- Improvements to 2 existing modules.
- 1 new module.
- 1 new example.
- nat-gateways: Add additional variables
enable_nat_creation
andnat_eip
for enabling support for migrating EIP between NAT gateways. single-node-asg
: Pass thealb_target_group_arns
to theasg
modulesingle-port-sg-src
: This new module is a fork of the existinsingle-port-sg
module (to supportsource_security_group
).setup-meta-infrastructure
: Add allGet*
andList*
actions topower-user
simple-snag
: Add a basic example for the Single-Node AutoScaling Group module/pattern
Updates to the ASG module
asg
: Switch up how targets groups are associated with the ASGasg
: addprotect_from_scale_in
to allow instance termination protectionasg
: addsuspended_processes
- No changes
New modules and function extendings.
-
dlm-lifecycle-policy: Merge dlm-lifecycle-iam-role.
-
init-snippet-install-docker-yum: CentOS script to install docker/docker-compose.
-
init-snippet-attach-ebs-volume: Working on CentOS now. Generates required device name now despite Linux differences.
-
single-node-asg: Output the attached EBS Name tag for DLM to match.
-
rds: RDS database.
-
s3-remote-state: fix for #286.
-
asg: add protect_from_scale_in and suspended_processes attrs.
- No changes
Fix an issue with the ami-centos
module where it would pull similarly named ami's
from untrusted 3rd parties
ami-centos
in #299
- No changes
Small release to update the tf-cloud-credential
module to use the workspace_id
instead of the workspace name to set credentials for that workspace.
tf-cloud-credential
in #293
- No changes
Quick release to address resource name bug in single-port-sg
module. Will
review the others for the next release.
single-port-sg
: fixup - to _ in resource names
- No changes
- Support encrypted EBS volumes on ASG, for root and data volumes.
- Update linting tests
- Update 2 init snippets
init-snippet-attach-ebs-volume
: Retrying attaching EBSasg
: Add support for encrypting the root and additional attached EBS volumes.init-snippet-install-awscli
: Uses Python3 for awscli. (#281)
- No changes
New feature for asg
module and bugfix for tf-cloud-credentials
module.
asg
: Allow ASG instances to have additional EBS block devicestf-cloud-credentials
: Switch the module to use a datasource to lookup an existing TF Cloud workspace instead of trying to create one.
- No changes.
- Fixes and updates to a few modules, mostly related to IAM.
iam-users
: fixed error from zipmap in outputs when a user gets deleted from user listtf-cloud-credential
: minor interpolation cleanup, added module to testssetup-meta-infrastructure
: Parameterize password length and age for iam password policy.iam-instance-profile
: Add role ID ouput for IAM instance profile module.
- No changes.
- Updates to
asg
andvpc
modules, new example for AD w/ Windows Server.
asg
: dropavailability_zones
parameter.vpc
: Added variabledomain_name
to enable setting a custom domain_name in the VPC DHCP Options Set.
ad-ec2
: Demonstrate how an Windows EC2 instance seamlessly joins an Active directory when it gets newly spawned.
- New module:
tf-cloud-credentials
. - Updates to DLM and other modules.
tf-cloud-credentials
: Adds module for associating existing AWS credentials with a Terraform Cloud workspace.dlm-lifecycle-iam-role
: Added DLM IAM role to allow create snapshotsdlm-lifecycle-policy
: Update DML module to tf 0.12 and move the IAM role to another role- Module to enable DML lifecycle policies
- Revert removing output
asg_iam_role_name
- Bugfix for
persistent-ebs
- No changes.
- Various updates to the
setup-meta-infrastructure
,asg
, andnat-gateways
modules.
setup-meta-infrastructure
: add "iam:Get{User,Role,Policy}" permissions for power-users.- lifecycle hooks added to
asg
and soasg-lifecycle
was removed nat-gateways
: Breaking change: move the inline route route in the route table to a separate route, so that users of the module can add extra routes to it without causing conflicts. Note: after you upgrade, you will likely get an error that theaws_route.private_nat_gateway
route already exists. You will need to manually remove the conflicting route (which was created by the old inline route), for example in the AWS console, and then re-apply to add it back.
