v2.0.0
feat: expose `egress_enabled` to tighten security group egress @aknysh (#98)
## what- Expose new
egress_enabledinput on theaurora-postgrescomponent (default:true, preserves current behavior). - Pass it through to the underlying
cloudposse/rds-cluster/awsmodule so consumers can opt into restricted outbound traffic on the cluster's security group. - Add test coverage in
TestBasic: deploys withegress_enabled = falseand asserts the resulting security group has zero egress rules. - Bump test dependencies in
test/go.modto the latest available versions (includingtest-helpersv1.0.0,terratestv1.0.0,testifyv1.11.1, full AWS SDK v2 family, and the Go directive to1.26.3). - Regenerate
README.md/src/README.mdinputs tables.
why
- Tighten security group egress rules across our infrastructure. Mirrors the
allow_all_egresspattern already exposed in theelasticache-rediscomponent, applied here using the upstream module's native variable name (egress_enabled). - Defaulting to
truekeeps every existing stack unchanged — consumers opt in to restricted egress by settingegress_enabled: false. - The test bump aligns this component with the rest of the fleet's tooling and keeps CI on currently supported library versions.
Summary by CodeRabbit
-
New Features
- Added egress_enabled option (default: true) to control outbound traffic behavior.
-
Documentation
- README tables reformatted and docs updated for the new option.
-
Chores
- Bumped Aurora PostgreSQL cluster module to v2.6.0 and referenced remote-state modules to v2.0.0.
- Updated test toolchain/dependencies and test fixtures to target PostgreSQL 17.9.
🚀 Enhancements
chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /test @[dependabot[bot]](https://github.com/apps/dependabot) (#82)
Bumps [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) from 1.1.0 to 1.1.1.Commits
d1c650aextra: initialize receiver in MultiScalarMult- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
🤖 Automatic Updates
chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.46.0 @[renovate[bot]](https://github.com/apps/renovate) (#84)
This PR contains the following updates:| Package | Type | Update | Change |
|---|---|---|---|
| terraform-linters/tflint-ruleset-aws | plugin | minor | 0.45.0 → 0.46.0 |
Release Notes
terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)
v0.46.0
What's Changed
Enhancements
- Update AWS provider/module and generated content by @github-actions[bot] in #1028
- rds: accept sqlserver-dev-ee engine by @Nullh in #1045
- Update AWS provider/module and generated content by @github-actions[bot] in #1038
- Update AWS provider/module and generated content by @github-actions[bot] in #1053
Chores
- Fix maintenance script failure by @wata727 in #1027
- Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1029
- Bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #1030
- Bump golang.org/x/net from 0.48.0 to 0.49.0 by @dependabot[bot] in #1032
- Bump the aws-sdk group with 3 updates by @dependabot[bot] in #1031
- Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by @dependabot[bot] in #1033
- Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.279.2 to 1.281.0 in the aws-sdk group by @dependabot[bot] in #1035
- Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #1034
- Bump actions/attest-build-provenance from 3.1.0 to 3.2.0 by @dependabot[bot] in #1036
- Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.281.0 to 1.285.0 in the aws-sdk group by @dependabot[bot] in #1037
- Bump the aws-sdk group with 2 updates by @dependabot[bot] in #1039
- Bump golang.org/x/net from 0.49.0 to 0.50.0 by @dependabot[bot] in #1040
- Remove aws_s3_bucket_invalid_region from docs by @kakakakakku in #1041
- Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by @dependabot[bot] in #1042
- Bump github.com/aws/smithy-go from 1.24.0 to 1.24.1 by @dependabot[bot] in #1044
- Bump the aws-sdk group with 3 updates by @dependabot[bot] in #1043
- Bump hashicorp/setup-terraform from 3.1.2 to 4.0.0 by @dependabot[bot] in #1046
- Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by @dependabot[bot] in #1048
- Bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in #1047
- Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1049
- Bump github.com/zclconf/go-cty from 1.17.0 to 1.18.0 by @dependabot[bot] in #1052
- Bump golang.org/x/net from 0.50.0 to 0.51.0 by @dependabot[bot] in #1051
- Bump github.com/aws/smithy-go from 1.24.1 to 1.24.2 by @dependabot[bot] in #1050
- deps: Bump Go version to 1.26 by @wata727 in #1054
New Contributors
- @kakakakakku made their first contribution in #1041
- @Nullh made their first contribution in #1045
Full Changelog: terraform-linters/tflint-ruleset-aws@v0.45.0...v0.46.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /test @[dependabot[bot]](https://github.com/apps/dependabot) (#82)
Bumps [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) from 1.1.0 to 1.1.1.Commits
d1c650aextra: initialize receiver in MultiScalarMult- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.