Release: 1.20.0

Author: AWS

CODEOWNERS

@@ -1 +1 @@
-* @ouyanguf @wiltangg @aviwshah @dashbat @dhingraa-github @sk-at-amazon @aspiratr-aws @yashl
+* @ouyanguf @wiltangg @aviwshah @dashbat @dhingraa-github @stumins @vmale-aws @yashl @seannnnn-aws @tinpha @sungkkim

README.md

@@ -82,7 +82,7 @@ When you enable the HCP Terraform or Terraform Enterprise OIDC integration (`ter
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2.0, < 2.0.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.1, < 2.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0.0, < 7.0.0 |
 
 ## Providers
@@ -146,6 +146,7 @@ When you enable the HCP Terraform or Terraform Enterprise OIDC integration (`ter
 | <a name="input_aft_vpc_public_subnet_02_cidr"></a> [aft\_vpc\_public\_subnet\_02\_cidr](#input\_aft\_vpc\_public\_subnet\_02\_cidr) | CIDR Block to allocate to the Public Subnet 02 | `string` | `"192.168.2.128/25"` | no |
 | <a name="input_audit_account_id"></a> [audit\_account\_id](#input\_audit\_account\_id) | Audit Account Id | `string` | n/a | yes |
 | <a name="input_backup_recovery_point_retention"></a> [backup\_recovery\_point\_retention](#input\_backup\_recovery\_point\_retention) | Number of days to keep backup recovery points in AFT DynamoDB tables. Default = Never Expire | `number` | `null` | no |
+| <a name="input_backup_schedule"></a> [backup\_schedule](#input\_backup\_schedule) | Cron expression for the DynamoDB backup schedule. Default = hourly | `string` | `"cron(0 * * * ? *)"` | no |
 | <a name="input_cloudwatch_log_group_enable_cmk_encryption"></a> [cloudwatch\_log\_group\_enable\_cmk\_encryption](#input\_cloudwatch\_log\_group\_enable\_cmk\_encryption) | Flag toggling CloudWatch Log Groups encryption by using the AFT customer managed key stored in KMS. Additional charges apply. Otherwise, logs will use CloudWatch managed server-side encryption. | `bool` | `false` | no |
 | <a name="input_cloudwatch_log_group_retention"></a> [cloudwatch\_log\_group\_retention](#input\_cloudwatch\_log\_group\_retention) | Amount of days to keep CloudWatch Log Groups for Lambda functions. 0 = Never Expire | `string` | `"0"` | no |
 | <a name="input_concurrent_account_factory_actions"></a> [concurrent\_account\_factory\_actions](#input\_concurrent\_account\_factory\_actions) | Maximum number of accounts that can be provisioned in parallel. | `number` | `5` | no |
@@ -170,7 +171,7 @@ When you enable the HCP Terraform or Terraform Enterprise OIDC integration (`ter
 | <a name="input_terraform_org_name"></a> [terraform\_org\_name](#input\_terraform\_org\_name) | Organization name for Terraform Cloud or Enterprise | `string` | `"null"` | no |
 | <a name="input_terraform_project_name"></a> [terraform\_project\_name](#input\_terraform\_project\_name) | Project name for Terraform Cloud or Enterprise - project must exist before deployment | `string` | `"Default Project"` | no |
 | <a name="input_terraform_token"></a> [terraform\_token](#input\_terraform\_token) | Terraform token for Cloud or Enterprise | `string` | `"null"` | no |
-| <a name="input_terraform_version"></a> [terraform\_version](#input\_terraform\_version) | Terraform version being used for AFT | `string` | `"1.6.0"` | no |
+| <a name="input_terraform_version"></a> [terraform\_version](#input\_terraform\_version) | Terraform version being used for AFT | `string` | `"1.6.1"` | no |
 | <a name="input_tf_backend_secondary_region"></a> [tf\_backend\_secondary\_region](#input\_tf\_backend\_secondary\_region) | AFT creates a backend for state tracking for its own state as well as OSS cases. The backend's primary region is the same as the AFT region, but this defines the secondary region to replicate to. | `string` | `""` | no |
 | <a name="input_vcs_provider"></a> [vcs\_provider](#input\_vcs\_provider) | Customer VCS Provider - valid inputs are codecommit, bitbucket, github, githubenterprise, gitlab, or gitLab self-managed | `string` | `"codecommit"` | no |
 

