- Improvements to 2 existing modules.
- 1 new module.
- 1 new example.
- nat-gateways: Add additional variables
enable_nat_creationandnat_eipfor enabling support for migrating EIP between NAT gateways. single-node-asg: Pass thealb_target_group_arnsto theasgmodulesingle-port-sg-src: This new module is a fork of the existinsingle-port-sgmodule (to supportsource_security_group).setup-meta-infrastructure: Add allGet*andList*actions topower-user
simple-snag: Add a basic example for the Single-Node AutoScaling Group module/pattern
Updates to the ASG module
asg: Switch up how targets groups are associated with the ASGasg: addprotect_from_scale_into allow instance termination protectionasg: addsuspended_processes
- No changes
New modules and function extendings.
-
dlm-lifecycle-policy: Merge dlm-lifecycle-iam-role.
-
init-snippet-install-docker-yum: CentOS script to install docker/docker-compose.
-
init-snippet-attach-ebs-volume: Working on CentOS now. Generates required device name now despite Linux differences.
-
single-node-asg: Output the attached EBS Name tag for DLM to match.
-
rds: RDS database.
-
s3-remote-state: fix for #286.
-
asg: add protect_from_scale_in and suspended_processes attrs.
- No changes
Fix an issue with the ami-centos module where it would pull similarly named ami's
from untrusted 3rd parties
ami-centosin fpco#299
- No changes
Small release to update the tf-cloud-credential module to use the workspace_id
instead of the workspace name to set credentials for that workspace.
tf-cloud-credentialin fpco#293
- No changes
Quick release to address resource name bug in single-port-sg module. Will
review the others for the next release.
single-port-sg: fixup - to _ in resource names
- No changes
- Support encrypted EBS volumes on ASG, for root and data volumes.
- Update linting tests
- Update 2 init snippets
init-snippet-attach-ebs-volume: Retrying attaching EBSasg: Add support for encrypting the root and additional attached EBS volumes.init-snippet-install-awscli: Uses Python3 for awscli. (#281)
- No changes
New feature for asg module and bugfix for tf-cloud-credentials module.
asg: Allow ASG instances to have additional EBS block devicestf-cloud-credentials: Switch the module to use a datasource to lookup an existing TF Cloud workspace instead of trying to create one.
- No changes.
- Fixes and updates to a few modules, mostly related to IAM.
iam-users: fixed error from zipmap in outputs when a user gets deleted from user listtf-cloud-credential: minor interpolation cleanup, added module to testssetup-meta-infrastructure: Parameterize password length and age for iam password policy.iam-instance-profile: Add role ID ouput for IAM instance profile module.
- No changes.
- Updates to
asgandvpcmodules, new example for AD w/ Windows Server.
asg: dropavailability_zonesparameter.vpc: Added variabledomain_nameto enable setting a custom domain_name in the VPC DHCP Options Set.
ad-ec2: Demonstrate how an Windows EC2 instance seamlessly joins an Active directory when it gets newly spawned.
- New module:
tf-cloud-credentials. - Updates to DLM and other modules.
tf-cloud-credentials: Adds module for associating existing AWS credentials with a Terraform Cloud workspace.dlm-lifecycle-iam-role: Added DLM IAM role to allow create snapshotsdlm-lifecycle-policy: Update DML module to tf 0.12 and move the IAM role to another role- Module to enable DML lifecycle policies
- Revert removing output
asg_iam_role_name - Bugfix for
persistent-ebs
- No changes.
- Various updates to the
setup-meta-infrastructure,asg, andnat-gatewaysmodules.
setup-meta-infrastructure: add "iam:Get{User,Role,Policy}" permissions for power-users.- lifecycle hooks added to
asgand soasg-lifecyclewas removed nat-gateways: Breaking change: move the inline route route in the route table to a separate route, so that users of the module can add extra routes to it without causing conflicts. Note: after you upgrade, you will likely get an error that theaws_route.private_nat_gatewayroute already exists. You will need to manually remove the conflicting route (which was created by the old inline route), for example in the AWS console, and then re-apply to add it back.
