Releases: cloudposse/terraform-aws-tfstate-backend
v1.5.0
v1.4.2
feature: Add ability to use KMS encryption @pazaan (#178)
what
- Add the ability to use KMS encryption through the addition of the
sse_encryptionandkms_master_key_idvariables.
why
- Some business have security policies that require the use of customer-managed keys.
- As per the statement in #105, the default behavior has been left the same as it currently is.
references
- closes #105
Contributors
Assets 2
v1.4.1
feature: Add support for deletion_protection_enabled attribute for DynamoDB @Hamza-Aziz (#156)
what
This PR add support for the attribute deletion_protection_enabled in the DynamoDB ressource
why
To address an issue #143
To present or force DynamoDB table deletion
references
To address an issue #143
https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-dynamodb-table-deletion-protection/
chore: points to correct issue in README link @Gowiem (#154)
what
- Fixes link in README that was pointing to wrong issue
why
- We don't want to lead people astray 👍
references
- This is a redo of #153 by @tripplilley. Fame, fortune, and internet points go to him 😄
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#155)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Update README.md and docs @cloudpossebot (#152)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Contributors
Assets 2
v1.4.0
fix: s3 backend deprecated role_arn field @basvandijk (#151)
what
The following step was returning an error:
terraform init -force-copy
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing modules...
Terraform encountered problems during initialisation, including problems
with the configuration, described below.
The Terraform configuration must be valid before initialization so that
Terraform can determine which modules and providers need to be installed.
╷
│ Error: Argument or block definition required
│
│ on backend.tf line 9, in terraform:
│ 9: assume_role.role_arn = ""
│
│ An argument or block definition is required here. To set an argument, use the equals sign "=" to introduce the argument value.
╵
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#150)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Contributors
Assets 2
v1.3.0
fix: Better TF formating when dynamodb_table is empty when creating backend template file @SMontiel (#149)
what
Improve TF formatting when a DynamoDB table is not specified.
why
As our CI pipeline checks formatting and we don't use a DynamoDB for locking, we keep committing changes made to the backend file which is handled by this module.
references
N/A
Contributors
Assets 2
v1.2.0
feat: add user_policy_document parameter @dod38fr (#142)
what
This parameter allows the user to specify policies that are applied to the S3 bucket with the policies defined by this module.
why
We want to add policies that forbid non admin users to access the bucket containing tfstates.
This commit allow us to specify a policy that implement these restriction without clobbering the policies put in place by this module.
Note that I have no problem to change the name of this new parameter if you want another.
references
Closes: #115
Contributors
Assets 2
v1.1.1
tfsec ignores added @davenicoll (#136)
what
- added tfsec ignores to false positives
why
- the terraform
aws_s3_bucketresource was updated some time ago to deprecate access policies, encryption and logging as arguments, instead preferring separate terraform resources. tfsec incorrectly highlights theaws_s3_bucketresource are CRITICALly vulnerable.