- No changes.
- Update
iam-instance-profile
module.
iam-instance-profile
: Add role ouput for IAM instance profile module.
- No changes.
- New module for IAM
- Fixes to ASG, single-node-ASG and persistent-ebs modules
- Drop deprecated nexus-asg example
- Fixes for VPC Scenario 2 example
iam-instance-profile
: Add new module, abstract the usage pattern of IAM instance profile.single-node-asg
:- update to use new
iam-instance-profile
module - whitespace fixup
- use
locals{}
block to improve readability
- update to use new
persistent-ebs
: update to use newiam-instance-profile
module and sync with recent updates to thesingle-node-asg
moduleasg
: parametize target group and health check type
nexus-asg
: Drop deprecated example.vpc-scenario-2
:- Fix updates missed during v0.12.x upgrade
- Improve
Makefile
- Set name tag on ELB
- Bug fixes for some network modules
- subnets: use name subnets like 01, 02, 03, not with zero index (eg 00)
- nat-gateways: support adding tags for the aws_nat_gateway resource
- nat-gateways: accept a longer list of private subnets than public/NAT GWs
- examples/vpc-scenario-2: fixup
all
target
- Improve support for autoscaling ASG.
- Fixup
ami-centos
module forv0.12.x
autoscaling-policy-metric-alarm-pair
: Add a new module that provides the autoscaling functions extracted from theload-asg
example.ami-centos
: simple module to get the ami id of the specified release of CentOS.
load-asg
: updated to use newautoscaling-policy-metric-alarm-pair
module
Initial support for Terraform v0.12.x and HCL 2. Probably got bugs.
All modules and examples have been updated. Tests have been run, but that does not mean bug free. More testing will likely find additional issues. New releases will be made to accomodate.
- Disable tests for the new new IAM user/group modules, which do not support v0.11.x
- New module for looking up CentOS AMIs on AWS
ami-centos
: simple module to get the ami id of the specified release of CentOS.
ami-centos-test
: New testing example forami-centos
.
Breaking change in the single-port-sg
module (if you are using UDP, TCP should
not see any break).
single-port-sg
: Add support for UDP ruleskube-controller-sg
: Update to sync withsingle-port-sg
module
iam-group
: add new module to create a group and manage the members and policy attachments for that group, only for Terraform v0.12.xiam-users
: add new module to create a bunch of IAM user resources from a list of usernames, only for Terraform v0.12.xvpc-legacy
: drop deprecated module- The following modules have templates that were updated to resolve issues related to
this upstream release of the template provider:
consul-agent-generic-init
consul-leaders-generic-init
ha-management-cluster
init-snippet-attach-ebs-volume
init-snippet-config-consul-leader
init-snippet-config-upstart-consul
init-snippet-consul-agent
init-snippet-consul-leader
init-snippet-consul-template
init-snippet-hostname-simple
init-snippet-hostname
init-snippet-install-consul
init-snippet-install-ops
init-snippet-nexus
init-snippet-nomad-agent
init-snippet-prometheus
init-snippet-write-bootstrap-pillar
vpc-scenario-2
: minor bugfix for NAT count
vpc-scenario-2
: Update for improved testing of the scenario and related modulesgitlab-ha
: UpdateMakefile
vpc-gateway
: correct module path referencelegacy
: drop deprecated example
- Some minor module updates, a couple of new modules, and a couple of new examples
- New contributing guide and issue templates
ami-ubuntu
: Addbionic
(18.04
) to the list of LTS AMIscredstash-grant-reader
andcredstash-grant-writer
: Add new modules using AWS resources instead of bash scripts
kops-with-vpc
: add new example, kops in a vpc made by terraform (#177)lifecycle-hooks
: add new example, with lifecycle hooks for ASGs
- Two minor updates
credstash-grant
: add support for the AWS_PROFILE envvar
gitlab-ha
: UpdateMakefile
to respect the user's preferred shell when spawing an interactive shell.
