v0.17.0

Description

• Terraform 1.0 upgrade: We have verified that this repo is compatible with Terraform 1.0.x!
  • From this release onward, we will only be running tests with Terraform 1.0.x against this repo, so we recommend updating to 1.0.x soon!
  • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.15.1 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 1.0.x.

Related links

• #248

v0.16.0

Description

• Terraform 0.15 upgrade: We have verified that this repo is compatible with Terraform 0.15.x!
  • From this release onward, we will only be running tests with Terraform 0.15.x against this repo, so we recommend updating to 0.15.x soon!
  • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.15.x.
  • Once all Gruntwork repos have been upgrade to work with 0.15.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

Related links

• #246

v0.15.1

Modules affected

• install-vault

Description

• You can now tell the install-vault skip calling apt-get update or yum update by passing the --skip-package-update flag.

Special thanks

• Thank you to @queglay for the contribution!

Related links

• #237

v0.15.0

Modules affected

• install-vault
• private-tls-cert
• run-vault
• update-certificate-store
• vault-cluster
• vault-elb
• vault-security-group-rules

Description

• Terraform 0.14 upgrade: We have verified that this repo is compatible with Terraform 0.14.x!
  • From this release onward, we will only be running tests with Terraform 0.14.x against this repo, so we recommend updating to 0.14.x soon!
  • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.14.x.
  • Once all Gruntwork repos have been upgrade to work with 0.14.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

Related links

• #241

v0.14.3

Modules affected

• vault-elb

Description

• You can now enable access logging for the Vault ELB using the new access_logs input variable.

Special thanks

• Thank you to @dchernivetsky for the contribution!

Related links

• #239

v0.14.2

Modules affected

• run-vault

Description

• When using a backend other than Consul, run-vault will now explicitly configure Vault to register itself as a service in Consul. Otherwise, if you're using some other backend, such as S3, service discovery won't work correctly. You can configure the Consul agent address to use for registration via the new --consul-agent-service-registration-address argument (the default is localhost:8500).
• Updated the systemd config that run-vault sets up for Vault:
  • Configure reasonable defaults for StartLimitIntervalSec and StartLimitBurst so Vault doesn't infinitely try to restart in case of a permanent error.
  • Set LimitMEMLOCK to infinity to prevent memory from being swapped to disk.
• We've updated the examples to use more modern versions:
  • Bump Vault to 1.6.1
  • Bump Consul to 1.9.2

Related links

• #232

v0.14.1

Modules affected

• vault-cluster

Description

• You can now configure a permissions boundary for the IAM role using the new iam_permissions_boundary input variable.

Special thanks

• Thank you to @guangie88 for the contribution!

Related links

• #231

v0.14.0

Modules affected

• (none)

Description

• Terraform 0.13 upgrade: We have verified that this repo is compatible with Terraform 0.13.x!
  • From this release onward, we will only be running tests with Terraform 0.13.x against this repo, so we recommend updating to 0.13.x soon!
  • To give you more time to upgrade, for the time being, all modules will still support Terraform 0.12.26 and above, as that version has several features in it (required_providers with source URLs) that make it more forwards compatible with 0.13.x.
  • Once all Gruntwork repos have been upgrade to work with 0.13.x, we will publish a migration guide with a version compatibility table and announce it all via the Gruntwork Newsletter.

Related links

• #224

v0.13.11

Modules affected

• vault-cluster

Description

• The vault-cluster module now sets the ignore_changes lifecycle setting on load_balancers and target_group_arns attributes. As of AWS Provider 3.x, if you use aws_autoscaling_attachment, you MUST have ignore_changes set on these attributes, or your load balancer will be removed (see corresponding issue in the AWS provider). Since the vault-cluster module doesn't let you use these attributes anyway, this should be a backwards compatible change that allows this module to work properly with a load balancer.

Special thanks

• Thank you to @andrew-womeldorf for the PR!

Related links

• #211

v0.13.10

Modules affected

• vault-cluster

Description

• The vault-cluster module now provides output variables with information about the IAM instance profile: iam_instance_profile_arn, iam_instance_profile_id, and iam_instance_profile_name.

Special thanks

• Thank you to @nicgrayson for the PR!

Related links

• #207