What​

• Add scaling configuration variables for both Serverless and Serverless v2 to aurora-postgres
• Update aurora-postgres README

Why​

• Support both serverless options
• Add an explanation for how to configure each, and where to find valid engine options

References​

• n/a

What​

• Update component dependencies for the AWS provider V5

Requested components:

• cloudtrail-bucket
• config-bucket
• datadog-logs-archive
• eks/argocd
• eks/efs-controller
• eks/metric-server
• spacelift-worker-pool
• eks/external-secrets-operator

Why​

• Maintenance

What​

• prevent fargate agents
• use sockets instead of ports for APM
• enable other services

Why​

• Default Datadog APM enabled over k8s

References​

What​

• Added FAQ to the TGW upgrade guide for replacing attachments
• Added note about destroying TGW components
• Added option to not create TGW propagation and association when connecting an alternate VPC

Why​

• When connecting an alternate VPC in the same region as the primary VPC, we do not want to create a duplicate TGW propagation and association

References​

• n/a

What​

• Set module.context to module.cluster across all resources
• Only set parameter for replica if cluster size is > 0
• enabled: false support

Why​

• Missing tags for SSM parameters for cluster attributes
• Serverless clusters set cluster_size: 0, which will break the SSM parameter for replica hostname (since it does not exist)
• Support enabled false for aurora-*-resources components

References​

• n/a

What​

• Update root_stack output in modules/spacelift/admin-stack/outputs.tf

Why​

• Fix the issue described in https://github.com/cloudposse/terraform-aws-components/issues/771

Related​

• Closes https://github.com/cloudposse/terraform-aws-components/issues/771

What​

• Update relative path to account-map in spacelift/worker-pool/providers.tf

Why​

• Fixes

What​

• Set the default component name for vpc in variables, not remote-state

Why​

• Bring visibility to where the default is set

References​

• Follow up on comments on

What​

• Allow optional VPC component names in the aurora components

Why​

• Support deploying the clusters for other VPC components than "vpc"

References​

• n/a

What​

For aws-sso:

• Fix root provider, improperly restored in
• Restore SetSourceIdentity permission inadvertently removed in

Why​

• When deploying to identity, root provider did not reference root account
• Likely unintentional removal due to merge error

References​

What​

• remove defaults.auto.tfvars from component modules

Why​

• in favor of drying up configuration using atmos

Notes​

• Some defaults may not be captured yet. Regressions might occur.

What​

• Upgrade aws-config and conformance pack modules to 1.1.0

Why​

• They're outdated.

References​

What​

• [eks/alb-controller] Change name of local variable from distributed_iam_policy_overridable to overridable_distributed_iam_policy

Why​

• Cloud Posse style guide requires overridable as prefix, not suffix.

What​

• [eks/alb-controller] Update ALB controller IAM policy

Why​

• Previous policy had error preventing the creation of the ELB service-linked role

What​

• set alternate git provider blocks to filter under settings.spacelift

Why​

• Debugging GitLab support specifically
• These settings should be defined under settings.spacelift, not as a top-level configuration

References​

• n/a

What​

• Added a placeholder file for docs/upgrade-guide.md with a basic explanation of what is to come

Why​

• With we moved the contents of this upgrade-guide file to the individual component. We plan to continue adding upgrade guides for individual components, and in addition, create a higher-level upgrade guide here
• However, the build steps for refarch-scaffold expect docs/upgrade-guide.md to exist and are failing without it. We need a placeholder until the account-map, etc changes are added to this file

References​

• Example of failing release: https://github.com/cloudposse/refarch-scaffold/actions/runs/5885022872

What​

• Update the GuardDuty component to enable GuardDuty on the root account

Why​

The API call to designate organization members now fails with the following if GuardDuty was not already enabled in the organization management (root) account :

Error: error designating guardduty administrator account members: [{
│   AccountId: "111111111111,
│   Result: "Operation failed because your organization master must first enable GuardDuty to be added as a member"
│ }]

why

TFLint in components/terraform/eks/cluster/:
2 issue(s) found:

Warning: [Fixable] local.identity_account_name is declared but not used (terraform_unused_declarations)

  on main.tf line 9:
   9:   identity_account_name = module.iam_roles.identity_account_account_name

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.4.0/docs/rules/terraform_unused_declarations.md

Warning: [Fixable] variable "aws_teams_rbac" is declared but not used (terraform_unused_declarations)

  on variables.tf line 117:
 117: variable "aws_teams_rbac" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.4.0/docs/rules/terraform_unused_declarations.md

What​

• Update remote-states modules to the latest version

Why​

• remote-state version 1.5.0 uses the latest version of terraform-provider-utils which uses the latest version of Atmos with many new features and improvements

What:​

• Updated the following to utilize the newest version of cloudposse/utils/aws:

0.8.1 modules/spa-s3-cloudfront
1.1.0 modules/aws-config
1.1.0 modules/datadog-configuration/modules/datadog_keys
1.1.0 modules/dns-delegated

Why:​

• cloudposse/utils/aws components were not updated to 1.3.0

References:​

• AWS Utils