Terraform 0.11
Terraform 0.12
Update aws_alb_listener_rule resources to use new condition syntax as this moved from warning to error.
# from..
condition {
field = "host-header"
values = ["my-hostname"]
}
# to..
condition {
host_header {
values = ["my-hostname"]
}
}Update typo in port_mappings for services/tasks/quartet
Introduce ecs/container_definition and ecs/task_definition modules. These will allow more granular control over container and task than is currently in /services/tasks.
Rewrite VPC module. Allows greater control of what is created by having submodules. Avoid need to specify all CIDRs and only supporting 2 subnets.
Remove basic cluster and added standard. Standard has no config for samba, elastic-search or private dockerhub and allows folders created to be specified by caller.
Delete logging + dns module as they only created a single resource.
Update services/tasks/ modules:
- Create "env-vars" module to replace "environment-variable", gradually phase out needing to specify environment-var length in calling modules.
- Update "ulimits" and "port-mappings" to no longer require length to be set.
- Allow "secret_environment_variables" to be specified for tasks. note - execution tasks are not configured in these modules so this needs extra work
Fix how secret keys are calculated for secret_reference
Remove last usages of legacy interpolation syntax
Add min_size and max_size to bastion module. This will allow setting to 0 to have a default 'off' bastion host.
Add /ecs/ec2_capacity_provider, /ecs/web_fargate and /ecs/web_ec2 modules.
Added /load-balancing/target module use from above /web_* modules.
Allow 'hostname' to be specified in bastion module.
Add links parameter to container_definition module
hostname and zone_id are optional for ecs/web_* modules.
Allow data volume to be specified for /ecs/ec2_capacity_provider.
Add ephemeral_storage to /ecs/task_definition.
Add /ecs/autoscaling/scheduled module.
Removed services/base/worker and services/base/web-basic modules.
Ignore changes to desired_count for web_fargate and web_ecs.
Fix SQS module to use topic_arn for aws:SourceArn condition, rather than topic_name
Update SQS module to allow setting of raw_message_delivery on SNS subscription.
Remove "Project" tag from everywhere with exception of ASG creation. Expectation is that default_tags will be used to set project from calling modules.
Add "resourceRequirements" to ecs/container_definition.
Add "ulimits" variable to ECS container_definition module. Provided as a map:
ulimits = {
"name" = "softLimit:hardLimit"
"nofile" = "32768:65536"
}
Add /ecs/ec2_capacity_provider_abs module for creating ECS capacity provider with attribute based instance selection.
Allow base to be set for capacity provider strategy in web_ec2 ecs module.
Alter device_names use for capacity providers. Latest AMI's used 1 volume (/dev/xvda) for both OS and Docker, rather than previous approach of Docker having a separate volume.
Allow min_size to set for capacity provider ASG
Add /vpc/legacy module. This was removed in 3.0 in favour of much more flexible vpc module.
Re-adding to allow estates that already use it to leverage default_tags without TF always detecting changes.
Output instance_role_name from /ecs/ec2_capacity_provider* modules - this will allow adding further permissions as required.
Adding in a filter_policy variable to the sqs module that allows a filter policy to be set on an SNS subscription to a queue
Updates to bastion module:
- Remove use of default SG
- Default to
t3a.microinstance - Default to Amazon Linux 2023 ami if not specified
- Update to use IMDSv2 for getting public IP
- Switch from launch-configuration to launch-template
- Output bastion role
Updates to vpc module:
- Remove deprecated syntax in
aws_eip
Update load-balancer module to output id of attached security group
Update to add filter_policy_scope to sns
Allow retention to be specified for DLQ in SQS module
Update wildcard-alb module to optionall add access_logs.
Allow stickiness to be specified for ecs/web_ec2 and load-balancing/target
Bugfix for above - correct variable name
Add default_tags to ASG resources for ecs/ec2_capacity_provider and ecs/ec2_capacity_provider_abs, as per this workaround
Update stickiness to allow for choosing whether to use lb_cookie or app_cookie and extend to ecs/web_fargate
Allow deployment min/max percent to be set for ECS services in ecs/web_fargate and ecs/web_ec2.
Allow load-balancing algorithm to be controlled in load-balancing/target (extended to ecs/web_fargate and ecs/web_ec2)
Add data/alb and data/cloudfront modules.
Fix issue in load-balancing/target, ecs/web_fargate and ecs/web_ec2 that prevented stickiness being removed.
Add default_tags to ASG resources for bastion, same as was done for capacity-providers in v3.28
Various updates, driven by changes to conform to SecurityHub standards:
bastion- addassociate_public_ip_address = trueto avoid confusion if newvpc.map_public_ips_on_launchis set tofalseecs/container_definition- addedread_only_filesystemvarload-balancing/wildcard-alb- addeddrop_invalid_headersandenable_deletion_protectionvarss3/ssl-only- new module to generate bucket policy for denying non-SSL traffic single resource only - generally not ideal but saves boiler platevpc- module now acceptsmap_public_ips_on_launchto opt out of auto-assigning for public subnets