Gruntwork release 2021-02
Guides / Update Guides / Releases / 2021-02
This page is lists all the updates to the Gruntwork Infrastructure as Code
Library that were released in 2021-02. For instructions
on how to use these updates in your code, check out the updating
documentation.
Here are the repos that were updated:
Published: 2/9/2021 | Release notes
Published: 2/4/2021 | Release notes
Since this repo is solely used for examples/demonstrations, and NOT meant for direct production use, we simply publish all changes at v0.0.1, with a date marker for when it was published.
Updated all module versions to the latest. Most of these were backwards compatible changes, except for the EKS / Helm updates, as we have switched to Helm provider v2. Refer to the Migration Guide down below for details.
Most modules solely require a version number bump. The one exception is that if you're using EKS and Helm, Helm provider version 2 has come out, and some minor code changes are required to use it. See the terraform-aws-eks v0.32.0 release notes for instructions.
Published: 2/16/2021 | Release notes
Published: 2/10/2021 | Release notes
Published: 2/5/2021 | Release notes
Published: 2/4/2021 | Release notes
Published: 2/26/2021 | Modules affected: redis | Release notes
- AWS ElastiCache, and the Terraform AWS provider, have changed how reader endpoints work (context), which broke the
read_endpoints output variable in the redis module. In this release, we've fixed this issue, and updated to use the new terminology and type from AWS / Terraform: the output variable is now called reader_endpoint and is a single value instead of a list.
Published: 2/9/2021 | Modules affected: redis | Release notes
- Several months ago, AWS made a backward-incompatible change related to the Elasticache Replication Group Multi-AZ behavior, introducing a new
MultiAZEnabled toggle. This means that, the last several months, if you deployed Redis with with enable_automatic_failover set to true, but did not have this MultiAZEnabled flag—which wasn't exposed in Terraform's AWS provider—Redis would be deployed into only a single AZ. This issue was fixed in AWS provider 3.26, and in this release, we now expose a new enable_multi_az variable in the redis module so that you can configure this property. This is a backwards incompatible change, so please see the migration guide below.
Published: 2/26/2021 | Modules affected: ecs-deploy-runner | Release notes
- Fix tag handling for ref in kaniko - build-docker-image
Published: 2/25/2021 | Modules affected: ecs-deploy-runner | Release notes
The default version of tools installed in the deploy runner has been updated:
- Kaniko:
v1.5.1 - Kubergrunt:
v0.6.10 - Kubectl:
v1.19.1
Published: 2/24/2021 | Modules affected: jenkins-server | Release notes
- You can now configure IOPS for the Jenkins EBS volume by setting the new
ebs_volume_iops input parameter. Note that you'll also need to set the ebs_volume_type input parameter (which existed before) to io1.
Published: 2/11/2021 | Modules affected: ecs-deploy-runner | Release notes
- Use correct version of
terraform-aws-ci in Dockerfile for the deploy-runner.
Published: 2/8/2021 | Modules affected: ecs-deploy-runner-standard-configuration, ecs-deploy-runner, gruntwork-module-circleci-helpers | Release notes
- Fixes a bug in the arg checker for ecs-deploy-runner
- The EDR Dockerfile now installs
kubectl so that it may be used with kubergrunt and EKS.
Published: 2/5/2021 | Modules affected: ecs-deploy-runner, aws-helpers, build-helpers, check-url | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion. - Update the default
Dockerfile in ecs-deploy-runner to use Kubergrunt v0.6.9.
Published: 2/8/2021 | Modules affected: rds | Release notes
- Adds support for different primary/replica storage types in RDS.
Published: 2/26/2021 | Modules affected: ecs-cluster | Release notes
- Exposes the
enable_monitoring option to allow enabling/disabling of detailed monitoring for EC2 instances in ECS clusters.
Published: 2/23/2021 | Modules affected: ecs-service | Release notes
- Fix bug where the
ecs-service module produces Error: Inconsistent conditional result types on the IAM role.
Published: 2/4/2021 | Modules affected: ecs-service | Release notes
This release removes the service_autoscaling_iam_role_arn output from the ecs-service module. This output should have been removed in the v0.24.0 release, but it was mistakenly left in place.
Published: 2/25/2021 | Modules affected: eks-cluster-control-plane, eks-k8s-cluster-autoscaler | Release notes
Bump default k8s version to 1.19. If you wish to use Kubernetes version 1.19 with EKS, you must update kubergrunt to version 0.6.10 or newer. Note that If you were using the default (that is, you were not passing in kubernetes_version), you will need to explicitly pass in kubernetes_version = "1.18" to avoid inadvertently upgrading the EKS cluster.
