cloudposse
diff --git a/‎.github/CODEOWNERS
+2-2 b/‎.github/CODEOWNERS
+2-2
diff --git a/‎.github/auto-release.yml
+2-1 b/‎.github/auto-release.yml
+2-1
diff --git a/‎.github/mergify.yml
+7 b/‎.github/mergify.yml
+7
diff --git a/‎.github/workflows/auto-format.yml
+3-1 b/‎.github/workflows/auto-format.yml
+3-1
diff --git a/‎.github/workflows/auto-release.yml
+16-9 b/‎.github/workflows/auto-release.yml
+16-9
diff --git a/‎.github/workflows/validate-codeowners.yml
+2 b/‎.github/workflows/validate-codeowners.yml
+2
diff --git a/‎LICENSE
+1-1 b/‎LICENSE
+1-1
diff --git a/‎README.md
+120-92 b/‎README.md
+120-92
diff --git a/‎README.yaml
+94-79 b/‎README.yaml
+94-79
@@ -15,8 +15,8 @@
 
 # Cloud Posse must review any changes to standard context definition,
 # but some changes can be rubber-stamped.
-**/*.tf       @cloudposse/engineering @cloudposse/approvers
-README.yaml   @cloudposse/engineering @cloudposse/approvers
+**/*.tf       @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+README.yaml   @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 README.md     @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 docs/*.md     @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 
 
@@ -17,6 +17,7 @@ version-resolver:
     - 'bugfix'
     - 'bug'
     - 'hotfix'
+    - 'no-release'
   default: 'minor'
 
 categories:
@@ -46,7 +47,7 @@ template: |
 
 replacers:
 # Remove irrelevant information from Renovate bot
-- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
+- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
   replace: ''
 # Remove Renovate bot banner image
 - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
 
@@ -56,3 +56,10 @@ pull_request_rules:
       changes_requested: true
       approved: true
       message: "This Pull Request has been updated, so we're dismissing all reviews."
+
+- name: "close Pull Requests without files changed"
+  conditions:
+    - "#files=0"
+  actions:
+    close:
+      message: "This pull request has been automatically closed by Mergify because there are no longer any changes."
@@ -6,7 +6,7 @@ on:
 jobs:
   auto-format:
     runs-on: ubuntu-latest
-    container: cloudposse/build-harness:slim-latest
+    container: cloudposse/build-harness:latest
     steps:
     # Checkout the pull request branch
     #  "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
@@ -29,6 +29,8 @@ jobs:
     - name: Auto Format
       if: github.event.pull_request.state == 'open'
       shell: bash
+      env:
+        GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
       run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
 
     # Commit changes (if any) to the PR branch
 
@@ -3,17 +3,24 @@ name: auto-release
 on:
   push:
     branches:
-    - master
+      - main
+      - master
+      - production
 
 jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-    # Drafts your next Release notes as Pull Requests are merged into "master"
-    - uses: release-drafter/release-drafter@v5
-      with:
-        publish: true
-        prerelease: false
-        config-name: auto-release.yml
-      env:
-        GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+      # Get PR from merged commit to master
+      - uses: actions-ecosystem/action-get-merged-pull-request@v1
+        id: get-merged-pull-request
+        with:
+          github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+      # Drafts your next Release notes as Pull Requests are merged into "main"
+      - uses: release-drafter/release-drafter@v5
+        with:
+          publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }}
+          prerelease: false
+          config-name: auto-release.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
@@ -1,5 +1,7 @@
 name: Validate Codeowners
 on:
+  workflow_dispatch:
+
   pull_request:
 
 jobs:
 
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017-2020 Cloud Posse, LLC
+   Copyright 2017-2022 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
 
