improvement @eze-godoy (#419)
• Enhancement | Shared/ container-registry bump modules version @damianleys (#420)
• Enhancement | wafv2 fix rules and add outputs @marianod92 (#418)
• Enhancement | Add networkmanager / firewall permissions to DevOps IAM Policy @marianod92 (#415)
• Feature | security-certs layer code syntax improvement @fgauchat-binbash (#412)
• Feature | cdn-s3-frontend/ layer update versions constraint + Update modules versions @rodriguez-matias (#408)
• Feature | storage/s3-bucket-demo/ Update versions constraint + Update modules version @rodriguez-matias (#411)

🐛 Bug Fixes

• Fix | Issue/256 s3 public access restriction @marianod92 (#421)
• Fix | /shared/us-east-2/container-registry @damianleys (#423)
• Fix | Feature/prune configuration and files @marianod92 (#417)
• Fix | global config variables fixed @exequielrafaela (#406)

📝 Documentation

• Doc | README.md-update-banner @exequielrafaela (#429)

v1.9.0 🌈

Changes

🚀 Features

• Feature | terraform aws apps-devstg/us-east-1/k8s-eks/k8s-components and k8s-workloads layers @exequielrafaela (#405)
• Enhancement | Refactor common.tfvars account vars @eze-godoy (#402)

🐛 Bug Fixes

• apps-devstg/us-east-1/k8s-eks-v1.17 adjustments @exequielrafaela (#404)

📝 Documentation

• Doc | apps-devstg-k8s-eks layer README.md improvement @exequielrafaela (#403)

v1.8.1 🌈

Changes

🚀 Features

• Enhancement | Add enable ssm access variable @angelofenoglio (#401)
• Feature | apps-devstg/us-east-1/k8s-eks/cluster layer baseline for terraform-aws-eks 1.18 module @exequielrafaela (#400)
• Feature | apps-devstg/us-east-1/k8s-eks/network layer baseline for terraform-aws-eks 1.18 module @exequielrafaela (#399)
• Feature | k8s-eks-v1.17 layer tested @exequielrafaela (#398)
• Feature | structuring code to support both k8s-eks-v1.17 (module) and latest k8-eks version @exequielrafaela (#397)
• Feature | ec2-fleet/ Update versions constraint + Update modules versions + Enable SSM service @rodriguez-matias (#396)"

v1.8.0 🌈

Changes

🚀 Features

• Feature/implement common variables.tf via symlink @lgallard (#389)
• Feature/ shared/backups update tf providers versions @rodriguez-matias (#394)
• Added DNS records for sendgrid validation @mpagnucco (#391)
• Feature / Update Backups Layers with tf providers latest versions @rodriguez-matias (#390)

🐛 Bug Fixes

• updated external-dns bitnami chart version @fgauchat-binbash (#395)
• Bug | updating module version + terraform aws provider constraint @exequielrafaela (#393)
• Enable NAT Gateway for shared account @lgallard (#392)