Published: 2/12/2021 | Modules affected: eks-cluster-workers, eks-cluster-control-plane | Release notes
- Fix bug where workers module requires
eks_control_plane_security_group_id when create_resources is false - Add support for stringing dependencies to the Control Plane service fargate profile
Published: 2/11/2021 | Modules affected: eks-k8s-cluster-autoscaler-iam-policy, eks-k8s-cluster-autoscaler | Release notes
- Fix bug where the labels used to schedule the
eks-k8s-cluster-autoscaler on fargate was incorrect. - Allow deploying
eks-k8s-cluster-autoscaler without any ASGs.
Published: 2/15/2021 | Modules affected: alb | Release notes
- You can now configure the ACM cert statuses and types the
alb module will search for using the new acm_cert_statuses and acm_cert_types input variables. This allows you to use the alb module with both AWS-issued and imported ACM certs.
Published: 2/15/2021 | Modules affected: sns | Release notes
- You can now configure a custom KMS CMK to use with the
sns module using the new kms_master_key_id input variable.
Published: 2/23/2021 | Modules affected: ssh-grunt, account-baseline-app, account-baseline-security, aws-config-multi-region | Release notes
- The documentation for
ssh-grunt has been updated to suggest using apt-get purge instead of apt-get remove when removing ec2-instance-connect. - Corrected two bugs related to AWS Config, one of which causes a *backwards incompatible** change in the account-baseline-app and account-baseline-security modules.
- Fixes
opt_in_regions to work correctly when aggregating AWS config in multiple accounts. - Backwards incompatible: updates account-baseline-app and account-baseline-security to send notifications to the SNS topic in the Logs account. This was the intended configuration but a bug caused the topics to always be created in each region of each account. This bug has been corrected.
Published: 2/1/2021 | Modules affected: account-baseline-root, auto-update, aws-auth, aws-config-bucket | Release notes
- We recently renamed most of our repos to follow the Terraform Registry convention of
terraform-<cloud>-<name> (e.g., terraform-aws-vpc. In this release, we've updated all cross-references and links from the old names to the new names. There should be no change in behavior, and GitHub redirects old names to new names anyway, but using the up-to-date names will help reduce confusion.
Published: 2/24/2021 | Modules affected: single-server | Release notes
- You can now force the
single-server module to detach IAM policies from the IAM role on delete by setting the new input variable force_detach_policies to true. If you attach policies to the IAM role using the aws_iam_policy_attachment resource and you are modifying the role name or path, the force_detach_policies argument must be set to true and applied before attempting the operation, otherwise you will encounter a DeleteConflict error. The aws_iam_role_policy_attachment resource (recommended) does not have this requirement.
Published: 2/25/2021 | Modules affected: services/eks-cluster, services/ecs-fargate-cluster, services/ecs-service, mgmt | Release notes
- The default kubernetes version deployed by
eks-cluster is now 1.19. If you were using the default before (that is, you were not setting kubernetes_version explicitly in your variables), you will need to set it to 1.17 to avoid a cluster upgrade. Note that to use 1.19, you will need to update your kubergrunt installation to at least v0.6.10. - Fixed typo in README for landingzone/gruntwork-access
- Update dependency gruntwork-io/terratest to v0.32.8
- Update dependency gruntwork-io/terragrunt to v0.28.7
- You can now launch a Fargate based ECS cluster using the
ecs-fargate-cluster module. - You can now launch a VPC network based ECS service by configuring the
network_configuration and network_mode parameters. This allows you to successfully deploy your ECS service on Fargate.
Published: 2/23/2021 | Modules affected: landingzone, base, data-stores, mgmt | Release notes
- Fixes issue with AWS Config SNS topics
- Update dependency gruntwork-io/terraform-aws-security to v0.45.0
- Update dependency gruntwork-io/terraform-aws-ecs to v0.25.1
- Expose custom_tags for public_static_website
- Bump k8s-service module to helm 2.x provider
Published: 2/23/2021 | Modules affected: services, networking | Release notes
- Bump AWS provider version for ACM
- Fix destroy ordering of resources for
eks-cluster. NOTE: updating the eks-cluster module will reveal a destroy of the null_resource.delete_autocreated_aws_auth resource. This is expected, and is safe to roll out without downtime. Similarly, there will be an update to the aws-auth ConfigMap to remove an extraneous label that is no longer necessary.
