Releases: cloudposse/terraform-aws-mq-broker
v3.4.0
🤖 Automatic Updates
chore(deps): update terraform cloudposse/security-group/aws to v2.2.0 (main) @renovate (#58)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/security-group/aws (source) | module | minor | 2.0.1 -> 2.2.0 |
Release Notes
cloudposse/terraform-aws-security-group (cloudposse/security-group/aws)
v2.2.0
`.editorconfig` Typo @milldr (#50)
what
fixed intent typo
why
should be spelled "indent"
references
https://cloudposse.slack.com/archives/C01EY65H1PA/p1685638634845009
Sync github @max-lobur (#47)
Rebuild github dir from the template
v2.1.0
- No changes
Contributors
Assets 2
v3.3.0
remove deprecated overwrite_ssm_parameter @andruccho (#71)
Removed deprecated overwrite_ssm_parameter.
Contributors
Assets 2
v3.2.0
update vpc and broker versions @hans-d (#73)
what
- bump example vpc module version
- bump default engine version (variables.tf and example vars)
why
- terratest failing
- very outdated vpc module version
- current default engine version not supported anymore
references
Sync github @max-lobur (#57)
Rebuild github dir from the template
Contributors
Assets 2
v3.1.0
- No changes
v3.0.0 Breaking Changes
Breaking Changes
This module includes breaking changes due to upgrading from terraform-aws-security-group v1 to v2. You can read the full details of the security group changes and how to migrate in migration notes linked below under "references", but the short story is this:
- If you were using this modules default value of
trueforsecurity_group_create_before_destroythen you need not make any changes. If you were explicitly setting it tofalse, we strongly advise you to read the migration notes because that setting previously did not work, raising the question of whether you want to pay the price of converting to the new module with workingfalsebehavior or perform the recommended upgrade to thetrue. - If you are referring by ID to the security group created by this module in other security group's rules outside the Terraform plan that controls this one, then you should read the security group migration notes discussion of the new input
preserve_security_group_idand probably set it totrue
Upgrade versions @johncblandii (#54)
what
- Upgrade versions to the latest
Key changes in terraform-aws-security-group v2.0 affecting this release
- create_before_destory default changed from false to true
- preserve_security_group_id added, defaults to false
- Terraform version 1.0.0 or later required
why
- The module fails when used with the latest https://github.com/cloudposse/terraform-aws-components
references
- cloudposse/terraform-aws-components#602
- Migration Notes for Security Group v2.0
Contributors
Assets 2
v2.0.1
🚀 Enhancements
Updating sg egress to use input variable @joshmello (#48)
what
Egress was hardcoded to true when there was an input for it.
why
Full egress is not always warranted.
references
- Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
- Use
closes #123, if this PR closes a GitHub issue#123
Contributors
Assets 2
v2.0.0 Breaking changes
This PR introduces breaking changes. Please review the migration documentation before upgrading.
Update to use Security Group module @milldr (#45)
what
- Use the new Security Group module version
- Incorporate open PRs
- Update test framework
why
- Unblocking further enhancements
- Open PRs were based on incompatible pre-release versions
- Test framework maintenance is not automated
notes
This PR introduces breaking changes and will be released as version 2.0. Migration document is here.
references
Contributors
Assets 2
v0.15.1 Unstable pre-release
🚀 Enhancements
fix: set security_group_enabled false when publicly_accessible is true @luizbossoi (#42)
what
Added a condition to security_group_enabled variable to avoid issues when a broker is created using publicly_accessible true.
By default security_group_enabled is set to true and if you try to create a public broker, you cannot create a security group.
│ Message_: "Broker with [publiclyAccessible] set to true does not support specifying [securityGroups]"
why
This PR was made to avoid a less-experienced when creating a public broker.
references
Terraform error:
│ Message_: "Broker with [publiclyAccessible] set to true does not support specifying [securityGroups]"
Contributors
Assets 2
v0.15.0 Unstable Pre-Release
We are revising and standardizing our handling of security groups and security group rules across all our Terraform modules. This is an early attempt with significant breaking changes. We will make further breaking changes soon, so using this version is not recommended.
Breaking changes
If there is something not documented here, please let us know by filing a ticket.
-
var.allowed_security_groupsis removed in favor of the security group module'svar.security_group_ruleswhich can contain a singlesource_security_group_idper rule -
var.allowed_cidr_blocksis removed in favor of the security group module'svar.security_group_ruleswhich can contain acidr_blocks -
var.use_existing_security_groupsis replaced withvar.security_group_enabled(note that if the former wastrue, the latter should befalse) -
var.existing_security_groupsis replaced withvar.security_groups -
security group has moved
terraform state mv \ "module.mq_broker.aws_security_group.default[0]" \ "module.mq_broker.module.security_group.aws_security_group.default[0]"
-
default
security_group_rulesdoes not allow ingress but this can be added manually.Note: The list must have the same json keys per index
security_group_rules = [ { type = "egress" from_port = 0 to_port = 65535 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] source_security_group_id = null description = "Allow all outbound traffic" }, { type = "ingress" from_port = 0 to_port = 65535 protocol = "-1" cidr_blocks = [] source_security_group_id = local.security_group_id # provide existing security group or comment out this rule description = "Allow inbound traffic from existing security groups" }, { type = "ingress" from_port = 0 to_port = 65535 protocol = "-1" cidr_blocks = [] # provide cidr blocks or comment out this rule source_security_group_id = null description = "Allow inbound traffic from CIDR blocks" } ]
-
security group rules have been moved
Note: since the new security group rule names are generated upon a plan, the plan will need to be run first to generate the new names in order to move the rules. Replace
someguidwith the appropriate value.terraform state mv \ 'module.mq_broker.aws_security_group_rule.egress[0]' \ 'module.mq_broker.module.security_group.aws_security_group_rule.default["egress--1-0-65535-someguid"]' terraform state mv \ 'module.mq_broker.aws_security_group_rule.ingress_security_groups[0]' \ 'module.mq_broker.module.security_group.aws_security_group_rule.default["ingress-tcp--1-0-65535-someguid"]' terraform state mv \ 'module.mq_broker.aws_security_group_rule.ingress_cidr_blocks[0]' \ 'module.mq_broker.module.security_group.aws_security_group_rule.default["ingress-tcp--1-0-65535-someguid"]'
v1.0.0 Initial release with production Semantic Versioning
Initial release with production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. Version 2.0 of this module with breaking changes will be released soon as we convert it to use our security-group module.
This version is exactly the same as version 0.14.0. Use of versions 0.15.0 or 0.15.1 is not supported, and upgrading from those versions to any later version will involve breaking changes without explicit migration instructions.