CHANGELOG.md

Changelog

0.85.0 (2024-10-17)

Features

• trigger release please (#662) (9d80dd2)

0.84.1 (2024-10-17)

Bug Fixes

• Move out power user group (#659) (68a0747)

0.84.0 (2024-10-16)

Features

• Add groups to databricks-default-cluster-policies module (#655) (94ed7e5)

0.83.5 (2024-10-16)

Bug Fixes

• CDI-3452 - Fix references for dbx volumes to allow creating volume on existing catalog and bucket (#656) (09ad9c8)

0.83.4 (2024-10-14)

Bug Fixes

• remove read_file permissions from dbx volume (#653) (3ef78e5)

0.83.3 (2024-10-14)

Bug Fixes

• refine and downscope UC grants for volume (#651) (617cb81)

0.83.2 (2024-10-11)

Bug Fixes

• fix volume catalog grant principal (#649) (5447969)

0.83.1 (2024-10-01)

Bug Fixes

• Conditionally create grant (#647) (f068b40)

0.83.0 (2024-10-01)

Features

• New module volumes on existing catalogs (#645) (ae60a9c)

0.82.2 (2024-09-11)

Bug Fixes

• Add depends_on to databricks_catalog (#641) (dac9a81)

0.82.1 (2024-09-04)

Bug Fixes

• resolve small clusters compute policy and legacy shared policy (#639) (cc3643b)

0.82.0 (2024-09-03)

Features

• create service account role module for EKS (#636) (d6ecfd3)

0.81.0 (2024-09-03)

Features

• Add BROWSE to catalog perms (#634) (041c3e9)

0.80.0 (2024-08-27)

Features

• Catalog prefix option (#631) (44b9e6b)

0.79.0 (2024-08-22)

Features

• trigger release and fix docs (#629) (730a6d5)

0.78.2 (2024-08-21)

Bug Fixes

• update READMEs for aws-aurora, aws-aurora-postgres, aws-aurora-mysql (#626) (7eed8f0)

0.78.1 (2024-08-21)

Bug Fixes

• move the auth token generation out of the redis module for integration reasons (#623) (a3c33dd)

0.78.0 (2024-08-20)

⚠ BREAKING CHANGES

• update redis replication group to use new aws provider (#613)

Features

• update redis replication group to use new aws provider (#613) (eca5fd0)

Bug Fixes

• mysql cluster defaults (#619) (7891044)

0.77.2 (2024-08-19)

Bug Fixes

• Allow dbx storage credentials roles to be self-assuming (#620) (47970b3)

0.77.1 (2024-08-19)

Bug Fixes

• missing dollar sign for text interpolation (#617) (2f27356)

0.77.0 (2024-08-19)

Features

• Create databricks catalog ext loc modules (#614) (8b47a1c)

Bug Fixes

• Make github-app-token one version (#615) (ce5296c)

0.76.0 (2024-07-24)

Features

• add condition_operator field to allow overriding StringEquals with StringLike (#610) (86bab99)

0.75.0 (2024-07-24)

Features

• add jwt_condition option to oidc variable for IAM trust relationships (#608) (5320504)

0.74.0 (2024-07-18)

Features

• CDI-3149 - Allow use of existing catalogs and schemas for databricks volumes (#606) (7735218)

0.73.3 (2024-07-03)

Bug Fixes

• CDI-3123 - fix service principal TF type (#604) (06858ca)

0.73.2 (2024-07-03)

Bug Fixes

• dbx service principal ref (#602) (8929d7a)

0.73.1 (2024-07-03)

Bug Fixes

• resource block name missing (#600) (0c43eeb)

0.73.0 (2024-07-02)

Features

• add service principal to workspace module (#598) (e9ea41a)

0.72.1 (2024-06-25)

Bug Fixes

• add wait for race condition and clean up names (#595) (61c5437)

0.72.0 (2024-06-25)

Features

• CDI-3103 - New databricks volume module (#593) (2d72a6c)

0.71.0 (2024-06-03)

Features

• Update default CA identifier for aws-aurora modules to rds-ca-rsa2048-g1 (#591) (61cf124)