Published: 2/22/2021 | Modules affected: services/ecs-cluster | Release notes
Fixes a bug in the ecs-cluster module to allow SSH from CIDR blocks to work correctly.
Published: 2/22/2021 | Modules affected: networking | Release notes
- Do better parallelism control in bastion host testing
- Fix malformed required_providers block in VPC module
Published: 2/22/2021 | Modules affected: data-stores | Release notes
- You can now set custom tags for the
rds module.
Published: 2/18/2021 | Modules affected: data-stores, mgmt | Release notes
- Fix RDS port docs to not mislead about default port.
bastion-host module can now be deployed with no domain
Published: 2/17/2021 | Modules affected: services | Release notes
- Expose labels and annotations for kubernetes namespaces
Published: 2/16/2021 | Modules affected: services | Release notes
- Expose tagging capabilities for the EKS cluster control plane
Published: 2/16/2021 | Modules affected: networking, services, data-stores | Release notes
- Allow specifying disallow list of availability zones for EKS
- Expose
deletion_protection parameter for Aurora
Published: 2/12/2021 | Modules affected: mgmt/jenkins | Release notes
- Adds the ability to grant KMS key permissions for the Jenkins IAM role using the
var.ebs_kms_key_arn and var.ebs_kms_key_arn_is_alias variables.
Published: 2/11/2021 | Modules affected: mgmt, services | Release notes
- Update default terragrunt version installed in jenkins to
v0.28.3. - Fix labels for scheduling EKS core services on fargate
Published: 2/10/2021 | Modules affected: services/k8s-service | Release notes
- You can now configure tmpfs volumes in your kubernetes services using the
scratch_paths input variable.
Published: 2/9/2021 | Modules affected: data-stores, mgmt, networking, base | Release notes
- Update dependency gruntwork-io/terraform-aws-data-storage to v0.17.3
- Update dependency gruntwork-io/terraform-aws-ci to v0.29.10
- Update dependency gruntwork-io/terraform-aws-vpc to v0.13.1
- The
ec2-baseline module will now remove the ec2-instance-connect package if ssh-grunt is enabled. For more information on why this is, see here.
Published: 2/8/2021 | Modules affected: services/ecs-service, services/ecs-cluster | Release notes
- Update dependency
gruntwork-io/terraform-aws-ecs v0.24.1 => v0.25.0 (release notes). As a part of this change, the output service_autoscaling_iam_role_arn was removed from the ecs-service module.
Published: 2/1/2021 | Modules affected: networking, mgmt, services, base | Release notes
All nested module dependencies have been updated to the latest upstream versions. We've also resolved warnings related to deprecated variable interpolation syntax.
- Updated dependency gruntwork-io/terraform-aws-vpc to v0.13.0
- Updated dependency gruntwork-io/gruntwork-installer to v0.0.32
- Updated dependency gruntwork-io/terraform-aws-monitoring to v0.24.1
- Updated dependency gruntwork-io/terraform-aws-server to v0.10.1
- Updated dependency gruntwork-io/terraform-aws-openvpn to v0.13.1
- Updated dependency gruntwork-io/terraform-aws-data-storage to v0.17.2
- Updated dependency gruntwork-io/terraform-aws-cache to v0.10.2
- Updated dependency gruntwork-io/terraform-aws-asg to v0.11.2
- Updated dependency gruntwork-io/terraform-aws-ecs to v0.24.1
- Updated dependency gruntwork-io/terratest to v0.32.1
- Updated dependency gruntwork-io/terraform-aws-security to v0.44.10
- Updated dependency gruntwork-io/terraform-aws-ci to v0.29.8
- Updated dependency gruntwork-io/gruntkms to v0.0.9
- Updated dependency gruntwork-io/terragrunt to v0.27.4
- Updated dependency gruntwork-io/terraform-aws-eks to v0.32.2
Published: 2/23/2021 | Modules affected: executable-dependency, instance-type, join-path, list-remove | Release notes
- Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform
0.14.x! - From this release onward, we will only be running tests with Terraform
0.14.x against this repo, so we recommend updating to 0.14.x soon! - To give you more time to upgrade, for the time being, all modules will still support Terraform
0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x. - Once all Gruntwork repos have been upgrade to work with
0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.
- Remove docker key from machine config
- Add placeholder.tf for TFC/TFE/PMR
- Lock PIP's version to be smaller than 21.0
Published: 2/8/2021 | Modules affected: vpc-app | Release notes
- You can now get the ID of the default security group in the VPC using the
default_security_group_id output variable.