Support AWS Managed Domain Lists via `firewall_domain_list_id` Andriy Knysh (@aknysh) (#32)
## what - Add optional `firewall_domain_list_id` attribute to each rule in `rule_groups_config`, alongside the existing `firewall_domain_list_name` (now also optional). A rule must specify exactly one of the two. - Resolve the rule's domain list ID via `coalesce(rule.firewall_domain_list_id, try(local.custom_domain_list_ids[rule.firewall_domain_list_name], null))`, preserving the existing custom-list lookup as a fallback. - Update `examples/complete` to exercise the new code path: create an externally-managed `aws_route53_resolver_firewall_domain_list` (a stand-in for an AWS Managed Domain List, whose `rslvr-fdl-...` ID cannot be hardcoded in CI), reference it by ID from a merged rule group, and assert in terratest that the rendered rule carries that ID. - Regenerate `README.md` via `atmos readme`.why
- The module currently can only reference domain lists it creates itself (via
domains_config), because the rule lookup is hardcoded toaws_route53_resolver_firewall_domain_list.default[rule.firewall_domain_list_name].id. This makes it impossible to use AWS Managed Domain Lists (e.g.AWSManagedDomainsMalwareDomainList,AWSManagedDomainsBotnetCommandandControl,AWSManagedDomainsAggregateThreatList,AWSManagedDomainsAmazonGuardDutyThreatList) — these are provisioned by AWS per account/region and exist outside the module's resource map. - AWS Managed Domain Lists are the recommended baseline for blocking known-malicious egress traffic (PCI DSS, threat-intel-driven defense). Without this support, downstream consumers have to fork the module or replace it with direct resources to use them.
- Change is backward compatible: rules that only specify
firewall_domain_list_namecontinue to resolve via the same custom-list map as before — thetry()fallback incoalescereproduces the original lookup exactly.
references
🤖 Automatic Updates
Fix go version in tests Erik Osterman (Cloud Posse) (@osterman) (#30)
## what - Update go `1.24`why
- Error loading shared library libresolv.so.2 in Go 1.20
References
Replace Makefile with atmos.yaml Erik Osterman (Cloud Posse) (@osterman) (#29)
## what - Remove `Makefile` - Add `atmos.yaml`why
- Replace
build-harnesswithatmosfor readme genration
References
- DEV-3229 Migrate from build-harness to atmos
Migrate new test account Erik Osterman (Cloud Posse) (@osterman) (#28)
## what - Update `.github/settings.yml` - Update `.github/chatops.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level to getterratestenvironment - Migrate to new
testaccount
References
- DEV-388 Automate clean up of test account in new organization
- DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
- DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml Erik Osterman (Cloud Posse) (@osterman) (#27)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml Erik Osterman (Cloud Posse) (@osterman) (#26)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write Erik Osterman (Cloud Posse) (@osterman) (#24)
## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PRwhy
- So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo Erik Osterman (Cloud Posse) (@osterman) (#22)
## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repowhy
- Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action Erik Osterman (Cloud Posse) (@osterman) (#21)
## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` actionwhy
- The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows Erik Osterman (Cloud Posse) (@osterman) (#20)
## what - Update workflows (`.github/workflows/settings.yaml`)why
- Support new readme generation workflow.
- Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo Erik Osterman (Cloud Posse) (@osterman) (#16)
## what- Install latest GitHub Action Workflows
why
- Use shared workflows from
cldouposse/.githubrepository - Simplify management of workflows from centralized hub of configuration
Add GitHub Settings Erik Osterman (Cloud Posse) (@osterman) (#11)
## what - Install a repository config (`.github/settings.yaml`)why
- Programmatically manage GitHub repo settings
Update Scaffolding Erik Osterman (Cloud Posse) (@osterman) (#9)
## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergifywhy
- Upstream template changed in the
.githubrepo - Work better with repository rulesets
- Modernize look & feel
Update README.md and docs Cloud Posse Bot (CI/CD) (@cloudpossebot) (#7)
## what This is an auto-generated PR that updates the README.md and docswhy
To have most recent changes of README.md and doc from origin templates