Skip to content

Releases: cloudposse/terraform-aws-alb

v2.2.1

05 Dec 00:21
08358de
Compare
Choose a tag to compare

🚀 Enhancements

feat: add load_balancing_anomaly_mitigation to TG @mschfh (#193) ## what

Add load_balancing_anomaly_mitigation variable

references

lb_target_group

v2.2.0

01 Dec 07:06
Compare
Choose a tag to compare
feat: default https_ssl_policy to ELBSecurityPolicy-TLS13-1-2-2021-06 @jestallin (#179) ## what
  • Updates default https_ssl_policy to ELBSecurityPolicy-TLS13-1-2-2021-06

why

  • ELBSecurityPolicy-TLS13-1-2-2021-06 is the default AWS recommendation.

The ELBSecurityPolicy-TLS13-1-2-2021-06 policy is the default security policy for TLS listeners created using the AWS Management Console.
- We recommend the ELBSecurityPolicy-TLS13-1-2-2021-06 security policy, which includes TLS 1.3, and is backwards compatible with TLS 1.2.

references

v2.1.0

13 Nov 00:34
ef2c73b
Compare
Choose a tag to compare
fix: listener default action variable object block [HOTFIX REQUIRED!] @oycyc (#190) ## what

Removes the default object block and changes it to null, making it consistent with the other default actions. The original mindset of having it was to default to HTTP_301 since it's a required attribute, but it doesn't matter because it is not optional() in the Terraform.

why

As described by @mschfh

this adds a redirect by default, as the default for the variable is an object, not null.

https://github.com/cloudposse/terraform-aws-alb/blob/cb8fa6558c4f8a49fa3aebf33505397c1ac74ad6/main.tf#L231-L232

https://github.com/cloudposse/terraform-aws-alb/blob/cb8fa6558c4f8a49fa3aebf33505397c1ac74ad6/variables.tf#L292-L311

Plan:

      ~ default_action {
          ~ type             = "forward" -> "redirect"
            # (2 unchanged attributes hidden)

          + redirect {
              + host        = "#{host}"
              + path        = "/#{path}"
              + port        = "#{port}"
              + protocol    = "#{protocol}"
              + query       = "#{query}"
              + status_code = "HTTP_301"
            }
        }

Explicitly passing listener_https_redirect = null to the module does prevent this change, please update the default or adjust the for_each.

image

references

Comment referencing this issue
#187 (comment)

v2.0.0

08 Nov 18:18
cb8fa65
Compare
Choose a tag to compare
feat: alb client keep alive @oycyc (#189) ## what
  • Adds the variable and argument for client_keep_alive.
  • This was just introduced pretty recently, in May 2024. hashicorp/terraform-provider-aws#36402
    • Therefore updated the version as well, this requires a major bump from v4 to v5.46.0.

why

image

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb#client_keep_alive-1

v1.12.0

07 Nov 20:01
95e6dc2
Compare
Choose a tag to compare
Add IPv6 ingress security group rules @mschfh (#186) ## what
  • Added IPv6 support for ingress security groups
  • Added variable validation for http_ingress_cidr_blocks and https_ingress_cidr_blocks
  • Added variable validation for ip_address_type
  • Updated the http_ingress_cidr_blocks and https_ingress_cidr_blocks defaults values to include ::/0

why

The current implementation only configures IPv4 security group rules, causing IPv6 traffic to be dropped by default for dualstack ALBs

references

AWS Load Balancer dual-stack mode: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#ip-address-type
AWS Security Group IPv6 support: https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-rule-syntax
TF aws_security_group_rule resource: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule#ipv6_cidr_blocks

v1.11.2

07 Nov 16:43
Compare
Choose a tag to compare
feat: redirect default action for https listener @oycyc (#187) ## what
  • Adds the ability for a HTTPS listener to have an default action of "redirect" in addition to the current two existing "fixed-response" and "target group".

  • Create a new variable to support this with default of null.

  • Ran make readme

why

There are use cases when the default action to be redirect that we want for an ALB listener if it doesn't match any rules to redirect. See image below for the action in AWS console.