- No changes.
- Update
iam-instance-profilemodule.
iam-instance-profile: Add role ouput for IAM instance profile module.
- No changes.
- New module for IAM
- Fixes to ASG, single-node-ASG and persistent-ebs modules
- Drop deprecated nexus-asg example
- Fixes for VPC Scenario 2 example
iam-instance-profile: Add new module, abstract the usage pattern of IAM instance profile.single-node-asg:- update to use new
iam-instance-profilemodule - whitespace fixup
- use
locals{}block to improve readability
- update to use new
persistent-ebs: update to use newiam-instance-profilemodule and sync with recent updates to thesingle-node-asgmoduleasg: parametize target group and health check type
nexus-asg: Drop deprecated example.vpc-scenario-2:- Fix updates missed during v0.12.x upgrade
- Improve
Makefile - Set name tag on ELB
- Bug fixes for some network modules
- subnets: use name subnets like 01, 02, 03, not with zero index (eg 00)
- nat-gateways: support adding tags for the aws_nat_gateway resource
- nat-gateways: accept a longer list of private subnets than public/NAT GWs
- examples/vpc-scenario-2: fixup
alltarget
- Improve support for autoscaling ASG.
- Fixup
ami-centosmodule forv0.12.x
autoscaling-policy-metric-alarm-pair: Add a new module that provides the autoscaling functions extracted from theload-asgexample.ami-centos: simple module to get the ami id of the specified release of CentOS.
load-asg: updated to use newautoscaling-policy-metric-alarm-pairmodule
Initial support for Terraform v0.12.x and HCL 2. Probably got bugs.
All modules and examples have been updated. Tests have been run, but that does not mean bug free. More testing will likely find additional issues. New releases will be made to accomodate.
- Disable tests for the new new IAM user/group modules, which do not support v0.11.x
- New module for looking up CentOS AMIs on AWS
ami-centos: simple module to get the ami id of the specified release of CentOS.
ami-centos-test: New testing example forami-centos.
Breaking change in the single-port-sg module (if you are using UDP, TCP should
not see any break).
single-port-sg: Add support for UDP ruleskube-controller-sg: Update to sync withsingle-port-sgmodule
iam-group: add new module to create a group and manage the members and policy attachments for that group, only for Terraform v0.12.xiam-users: add new module to create a bunch of IAM user resources from a list of usernames, only for Terraform v0.12.xvpc-legacy: drop deprecated module- The following modules have templates that were updated to resolve issues related to
this upstream release of the template provider:
consul-agent-generic-initconsul-leaders-generic-initha-management-clusterinit-snippet-attach-ebs-volumeinit-snippet-config-consul-leaderinit-snippet-config-upstart-consulinit-snippet-consul-agentinit-snippet-consul-leaderinit-snippet-consul-templateinit-snippet-hostname-simpleinit-snippet-hostnameinit-snippet-install-consulinit-snippet-install-opsinit-snippet-nexusinit-snippet-nomad-agentinit-snippet-prometheusinit-snippet-write-bootstrap-pillar
vpc-scenario-2: minor bugfix for NAT count
vpc-scenario-2: Update for improved testing of the scenario and related modulesgitlab-ha: UpdateMakefilevpc-gateway: correct module path referencelegacy: drop deprecated example
- Some minor module updates, a couple of new modules, and a couple of new examples
- New contributing guide and issue templates
ami-ubuntu: Addbionic(18.04) to the list of LTS AMIscredstash-grant-readerandcredstash-grant-writer: Add new modules using AWS resources instead of bash scripts
kops-with-vpc: add new example, kops in a vpc made by terraform (#177)lifecycle-hooks: add new example, with lifecycle hooks for ASGs
- Two minor updates
credstash-grant: add support for the AWS_PROFILE envvar
gitlab-ha: UpdateMakefileto respect the user's preferred shell when spawing an interactive shell.