references
Sync github @max-lobur (#138)
Rebuild github dir from the template
🐛 Bug Fixes
Contributors
Assets 2
v0.40.1 S3 updates
🤖 Automatic Updates
Update Terraform cloudposse/s3-log-storage/aws to v1.3.1 (release/v0) @renovate (#134)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-log-storage/aws (source) | module | minor | 1.1.0 -> 1.3.1 |
Release Notes
cloudposse/terraform-aws-s3-log-storage
v1.3.1
🚀 Enhancements
Update Terraform cloudposse/s3-bucket/aws to v3.1.1 (master) @renovate (#88)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-bucket/aws (source) | module | patch | 3.1.0 -> 3.1.1 |
Release Notes
cloudposse/terraform-aws-s3-bucket
v3.1.1
🐛 Bug Fixes
Revert change to Transfer Acceleration from #​178 @​Nuru (#​180)
what
- Revert change to Transfer Acceleration from #178
why
- Transfer Acceleration is not available in every region, and the change in #178 (meant to detect and correct drift) does not work (throws API errors) in regions where Transfer Acceleration is not supported
🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v3.1.1 (master) @renovate (#88)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-bucket/aws (source) | module | patch | 3.1.0 -> 3.1.1 |
Release Notes
cloudposse/terraform-aws-s3-bucket
v3.1.1
🐛 Bug Fixes
Revert change to Transfer Acceleration from #​178 @​Nuru (#​180)
what
- Revert change to Transfer Acceleration from #178
why
- Transfer Acceleration is not available in every region, and the change in #178 (meant to detect and correct drift) does not work (throws API errors) in regions where Transfer Acceleration is not supported
v1.3.0
🚀 Enhancements
Enhance lifecycle object with optionals, limit length of bucket name @Nuru (#87)
what
- Limit length of auto-generated bucket name to match AWS-imposed limit
- Enhance
lifecycle_configuration_rulesto be fully defined with optional members
why
- Avoid situation where module fails because auto-generated bucket name is too long
- Make it easier to build a list of rules
references
v1.2.0: Support new AWS S3 defaults (ACL prohibited)
🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v3.1.0 @renovate (#85)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-bucket/aws (source) | module | minor | 3.0.0 -> 3.1.0 |
Release Notes
cloudposse/terraform-aws-s3-bucket
v3.1.0
Make compatible with new S3 defaults. Add user permissions boundary. @​Nuru (#​178)
what
- Make compatible with new S3 defaults by setting S3 Object Ownership before setting ACL and disabling ACL if Ownership is "BucketOwnerEnforced"
- Add optional permissions boundary input for IAM user created by this module
- Create
aws_s3_bucket_accelerate_configurationandaws_s3_bucket_versioningresources even when the feature is disabled, to enable drift detection
why
- S3 buckets with ACLs were failing to be provisioned because the ACL was set before the bucket ownership was changed
- Requested feature
- See #171
references
Always include `aws_s3_bucket_versioning` resource @​mviamari (#​172)
what
- Always create an
aws_s3_bucket_versioningresource to track changes made to bucket versioning configuration
why
- When there is no
aws_s3_bucket_versioning, the expectation is that the bucket versioning is disabled/suspend for the bucket. If bucket versioning is turned on outside of terraform (e.g. through the console), the change is not detected by terraform unless theaws_s3_bucket_versioningresource exists.
references
- Closes #171
Add support for permission boundaries on replication IAM role @​mchristopher (#​170)
what
- Adds support for assigning permission boundaries to the replication IAM role
why
- Our AWS environment enforces permission boundaries on all IAM roles to follow AWS best practices with security.
references
🤖 Automatic Updates
Update README.md and docs @​cloudpossebot (#​164)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Contributors
Assets 2
v0.40.0 Update dependencies
🚀 Enhancements
notes
- Terraform minimum version is now 1.1.0
- AWS provider minimum version is now 4.9.0
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-log-storage/aws (source) | module | major | 0.26.0 -> 1.1.0 |
Release Notes
cloudposse/terraform-aws-s3-log-storage
v1.1.0
Adding "object_lock_configuration" variable @ramses999 (#84)
what
Adding "object_lock_configuration" variable which is used in module "cloudposse/s3-bucket/aws"
why
Must be able to use the Object Lock option for S3 in this module
references
v1.0.0
Important Notes
- Terraform version 1.3.0 and Terraform AWS version 4.9.0 or later are required
- The new
bucket_key_enabledflag defaults tofalsefor backward compatibility. At one point we recommend setting it to true for significant savings on KMS usage, but since bucket keys are only reused within a user session, it is not clear if it provides any savings at all. See AWS docs for more information. - The new
lifecycle_configuration_rulesinput replaces the now deprecated individual inputs for individual settings of a single lifecycle rule. See the terraform-aws-s3-bucket documentation for details on how to specify lifecycles usinglifecycle_configuration_rules. This mechanism is much more flexible and closely follows the Terraformaws_s3_bucket_lifecycle_configurationresource. - The new
source_policy_documentsinput replaces the now deprecatedpolicyinput to match changes to theaws_iam_policy_documentresource - You can now select default values for (non-deprecated) inputs by setting them to
null - With Terraform 1.3 the manual interventions documented for upgrading to this module's versions 0.27.0 and 0.28.0 are no longer needed. You can safely upgrade from any earlier version to this one (although we always recommend leaving
force_destroyat its default value offalse, and if you have it set totruebut want extra safety against the S3 bucket being destroyed, set it tofalsebefore upgrading). - The
force_destroy_enabledflag introduced in v0.27.0 has been removed - In version 0.28.0, old lifecycle rule variables were deprecated and the new
lifecycle_configuration_rulesinput was introduced. In that version, you would continue to get the old default lifecycle rule even if you supplied new rules vialifecycle_configuration_rules. Now, the default behavior is to ignore all the deprecated lifecycle inputs when thelifecycle_configuration_rulesinput is not empty, unless you explicitly setlifecycle_rule_enabledto true.
