Releases: binbashar/le-tf-infra-aws
v1.16.0 🌈
Changes
🚀 Features
- Feature | Create DataScience account, set up permission sets and assignments @diego-ojeda-binbash (#562)
- Feature | AWS Cloudwatch Synthetics layer added @juanmatias (#552)
✨ Enhancements
- Enhancement | BBL-563 k8s eks addons moved to their own layer in acordance to the new EKS Ref Arch components doc @juanmatias (#549)
- Enhancement | Use latest version of tf-state module @martingaleano (#563)
- Enhancement | base-network: Update terraform provider and module versions and constraints @crcedenop (#555)
🐛 Bug Fixes
- Fix | Description in the feature request github issue template @borland667 (#556)
- Fix | Route53 Hosted Zone Output fixed @joseapeinado (#550)
- Fix | DemoApps workflows and remove old EKS layers @diego-ojeda-binbash (#560)
- Fix | shared vpn-server data source missing index @exequielrafaela (#570)
📝 Documentation
- doc | Update README.md broken link @exequielrafaela (#567)
v1.15.0 🌈
Overview
We are excited to announce the latest release of the Leverage Reference Architecture for AWS. This release introduces a range of new features, enhancements, and bug fixes, aimed at improving the functionality and user experience of our AWS infrastructure management tool.
🚀 New Features
-
Layer Dependency Checker: Introduces a tool for checking dependencies between terraform layers, simplifying the management of complex infrastructures. Implemented by @juanmatias in PR #538.
-
Start/Stop Module Update: Points the start/stop module to a modified updated version maintained by binbash, providing improved control over resource usage. Implemented by @juanmatias in PR #542.
-
EC2 Fleet with EBS Attachment: Allows for the provisioning of EC2 fleets with attached EBS volumes, offering expanded storage solutions. Implemented by @juanmatias in PR #540.
-
Cost Reporting Tool: Implements a tool for detailed cost reporting and analysis, aiding in budget management. Implemented by @joseapeinado in PR #535.
-
EKS EFS Add-on in DemoApps: Adds an EFS file system provisioning layer to EKS in DemoApps, enhancing storage capabilities. Implemented by @diego-ojeda-binbash in PR #537.
-
AWS Q Permission for DevOps Role: Adds permissions for AWS Q to the DevOps role, expanding the role's access and capabilities for this new GenAI based AWS assistant. Implemented by @crcedenop in PR #539.
-
Cluster Over-provisioning controller for EKS in DemoApps: Adds over-provisioning controller capabilities to EKS clusters in DemoApps, optimizing resource allocation. Implemented by @diego-ojeda-binbash in PR #532.
✨ Enhancements
-
EKS Additions: Includes ArgoCD notifications and kube Prometheus stack in EKS, enhancing monitoring and deployment capabilities. Implemented by @angelofenoglio in PR #534.
-
Toolbox Image Version Bump: Updates the toolbox image version to 1.3.5-0.1.12, ensuring compatibility and performance improvements. Implemented by @angelofenoglio in PR #526.
🐛 Bug Fixes
-
Cost Management Budget Threshold Update: Fixes issues related to budget threshold settings in cost management, enhancing accuracy and reliability. Implemented by @marcosgacosta in PR #545.
-
Account Assignment Module Version Update: Resolves API errors by updating the account_assignment module version. Implemented by @rodriguez-matias in PR #528.
This release reflects our commitment to continuously improving the Leverage Reference Architecture for AWS, making cloud infrastructure management more efficient and user-friendly. We encourage users to explore these new features and enhancements and provide feedback for future improvements.