0.70.0 (2024-05-31)

Features

• Upgrade RDS CAs to rds-ca-ecc384-g1 (#589) (5f5e7b4)

0.69.4 (2024-05-02)

Bug Fixes

• Add more tags for single node (#587) (a71d74c)

0.69.3 (2024-05-01)

Bug Fixes

• don't allow dashes in sids (7959ea0)

0.69.2 (2024-04-30)

Bug Fixes

• key the sid so they are unique (219cc4c)

0.69.1 (2024-04-24)

Bug Fixes

• update custom job policy to work with jobs (#581) (2539942)

0.69.0 (2024-04-23)

Features

• Add a new single node policy to databricks-default-cluster-policies (#579) (2723df6)

0.68.0 (2024-04-19)

Features

• Allowing on demand instances for Job Compoute databricks compute policy (#577) (639a9ac)

0.67.1 (2024-04-11)

Bug Fixes

• make aws-iam-role adaptable to oidc & saml changes (#574) (173f2da)

0.67.0 (2024-03-27)

Features

• Export kms key arn (#572) (ec0aea5)

0.66.0 (2024-03-22)

Features

• Add kms_encryption variable to cloudfront logs bucket (#570) (eea7209)

0.65.5 (2024-03-21)

Bug Fixes

• Choose one type of encryption for buckets (#568) (125b37b)

0.65.4 (2024-03-07)

Bug Fixes

• add counter to resource (0ab051a)

0.65.3 (2024-03-07)

Bug Fixes

• CDI-2604 Databricks cluster policy permission grants not being applied correctly (#563) (d85282f)

0.65.2 (2024-01-26)

Bug Fixes

• Index endpoint (#561) (6bde265)

0.65.1 (2024-01-26)

Bug Fixes

• ref to cluster instance (#559) (bdaf441)

0.65.0 (2024-01-26)

Features

• Export aws_rds_cluster_instance in aurora postgres module (#557) (e2ef7d0)

0.64.0 (2024-01-26)

Features

• Fix download of snowflake terraform provider (#556) (4fcc1e0)
• Output aurora db instance (#554) (e226871)

0.63.4 (2024-01-19)

Bug Fixes

• [ONCALL-693] Trigger release of databricks-default-cluster-policies (#552) (3080122)

0.63.3 (2024-01-10)

Bug Fixes

• remove deprecated overwrite param in this module (#548) (a47c396)

0.63.1 (2023-11-16)

Bug Fixes

• personal instance pools var for databricks compute policies (#543) (541f8d3)

0.63.0 (2023-11-15)

Features

• add pool use to personal compute Databricks policy (#542) (9d4cd22)

0.62.3 (2023-11-03)

Bug Fixes

• module name fix (42b328d)

0.62.2 (2023-11-03)

Bug Fixes

• Split out job compute policy between single and multi node (#537) (770b19e)

0.62.1 (2023-10-31)

Bug Fixes

• remove unused databricks-workspace-e2 variable (#535) (a21509b)

0.62.0 (2023-10-31)

Features

• CDI-2182 Add databricks-default-cluster-policy module (#531) (4c70f29)
• CDI-2183 Add databricks-cluster-log-permissions module (#532) (2e5974a)

Bug Fixes

• update readmes and trigger release (#534) (7fef82a)

0.61.0 (2023-10-30)

Features

• all more options when creating the trust relationship (#525) (edfff23)

0.60.1 (2023-10-03)

Bug Fixes

• trigger release for S3 default KMS encryption fix (#521) (8bf754e)

0.60.0 (2023-09-22)

Features

• Remove deprecated overwrite parameter (#519) (2dc7203)

0.59.0 (2023-08-28)

Features

• Support image tag mutability and scan settings (#517) (64e5e47)

0.58.0 (2023-06-28)

Features

• AWS provider version bump to support BucketOwnerEnforced object ownership value (#512) (9053640)
• CDI-1607 Add KMS encryption key var to s3 bucket (#514) (c946dd0)

0.57.4 (2023-06-14)