- breaking changes to modules that use ASG and previously had
desired_capacity
, this parameter is dropped to ensure scaling policies are ok. - overhaul gitlab examples, see pr-164, pr-167 and pr-168
asg
: removedesired_capacity
inputasg
: addtermination_policies
inputconsul-cluster
: removedesired_capacity
inputconsul-leaders
: removedesired_capacity
inputkube-stack
: removecontroller_desired_capacity
andworker_desired_capacity
inputskube-controller-asg
: add new module
- refactor the workflow in the
gitlab-asg
example, adding support for TLS and much more - rename
gitlab-asg
example -->gitlab-simple-ha
, pr-164 - duplicate
gitlab-simple-ha
asgitlab-ha
, both can now get updates independent of one another, pr-167 - update
gitlab-simple-ha
to use EIP instead of ELB, drop TLS, pr-168
- enhancements to various modules
ec2-auto-recover-instance
: fixup interpolationkube-stack
: updates for ELB
- quick bugfix release
vpc-scenario-2
: drop redundant azsaws-ipsec-vpn
: connection type is hardcoded to 'ipsec.1'
- enhancements to various modules
- move
terraform-vpc
to examples and update packer build
r53-subdomain
: added zone name outputssingle-node-asg
: drop az from the EBS volume name (it was redundant)aws-ipsec-vpn
: add support for govcloud and FIPS endpointsinit-snippet-curator
:- bugfix for
master_only
- parametize index retention units
- pin pip at 9.x
- bugfix for
- move
terraform-vpc
toexamples
- Refine test suite and get CI build green
- Improve type checking in module variables
- Demo how to validate S3 policies with new env and test suite
- Various module bugfixes
s3-full-access-policy
: add env and initial test suite - #122vpc-scenario-2
: refactor hardcoded AZ list, use locals - #134
prometheus-server
: sync with changes to variables/modules - #107credstash-setup
: pip 10 is a failure, use pip 9.x for now - #145init-snippet-install-awscli
: pip 10 is a failure, use pip 9.x for now - #145bind-server
: allowdb_records_folder
variable to be empty - #135- add type definitions to all variables in all modules - #108
kubespray
: parametize docker tag - #123
- add
Makefile
to install tools and init Terraform - use
tflint
0.6.0 to resolve #107 - drop
vpc-legacy
module from the test suite - enable tfinit for [#104][104], disable
undeclared-variables
for #141
- correct
vpc_cidr
- fixup helpdoc in Makefile, #76
- refactor out hardcoded AZ list, use
locals
- add
generate-ssh-key
target to Makefile make network
should targetnat-gateways
- az bugfix for web instance, #125
- update for consistency with other example env
- fixup README
- fixup
make test
- add missing security group rule for ELB
- update for consistency with other example env
- fix build, improve Makefile
- fix build, improve Makefile
- use
aws_subnet
data source to lookup subnets - use
element()
instead ofvar.foo[]
syntax
- support empty private_ips, allow disabling DNS
- Initial CI setup, run
tflint
- how to setup ci, #113
ex/kube-stack-private
: tag public subnets for ELBsex/kube-stack-private
: useextra_tags
for changes in Kuberneteskube-stack
: add missing tag for kubernetesvpc-scenario-2
: refactor how extra_tags are usedvpc-scenario-2
: usevar.private_subnet_cidrs
fornat_count
vpc-scenario-4
: fixup outputs and subnet module parametersexamples/nexus-asg
: Use theubuntu-ami
module, drop hardcoded AMIdocs
: addtesting-design
docexamples/vpc-scenario-peering
: Correct destroy target in Makefile, this was previously unable to properly destroy the deployment.modules/vpc-scenario-2
: usevar.private_subnet_cidrs
fornat_count
vpc-scenario-2
: refactor howextra_tags
are used. Support adding specific tags to specific components in the boxed VPC. Update thekube-stack-private
env to use these new variables. This greatly simplifies how tags are supported and used in the kubernetes env.- Refactor inline IAM policies into proper data sources
- Implement lightweight test framework to automate finding bugs in our modules and example Terraform env
Minor bugfix release
- Fixup quotes in
init-snippet-exec
module
Massive update to nearly all aspects of the module repo, including:
- New modules and example environments
- Refactored security group modules
- Updates to get modules visible on the Terraform registry
- Many updates to various modules