From 2e5b058fa9c75ce093000492fa9fc3d34a85f723 Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Wed, 1 Feb 2023 17:05:28 +0000 Subject: [PATCH 1/2] Update releases through Jan 31, 2023 --- docs/guides/stay-up-to-date/index.md | 5 +- .../stay-up-to-date/releases/2022-08/index.md | 3 +- .../stay-up-to-date/releases/2022-10/index.md | 6 +- .../stay-up-to-date/releases/2022-12/index.md | 239 ++++++++++- .../stay-up-to-date/releases/2023-01/index.md | 395 ++++++++++++++++++ docs/guides/stay-up-to-date/releases/index.md | 5 +- 6 files changed, 641 insertions(+), 12 deletions(-) create mode 100644 docs/guides/stay-up-to-date/releases/2023-01/index.md diff --git a/docs/guides/stay-up-to-date/index.md b/docs/guides/stay-up-to-date/index.md index f03fb84a81..b89d2c3855 100644 --- a/docs/guides/stay-up-to-date/index.md +++ b/docs/guides/stay-up-to-date/index.md @@ -16,6 +16,7 @@ import CardGroup from "/src/components/CardGroup" + @@ -29,8 +30,6 @@ import CardGroup from "/src/components/CardGroup" - - @@ -109,6 +108,6 @@ href="/guides/stay-up-to-date/terraform/terraform-1.1" diff --git a/docs/guides/stay-up-to-date/releases/2022-08/index.md b/docs/guides/stay-up-to-date/releases/2022-08/index.md index a3c0537fd5..d9df1b3c81 100644 --- a/docs/guides/stay-up-to-date/releases/2022-08/index.md +++ b/docs/guides/stay-up-to-date/releases/2022-08/index.md @@ -864,6 +864,7 @@ Special thanks to @lorelei-rupp-imprivata for catching this issue! - Added instructions to README on how to perform a blue-green deployment of Aurora. + @@ -894,6 +895,6 @@ Special thanks to @lorelei-rupp-imprivata for catching this issue! diff --git a/docs/guides/stay-up-to-date/releases/2022-10/index.md b/docs/guides/stay-up-to-date/releases/2022-10/index.md index 489462b3b7..4feb505941 100644 --- a/docs/guides/stay-up-to-date/releases/2022-10/index.md +++ b/docs/guides/stay-up-to-date/releases/2022-10/index.md @@ -173,10 +173,6 @@ Here are the repos that were updated: - [CIS v1.5] New RDS compliant module - - - - @@ -440,6 +436,6 @@ Due to the Cluster Autoscaler version bump, additional IAM Permissions have been diff --git a/docs/guides/stay-up-to-date/releases/2022-12/index.md b/docs/guides/stay-up-to-date/releases/2022-12/index.md index c66b8cfb8d..c3e292cfea 100644 --- a/docs/guides/stay-up-to-date/releases/2022-12/index.md +++ b/docs/guides/stay-up-to-date/releases/2022-12/index.md @@ -12,7 +12,12 @@ Here are the repos that were updated: - [repo-copier](#repo-copier) - [terraform-aws-ci](#terraform-aws-ci) +- [terraform-aws-cis-service-catalog](#terraform-aws-cis-service-catalog) +- [terraform-aws-lambda](#terraform-aws-lambda) - [terraform-aws-load-balancer](#terraform-aws-load-balancer) +- [terraform-aws-security](#terraform-aws-security) +- [terraform-aws-service-catalog](#terraform-aws-service-catalog) +- [terraform-aws-vpc](#terraform-aws-vpc) ## repo-copier @@ -67,6 +72,134 @@ Here are the repos that were updated: + + + + +## terraform-aws-cis-service-catalog + + +### [v0.42.5](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.5) + +

+ Published: 12/14/2022 | Release notes +

+ +
+ + + +- Move the generated `.tflint.hcl` by the `tflint` patch to be at the root level, instead of at the module directory level. + + + +
+ + +### [v0.42.4](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.4) + +

+ Published: 12/14/2022 | Release notes +

+ +
+ + + +- Fix tflint patch to add block for including the parent TG config + + +
+ + +### [v0.42.3](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.3) + +

+ Published: 12/14/2022 | Modules affected: N.A. | Release notes +

+ +
+ + +- Add patch for tflint hook setup for CIS RefArch users + + + + + + +
+ + +### [v0.42.2](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.2) + +

+ Published: 12/9/2022 | Modules affected: tflint-ruleset-aws-cis | Release notes +