Bug Fixes

• Use id and not resource itself as value (#510) (c039cf6)

0.57.3 (2023-06-12)

Bug Fixes

• Ternary operator for variable validation check against null (#508) (e25a681)

0.57.2 (2023-06-12)

Bug Fixes

• default value comparison (#506) (0e9e2d4)

0.57.1 (2023-06-12)

Bug Fixes

• Add null default as accepted value (#504) (f15b985)

0.57.0 (2023-06-12)

Features

• aws-s3-private-bucket Allow specifying bucket object blanket ownership (#502) (f7f45b8)

0.56.2 (2023-05-30)

Bug Fixes

• Handle empty and blank source policies (#498) (6ac0451)

0.56.1 (2023-05-30)

Bug Fixes

• Replace a deprecated source_json attribute (#495) (93381a4)

0.56.0 (2023-05-26)

Features

• output additional info from aws-aurora-postgres (#491) (4d131c5)

Bug Fixes

• address issue with public access block on public s3 bucket (#492) (e1c5c5c)
• cut out cztack-ci-2 from workflow, use standard way to authorize cztack-ci-1 (#486) (ce8e47b)
• fixing acl issue on cloudfront buckets (#493) (22187dd)
• rotator deprecation - oidc auth to aws in cztack workflow runs (#488) (c72fa79)
• Source_json is removed in aws provider 5.0.x (#494) (70a6dae)

0.55.1 (2023-05-03)

Bug Fixes

• sid alphanumeric (#484) (2266f9d)

0.55.0 (2023-05-02)

Features

• add dynamodb policy (#482) (9858f8d)

0.54.0 (2023-04-25)

Features

• make github CI role opensource (#480) (746d5a9)

0.53.2 (2023-04-21)

Bug Fixes

• bump version (58486a4)

0.53.1 (2023-04-18)

Bug Fixes

• remove lock file (eafedd3)

0.53.0 (2023-03-31)

Features

• Allow lambda resource collection to be turned off (per account) - [CCIE-1198] (#471) (1882eb8)

0.52.0 (2023-03-18)

Features

• allow force_destroy option on s3 buckets (#461) (3a0b34f)

0.51.1 (2023-03-06)

Bug Fixes

• Upgrade github runner (#465) (7c00bf8)

0.51.0 (2023-03-05)

Features

• add module for ecr repository (#462) (dead0af)

0.50.1 (2023-02-22)

Bug Fixes

• update docs and add ALB ARNs to ECS services (#457) (f052fd6)

0.50.0 (2023-02-15)

Features

• configure log retention in aws-lambda-edge-add-security-headers module (#454) (3cf7dc1)

0.49.2 (2022-12-14)

Bug Fixes

• pin snowflake to 0.53.0 pt 2 (#447) (7146e6f)

0.49.1 (2022-11-16)

Bug Fixes

• Add mission permission to allow ECS Fargate container exec (#440) (24b3036)

0.49.0 (2022-11-03)

Features

• add db user and pw to outputs (#434) (9232175)

0.48.0 (2022-10-17)

Features

• update github release to 3.5.0 (#431) (24955b7)

0.47.0 (2022-09-19)

Features

• add source role arns (#423) (965da8f)

0.46.0 (2022-09-06)

Features

• Add ability to pass size of ephemeral storage to ECS (#417) (d87e56e)
• limit the number of character to the maximum 32 chars (#420) (f0aa9d3)

0.45.0 (2022-07-07)

Features

• Attach ssm permissions to ecs fargate job module (#407) (5696d1d)

0.44.1 (2022-06-07)

Bug Fixes

• Update Snowflake Terraform provider source to Snowflake-Labs (#400) (fb7b329)

0.44.0 (2022-05-16)

⚠ BREAKING CHANGES

• Delete deprecated aws-acm-cert module (#379)

Features

• adding conventional commit requirement (#394) (39b962c)
• Update aws-aurora module to not use params_engine_version (#396) (d560e42)
• Variablize deletion_protection for aurora-postgres module (#385) (6aea3cb)