This would be good to have in the module, otherwise when there is a case that this needs to be configured, this specific resource has to be stripped out.

image
image

Templates update @max-lobur (#152) ## what

Templates update

why

Maintenance

🤖 Automatic Updates

Migrate new test account @osterman (#182) ## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

  • Re-apply .github/settings.yml from org level to get terratest environment
  • Migrate to new test account

References

  • DEV-388 Automate clean up of test account in new organization
  • DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
  • DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @osterman (#181) ## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings

references

  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#180) ## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings

references

  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#177) ## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings

references

  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write @osterman (#175) ## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

  • So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#173) ## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

  • Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#172) ## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

  • The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @osterman (#170) ## what - Update workflows (`.github/workflows/settings.yaml`)

why

  • Support new readme generation workflow.
  • Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#167) ## what
  • Install latest GitHub Action Workflows

why

  • Use shared workflows from cldouposse/.github repository
  • Simplify management of workflows from centralized hub of configuration
Add GitHub Settings @osterman (#161) ## what - Install a repository config (`.github/settings.yaml`)

why

  • Programmatically manage GitHub repo settings
Update README.md and docs @cloudpossebot (#158) ## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @osterman (#159) ## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergify

why

  • Upstream template changed in the .github repo
  • Work better with repository rulesets
  • Modernize look & feel
chore(deps): update terraform cloudposse/vpc/aws to v2.2.0 @renovate (#156) This PR contains the following updates:
Package Type Update Change
cloudposse/vpc/aws (source) module minor 2.1.1 -> 2.2.0

Release Notes

cloudposse/terraform-aws-vpc (cloudposse/vpc/aws)

v2.2.0

Compare Source


v1.11.1

12 Dec 17:54
16345e1
Compare
Choose a tag to compare

🐛 Bug Fixes

rm lockfile @kevcube (#151)

what

  • lockfile was accidentally merged in #120

why

  • we don't ship module with lockfiles

references

v1.11.0

11 Dec 15:01
94699da
Compare
Choose a tag to compare
Allow the option to set ssl request only on the s3 bucket for access logs @joshuabalduff (#120)

what

Adds an optional input variable to force SSL on the s3 bucket for security compliance.

why

[PCI.S3.5] S3 buckets should require requests to use Secure Socket Layer

references

If #107 is going to get merged, then I guess this pr serves no purpose :)

AWS Config

v1.10.0

26 Jun 19:58
fb4ec8e
Compare
Choose a tag to compare
chore(deps): update terraform cloudposse/lb-s3-bucket/aws to v0.19.0 (main) @renovate (#145)

This PR contains the following updates:

Package Type Update Change
cloudposse/lb-s3-bucket/aws (source) module minor 0.18.0 -> 0.19.0

Release Notes

cloudposse/terraform-aws-lb-s3-bucket (cloudposse/lb-s3-bucket/aws)

v0.19.0

Compare Source

🤖 Automatic Updates

chore(deps): update terraform cloudposse/s3-log-storage/aws to v1.4.2 (main) @​renovate (#​69)

This PR contains the following updates:

Package Type Update Change
cloudposse/s3-log-storage/aws (source) module patch 1.4.0 -> 1.4.2

Release Notes
cloudposse/terraform-aws-s3-log-storage (cloudposse/s3-log-storage/aws)
v1.4.2

Compare Source

🚀 Enhancements
Add `grants` input @​&#​8203;Nuru (#&#​8203;93)
what
  • Add grants input
why
  • Some AWS services, such at Cloudfront, require specific grants for log delivery
references
v1.4.1

Compare Source

Sync .github @​&#​8203;max-lobur (#&#​8203;89)

Rebuild '.github' dir from the template

🚀 Enhancements
Update Terraform cloudposse/s3-bucket/aws to v3.1.2 (main) @​&#​8203;renovate (#&#​8203;91)

This PR contains the following updates:

Package Type Update Change
cloudposse/s3-bucket/aws (source) module patch 3.1.1 -> 3.1.2

Release Notes
cloudposse/terraform-aws-s3-bucket
v3.1.2: Fix Public Bucket Creation

Compare Source

What's Changed
New Contributors

Full Changelog: cloudposse/terraform-aws-s3-bucket@3.1.1...3.1.2


🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v3.1.2 (main) @​&#​8203;renovate (#&#​8203;91)

This PR contains the following updates:

Package Type Update Change
cloudposse/s3-bucket/aws (source) module patch 3.1.1 -> 3.1.2

Release Notes
cloudposse/terraform-aws-s3-bucket
v3.1.2: Fix Public Bucket Creation

Compare Source

What's Changed
New Contributors

Full Changelog: cloudposse/terraform-aws-s3-bucket@3.1.1...3.1.2




v1.9.0

07 Jun 16:03
e0846c2
Compare
Choose a tag to compare
add xff_header_processing_mode option to alb @tbpoetke (#143)

what

add xff_header_processing_mode option to alb

why

option is missing