v1.14.0 🌈
Changes
🚀 Features
- Feature | management/global/base-identities Marketplace & AWS IQ users updated @exequielrafaela (#525)
- Feature | add binbash.co dns hosted zone + redirect from binbash.com.ar @exequielrafaela (#520)
- Feature | [POC] Security Tool Wazuh @diego-ojeda-binbash (#506)
✨ Enhancements
- Enhancement | Use a custom VPC Flow Logs format on both EKS DevStg VPCs @diego-ojeda-binbash (#522)
- Enhancement | ISSUE-495 | Enhancement: sync LZ Template into Ref-Arch Mgmt Org layer @rodriguez-matias (#509)
- Enhancement | RDS snap export s3 @eze-godoy (#517)
- Enhancement | EKS DemoApps upgrade plus Add-ons @diego-ojeda-binbash (#510)
🐛 Bug Fixes
- Fix | FluentBit defaults to ensure they create indices by day instead o… @diego-ojeda-binbash (#513)
- Fix | ISSUE-521: add github OIDC thumbprints @rodriguez-matias (#523)
- Fix | EKS DemoApps Add-ons implementation which was failing at cluster … @diego-ojeda-binbash (#515)
- Fix | removing apps-devstg/us-east-1/databases-mysql duplicated layer @exequielrafaela (#514)
v1.13.0 🌈
Changes
🚀 Features
- Feature | feature add reference secret manager implementation demoapps @marianod92 (#503)
- Feature | adding axel.mainel user via AWS IdC (sso) @exequielrafaela (#504)
- Feature | Add export to S3 module @lgallard (#488)
- Feature | adding martin.galeano user via AWS IdC (sso) @exequielrafaela (#502)
- Feature | LEWW-93 | shared-base-dns: create dns record for google search console @rodriguez-matias (#496)
- Feature | Enable ALB access logs for EKS clusters @Franr (#484)
- Feature | Add FinOps tools @diego-ojeda-binbash (#492)
- Feature | Add SSO DevOps role as an admin of the DemoApps cluster @diego-ojeda-binbash (#490)
- Feature | Migrate from JumpCloud to AWS IAM Identity Center (SSO) @diego-ojeda-binbash (#481)
- Feature | Enhancement | Implement VPC Flow logs on EKS VPCs @Franr (#478)
- Feature | BBL-535 | Sync RDS Postgres layer @angelofenoglio (#463)
✨ Enhancements
- Enhancement | Update build.env for latests 1.2.7-0.1.7 features and fixes @exequielrafaela (#494)
- Enhancement | Grant SSO Devops role permissions on SecretsManager @diego-ojeda-binbash (#491)
- Enhancement | tools-cloud-nuke: Update versions constraint @rodriguez-matias (#489)
- Enhancement | Remove SecOps role @eze-godoy (#487)
- Enhancement | base-dns: Update versions constraint @rodriguez-matias (#475)
- Enhancement | ISSUE-3 updated toolbox version @juanmatias (#479)
- Enhancement | container-registry : Update versions constraint @rodriguez-matias (#473)
- Enhancement | Chore: Update ArgoCD deployment definition to allow Web Terminal in UI @angelofenoglio (#472)
- Enhancement | Update build.env @juanmatias (#471)
- Enhancement | Issue 3 fitting demoapps needs @juanmatias (#470)
- Enhancement | Update build.env @juanmatias (#469)
- Enhancement | Github Self-Hosted runner module updated @juanmatias (#464)
🐛 Bug Fixes
- Fix | readme.md links @exequielrafaela (#505)
📝 Documentation
- Doc | Clarify Pritunl VPN server https/ssl cert renewal steps @Franr (#480)
- Doc | mananagement aws organizations layer README.md merge @exequielrafaela (#467)
v1.12.0 🌈
🚀 Features
- Feature | Add Kube Prometheus Stack to the DemoApps @diego-ojeda-binbash (#462)
- Feature | Add configuration required for AWS WAFv2 logging @marianod92 (#449)
✨ Enhancements
- Enhancement | notifications: Update versions constraint + Update module version @rodriguez-matias (#459)
- Enhancement | ISSUE-460 Toolbox version fixed @juanmatias (#461)
- Enhancement | ISSUE-152 Refactored RefArch-CLI-Toolbox test @juanmatias (#458)
- Enhancement | base-network: Update versions constraint + Update module version @rodriguez-matias (#450)
- Enhancement | base-identities: Update versions constraint + Update module version @rodriguez-matias (#454)
- Enhancement | security-base: Update versions constraint @rodriguez-matias (#453)
- Enhancement | security-keys: Update versions constraint + Update module version @rodriguez-matias (#451)
- Enhancement | BBL-541: cost optimization - update natgw and cloudwatch @rodriguez-matias (#452)
- Enhancement | security-audit / Update versions constraint + Update module version @rodriguez-matias (#442)
- Enhancement | Added MarketplaceSeller SSO assignment and permission set @mpagnucco (#448)
- Enhancement | Admin Group policies on Management Account @eze-godoy (#455)
🐛 Bug Fixes
