Releases: cloudposse/terraform-aws-alb
v2.2.1
🚀 Enhancements
feat: add load_balancing_anomaly_mitigation to TG @mschfh (#193)
## whatAdd load_balancing_anomaly_mitigation variable
references
v2.2.0
feat: default https_ssl_policy to ELBSecurityPolicy-TLS13-1-2-2021-06 @jestallin (#179)
## what- Updates default https_ssl_policy to ELBSecurityPolicy-TLS13-1-2-2021-06
why
- ELBSecurityPolicy-TLS13-1-2-2021-06 is the default AWS recommendation.
The ELBSecurityPolicy-TLS13-1-2-2021-06 policy is the default security policy for TLS listeners created using the AWS Management Console.
- We recommend the ELBSecurityPolicy-TLS13-1-2-2021-06 security policy, which includes TLS 1.3, and is backwards compatible with TLS 1.2.
references
v2.1.0
fix: listener default action variable object block [HOTFIX REQUIRED!] @oycyc (#190)
## whatRemoves the default object block and changes it to null
, making it consistent with the other default actions. The original mindset of having it was to default to HTTP_301 since it's a required attribute, but it doesn't matter because it is not optional()
in the Terraform.
why
As described by @mschfh
this adds a redirect by default, as the
default
for the variable is an object, notnull
.Plan:
~ default_action { ~ type = "forward" -> "redirect" # (2 unchanged attributes hidden) + redirect { + host = "#{host}" + path = "/#{path}" + port = "#{port}" + protocol = "#{protocol}" + query = "#{query}" + status_code = "HTTP_301" } }
Explicitly passing
listener_https_redirect = null
to the module does prevent this change, please update the default or adjust thefor_each
.
references
Comment referencing this issue
#187 (comment)
v2.0.0
feat: alb client keep alive @oycyc (#189)
## what- Adds the variable and argument for
client_keep_alive
. - This was just introduced pretty recently, in May 2024. hashicorp/terraform-provider-aws#36402
- Therefore updated the version as well, this requires a major bump from v4 to v5.46.0.
why
references
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb#client_keep_alive-1
v1.12.0
Add IPv6 ingress security group rules @mschfh (#186)
## what- Added IPv6 support for ingress security groups
- Added variable validation for
http_ingress_cidr_blocks
andhttps_ingress_cidr_blocks
- Added variable validation for
ip_address_type
- Updated the
http_ingress_cidr_blocks
andhttps_ingress_cidr_blocks
defaults values to include::/0
why
The current implementation only configures IPv4 security group rules, causing IPv6 traffic to be dropped by default for dualstack ALBs
references
AWS Load Balancer dual-stack mode: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#ip-address-type
AWS Security Group IPv6 support: https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-rule-syntax
TF aws_security_group_rule
resource: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule#ipv6_cidr_blocks
v1.11.2
feat: redirect default action for https listener @oycyc (#187)
## what-
Adds the ability for a HTTPS listener to have an default action of "redirect" in addition to the current two existing "fixed-response" and "target group".
-
Create a new variable to support this with default of null.
-
Ran
make readme
why
There are use cases when the default action to be redirect
that we want for an ALB listener if it doesn't match any rules to redirect. See image below for the action in AWS console.
This would be good to have in the module, otherwise when there is a case that this needs to be configured, this specific resource has to be stripped out.
🤖 Automatic Updates
Migrate new test account @osterman (#182)
## what - Update `.github/settings.yml` - Update `.github/chatops.yml` fileswhy
- Re-apply
.github/settings.yml
from org level to getterratest
environment - Migrate to new
test
account
References
- DEV-388 Automate clean up of test account in new organization
- DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
- DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @osterman (#181)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.yml
from org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#180)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.yml
from org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#177)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.yml
from org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write @osterman (#175)
## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PRwhy
- So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#173)
## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repowhy
- Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#172)
## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` actionwhy
- The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @osterman (#170)
## what - Update workflows (`.github/workflows/settings.yaml`)why
- Support new readme generation workflow.
- Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#167)
## what- Install latest GitHub Action Workflows
why
- Use shared workflows from
cldouposse/.github
repository - Simplify management of workflows from centralized hub of configuration
Add GitHub Settings @osterman (#161)
## what - Install a repository config (`.github/settings.yaml`)why
- Programmatically manage GitHub repo settings
Update README.md and docs @cloudpossebot (#158)
## what This is an auto-generated PR that updates the README.md and docswhy
To have most recent changes of README.md and doc from origin templates
Update Scaffolding @osterman (#159)
## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergifywhy
- Upstream template changed in the
.github
repo - Work better with repository rulesets
- Modernize look & feel
chore(deps): update terraform cloudposse/vpc/aws to v2.2.0 @renovate (#156)
This PR contains the following updates:Package | Type | Update | Change |
---|---|---|---|
cloudposse/vpc/aws (source) | module | minor | 2.1.1 -> 2.2.0 |
Release Notes
v1.11.1
v1.11.0
Allow the option to set ssl request only on the s3 bucket for access logs @joshuabalduff (#120)
what
Adds an optional input variable to force SSL on the s3 bucket for security compliance.
why
[PCI.S3.5] S3 buckets should require requests to use Secure Socket Layer
references
If #107 is going to get merged, then I guess this pr serves no purpose :)
v1.10.0
chore(deps): update terraform cloudposse/lb-s3-bucket/aws to v0.19.0 (main) @renovate (#145)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/lb-s3-bucket/aws (source) | module | minor | 0.18.0 -> 0.19.0 |
Release Notes
cloudposse/terraform-aws-lb-s3-bucket (cloudposse/lb-s3-bucket/aws)
v0.19.0
🤖 Automatic Updates
chore(deps): update terraform cloudposse/s3-log-storage/aws to v1.4.2 (main) @renovate (#69)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/s3-log-storage/aws (source) | module | patch | 1.4.0 -> 1.4.2 |
Release Notes
cloudposse/terraform-aws-s3-log-storage (cloudposse/s3-log-storage/aws)
v1.4.2
🚀 Enhancements
Add `grants` input @​Nuru (#​93)
what
- Add
grants
input
why
- Some AWS services, such at Cloudfront, require specific grants for log delivery
references
v1.4.1
Sync .github @​max-lobur (#​89)
Rebuild '.github' dir from the template
🚀 Enhancements
Update Terraform cloudposse/s3-bucket/aws to v3.1.2 (main) @​renovate (#​91)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/s3-bucket/aws (source) | module | patch | 3.1.1 -> 3.1.2 |
Release Notes
cloudposse/terraform-aws-s3-bucket
v3.1.2
: Fix Public Bucket Creation
What's Changed
- Remove reference to TF_DATA_DIR retained by mistake in #40 by @Nuru in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/181
- Sync .github by @max-lobur in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/183
- Fix linters / Retest on AWS provider V5 by @max-lobur in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/188
- Fix Public Bucket Creation by @rankin-tr in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/194
New Contributors
- @rankin-tr made their first contribution in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/194
Full Changelog: cloudposse/terraform-aws-s3-bucket@3.1.1...3.1.2
🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v3.1.2 (main) @​renovate (#​91)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/s3-bucket/aws (source) | module | patch | 3.1.1 -> 3.1.2 |
Release Notes
cloudposse/terraform-aws-s3-bucket
v3.1.2
: Fix Public Bucket Creation
What's Changed
- Remove reference to TF_DATA_DIR retained by mistake in #40 by @Nuru in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/181
- Sync .github by @max-lobur in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/183
- Fix linters / Retest on AWS provider V5 by @max-lobur in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/188
- Fix Public Bucket Creation by @rankin-tr in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/194
New Contributors
- @rankin-tr made their first contribution in https://github.com/cloudposse/terraform-aws-s3-bucket/pull/194
Full Changelog: cloudposse/terraform-aws-s3-bucket@3.1.1...3.1.2