+ +
+ + + +- Fix project's name on goreleaser. Also added docs for the CIDR block rule. + + + +
+ + +### [v0.42.1](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.1) + +

+ Published: 12/9/2022 | Modules affected: tflint-ruleset-aws-cis | Release notes +

+ +
+ + + +- New golang module: `tflint-ruleset-aws-cis`. It will be used to validate CIDR blocks. + + + +
+ + + +## terraform-aws-lambda + + +### [v0.21.4](https://github.com/gruntwork-io/terraform-aws-lambda/releases/tag/v0.21.4) + +

+ Published: 12/15/2022 | Modules affected: lambda-edge, lambda | Release notes +

+ +
+ + + +- Fixes perpetual diff issue on `terragrunt plan` when using relative paths for the Lambda function's source path, and adds the option to configure the files to exclude when zipping the Lambda's code + + + +
+ + +### [v0.21.3](https://github.com/gruntwork-io/terraform-aws-lambda/releases/tag/v0.21.3) + +

+ Published: 12/2/2022 | Modules affected: lambda | Release notes +

+ +
+ + + +- Fixes permissions for Lambda's ENI management when running in VPC. + + +
@@ -92,10 +225,114 @@ Here are the repos that were updated: +## terraform-aws-security + + +### [v0.67.1](https://github.com/gruntwork-io/terraform-aws-security/releases/tag/v0.67.1) + +

+ Published: 12/14/2022 | Modules affected: ntp, private-s3-bucket | Release notes +

+ +
+ + +- `ntp` +- `private-s3-bucket` + + +- Add explanation of why Chrony in a module called NTP +- Adding bucket_key_enabled option to S3 module + + +Special thanks to the following user for their contribution! + +- @nniehoff + + + +- https://github.com/gruntwork-io/terraform-aws-security/pull/733 +- https://github.com/gruntwork-io/terraform-aws-security/pull/734 + + + +
+ + + +## terraform-aws-service-catalog + + +### [v0.99.2](https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.99.2) + +

+ Published: 12/16/2022 | Modules affected: mgmt | Release notes +

+ +
+ + +- Update the CIS RDS Patch to include state migrations +- IMDSv1 passthru variable for ASG launch configurations + + + +
+ + +### [v0.99.1](https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.99.1) + +

+ Published: 12/8/2022 | Modules affected: services/eks-workers | Release notes +

+ +
+ + + +- Add `Name` tag (cluster name) for managed EKS workers + + + +
+ + + +## terraform-aws-vpc + + +### [v0.22.4](https://github.com/gruntwork-io/terraform-aws-vpc/releases/tag/v0.22.4) + +

+ Published: 12/9/2022 | Modules affected: vpc-flow-logs | Release notes +

+ +
+ + + +- Updating terraform-aws-security to latest version: When the flow-logs module was instantiate, and an S3 bucket was created, a warning about a deprecated attribute was thrown. Updating the version of the upstream code. +``` +│ Warning: Argument is deprecated +│ +│ with module.vpc_flow_log.module.s3_bucket.aws_s3_bucket.bucket, +│ on .terraform/modules/vpc_flow_log.s3_bucket/modules/private-s3-bucket/main.tf line 19, in resource "aws_s3_bucket" "bucket": +│ 19: resource "aws_s3_bucket" "bucket" { +│ +│ Use the top-level parameter object_lock_enabled and the +│ aws_s3_bucket_object_lock_configuration resource instead +``` + + + +
+ + + diff --git a/docs/guides/stay-up-to-date/releases/2023-01/index.md b/docs/guides/stay-up-to-date/releases/2023-01/index.md new file mode 100644 index 0000000000..599022977d --- /dev/null +++ b/docs/guides/stay-up-to-date/releases/2023-01/index.md @@ -0,0 +1,395 @@ + +# Gruntwork release 2023-01 + +

Guides / Update Guides / Releases / 2023-01

+ +This page is lists all the updates to the [Gruntwork Infrastructure as Code +Library](https://gruntwork.io/infrastructure-as-code-library/) that were released in 2023-01. For instructions +on how to use these updates in your code, check out the [updating +documentation](/guides/working-with-code/using-modules#updating). + +Here are the repos that were updated: + +- [repo-copier](#repo-copier) +- [terraform-aws-ci](#terraform-aws-ci) +- [terraform-aws-cis-service-catalog](#terraform-aws-cis-service-catalog) +- [terraform-aws-ecs](#terraform-aws-ecs) +- [terraform-aws-eks](#terraform-aws-eks) +- [terraform-aws-lambda](#terraform-aws-lambda) +- [terraform-aws-monitoring](#terraform-aws-monitoring) +- [terraform-aws-openvpn](#terraform-aws-openvpn) +- [terraform-aws-security](#terraform-aws-security) +- [terraform-aws-service-catalog](#terraform-aws-service-catalog) + + +## repo-copier + + +### [v0.2.0](https://github.com/gruntwork-io/repo-copier/releases/tag/v0.2.0) + +

