Releases: cloudposse/terraform-aws-elastic-beanstalk-environment
0.3.4
Fix Security Group ingress rules
what
- Removed the ingress rule from EC2 Security Group
ingress {
from_port = 0
to_port = 0
protocol = -1
cidr_blocks = ["0.0.0.0/0"]
}why
- Bad security practice
- Too broad access from any IP address by default
- Access should be controlled by provided Security Groups instead of IP ranges
- Was overriding the next ingress rule for the same Security Group
ingress {
from_port = 0
to_port = 0
protocol = -1
security_groups = ["${var.security_groups}"]
}0.3.3
0.3.2
Add variable for environment tier
0.3.1 Add variable for environment tier (#22)
0.3.0: Added timeout variable (#20)
What
- Added configurable timeout
Why
- For huge and complex envs 20 minutes to became ready is not enough
Allow elb proxy ssh
Add SSH Forwarding (#16) * Added ssh listener * Fix type cast * Fix type cast * Fix type cast * Fix type cast * Fix type cast * Added option to manage ssh port
Add `ec2_instance_profile_role_name` to outputs
what
- Added
ec2_instance_profile_role_nameto outputs
why
- To be able to attach additional
aws_iam_role_policy_attachment's to the instance profile role from other modules
0.2.7: Add notifications (#13)
* Adde notifications * Added support of different notificaton targets
Add `AmazonEC2ContainerRegistryReadOnly` policy to provide read-only access to `ECR` repositories
What
- Add
AmazonEC2ContainerRegistryReadOnlymanaged policy toEB
Why
-
To provide read-only access to all Amazon ECR repositories in the account
-
When
CodePipelinebuilds and pushesDockerimages toECRand then deploys the fileDockerrun.aws.jsontoEBwith theECRrepo URL specified,EBneeds permissions to pull theDockerimage from the ECR repo to deploy it toEC2instances
References
Change custom ENV vars key/value calculation
What
- Changed the way the custom ENV vars are calculated in
aws:elasticbeanstalk:application:environmentsetting
Why
- Using
null_resourceto generate key/value pairs for ENV vars like this:
resource "null_resource" "env_vars" {
count = 50
triggers {
key = "${count.index < length(var.env_vars) ?
element(concat(keys(var.env_vars),list("")), count.index) :
format(var.env_default_key, count.index+1)
}"
value = "${count.index < length(var.env_vars) ?
lookup(var.env_vars, element(concat(keys(var.env_vars),list("")), count.index), var.env_default_value) :
var.env_default_value
}"
}
}
setting {
namespace = "aws:elasticbeanstalk:application:environment"
name = "${null_resource.env_vars.0.triggers.key}"
value = "${null_resource.env_vars.0.triggers.value}"
}
setting {
namespace = "aws:elasticbeanstalk:application:environment"
name = "${null_resource.env_vars.1.triggers.key}"
value = "${null_resource.env_vars.1.triggers.value}"
}
DOES NOT work when it's used from top-level modules AND when there is a dependency between modules AND terraform apply or terraform plan runs for the first time (meaning no AWS resources have been created yet), e.g.
module "elastic_beanstalk_environment" {
source = "git::https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment.git?ref=tags/0.2.4"
env_vars = "${
merge(
map(
"EFS_HOST", "${module.efs.dns_name}"
), var.env_vars
)
}"
}
module "efs" {
source = "git::https://github.com/cloudposse/terraform-aws-efs.git?ref=tags/0.3.1"
namespace = "${var.namespace}"
name = "${var.name}"
stage = "${var.stage}"
security_groups = ["${module.elastic_beanstalk_environment.security_group_id}"]
}
Terraform throws the error:
the key for
null_resource.env_vars.0.triggers.keycould not be found
Looks like Terraform can't resolve the module inter-dependencies when using null_resource.
The proposed way of generating key/value pairs for ENV vars works in all cases.