Components Changelog
Subscribe through RSS feeds to stay up-to-date with new releases!
View on GitHub
1.200.1
1.200.0
- No changes
1.199.0
1.198.3
🐛 Bug Fixes
Correct `cloudtrail` Account-Map Reference
What
- Correctly pull Audit account from
account-map
forcloudtrail
- Remove
SessionName
from EKS RBAC user name wrongly added in
Why
- account-map remote state was missing from the
cloudtrail
component - Account names should be pulled from account-map, not using a variable
- Session Name automatically logged in
user.extra.sessionName.0
starting at Kubernetes 1.20, plus addition had a typo and was only on Teams, not Team Roles
References
1.198.2
🚀 Enhancements
bump config yaml dependency on account component as it still depends on hashicorp template provider
What
- Bump cloudposse/config/yaml module dependency from version 1.0.1 to 1.0.2
Why
- 1.0.1 still uses hashicorp/template provider, which has no M1 binary equivalent, 1.0.2 already uses the cloudposse version which has the binary
References
1.198.1
1.198.0
Add `aws-shield` component
What
- Add
aws-shield
component
Why
The component is responsible for enabling AWS Shield Advanced Protection for the following resources:
- Application Load Balancers (ALBs)
- CloudFront Distributions
- Elastic IPs
- Route53 Hosted Zones
This component also requires that the account where the component is being provisioned to has been subscribed to AWS Shield Advanced.
1.197.2
🚀 Enhancements
EKS terraform module variable type fix
What
- use
bool
rather thanstring
type for a variable that's designed to holdtrue
/false
value
Why
- using
string
makes the if .Values.pvc_enabled condition always true and creates persistent volumes even if they're not intended to use
1.197.1
🐛 Bug Fixes
Remove (broken) root access to EKS clusters
What
- Remove (broken) root access to EKS clusters
- Include session name in audit trail of users accessing EKS
Why
- Test code granting access to all
root
users and roles was accidentally left in and breaks when Tenants are part of account names - There is no reason to allow
root
users to access EKS clusters, so even when this code worked it was wrong - Audit trail can keep track of who is performing actions
References
1.197.0
`rds` Component readme update
What
- Updating default example from mssql to postgres
1.196.0
1.195.0
Add `iam-policy` to `ecs-service`
What
Add an option to attach the iam-policy
resource to ecs-service
Why
This policy is already created, but is missing its attachment. We should attach this to the resource when enabled
References
https://cloudposse.slack.com/archives/CA4TC65HS/p1683729972134479
1.194.0
upstream `acm` and `datadog-integration`
What
- ACM allows disabling
*.my.domain
- Datadog-Integration supports allow-list'ing regions
1.193.0
Add `route53-resolver-dns-firewall` and `network-firewall` components
What
- Add
route53-resolver-dns-firewall
component - Add
network-firewall
component
Why
The
route53-resolver-dns-firewall
component is responsible for provisioning Route 53 Resolver DNS Firewall resources, including Route 53 Resolver DNS Firewall, domain lists, firewall rule groups, firewall rules, and logging configurationThe
network-firewall
component is responsible for provisioning AWS Network Firewall resources, including Network Firewall, firewall policy, rule groups, and logging configuration