Bug Fixes

• broken deps (56247fd)
• Generate docs (#390) (eb1c5e2)
• linting dep on hard coded token (#389) (8560dc1)
• mods not needed anymore (#392) (68dd94f)
• release-please version and token (#388) (b1d87d2)
• remove dep on buildbot token (#387) (dcce3cc)
• update go version to fix tests breaking (#393) (253aadc)

Miscellaneous Chores

• Delete deprecated aws-acm-cert module (#379) (1c75374)

0.43.3 (2021-11-01)

Bug Fixes

• release-please version pin (#345) (14ac3b6)

0.42.0 2021-07-20

• 8e3894ed aws-single-page-static-site remove region from provider

0.41.0 2021-07-08

• ae62854c [fix] Various fixes for TF AWS 3.0 compatibility (#324)
• 9991541d [feature] Add 'snapshot_identifier' to all aws-aurora modules (#323)

0.40.0 2021-07-07

• 118ad1c4 [feature] Terraform AWS Provider 3.0 compatibility (#322)
• d49054c9 [feature] aws-acm-certificate module compatible with TF AWS Provider >3.0 (#321)

0.39.0 2021-06-25

• 5b963f73 Update CODEOWNERS
• b71a885f remove vestiges of interpolation syntax that was deprecated in TF v0.12+ (#316)
• 408e99d5 Bump github.com/aws/aws-sdk-go from 1.37.25 to 1.38.64 (#315)
• f1550ece Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 (#310)
• 12793de6 [breaking] aws-aurora-postgres: Disable auto minor version upgrade by default. (#311)
• 98fca6f2 Fix running aws cli on GH Actions/Azure, get modules dynamically (#309)
• e68091be Auto merge main branch on update for branches with auto-merge enabled (#306)
• 14ec2cc7 Update docs to use Terraform docs v0.12.1 (#308)
• b8bacdb7 [feature] aws-s3-private-bucket add canned acl variable (#307)
• be13877f fix[version]: updating min versions for lambda and cx role (#305)
• c0c5731e Initial updates for supporting s3 bucket logging targets. (#302)
• 83e12bc7 [feature]: lambda vpc_config and memory_size (#301)
• 9df43950 [feature] Allow specifying aws-iam-role max_session_duration (#299)
• 06c61e51 Bump github.com/aws/aws-sdk-go from 1.37.16 to 1.37.25 (#294)
• fa775364 Bump github.com/gruntwork-io/terratest from 0.32.7 to 0.32.8 (#293)
• 63a0a896 Bump github.com/sirupsen/logrus from 1.7.0 to 1.8.0 (#287)
• 7d3323d1 Bump github.com/aws/aws-sdk-go from 1.36.3 to 1.37.16 (#292)
• f58ea191 Bump github.com/aws/aws-sdk-go from 1.36.3 to 1.37.15 (#288)
• 9479aa8a Create Dependabot config file (#291)
• cd1e33c1 Bump github.com/gruntwork-io/terratest from 0.31.1 to 0.32.7 (#290)
• 234300b7 Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#289)
• 55c16ef9 add go mods auto-tidy workflow
• 298ee9dc [feature] Add CIDR blocks based security group to Redis (#286)
• 488c4ea9 [fix] s3-private-bucket more lenient aws provider version (#285)
• e4738500 [refactor] rm unneeded vars (#281)
• 9be9388a [fix] aws-single-page-static site to work outside us-east-1 (#280)
• ecdcc6f9 enable clouldwatch log exports for aurora postgresql (#279)
• 62f0981e [feature]Snowflake: ALL modules output privileges granted (#277)

0.38.0 2021-01-12

• ae34a726 [feature] aws-s3-public-bucket require https, allow disabling versioning (#278)
• 1b53806c [feature] Add aws-redis-replication-group (#267)
• 68ab717a fix: Snowflake Provider version less strict

0.35.0 2020-07-08

• d87b0071 Enable logging with private s3 bucket (#210)
• 90a9ec4e [feature] support auto_minor_version_upgrade (#209)
• fe0d0304 [feature] Allow overwriting the IAM Role max session duration (#208)
• 1fe821e1 [fix] [testing] make TDD more productive (#206)
• 9c9ef09f nuke more resources (#207)