+ Published: 1/2/2023 | Release notes +

+ +
+ + * Improve code architecture by @levkoburburas in https://github.com/gruntwork-io/repo-copier/pull/138 +* Switching to Git command by @levkoburburas in https://github.com/gruntwork-io/repo-copier/pull/139 +* Prevent conuntinuesly keeping `go-git` instances in memory by @levkoburburas in https://github.com/gruntwork-io/repo-copier/pull/134 + + +This release switches `repo-copier` to using your locally installed `git` instance rather than the embedded `go-git` library. This is because of memory consumption and stack overflow issues with `go-git`. Please ensure you have `git` installed locally and in your `PATH` whenever running `repo-copier` going forward! + + +**Full Changelog**: https://github.com/gruntwork-io/repo-copier/compare/v0.1.1...v0.2.0 + +
+ + + +## terraform-aws-ci + + +### [v0.51.0](https://github.com/gruntwork-io/terraform-aws-ci/releases/tag/v0.51.0) + +

+ Published: 1/9/2023 | Modules affected: kubernetes-circleci-helpers | Release notes +

+ +
+ + +- `kubernetes-circleci-helpers` **[BACKWARD INCOMPATIBLE]** + + + +- Install cri-dockerd with Minikube + + + +- This version requires k8s 1.24 or later + + + +- https://github.com/gruntwork-io/terraform-aws-ci/pull/500 + + + +
+ + + +## terraform-aws-cis-service-catalog + + +### [v0.42.7](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.7) + +

+ Published: 1/31/2023 | Modules affected: data-stores | Release notes +

+ +
+ + + +- Update tflint patch to latest docker and remove include root +- Plumb `maintenance_window` variable from CIS RDS module through to base RDS module + + + +
+ + +### [v0.42.6](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.6) + +

+ Published: 1/18/2023 | Release notes +

+ +
+ + +- Add `flow_logs_traffic_type` var to the VPC module. +- Remove tflint-ruleset-aws-cis to it's own repo. + - Update tflint patch: use tflint-ruleset-aws-cis own repo +- Remove Ina from CODEOWNERS + + + +
+ + + +## terraform-aws-ecs + + +### [v0.35.0](https://github.com/gruntwork-io/terraform-aws-ecs/releases/tag/v0.35.0) + +

+ Published: 1/26/2023 | Modules affected: ecs-cluster | Release notes +

+ +
+ + + +- Upgrade to launch templates + + +
+ + + +## terraform-aws-eks + + +### [v0.56.2](https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v0.56.2) + +

+ Published: 1/27/2023 | Modules affected: eks-cluster-control-plane | Release notes +

+ +
+ + + +- Add conditional logic for writing ExecCredential api version to support backward compatibility with the latest release of this module and EKS clusters version < `1.24` + + + +
+ + +### [v0.56.1](https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v0.56.1) + +

+ Published: 1/18/2023 | Modules affected: eks-k8s-external-dns | Release notes +

+ +
+ + + +- Expose additional chart configurations for external-dns. + + + + + +
+ + +### [v0.56.0](https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v0.56.0) + +

+ Published: 1/5/2023 | Modules affected: eks-cluster-control-plane, eks-k8s-cluster-autoscaler, eks-container-logs, eks-alb-ingress-controller | Release notes +

