Releases: cloudposse/terraform-aws-efs
Releases · cloudposse/terraform-aws-efs
v0.32.3
🚀 Enhancements
Fix bug with root directory cration permissions (#100) @dkossako (#101)
what
- Fix bug with root directory cration permissions (#100)
- lookup() function has been removed with this commit, it will be working also without it because of used try() function
why
- Tere was changed behavior of lookup() function in terraform. Right now it takes three instead of two parameters.
references
Contributors
dkossako
Assets 2
v0.32.2
🚀 Enhancements
Fix: No transition* vars results in an empty lifecycle @nitrocode (#98)
what
- No lifecycle
why
- If no transition* var is set, it will throw an error because it results in an empty
lifecycle {}
references
- Previous PR #94
🐛 Bug Fixes
Fix: No transition* vars results in an empty lifecycle @nitrocode (#98)
what
- No lifecycle
why
- If no transition* var is set, it will throw an error because it results in an empty
lifecycle {}
references
- Previous PR #94
Contributors
nitrocode
Assets 2
v0.32.1
🚀 Enhancements
Bump provider greater than 3.59 @nitrocode (#97)
what
- Bump provider greater than 3.59
why
- Prevent users from using an older provider
references
- Closes #96
- https://github.com/hashicorp/terraform-provider-aws/releases/tag/v3.59.0
- Another module with a specific aws provider pin https://github.com/cloudposse/terraform-aws-eks-node-group/blob/34b800dc98a245fbc0b0921b16bb3093a1d6fca1/versions.tf#L9
Contributors
nitrocode
Assets 2
v0.32.0
🚀 Enhancements
Feat: Use Security Group 4.x Module @nitrocode (#94)
what
- Use standardized Cloud Posse Security Group convention
- Bump cloudposse/terraform-aws-route53-cluster-hostname module
- Bump example/complete vpc and subnet modules
- Remove unnecessary provider pins
- Bump aws provider to 3.x
- Run
make github/init
why
- update GHA-related files to their latest distribution from
build-harness - new Security Group standards
- Unblock new PRs from entering this repo
references
- Full changes since 0.30.1
- https://github.com/cloudposse/terraform-aws-security-group
- cloudposse/terraform-aws-msk-apache-kafka-cluster#44
- cloudposse/terraform-aws-vpc#100
- https://github.com/cloudposse/terraform-aws-route53-cluster-hostname
- supersedes and closes #95 which closes #93
- supersedes and closes #91
- supersedes and closes #90
- supersedes and closes #89
- supersedes and closes #88
- supersedes and closes #86
- supersedes and closes #85
commands
Verified enabled=false
⨠ terraform plan -var-file=fixtures.us-east-2.tfvars -var="enabled=false"
Changes to Outputs:
+ efs_mount_target_dns_names = [
+ "",
]
+ efs_mount_target_ids = [
+ "",
]
+ efs_mount_target_ips = [
+ "",
]
+ efs_network_interface_ids = [
+ "",
]
+ private_subnet_cidrs = []
+ public_subnet_cidrs = []
Backwards compatibility with 0.30.1 and earlier using security_group_name override
This is to avoid recreation of the efs file system due to the name change
⨠ terraform plan -var-file=fixtures.us-east-2.tfvars -var=security_group_name=snip -var=security_group_change_before_destroy=false
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.efs.aws_efs_file_system.default[0] will be created
+ resource "aws_efs_file_system" "default" {
+ arn = (known after apply)
+ availability_zone_id = (known after apply)
+ availability_zone_name = (known after apply)
+ creation_token = (known after apply)
+ dns_name = (known after apply)
+ encrypted = true
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ number_of_mount_targets = (known after apply)
+ owner_id = (known after apply)
+ performance_mode = "generalPurpose"
+ provisioned_throughput_in_mibps = 0
+ size_in_bytes = (known after apply)
+ tags = {
+ "Name" = "eg-test-efs-test"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-efs-test"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ throughput_mode = "bursting"
}
# module.efs.module.security_group.aws_security_group.default[0] will be created
+ resource "aws_security_group" "default" {
+ arn = (known after apply)
+ description = "MSK broker access"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "eg-test-efs-test-efs"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Attributes" = "efs"
+ "Name" = "eg-test-efs-test-efs"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "efs"
+ "Name" = "eg-test-efs-test-efs"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ vpc_id = (known after apply)
+ timeouts {
+ create = "10m"
+ delete = "15m"
}
}
...
Plan: 24 to add, 0 to change, 0 to destroy.
Changes to Outputs:
...