Enhancements
Automate upgrade using `moved` blocks @Nuru (#81)
what
- Automate the upgrade process from v0.26.0 or earlier by using
movedblock functionality introduced in Terraform 1.3.0 - Add
nullable = falsefor module input variables which have a default value and where null is not a sensible/handled value for the variable.
why
- Safely upgrade without loss of data or manual intervention
- Allow users to select default values by setting inputs to
null, closes #63
v0.28.3: Not recommended, use v0.26.0 or v1.x instead
Update: This version no longer recommended
With the release of version 1.0.0 of this module, use of this version is no longer recommended. When you are able to use Terraform v1.3.0 or later and Terraform AWS provider v4.9.0 or later, upgrade directly to v1.0.0 or later of this module.
🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v3 @renovate (#78)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-bucket/aws (source) | module | major | 2.0.1 -> 3.0.0 |
v0.28.2: Action required if updating from prior to v0.28.0
Update: This version no longer recommended
With the release of version 1.0.0 of this module, use of this version is no longer recommended. When you are able to use Terraform v1.3.0 or later and Terraform AWS provider v4.9.0 or later, upgrade directly to v1.0.0 or later of this module.
v0.28.0 introduced breaking changes with high risk of permanent data loss. See release notes there. This is only a safe upgrade if upgrading from v0.28.0.
We will convert to semantic versioning (incrementing the major version number for breaking changes), but having missed the opportunity to do that for earlier versions of this module, we are waiting for the next major change, expected to be soon after Terraform v1.3 is released.
🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v2.0.1 @renovate (#76)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-bucket/aws (source) | module | patch | 2.0.0 -> 2.0.1 |
v0.28.1: accidental release, do not use
v0.28.0 introduced breaking changes with high risk of permanent data loss. See release notes there. This is only a safe upgrade if upgrading from v0.28.0.
We will convert to semantic versioning (incrementing the major version number for breaking changes), but having missed the opportunity to do that for earlier versions of this module, we are waiting for the next major change, expected to be soon after Terraform v1.3 is released.
git.io->cloudposse.tools update @dylanbannon (#73)
what and why
Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.
References
- DEV-143
🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v2 @renovate (#72)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/s3-bucket/aws (source) | module | major | 0.49.0 -> 2.0.3 |
v0.28.0: (Action Needed) Support AWS v4 provider
WARNING, DATA LOSS LIKELY if you do not follow upgrade instructions:
- Upgrade instructions: v0.27.0 to v0.28.0
- Upgrade instructions: versions prior to v0.27.0 to v0.27.0
🚀 Enhancements
Support AWS v4 provider @Nuru (#71)
what
- Migrate to AWS v4 Terraform provider
- Add features
- Allow full S3 storage lifecycle configuration
- Allow multiple bucket policy documents
- Allow specifying the bucket name directly, rather than requiring it to be generated by
null-label - Allow specifying S3 object ownership
- Allow enabling S3 bucket keys for encryption
- Deprecate variable by variable specification of a single storage lifecycle rule
- Add extra safety measure
force_destroy_enabled
why
- AWS v4 broke this module
- Feature parity
- Replaced with more power and more flexible input
- Reduce the chance that automated upgrades will cause data loss
references
- ...
v1.1.0
- No changes