Releases: cloudposse/terraform-aws-elastic-beanstalk-environment
Releases · cloudposse/terraform-aws-elastic-beanstalk-environment
v0.53.0
feat: expose ec2 service role as output @cilasbeltrame (#279)
## what- Expose service role, so that it can be used as input for other modules.
- Fix terratest tests for environment creation.
why
- It can be leveraged in conjunction of the Elastic Beanstalk Application. Since the service role is already created by the EB environment module.
- Fixing Terratest allows reliable automated validation of this module.
references
- For instance, it can be referred in in the module Elastic Beanstalk Application
appversion_lifecycle_service_role_arnas part of lifecycle role cleanup - Terratest error while testing:
Error: creating Elastic Beanstalk Environment (eg-test-eb-env-shared-alb-qjkk0y): operation error Elastic Beanstalk: CreateEnvironment, https response error StatusCode: 400, RequestID: f6b66297-8b0d-4902-a3d8-934ffc0c4a32, api error InvalidParameterValue: No Solution Stack named '64bit Amazon Linux 2023 v4.0.1 running Python 3.11'
🤖 Automatic Updates
Fix go version in tests @osterman (#276)
## what - Update go `1.24`why
- Error loading shared library libresolv.so.2 in Go 1.20
References
Replace Makefile with atmos.yaml @osterman (#275)
## what - Remove `Makefile` - Add `atmos.yaml`why
- Replace
build-harnesswithatmosfor readme genration
References
- DEV-3229 Migrate from build-harness to atmos
Migrate new test account @osterman (#270)
## what - Update `.github/settings.yml` - Update `.github/chatops.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level to getterratestenvironment - Migrate to new
testaccount
References
- DEV-388 Automate clean up of test account in new organization
- DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
- DEV-386 Update terratest to use new testing account with GitHub OIDC
Contributors
osterman and cilasbeltrame
Assets 2
v0.52.0
Fix: add depends_on instance profile for EB env @QuentinBtd (#267)
what
Add depends_on in elastic_beanstalk_environment
why
If instance profile is created after the environment, the creation of this last will failed.
references
I just encountered the problem;
The instance profile my-env-eb-ec2 associated with the environment does not exist.
🤖 Automatic Updates
Contributors
osterman and QuentinBtd
Assets 2
v0.51.3
🚀 Enhancements
Bump elb_logs module version to fix #259 @benjamin-hg (#264)
Include fix for cloudposse/terraform-aws-lb-s3-bucket#81
what
Bumped elb_logs module version from 0.19.0. to 0.20.0
why
To include a bugfix in order to fix #259.
The actual fix is in this commit: cloudposse/terraform-aws-lb-s3-bucket@a642b87#diff-dc46acf24afd63ef8c556b77c126ccc6e578bc87e3aa09a931f33d9bf2532fbb
references
- relates to cloudposse/terraform-aws-lb-s3-bucket#81
- closes #259
🤖 Automatic Updates
Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#263)
what
- Update workflows (
.github/workflows) to addissue: writepermission needed by ReviewDogtflintaction
why
- The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @osterman (#261)
what
- Update workflows (
.github/workflows/settings.yaml)
why
- Support new readme generation workflow.
- Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#258)
what
- Install latest GitHub Action Workflows
why
- Use shared workflows from
cldouposse/.githubrepository - Simplify management of workflows from centralized hub of configuration
Add GitHub Settings @osterman (#256)
what
- Install a repository config (
.github/settings.yaml)
why
- Programmatically manage GitHub repo settings
Add GitHub Settings @osterman (#255)
what
- Install a
.github/settings.yaml
why
- Programmatically manage GitHub repo settings
Update README.md and docs @cloudpossebot (#253)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Update Scaffolding @osterman (#254)
what
- Reran
make readmeto rebuildREADME.mdfromREADME.yaml - Migrate to square badges
- Add scaffolding for repo settings and Mergify
why
- Upstream template changed in the
.githubrepo - Work better with repository rulesets
- Modernize look & feel
Update README.md and docs @cloudpossebot (#249)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Contributors
osterman, benjamin-hg, and cloudpossebot
Assets 2
v0.51.2
🚀 Enhancements
Bugfix issue with ALB bucket output name and name in general @gugaiz (#247)
what
This fixes the issue with the output of the ALB bucket name, it also incorporates the option to manually set the bucket name to make it backward compatible with the previous deployment (what already has the bucket name assigned)
why
Because it is a bug that is on production code as commented on here
Contributors
gugaiz
Assets 2
v0.51.1
🚀 Enhancements
Fix/security groups update @samcrudge (#244)
what
Suggested changed by @goruha.
Default to empty string if aws_security_group.id is null. Empty string will then get filtered out by compact().
why
Null value caused sort() function to crash, making it impossible to set create_security_group to false
Implementing changes suggested in #229 by @goruha.
references
Fixed sort function crashing when create_security_group=false #229
Option create_security_group can't be false currently #216
Contributors
goruha and samcrudge
Assets 2
v0.51.0
what
- Introduces using cloudposse s3-bucket module for creating ALB logging bucket
- Introducing new variable which defines if s3 logs for ALB is enabled or disabled (default is still true)
- Adding random suffix to the name of logging bucket (since names of S3 must be globally unique - very often name provided in module is in collision with some already existed)
- If created, S3 bucket for storing ALB access logs is encrypted by default
- Updated examples (modules vpc, subnet and alb were in old versions)
why
- This module not usable anymore due to deprecation message by terraform about s3 bucket (see #227 )
- Users of this module don't always need access logs from Load Balancer n S3 bucket
- Existing examples were unusable due to old versions of modules in them.
v0.50.0
Groundwork new workflows @max-lobur (#232)
Fix lint/format before workflows rollout
Contributors
max-lobur
Assets 2
v0.49.0
[#98] Add a flag to redirect HTTP traffic to HTTPS @sestrella (#218)
what
- Add a flag to redirect HTTP traffic to HTTPS
- The hostname included in the redirection can be customized
why
- It is a common best practice to redirect HTTP traffic to HTTPS
- This workaround is necessary since Elastic Beanstalk HTTP listener rule can't be changed to a
redirectaction via the general options
references
- Kudos to @yashshanker who posted the simplified solution
- Closes #98
Contributors
sestrella and yashshanker
Assets 2
v0.48.0
Contributors
dcotelo
Assets 2
v0.47.2
🚀 Enhancements
Fixed potential self-escalation from iam:PassRole @comrumino (#215)
What I did
- Moved iam:PassRole from AllowOperations to a new statement named AllowPassRole and limited the resources/roles that can be passed to aws_iam_role.ec2 and aws_iam_role.service
Why I did it
- The current default policy document is overly permissive and was reported by our security tooling as a having the potential for privilege escalation. Without restricting which roles can be passed, a role with elevated privileges could be passed.
- Splitting actions into smaller statements make overriding resources or specific statements less unwieldy.
Contributors
comrumino