+ security_group_name = "eg-test-efs-test-efs"
Deployed 0.30.1, performed `state mv`s, and then ran a plan to ensure nothing would break
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
~ update in-place
+/- create replacement and then destroy
Terraform will perform the following actions:
# module.efs.aws_efs_backup_policy.policy[0] will be created
+ resource "aws_efs_backup_policy" "policy" {
+ file_system_id = "fs-snip"
+ id = (known after apply)
+ backup_policy {
+ status = "DISABLED"
}
}
# module.efs.aws_efs_file_system.default[0] will be updated in-place
~ resource "aws_efs_file_system" "default" {
id = "fs-snip"
tags = {
"Environment" = "snip"
"Name" = "snip-snip-snip-snip-efs"
"Namespace" = "snip"
"Stage" = "snip"
"Tenant" = "snip"
}
# (12 unchanged attributes hidden)
+ lifecycle_policy {}
}
# module.efs.aws_efs_mount_target.default[0] will be updated in-place
~ resource "aws_efs_mount_target" "default" {
id = "fsmt-snip"
~ security_groups = [
+ "sg-snip",
# (1 unchanged element hidden)
]
# (10 unchanged attributes hidden)
}
# module.efs.aws_efs_mount_target.default[1] will be updated in-place
~ resource "aws_efs_mount_target" "default" {
id = "fsmt-snip"
~ security_groups = [
+ "sg-snip",
# (1 unchanged element hidden)
]
# (10 unchanged attributes hidden)
}
# module.efs.aws_efs_mount_target.default[2] will be updated in-place
~ resource "aws_efs_mount_target" "default" {
id = "fsmt-snip"
~ security_groups = [
+ "sg-snip",
# (1 unchanged element hidden)
]
# (10 unchanged attributes hidden)
}
# module.efs.module.security_group.aws_security_group.default[0] will be updated in-place
~ resource "aws_security_group" "default" {
id = "sg-snip"
name = "snip-snip-snip-snip-efs-efs"
~ tags = {
~ "Name" = "snip-snip-snip-snip-efs" -> "snip-snip-snip-snip-efs-efs"
# (4 unchanged elements hidden)
}
~ tags_all = {
~ "Name" = "snip-snip-snip-snip-efs" -> "snip-snip-snip-snip-efs-efs"
# (4 unchanged elements hidden)
}
# (7 unchanged attributes hidden)
+ timeouts {
+ create = "10m"
+ delete = "15m"
}
}
# module.efs.module.security_group.aws_security_group_rule.keyed["_allow_all_egress_"] must be replaced
+/- resource "aws_security_group_rule" "keyed" {
+ description = "Allow all egress"
~ id = "sgrule-2361699180" -> (known after apply)
~ ipv6_cidr_blocks = [ # forces replacement
+ "::/0",
]
+ source_security_group_id = (known after apply)
# (8 unchanged attributes hidden)
}
# module.efs.module.security_group.aws_security_group_rule.keyed["_m[0]#[0]#sg#0"] will be updated in-place
~ resource "aws_security_group_rule" "keyed" {
~ description = "Allow inbound traffic from existing security groups" -> "Allow ingress EFS traffic"
id = "sgrule-snip"
# (10 unchanged attributes hidden)
}
Plan: 2 to add, 6 to change, 1 to destroy.Contributors
nitrocode
Assets 2
v0.31.1
🤖 Automatic Updates
Update context.tf @cloudpossebot (#87)
what
This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label
why
To support all the features of the context interface.
Contributors
cloudpossebot
Assets 2
v0.31.0 Unstable Pre-Release
We are revising and standardizing our handling of security groups and security group rules across all our Terraform modules. This is an early attempt with significant breaking changes. We will make further breaking changes soon, so using this version is not recommended.
Breaking changes
If there is something not documented here, please let us know by filing a ticket.
-
Previous
var.security_groupsis removed in favor of the security group module'svar.security_group_ruleswhich can contain a singlesource_security_group_idper rule -
var.allowed_cidr_blocksis removed in favor of the security group module'svar.security_group_ruleswhich can contain acidr_blocks -
security group name no longer ends with
-efsand this will cause a recreation of the security group- Set
attributes = ["efs"]on this module and it should keep the original name
- Set
-
security group has moved
terraform state mv \ "module.efs.aws_security_group.efs[0]" \ "module.efs.module.security_group.aws_security_group.default[0]"
-
default
security_group_rulesdoes not allow ingress specifically for port2049but this can be added manually.Note: The list must have the same json keys per index
security_group_rules = [ { type = "egress" from_port = 0 to_port = 65535 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] source_security_group_id = null description = "Allow all outbound traffic" }, { type = "ingress" from_port = 2049 to_port = 2049 protocol = "tcp" cidr_blocks = [] source_security_group_id = local.security_group_id # provide existing security group or comment out this rule description = "Allow inbound traffic from existing security groups" }, { type = "ingress" from_port = 2049 to_port = 2049 protocol = "tcp" cidr_blocks = [] # provide cidr blocks or comment out this rule source_security_group_id = null description = "Allow inbound traffic from CIDR blocks" } ]
-
security group rules have been moved
Note: since the new security group rule names are generated upon a plan, the plan will need to be run first to generate the new names in order to move the rules. Replace
someguidwith the appropriate value.terraform state mv \ 'module.efs.aws_security_group_rule.egress[0]' \ 'module.efs.module.security_group.aws_security_group_rule.default["egress--1-0-65535-someguid"]' terraform state mv \ 'module.efs.aws_security_group_rule.ingress_security_groups[0]' \ 'module.efs.module.security_group.aws_security_group_rule.default["ingress-tcp-2049-2049-someguid"]' terraform state mv \ 'module.efs.aws_security_group_rule.ingress_cidr_blocks[0]' \ 'module.efs.module.security_group.aws_security_group_rule.default["ingress-tcp-2049-2049-someguid"]'
v0.30.1
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#80)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
v0.30.0
Update CODEOWNERS @maximmi (#77)
what
- update context.tf to v0.24.1
- minimum required Terraform version bumped to 0.13.0
- readme updated, Bridgecrew compliance badges added
why
- It allows for setting the letter case of tag names and labels, back compatibility with context v0.22.0 and below
- we have dropped support for Terraform 0.12
- To be able see and fix the recommendations from Bridgecrew so we can position our modules as standards compliant
v0.29.3
🤖 Automatic Updates
Update context.tf @cloudpossebot (#72)
what
This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label
why
To support all the features of the context interface.
v0.29.2
🤖 Automatic Updates
Update Terraform cloudposse/route53-cluster-hostname/aws to v0.12.0 @renovate (#78)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/route53-cluster-hostname/aws (source) | terraform | minor | 0.11.0 -> 0.12.0 |