v0.52.0

Fix: add depends_on instance profile for EB env @QuentinBtd (#267)

what

Add depends_on in elastic_beanstalk_environment

why

If instance profile is created after the environment, the creation of this last will failed.

references

I just encountered the problem;

The instance profile my-env-eb-ec2 associated with the environment does not exist.

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#266)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#265)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

v0.51.3

🚀 Enhancements

Bump elb_logs module version to fix #259 @benjamin-hg (#264)

Include fix for cloudposse/terraform-aws-lb-s3-bucket#81

what

Bumped elb_logs module version from 0.19.0. to 0.20.0

why

To include a bugfix in order to fix #259.

The actual fix is in this commit: cloudposse/terraform-aws-lb-s3-bucket@a642b87#diff-dc46acf24afd63ef8c556b77c126ccc6e578bc87e3aa09a931f33d9bf2532fbb

references

• relates to cloudposse/terraform-aws-lb-s3-bucket#81
• closes #259

🤖 Automatic Updates

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#263)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#261)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#258)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#256)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Add GitHub Settings @osterman (#255)

what

• Install a .github/settings.yaml

why

• Programmatically manage GitHub repo settings

Update README.md and docs @cloudpossebot (#253)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @osterman (#254)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

Update README.md and docs @cloudpossebot (#249)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.51.2

🚀 Enhancements

Bugfix issue with ALB bucket output name and name in general @gugaiz (#247)

what

This fixes the issue with the output of the ALB bucket name, it also incorporates the option to manually set the bucket name to make it backward compatible with the previous deployment (what already has the bucket name assigned)

why

Because it is a bug that is on production code as commented on here

v0.51.1

🚀 Enhancements

Fix/security groups update @samcrudge (#244)

what

Suggested changed by @goruha.

Default to empty string if aws_security_group.id is null. Empty string will then get filtered out by compact().

why

Null value caused sort() function to crash, making it impossible to set create_security_group to false

Implementing changes suggested in #229 by @goruha.

references

Fixed sort function crashing when create_security_group=false #229
Option create_security_group can't be false currently #216

v0.51.0

what

• Introduces using cloudposse s3-bucket module for creating ALB logging bucket
• Introducing new variable which defines if s3 logs for ALB is enabled or disabled (default is still true)
• Adding random suffix to the name of logging bucket (since names of S3 must be globally unique - very often name provided in module is in collision with some already existed)
• If created, S3 bucket for storing ALB access logs is encrypted by default
• Updated examples (modules vpc, subnet and alb were in old versions)

why

• This module not usable anymore due to deprecation message by terraform about s3 bucket (see #227 )
• Users of this module don't always need access logs from Load Balancer n S3 bucket
• Existing examples were unusable due to old versions of modules in them.

v0.50.0

Groundwork new workflows @max-lobur (#232)

Fix lint/format before workflows rollout

v0.49.0

[#98] Add a flag to redirect HTTP traffic to HTTPS @sestrella (#218)

what

• Add a flag to redirect HTTP traffic to HTTPS
• The hostname included in the redirection can be customized

why

• It is a common best practice to redirect HTTP traffic to HTTPS
• This workaround is necessary since Elastic Beanstalk HTTP listener rule can't be changed to a redirect action via the general options

references

• Kudos to @yashshanker who posted the simplified solution
• Closes #98

v0.48.0

Fixed ssm activation error #205 @dcotelo (#222)

what

• Added depends_on = [aws_elastic_beanstalk_environment.default] to aws_ssm_activation.ec2

why

• As stated in this comment on the issue #205 it does actually solve the problem.

references

• Closes #205

v0.47.2

🚀 Enhancements

Fixed potential self-escalation from iam:PassRole @comrumino (#215)

What I did

• Moved iam:PassRole from AllowOperations to a new statement named AllowPassRole and limited the resources/roles that can be passed to aws_iam_role.ec2 and aws_iam_role.service

Why I did it

• The current default policy document is overly permissive and was reported by our security tooling as a having the potential for privilege escalation. Without restricting which roles can be passed, a role with elevated privileges could be passed.
• Splitting actions into smaller statements make overriding resources or specific statements less unwieldy.

v0.47.1

🚀 Enhancements

Replaced deprecated arguments policy documents @comrumino (#214)

My what, why, and references copied/pasted from commit messages — I'm glad they satisfy the PR template :)

• Replaced deprecated usage of override_json with override_policy_document. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#override_json
• Changed default value of extended_ec2_policy_document to ensure behavior is covered by unit tests in provider. See https://github.com/hashicorp/terraform-provider-aws/blob/1a133f077a7f0660d28f8bb905f89946c695ceb1/internal/service/iam/policy_document_data_source_test.go#L1513