SSO upgrades and Support for Assume Role from Identity Users
What
- Upgraded
aws-sso
to use 0.7.1
modules - Updated
account-map/modules/roles-to-principals
to support assume role from SSO users in the identity account - Adjusted
aws-sso/policy-Identity-role-RoleAccess.tf
to use the identity account name vs the stage so it supports
names like core-identity
instead of just identity
Why
aws-sso
users could not assume role to plan/apply terraform locally- using
core-identity
as a name broke the aws-sso
policy since account identity
does not exist in
full_account_map
References
Add Redshift component -lobur
What
Why
- Fulfilling the AWS catalog
References
update dd agent docs
What
- Update Datadog Docs to be more clear on catalog entry
feat: updates spacelift to support policies outside of the comp folder
What
- Adds back
policies_by_name_path
variable to spacelift component
Why
- Allows specifying spacelift policies outside of the component folder
References
[sso-saml-provider] Upstream SSO SAML provider component
What
- [sso-saml-provider] Upstream SSO SAML provider component
Why
upstream `opsgenie-team`
What
- Upstreams latest opsgenie-team component
[eks/argocd] Upstream ArgoCD
`aws-backup` upstream
What
- Update
aws-backup
to latest
upstream lambda pt2
What
- Add archive zip
- Change to python (no compile)
upstream `lambda`
What
- Upstream
lambda
component
Why
- Quickly deploy serverless code
Upstream `ACM` and `eks/Platform` for release_engineering
What
- ACM Component outputs it's acm url
- EKS/Platform will deploy many terraform outputs to SSM
Why
- These components are required for CP Release Engineering Setup
Upstream datadog logs archive
Upstream `dynamodb`
What
- Updated the
dynamodb
component
Why
- maintaining up-to-date upstream component
References
fix dd-forwarder: datadog service config depends on lambda arn config
Upstream `spa-s3-cloudfront`
What
- Added missing component from upstream
spa-s3-cloudfront
Why
- We use this component to provision Cloudfront and related resources
References
Upstream `aurora-mysql`
What
- Upstreaming both
aurora-mysql
and aurora-mysql-resources
Why
- Added option for allowing ingress by account name, rather than requiring CIDR blocks copy and pasted
- Replaced the deprecated provider for MySQL
- Resolved issues with Terraform perma-drift for the resources component with granting "ALL"
References
Upstream `aurora-postgres`
What
- Upstreaming
aurora-postgres
and aurora-postgres-resources
Why
- TLC for these components
- Added options for adding ingress by account
- Cleaned up the submodule for the resources component
- Support creating schemas
- Support conditionally pulling passwords from SSM, similar to
aurora-mysql
`datadog-private-locations` update helm provider
What
- Updates Helm Provider to the latest
Why
Remove extra var from stack example
What
- Stack example has an old variable defined
Why
The root module does not declare a variable named "eks_tags_enabled" but a value was found in file "uw2-automation-vpc.terraform.tfvars.json".
References
🚀 Enhancements
Fixed non-html tags that fails rendering on docusaurus
What
Why
- Rendering has been failing on docusaurus mdx/jsx engine