0.33.1 2020-05-21

• 9d289b25 [fix] Use index when referring to a dependency with a count

0.33.0 2020-05-21

• 8b5df1fb [feature] Optionally disable poweruser role iam actions (#194)
• d411f6fa [feature] Readonly role OIDC federation enabled + kms decrypt optional (#195)

0.32.0 2020-05-20

• bd7a4398 [feature] AWS Poweruser role allows OIDC sts:AssumeRoleWithWebIdentity (#192)
• 28c40d01 Update README.md
• cfe9771b Adding a generic .editorconfig. https://editorconfig.org/ (#191)

0.31.1 2020-05-01

• e2c9d0b5 Include TagSession privilege for assumed roles. (#189)

0.30.0 2020-03-31

• 50ef023c [feature] aws-iam-role-*: Allow multiple accounts to assume role, deprecate source_account_id (#185)
• 4fcd6f92 upgraded to go 1.14 (#184)
• b31cd721 [breaking] [feature] aws-iam-instance-profile reuse existing role and remove SSM support (#183)
• 8d7f1ff8 Update docstrings (#182)

0.29.0 2020-03-17

• 72fe3a70 [feature] Allow the aws-iam-role-crossacct for OIDC federation (#179)
• 968da0b0 retry downloading dependencies (#178)
• b770f3df add git push to release

0.25.0 2019-12-10

• e6b42dd1 Updating VERSION file to 0.24.0
• 39aa6fac enforcing SSL for every action (#157)
• 190c3c29 [feature] lifecycle policy for s3 buckets (#156)

0.24.0 2019-11-27

• c59aa0e3 [feature] Adds support for SAML trust relationship to existing roles (#154)
• 8bc7c988 Adding a generic .editorconfig. https://editorconfig.org/ (#152)
• e1df3558 add db param groups to list of things that can be nuked (#153)
• 39f66dcc Add slow_start parameter to ecs-service-with-alb (#151)
• 7fcf7337 speed up build by paritioning (#150)

0.23.0 2019-10-17

• cf652857 [breaking] Fix aws-redis-node security groups (#149)
• 13056bad Allow restricting aws-aurora ingress by security groups (#148)
• 20df8cf1 upgraded to go 1.13.1 (#147)

0.22.2 2019-10-10

• 61d294b5 Add UpdateRoleDescription perms to aws-iam-role-poweruser (#145)
• 4dee504e [bugfix] Fix secretsmanager execution role IAM policy in aws-ecs-job (#144)
• 3f3b0f55 Make aws-redis-node match internal lib, upgrade default (#146)

0.22.1 2019-10-09

• 133cb5c3 [bugfix] fix permissions on aws-ecs-service secrets (#143)

0.22.0 2019-10-08

• 093abc49 aws-ecs Add support for ordered_placement_strategy (#139)
• d832ad1f Add tags to IAM roles (#142)
• 499fed7b [fix] aws-ecs support not applying tags to services (#140)
• 49209981 Output ALB listener ARNs from aws-ecs-service (#141)
• f4e551ed aws-acm-cert Add workaround for TF bug (#138)

0.21.3 2019-10-02

• 29f3f4cb aws-ecs-service fix service discovery arn (#137)
• cf3d830a Add Name tags to cloudwatch logs (#136)

0.21.2 2019-09-27

• da0ca125 upgraded to go 1.13 (#135)
• b2809c4d [bugfix] aws-ecs-service fix type of cidr_blocks (#134)

0.21.1 2019-09-26

• 57354a7f Fix aws-ecs-* task execution role permissions (#133)

0.21.0 2019-09-25

• 6918848f [feature] Add ECS modules to cztack (#132)

0.20.0 2019-09-23

• 9bcd84c7 [breaking] Modified infraci role to accept a list of dyanmodb table arns (#130)

0.19.5 2019-09-23

• 04f67e0f Adding terraform statefile policy to infraci role (#126)