@@ -49,11 +49,14 @@ related:
     description: "Terraform Module to define an ElasticBeanstalk Application"
     url: "https://github.com/cloudposse/terraform-aws-elastic-beanstalk-application"
   - name: "geodesic"
-    description: " Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on strictly Open Source tools."
+    description: "Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on strictly Open Source tools."
     url: "https://github.com/cloudposse/geodesic"
   - name: "terraform-aws-elasticache-cloudwatch-sns-alarms"
-    description: " Terraform module that configures CloudWatch SNS alerts for ElastiCache"
+    description: "Terraform module that configures CloudWatch SNS alerts for ElastiCache"
     url: "https://github.com/cloudposse/terraform-aws-elasticache-cloudwatch-sns-alarms"
+  - name: "General options for all Elastic Beanstalk environments"
+    description: "General configuration options for all Elastic Beanstalk environments"
+    url: "https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html"
 
 # Short description of this project
 description: |-
@@ -76,108 +79,120 @@ usage: |-
     provider "aws" {
       region = var.region
     }
-
+    
     module "vpc" {
-      source     = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.0"
-      namespace  = var.namespace
-      stage      = var.stage
-      name       = var.name
+      source = "cloudposse/vpc/aws"
+      # Cloud Posse recommends pinning every module to a specific version
+      version = "x.x.x"
+      
       cidr_block = "172.16.0.0/16"
+  
+      context = module.this.context
     }
-
+    
     module "subnets" {
-      source               = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.0"
+      source = "cloudposse/dynamic-subnets/aws"
+      # Cloud Posse recommends pinning every module to a specific version
+      version = "x.x.x"
+      
       availability_zones   = var.availability_zones
-      namespace            = var.namespace
-      stage                = var.stage
-      name                 = var.name
       vpc_id               = module.vpc.vpc_id
       igw_id               = module.vpc.igw_id
       cidr_block           = module.vpc.vpc_cidr_block
       nat_gateway_enabled  = true
       nat_instance_enabled = false
+    
+      context = module.this.context
     }
-
+    
     module "elastic_beanstalk_application" {
-      source      = "git::https://github.com/cloudposse/terraform-aws-elastic-beanstalk-application.git?ref=tags/0.3.0"
-      namespace   = var.namespace
-      stage       = var.stage
-      name        = var.name
-      description = "Test elastic_beanstalk_application"
+      source = "cloudposse/elastic-beanstalk-application/aws"
+      # Cloud Posse recommends pinning every module to a specific version
+      version = "x.x.x"
+      
+      description = "Test Elastic Beanstalk application"
+    
+      context = module.this.context
     }
-
+    
     module "elastic_beanstalk_environment" {
-      source = "cloudposse/elastic-beanstalk-environment/aws"
-      # Cloud Posse recommends pinning every module to a specific version
-      # version = "x.x.x"
-      namespace                          = var.namespace
-      stage                              = var.stage
-      name                               = var.name
-      description                        = "Test elastic_beanstalk_environment"
-      region                             = var.region
-      availability_zone_selector         = "Any 2"
-      dns_zone_id                        = var.dns_zone_id
+      source                     = "../../"
+    
+      description                = var.description
+      region                     = var.region
+      availability_zone_selector = var.availability_zone_selector
+      dns_zone_id                = var.dns_zone_id
+    
+      wait_for_ready_timeout             = var.wait_for_ready_timeout
       elastic_beanstalk_application_name = module.elastic_beanstalk_application.elastic_beanstalk_application_name
-
-      instance_type           = "t3.small"
-      autoscale_min           = 1
-      autoscale_max           = 2
-      updating_min_in_service = 0
-      updating_max_batch      = 1
-
-      loadbalancer_type    = "application"
+      environment_type                   = var.environment_type
+      loadbalancer_type                  = var.loadbalancer_type
+      elb_scheme                         = var.elb_scheme
+      tier                               = var.tier
+      version_label                      = var.version_label
+      force_destroy                      = var.force_destroy
+    
+      instance_type    = var.instance_type