- breaking changes to modules that use ASG and previously had
desired_capacity, this parameter is dropped to ensure scaling policies are ok. - overhaul gitlab examples, see pr-164, pr-167 and pr-168
asg: removedesired_capacityinputasg: addtermination_policiesinputconsul-cluster: removedesired_capacityinputconsul-leaders: removedesired_capacityinputkube-stack: removecontroller_desired_capacityandworker_desired_capacityinputskube-controller-asg: add new module
- refactor the workflow in the
gitlab-asgexample, adding support for TLS and much more - rename
gitlab-asgexample -->gitlab-simple-ha, pr-164 - duplicate
gitlab-simple-haasgitlab-ha, both can now get updates independent of one another, pr-167 - update
gitlab-simple-hato use EIP instead of ELB, drop TLS, pr-168
- enhancements to various modules
ec2-auto-recover-instance: fixup interpolationkube-stack: updates for ELB
- quick bugfix release
vpc-scenario-2: drop redundant azsaws-ipsec-vpn: connection type is hardcoded to 'ipsec.1'
- enhancements to various modules
- move
terraform-vpcto examples and update packer build
r53-subdomain: added zone name outputssingle-node-asg: drop az from the EBS volume name (it was redundant)aws-ipsec-vpn: add support for govcloud and FIPS endpointsinit-snippet-curator:- bugfix for
master_only - parametize index retention units
- pin pip at 9.x
- bugfix for
- move
terraform-vpctoexamples
- Refine test suite and get CI build green
- Improve type checking in module variables
- Demo how to validate S3 policies with new env and test suite
- Various module bugfixes
s3-full-access-policy: add env and initial test suite - #122vpc-scenario-2: refactor hardcoded AZ list, use locals - #134
prometheus-server: sync with changes to variables/modules - #107credstash-setup: pip 10 is a failure, use pip 9.x for now - #145init-snippet-install-awscli: pip 10 is a failure, use pip 9.x for now - #145bind-server: allowdb_records_foldervariable to be empty - #135- add type definitions to all variables in all modules - #108
kubespray: parametize docker tag - #123
- add
Makefileto install tools and init Terraform - use
tflint0.6.0 to resolve #107 - drop
vpc-legacymodule from the test suite - enable tfinit for [#104][104], disable
undeclared-variablesfor #141
- correct
vpc_cidr
- fixup helpdoc in Makefile, #76
- refactor out hardcoded AZ list, use
locals - add
generate-ssh-keytarget to Makefile make networkshould targetnat-gateways
- az bugfix for web instance, #125
- update for consistency with other example env
- fixup README
- fixup
make test - add missing security group rule for ELB
- update for consistency with other example env
- fix build, improve Makefile
- fix build, improve Makefile
- use
aws_subnetdata source to lookup subnets - use
element()instead ofvar.foo[]syntax
- support empty private_ips, allow disabling DNS
- Initial CI setup, run
tflint
- how to setup ci, #113
ex/kube-stack-private: tag public subnets for ELBsex/kube-stack-private: useextra_tagsfor changes in Kuberneteskube-stack: add missing tag for kubernetesvpc-scenario-2: refactor how extra_tags are usedvpc-scenario-2: usevar.private_subnet_cidrsfornat_countvpc-scenario-4: fixup outputs and subnet module parametersexamples/nexus-asg: Use theubuntu-amimodule, drop hardcoded AMIdocs: addtesting-designdocexamples/vpc-scenario-peering: Correct destroy target in Makefile, this was previously unable to properly destroy the deployment.modules/vpc-scenario-2: usevar.private_subnet_cidrsfornat_countvpc-scenario-2: refactor howextra_tagsare used. Support adding specific tags to specific components in the boxed VPC. Update thekube-stack-privateenv to use these new variables. This greatly simplifies how tags are supported and used in the kubernetes env.- Refactor inline IAM policies into proper data sources
- Implement lightweight test framework to automate finding bugs in our modules and example Terraform env
Minor bugfix release
- Fixup quotes in
init-snippet-execmodule
Massive update to nearly all aspects of the module repo, including:
- New modules and example environments
- Refactored security group modules
- Updates to get modules visible on the Terraform registry
- Many updates to various modules