0.19.4 2019-09-18

• fbfaf513 Add internal features to aws-single-page-static-site (#125)

0.19.3 2019-09-17

• 2faeae6c aws-s3-private-bucket set ignore_public_acls and restrict_public_buckets (#124)

0.19.2 2019-09-16

• 6923e1b6 Support disabling versioning in private buckets (#122)
• 96ea06d9 Support multiple services in params reader policy (#121)
• 6765b83c Fix typo in aws-s3-private-bucket (#120)

0.19.1 2019-09-12

• af52ae6e Make Aurora engine version configurable (#118)
• ddf566a2 Add Aurora deletion protection variable (#116)
• 384ed745 Add cloudfront outputs for single-page-static-site (#115)

0.19.0 2019-08-20

• f827caa5 [fix] Added more information to the github webhooks collector Readme (#113)
• 22e21f1a [feature] Add GitHub Webhooks archiver and S3 private bucket modules (#112)

0.18.2 2019-08-13

• c3f8d58e Add aws-ssm-params and aws-ssm-params-writer (#111)
• 5c845fff set engine_version for aws-aurora-postgres (#110)

0.18.1 2019-08-08

• d7d8c044 added action for poweruser accountalias (#108)

0.18.0 2019-07-29

• 4f94667 Release 0.18.0
• 878f367 [breaking] Terraform 0.12 compatibility (breaks 0.11 compatibility) (#105)
• f6e470b Fixed Typo in Readme (#102)
• b9000b8 Add a .gitattributes to collapsed vendored code during github pull requests (#106)
• d0e53fc add force_detach_policies to aws_iam_role (#100)
• 982ff3b ACM certificate route53 overwrite (#99)

0.17.1 2019-05-15

• bdad602 adding in route53 Read Only Access (#96)
• a361c8d Create pull request template.md

0.17.0 2019-05-01

• 1fc4a19 New route53 poweruser (#94)
• 8fc7bf0 [breaking] Removing ability of power users to register domains via route53 (#92)

0.16.0 2019-04-22

• 9d5798e Update aws-params-writer to explicitly take a parameters count (#90)
• 57261e8 Add iam:ListServerCertificates permission to poweruser (#89)
• cbaa829 Fix a bug with missing param group connection to the Aurora resource (#88)

0.15.3 2019-01-30

• 00061db [Bugfix] Limit SSM s3 policies (#85)
• 418e527 [Bugfix] Changed policy for readonly to include secrets policy (#84)
• 60203ad Add iam:TagRole to poweruser (#83)

0.15.2 2018-12-05

• aws-iam-ec2-poweruser-role Add iam_path
• aws-iam-ecs-task-role Add iam_path
• aws-iam-instance-profile Add option to disable attach SSM policy
• aws-iam-role-infraci Add secrets manager read access to secrets tagged with allowCI=true
• aws-aurora-* Expose the reader endpoint*

0.15.1 2018-11-09

• Bugfix for aws_iam_policy_document in aws-iam-group-assume-role

0.15.0 2018-11-08

• [new] aws single page app static site
• [new] aws-iam-instance-profile
• [new] bless-ca
• [breaking] KMS key tags
• [breaking] aws-iam-ecs-task-role remove policy argument
• Poweruser delete/update policy permissions
• Convert raw JSON policy to aws_iam_policy_document

0.14.0 2018-09-04

• [breaking] Parameter store reader policy inline, region support
• Poweruser instance profile and policy permissions
• Testing for aws-redis-node and aurora

0.13.0 2018-08-21

• [breaking] cloudfront poweruser allow for multiple bucket prefixes
• [new] cloudwatch log group module
• [new] blessclient aws role

0.12.0 2018-08-15

• added a suite of tests via Terratest
• [new] module for ec2 poweruser role
• [new] modules for aws aurora
• better docs for our taggging approach
• [breaking] refactor of params/secrets modules
• [new] AWS ACM cert module

0.11.0 2018-07-30

Initial release of open source modules. Number is kept in-sync with internal repo.

Currently moved to this repo are all our IAM and secrets modules.