- Fix | ConsoleSignInWithoutMfaCount false positive on Management Account @eze-godoy (#456)
- Fix | Issue 40 test cli refarch failing @juanmatias (#444)
📝 Documentation
- Doc | improve tools vpn server inline comments + aws-organization README.md added @exequielrafaela (#447)
- Doc | Add example to generate SSH keys @diego-ojeda-binbash (#443)
v1.11.0 🌈
Changes
🚀 Features
- Feature | GitHub Actions OIDC integration and more @diego-ojeda-binbash (#438)
- Feature | Implement ArgoCD worflows in K8s clusters @angelofenoglio (#434)
- Feature | Implement external-secrets for Apps-DevStg K8s-EKS cluster @angelofenoglio (#416)
- Feature | Add AWS Guardduty Kubernetes and Malware Protection @marianod92 (#435)
✨ Enhancements
- Enhancement | DemoApps Google Microservices @diego-ojeda-binbash (#439)
- Enhancement | Upgrade node-exporter version and add Security Group Rules @marianod92 (#437)
- Enhancement | Rename Prometheus & Grafana folder @marianod92 (#436)
- Enhancement | Add the enhancements category to our release template l… @exequielrafaela (#433)
🐛 Bug Fixes
- Fix | 'ConsoleSignInWithoutMfaCount' false positive alarm when users access via SSO @diego-ojeda-binbash (#441)
v1.10.0 🌈
Changes
🚀 Features
- Enhancement | Upgrade tfstate-backend cross-account layer version aws provider 4.0 @damianleys (#432)
- Enhancement | Upgrade tfstate-backend version to add public access block to the replication bucket @damianleys (#431)
- Feature | Security WAFv2 with demo ALB @marianod92 (#428)
- Feature | Workflow and layer to test leverage CLI @angelofenoglio (#427)
- Enhancement | implementing aws inspector2 @damianleys (#426)
- Enhancement | Update AWS Required Providers & Update WAFv2 Module Version @marianod92 (#425)
- Feature | apps-devstg/databases-aurora/ Update versions constraint + Update modules version @rodriguez-matias (#424)
- Enhancement | Management IAM admins improvement @eze-godoy (#419)
- Enhancement | Shared/ container-registry bump modules version @damianleys (#420)
- Enhancement | wafv2 fix rules and add outputs @marianod92 (#418)
- Enhancement | Add networkmanager / firewall permissions to DevOps IAM Policy @marianod92 (#415)
- Feature | security-certs layer code syntax improvement @fgauchat-binbash (#412)
- Feature | cdn-s3-frontend/ layer update versions constraint + Update modules versions @rodriguez-matias (#408)
- Feature | storage/s3-bucket-demo/ Update versions constraint + Update modules version @rodriguez-matias (#411)
🐛 Bug Fixes
- Fix | Issue/256 s3 public access restriction @marianod92 (#421)
- Fix | /shared/us-east-2/container-registry @damianleys (#423)
- Fix | Feature/prune configuration and files @marianod92 (#417)
- Fix | global config variables fixed @exequielrafaela (#406)
📝 Documentation
- Doc | README.md-update-banner @exequielrafaela (#429)
v1.9.0 🌈
Changes
🚀 Features
- Feature | terraform aws apps-devstg/us-east-1/k8s-eks/k8s-components and k8s-workloads layers @exequielrafaela (#405)
- Enhancement | Refactor common.tfvars account vars @eze-godoy (#402)
🐛 Bug Fixes
- apps-devstg/us-east-1/k8s-eks-v1.17 adjustments @exequielrafaela (#404)
📝 Documentation
- Doc | apps-devstg-k8s-eks layer README.md improvement @exequielrafaela (#403)
v1.8.1 🌈
Changes
🚀 Features
- Enhancement | Add enable ssm access variable @angelofenoglio (#401)
- Feature | apps-devstg/us-east-1/k8s-eks/cluster layer baseline for terraform-aws-eks 1.18 module @exequielrafaela (#400)
- Feature | apps-devstg/us-east-1/k8s-eks/network layer baseline for terraform-aws-eks 1.18 module @exequielrafaela (#399)
- Feature | k8s-eks-v1.17 layer tested @exequielrafaela (#398)
- Feature | structuring code to support both k8s-eks-v1.17 (module) and latest k8-eks version @exequielrafaela (#397)
- Feature | ec2-fleet/ Update versions constraint + Update modules versions + Enable SSM service @rodriguez-matias (#396)"
v1.8.0 🌈
Changes
🚀 Features
- Feature/implement common variables.tf via symlink @lgallard (#389)
- Feature/ shared/backups update tf providers versions @rodriguez-matias (#394)
- Added DNS records for sendgrid validation @mpagnucco (#391)
- Feature / Update Backups Layers with tf providers latest versions @rodriguez-matias (#390)
🐛 Bug Fixes
- updated external-dns bitnami chart version @fgauchat-binbash (#395)
- Bug | updating module version + terraform aws provider constraint @exequielrafaela (#393)
- Enable NAT Gateway for shared account @lgallard (#392)