+ +
+ + +- `eks-cluster-control-plane` **[BACKWARD INCOMPATIBLE]** +- `eks-k8s-cluster-autoscaler` **[BACKWARD INCOMPATIBLE]** +- `eks-container-logs` **[BACKWARD INCOMPATIBLE]** +- `eks-alb-ingress-controller` +- `eks-aws-auth-merger` +- `eks-fargate-container-logs` +- `eks-k8s-external-dns` +- `eks-k8s-role-mapping` + + +The default version of Kubernetes installed by the module has been updated to 1.24. As a result of this, the default version of addons were updated to support installation into 1.24. Specifically: + +- `cluster-autoscaler`: The default app version has been updated to `1.24.0`. +- `eks-alb-ingress-controller`: The default app version and chart version have been updated to `2.4.5` and `1.4.6`. +- `eks-k8s-external-dns`: The default chart version has been updated to `6.12.2`. +- `eks-container-logs`: As [EKS ended support for `Dockershim`](https://docs.aws.amazon.com/eks/latest/userguide/dockershim-deprecation.html), a new `cri` parser was added to Fluent Bit configuration in `eks-container-logs`. +- `kubernetes` provider constraints needed to be updated as Kubernetes [no longer creates a default `Secret` for `ServiceAccount`](https://github.com/hashicorp/terraform-provider-kubernetes/issues/1724). +- `kubernetes` `client.authentication.k8s.io/v1alpha1` API version [was removed](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#deprecation) in `1.24`, so all examples were updated to `v1`. + + + +If you wish to maintain backward compatibility with your existing setup without upgrading the Kubernetes version, you will want to configure the `kubernetes_version` parameter to the version of Kubernetes you are currently using. Note that `1.24` requires `kubergrunt` version 0.10.0 and above. + + +If you wish to maintain backward compatibility with your existing setup of the cluster autoscaler, you will want to configure the `cluster_autoscaler_version` input variable to what you are currently using. This should match semantic version of your EKS cluster Kubernetes version. Refer to the [gcr repository](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/US/autoscaling/cluster-autoscaler) and look for the latest version for your kubernetes version. + + +If you wish to maintain backward compatibility with your existing setup of the EKS container logs, you will want to set the `use_cri_parser_conf` input variable to `false`. + + +- https://github.com/gruntwork-io/terraform-aws-eks/pull/478 + + + +
+ + + +## terraform-aws-lambda + + +### [v0.21.6](https://github.com/gruntwork-io/terraform-aws-lambda/releases/tag/v0.21.6) + +

+ Published: 1/24/2023 | Modules affected: api-gateway-account-settings, lambda | Release notes +

+ +
+ + + +- Adds `var.managed_policy_waiting_time` to modules `api-gateway-account-settings` and `lambda`. The purpose is mitigating racing conditions that occasionally cause these modules to fail to deploy when using managed IAM policies due to eventual consistency of policy permissions showing for the IAM role. + + + +
+ + +### [v0.21.5](https://github.com/gruntwork-io/terraform-aws-lambda/releases/tag/v0.21.5) + +

+ Published: 1/18/2023 | Modules affected: api-gateway-account-settings | Release notes +

+ +
+ + + +- Fixes occasional deploy errors on module `api-gateway-account-settings` by enforcing the correct order of attaching permissions. + + + + + +
+ + + +## terraform-aws-monitoring + + +### [v0.35.7](https://github.com/gruntwork-io/terraform-aws-monitoring/releases/tag/v0.35.7) + +

+ Published: 1/13/2023 | Modules affected: sns-to-slack | Release notes +

+ +
+ + + +- Added prevention of perpetual diff issues on `sns-to-slack` module when using terragrunt. + + + +
+ + + +## terraform-aws-openvpn + + +### [v0.25.0](https://github.com/gruntwork-io/terraform-aws-openvpn/releases/tag/v0.25.0) + +

+ Published: 1/26/2023 | Modules affected: openvpn-server | Release notes +

+ +
+ + + +- Upgrade to launch templates + + +
+ + +### [v0.24.4](https://github.com/gruntwork-io/terraform-aws-openvpn/releases/tag/v0.24.4) + +

+ Published: 1/23/2023 | Modules affected: openvpn-admin, openvpn-server | Release notes +

+ +
+ + + +- Use new upgrade test code. +- Updated default branch references (backward compatible) +- Bumped docker image from patches to v0.0.6 +- Added permissions for SQS for revoking certs + + + +
+ + + +## terraform-aws-security + + +### [v0.67.2](https://github.com/gruntwork-io/terraform-aws-security/releases/tag/v0.67.2) + +

+ Published: 1/23/2023 | Modules affected: private-s3-bucket, kms-master-key | Release notes +

+ +
+ + + +- Fixed private-s3-bucket ACL +- Added kms grant permissions for `cmk_user_iam_arns` supplied with conditions. + + +
+ + + +## terraform-aws-service-catalog + + +### [v0.100.1](https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.100.1) + +

+ Published: 1/30/2023 | Modules affected: base, data-stores, landingzone, mgmt | Release notes +