+      root_volume_size = var.root_volume_size
+      root_volume_type = var.root_volume_type
+    
+      autoscale_min             = var.autoscale_min
+      autoscale_max             = var.autoscale_max
+      autoscale_measure_name    = var.autoscale_measure_name
+      autoscale_statistic       = var.autoscale_statistic
+      autoscale_unit            = var.autoscale_unit
+      autoscale_lower_bound     = var.autoscale_lower_bound
+      autoscale_lower_increment = var.autoscale_lower_increment
+      autoscale_upper_bound     = var.autoscale_upper_bound
+      autoscale_upper_increment = var.autoscale_upper_increment
+    
       vpc_id               = module.vpc.vpc_id
       loadbalancer_subnets = module.subnets.public_subnet_ids
       application_subnets  = module.subnets.private_subnet_ids
-      security_group_rules = [
-        {
-          type                     = "egress"
-          from_port                = 0
-          to_port                  = 65535
-          protocol                 = "-1"
-          cidr_blocks              = ["0.0.0.0/0"]
-          source_security_group_id = null
-          description              = "Allow all outbound traffic"
-        },
+    
+      allow_all_egress = true
+
+      additional_security_group_rules = [
         {
           type                     = "ingress"
           from_port                = 0
           to_port                  = 65535
           protocol                 = "-1"
-          source_security_group_id = [module.vpc.vpc_default_security_group_id]
-          cidr_blocks              = null
-          description              = "Allow all ingress traffic from trusted Security Groups"
-        },
+          source_security_group_id = module.vpc.vpc_default_security_group_id
+          description              = "Allow all inbound traffic from trusted Security Groups"
+        }
       ]
+    
+      rolling_update_enabled  = var.rolling_update_enabled
+      rolling_update_type     = var.rolling_update_type
+      updating_min_in_service = var.updating_min_in_service
+      updating_max_batch      = var.updating_max_batch
+    
+      healthcheck_url  = var.healthcheck_url
+      application_port = var.application_port
+    
+      solution_stack_name = var.solution_stack_name    
+      additional_settings = var.additional_settings
+      env_vars            = var.env_vars
+    
+      extended_ec2_policy_document = data.aws_iam_policy_document.minimal_s3_permissions.json
+      prefer_legacy_ssm_policy     = false
       prefer_legacy_service_policy = false
-
-      // https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platforms-supported.html
-      // https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platforms-supported.html#platforms-supported.docker
-      solution_stack_name = "64bit Amazon Linux 2018.03 v2.12.17 running Docker 18.06.1-ce"
-
-      additional_settings = [
-        {
-          namespace = "aws:elasticbeanstalk:application:environment"
-          name      = "DB_HOST"
-          value     = "xxxxxxxxxxxxxx"
-        },
-        {
-          namespace = "aws:elasticbeanstalk:application:environment"
-          name      = "DB_USERNAME"
-          value     = "yyyyyyyyyyyyy"
-        },
-        {
-          namespace = "aws:elasticbeanstalk:application:environment"
-          name      = "DB_PASSWORD"
-          value     = "zzzzzzzzzzzzzzzzzzz"
-        },
-        {
-          namespace = "aws:elasticbeanstalk:application:environment"
-          name      = "ANOTHER_ENV_VAR"
-          value     = "123456789"
-        }
+      scheduled_actions            = var.scheduled_actions
+    
+      context = module.this.context
+    }
+      
+    data "aws_iam_policy_document" "minimal_s3_permissions" {
+      statement {
+        sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
+        actions = [
+        "s3:ListAllMyBuckets",
+        "s3:GetBucketLocation"
       ]
+      resources = ["*"]
     }
+  }
   ```
 
 include:
@@ -188,11 +203,11 @@ include:
 contributors:
   - name: "Erik Osterman"
     homepage: "https://github.com/osterman"
-    avatar: "http://s.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb?s=144"
+    avatar: "https://s.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb?s=144"
     github: "osterman"
   - name: "Igor Rodionov"
     homepage: "https://github.com/goruha/"
-    avatar: "http://s.gravatar.com/avatar/bc70834d32ed4517568a1feb0b9be7e2?s=144"
+    avatar: "https://s.gravatar.com/avatar/bc70834d32ed4517568a1feb0b9be7e2?s=144"
     github: "goruha"
   - name: "Andriy Knysh"
     homepage: "https://github.com/aknysh/"