VERSION

@@ -1 +1 @@
-1.19.0
+1.20.0

main.tf

@@ -59,6 +59,7 @@ module "aft_account_request_framework" {
   request_framework_archive_hash              = module.packaging.request_framework_archive_hash
   lambda_runtime_python_version               = local.lambda_runtime_python_version
   backup_recovery_point_retention             = var.backup_recovery_point_retention
+  backup_schedule                             = var.backup_schedule
   aft_customer_vpc_id                         = var.aft_customer_vpc_id
   aft_customer_private_subnets                = var.aft_customer_private_subnets
   sns_topic_enable_cmk_encryption             = var.sns_topic_enable_cmk_encryption

modules/aft-account-provisioning-framework/versions.tf

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 terraform {
-  required_version = ">= 1.2.0, < 2.0.0"
+  required_version = ">= 1.6.1, < 2.0.0"
 
   required_providers {
     aws = {

modules/aft-account-request-framework/backup.tf

@@ -10,7 +10,7 @@ resource "aws_backup_plan" "aft_controltower_backup_plan" {
   rule {
     rule_name         = "aft_controltower_backup_rule"
     target_vault_name = aws_backup_vault.aft_controltower_backup_vault.name
-    schedule          = "cron(0 * * * ? *)"
+    schedule          = var.backup_schedule
 
     dynamic "lifecycle" {
       for_each = var.backup_recovery_point_retention != null ? [1] : []

modules/aft-account-request-framework/variables.tf

@@ -70,6 +70,10 @@ variable "backup_recovery_point_retention" {
   type = number
 }
 
+variable "backup_schedule" {
+  type = string
+}
+
 variable "aft_enable_vpc" {
   type = bool
 }

modules/aft-account-request-framework/versions.tf

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 terraform {
-  required_version = ">= 1.2.0, < 2.0.0"
+  required_version = ">= 1.6.1, < 2.0.0"
 
   required_providers {
     aws = {

modules/aft-archives/data.tf modules/aft-archives/main.tfmodules/aft-archives/data.tf renamed to modules/aft-archives/main.tf

@@ -1,30 +1,31 @@
 # Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
-data "archive_file" "provisioning_framework" {
+resource "archive_file" "provisioning_framework" {
   type        = "zip"
   source_dir  = "${path.module}/../../src/aft_lambda/aft_account_provisioning_framework"
   output_path = "${path.module}/../../src/aft_lambda/aft_account_provisioning_framework.zip"
 }
 
-data "archive_file" "request_framework" {
+resource "archive_file" "request_framework" {
   type        = "zip"
   source_dir  = "${path.module}/../../src/aft_lambda/aft_account_request_framework"
   output_path = "${path.module}/../../src/aft_lambda/aft_account_request_framework.zip"
 }
-data "archive_file" "customizations" {
+
+resource "archive_file" "customizations" {
   type        = "zip"
   source_dir  = "${path.module}/../../src/aft_lambda/aft_customizations"
   output_path = "${path.module}/../../src/aft_lambda/aft_customizations.zip"
 }
 
-data "archive_file" "feature_options" {
+resource "archive_file" "feature_options" {
   type        = "zip"
   source_dir  = "${path.module}/../../src/aft_lambda/aft_feature_options"
   output_path = "${path.module}/../../src/aft_lambda/aft_feature_options.zip"
 }
 
-data "archive_file" "builder" {
+resource "archive_file" "builder" {
   type        = "zip"
   source_dir  = "${path.module}/../../src/aft_lambda/aft_builder"
   output_path = "${path.module}/../../src/aft_lambda/aft_builder.zip"

modules/aft-archives/outputs.tf

@@ -2,41 +2,41 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 output "provisioning_framework_archive_path" {
-  value = data.archive_file.provisioning_framework.output_path
+  value = archive_file.provisioning_framework.output_path
 }
 
 output "provisioning_framework_archive_hash" {
-  value = data.archive_file.provisioning_framework.output_base64sha256
+  value = archive_file.provisioning_framework.output_base64sha256
 }
 
 output "request_framework_archive_path" {
-  value = data.archive_file.request_framework.output_path
+  value = archive_file.request_framework.output_path
 }
 
 output "request_framework_archive_hash" {
-  value = data.archive_file.request_framework.output_base64sha256
+  value = archive_file.request_framework.output_base64sha256
 }
 
 output "customizations_archive_path" {
-  value = data.archive_file.customizations.output_path
+  value = archive_file.customizations.output_path
 }
 
 output "customizations_archive_hash" {
-  value = data.archive_file.customizations.output_base64sha256
+  value = archive_file.customizations.output_base64sha256
 }
 
 output "feature_options_archive_path" {
-  value = data.archive_file.feature_options.output_path
+  value = archive_file.feature_options.output_path
 }
 
 output "feature_options_archive_hash" {
-  value = data.archive_file.feature_options.output_base64sha256
+  value = archive_file.feature_options.output_base64sha256
 }
 
 output "builder_archive_path" {
-  value = data.archive_file.builder.output_path
+  value = archive_file.builder.output_path
 }
 
 output "builder_archive_hash" {
-  value = data.archive_file.builder.output_base64sha256
+  value = archive_file.builder.output_base64sha256
 }