+ +
+ + +- Updated version of terraform-aws-security from v0.66.0 to v0.67.2. See release notes [here](https://github.com/gruntwork-io/terraform-aws-security/releases) for details + + + +
+ + +### [v0.100.0](https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.100.0) + +

+ Published: 1/10/2023 | Modules affected: data-stores, services/eks-cluster, services/eks-workers, services/eks-core-services | Release notes +

+ +
+ + + +- Adding variables to manage rds +- Updated Kubernetes to 1.24 + + + +
+ + + + + diff --git a/docs/guides/stay-up-to-date/releases/index.md b/docs/guides/stay-up-to-date/releases/index.md index 28b82e1328..d8b65cd57d 100644 --- a/docs/guides/stay-up-to-date/releases/index.md +++ b/docs/guides/stay-up-to-date/releases/index.md @@ -11,7 +11,8 @@ Library](https://gruntwork.io/infrastructure-as-code-library/), grouped by month updates in your code, check out the [updating documentation](/guides/working-with-code/using-modules#updating). - + + @@ -96,6 +97,6 @@ updates in your code, check out the [updating documentation](/guides/working-wit From 4294d6cfb3296fd1ebc6664b9373cc14e0ee848b Mon Sep 17 00:00:00 2001 From: Yevgeniy Brikman Date: Thu, 2 Feb 2023 16:45:51 +0000 Subject: [PATCH 2/2] Update to cut off at Jan 31 --- docs/guides/stay-up-to-date/index.md | 3 ++- .../stay-up-to-date/releases/2022-12/index.md | 4 ++-- .../stay-up-to-date/releases/2023-01/index.md | 20 +------------------ docs/guides/stay-up-to-date/releases/index.md | 4 ++-- 4 files changed, 7 insertions(+), 24 deletions(-) diff --git a/docs/guides/stay-up-to-date/index.md b/docs/guides/stay-up-to-date/index.md index b89d2c3855..e2b7f79502 100644 --- a/docs/guides/stay-up-to-date/index.md +++ b/docs/guides/stay-up-to-date/index.md @@ -30,6 +30,7 @@ import CardGroup from "/src/components/CardGroup" + @@ -108,6 +109,6 @@ href="/guides/stay-up-to-date/terraform/terraform-1.1" diff --git a/docs/guides/stay-up-to-date/releases/2022-12/index.md b/docs/guides/stay-up-to-date/releases/2022-12/index.md index c3e292cfea..f8d2e17b30 100644 --- a/docs/guides/stay-up-to-date/releases/2022-12/index.md +++ b/docs/guides/stay-up-to-date/releases/2022-12/index.md @@ -63,7 +63,7 @@ Here are the repos that were updated: -- Use BuildKit pattern for passing secrets in the CircleCI build +- Use BuildKit pattern for passing secrets in the CircleCI build **[BACKWARD INCOMPATIBLE]** - Fix intermittent test failure - Use main branch in deploy-runner docker image - Fix installing `gox` in Go 1.17 and newer @@ -333,6 +333,6 @@ Special thanks to the following user for their contribution! diff --git a/docs/guides/stay-up-to-date/releases/2023-01/index.md b/docs/guides/stay-up-to-date/releases/2023-01/index.md index 599022977d..04ddc0e759 100644 --- a/docs/guides/stay-up-to-date/releases/2023-01/index.md +++ b/docs/guides/stay-up-to-date/releases/2023-01/index.md @@ -82,24 +82,6 @@ This release switches `repo-copier` to using your locally installed `git` instan ## terraform-aws-cis-service-catalog -### [v0.42.7](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.7) - -

- Published: 1/31/2023 | Modules affected: data-stores | Release notes -

- -
- - - -- Update tflint patch to latest docker and remove include root -- Plumb `maintenance_window` variable from CIS RDS module through to base RDS module - - - -
- - ### [v0.42.6](https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases/tag/v0.42.6)

@@ -390,6 +372,6 @@ If you wish to maintain backward compatibility with your existing setup of the E diff --git a/docs/guides/stay-up-to-date/releases/index.md b/docs/guides/stay-up-to-date/releases/index.md index d8b65cd57d..2ea403b91f 100644 --- a/docs/guides/stay-up-to-date/releases/index.md +++ b/docs/guides/stay-up-to-date/releases/index.md @@ -11,7 +11,7 @@ Library](https://gruntwork.io/infrastructure-as-code-library/), grouped by month updates in your code, check out the [updating documentation](/guides/working-with-code/using-modules#updating). - + @@ -97,6 +97,6 @@ updates in your code, check out the [updating documentation](/guides/working-wit