v2.0.0

Support AWS Managed Domain Lists via `firewall_domain_list_id` Andriy Knysh (@aknysh) (#32)

## what - Add optional `firewall_domain_list_id` attribute to each rule in `rule_groups_config`, alongside the existing `firewall_domain_list_name` (now also optional). A rule must specify exactly one of the two. - Resolve the rule's domain list ID via `coalesce(rule.firewall_domain_list_id, try(local.custom_domain_list_ids[rule.firewall_domain_list_name], null))`, preserving the existing custom-list lookup as a fallback. - Update `examples/complete` to exercise the new code path: create an externally-managed `aws_route53_resolver_firewall_domain_list` (a stand-in for an AWS Managed Domain List, whose `rslvr-fdl-...` ID cannot be hardcoded in CI), reference it by ID from a merged rule group, and assert in terratest that the rendered rule carries that ID. - Regenerate `README.md` via `atmos readme`.

why

• The module currently can only reference domain lists it creates itself (via domains_config), because the rule lookup is hardcoded to aws_route53_resolver_firewall_domain_list.default[rule.firewall_domain_list_name].id. This makes it impossible to use AWS Managed Domain Lists (e.g. AWSManagedDomainsMalwareDomainList, AWSManagedDomainsBotnetCommandandControl, AWSManagedDomainsAggregateThreatList, AWSManagedDomainsAmazonGuardDutyThreatList) — these are provisioned by AWS per account/region and exist outside the module's resource map.
• AWS Managed Domain Lists are the recommended baseline for blocking known-malicious egress traffic (PCI DSS, threat-intel-driven defense). Without this support, downstream consumers have to fork the module or replace it with direct resources to use them.
• Change is backward compatible: rules that only specify firewall_domain_list_name continue to resolve via the same custom-list map as before — the try() fallback in coalesce reproduces the original lookup exactly.

references

• closes #8
• AWS Managed Domain Lists — Route 53 Resolver DNS Firewall
• aws_route53_resolver_firewall_rule.firewall_domain_list_id

🤖 Automatic Updates

Fix go version in tests Erik Osterman (Cloud Posse) (@osterman) (#30)

## what - Update go `1.24`

why

• Error loading shared library libresolv.so.2 in Go 1.20

References

• https://sweetops.slack.com/archives/G014YEKDH4K/p1746672149263629
• golang/go#59305 (comment)
• cloudposse/terraform-aws-cloudfront-s3-cdn#294

Replace Makefile with atmos.yaml Erik Osterman (Cloud Posse) (@osterman) (#29)

## what - Remove `Makefile` - Add `atmos.yaml`

why

• Replace build-harness with atmos for readme genration

References

• DEV-3229 Migrate from build-harness to atmos

Migrate new test account Erik Osterman (Cloud Posse) (@osterman) (#28)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml Erik Osterman (Cloud Posse) (@osterman) (#27)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml Erik Osterman (Cloud Posse) (@osterman) (#26)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write Erik Osterman (Cloud Posse) (@osterman) (#24)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo Erik Osterman (Cloud Posse) (@osterman) (#22)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action Erik Osterman (Cloud Posse) (@osterman) (#21)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows Erik Osterman (Cloud Posse) (@osterman) (#20)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo Erik Osterman (Cloud Posse) (@osterman) (#16)

## what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings Erik Osterman (Cloud Posse) (@osterman) (#11)

## what - Install a repository config (`.github/settings.yaml`)

why

• Programmatically manage GitHub repo settings

Update Scaffolding Erik Osterman (Cloud Posse) (@osterman) (#9)

## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

Update README.md and docs Cloud Posse Bot (CI/CD) (@cloudpossebot) (#7)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates