Releases: cloudposse/terraform-aws-code-deploy
Releases · cloudposse/terraform-aws-code-deploy
v0.2.3
🐛 Bug Fixes
Fix: fix incorrect conditional logic for dynamic blocks iterating on `var.ec2_tag_set` and `var.ec2_tag_filter` @StephenTan-TW (#13)
what
Original PR description:
In order to ensure that tagging is processed correctly, I have created a PR of working code.
For some reason, we need to disable conditionals for ec2_tag_filter variable and we need to set the following conditional for ec2_tag_set:var.ec2_tag_set == null ? [] : [var.ec2_tag_set]
Note that I have had to do a huge rebase when pulling the upstream code. No idea what is going on.
- Swap second and third arguments in ternary operator for
var.ec2_tag_setandvar.ec2_tag_filter, which are incorrectly supplying an empty list if their lengths are > 0. - Use
lookupfunction in dynamic blocks in order to introduce more robustness.
why
- If
var.ec2_tag_setandvar.ec2_tag_filterare supplied as non-empty lists, theec2_tag_filterblocks will not be populated, since the ternary operator will evaluate to empty lists, and hence the dynamic block will produce no such blocks.
Contributors
StephenTan-TW
Assets 2
v0.2.2
🤖 Automatic Updates
chore(deps): update terraform cloudposse/sns-topic/aws to v0.20.1 @renovate (#10)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/sns-topic/aws (source) | module | minor | 0.16.0 -> 0.20.1 |
Release Notes
cloudposse/terraform-aws-sns-topic
v0.20.0
Add fifo suffix, redrive policy, and additional outputs @nitrocode (#43)
#### what * [x] Allow periods in sqs fifo queue and sns topic if `fifo_topic` is true * [x] Support `redrive_policy` * [x] Added additional outputs #### why * fifo queues and sns topic require `.fifo` in their names and the default regex in context is stripping out the period #### references * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic#name * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue#name * [x] Closes https://github.com/cloudposse/terraform-aws-sns-topic/issues/40 * [x] Closes https://github.com/cloudposse/terraform-aws-sns-topic/issues/42 * [x] Closes https://github.com/cloudposse/terraform-aws-sns-topic/issues/25 #### testmodule "sns" {
source = "git::https://github.com/cloudposse/terraform-aws-sns-topic.git?ref=sqs_queue_allow_periods"
fifo_topic = true
sqs_dlq_enabled = true
fifo_queue_enabled = true
}v0.19.2
🤖 Automatic Updates
Update context.tf @cloudpossebot (#37)
#### what This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` #### why To support all the features of the `context` interface.v0.19.1
🚀 Enhancements
Delete auto-approve.yml @3h4x (#18)
#### what - delete `auto-approve` as test is overv0.19.0
Add enabled toggle @nitrocode (#36)
#### what * Add enabled toggle #### why * Only if enabled=true will this module create resources #### references N/Av0.18.0
Making Encryption configuration of SNS easier @azec-pdx (#34)
#### NOTE: Previously opened and discussed as https://github.com/cloudposse/terraform-aws-sns-topic/pull/32 , but had to open new PR because of the bad upstream fork rebasing (accidentally pointed to another unrelated CP TF module and ruined git history). #### what * I was using `cloudposse/terraform-aws-sns-topic` to deploy SNS Topic and subscriber SQS queues for routing Bounce and Complaint notifications from AWS SES service. AWS SES won't accept SNS Topic as the notifications target unless it has enough permissions for KMS key that is configured for SNS Topic Encryption settings. With module `cloudposse/terraform-aws-sns-topic` using default AWS KMS key `alias/aws/sns`, this is limiting in two ways: 1. It forces users of `cloudposse/terraform-aws-sns-topic` TF module to use encryption even if they don't provide their own KMS key. Users don't have option to deploy SNS Topic with Encryption disabled. 2. Since users are already forced to use SNS Topic Encryption, their only option becomes to configure their own KMS key and pass it to `cloudposse/terraform-aws-sns-topic` module, but then there is additional requirement for users to do more IAM permissions on KMS key to allow AWS SES service access to the key to encrypt messages as they are fanned out to SNS Topic. * This PR makes use of Encryption feature of SNS Topic deployed with `cloudposse/terraform-aws-sns-topic` more configurable in a way that: 1. Users can now easier opt-out from using encryption with feature flag/variable `use_encryption` instead of having to explicitly override `kms_master_key_id` with either `""` (empty string) or `null` value 2. Backward compatibility is preserved (encryption is by default on and if user doesn't override `kms_master_key_id` the default KMS key `alias/aws/sns` is used) 3. If user wants to use custom (their own) KMS key, all they have to do is to set the ID of the KMS key alias in `kms_master_key_id` and use of encryption is implicitly assumed #### why * Business case: mostly described above, to be able to have easier options for this feature when needing SNS Topic **without** Encryption in order to work with other AWS service (SES in this case) - especially since it is all in the same AWS account. * This now makes possible to deploy SNS Topic **without** Encryption by just flipping feature flag: module "sns" {
#source = "git::https://github.com/cloudposse/terraform-aws-sns-topic.git//?ref=tags/<FUTURE_TAG>"
source = "git::https://github.com/SkywardIO/terraform-aws-sns-topic.git//?ref=feature/sns-enc-optional"
name = module.this.id
subscribers = var.subscribers
allowed_aws_services_for_sns_published = var.allowed_aws_services_for_sns_published
sqs_dlq_enabled = false # Until valid case neeed for this and until CP fixes https://github.com/cloudposse/terraform-aws-sns-topic/blob/master/main.tf#L20
use_encryption = false
}references
- N/A?
v0.17.0
Support for FIFO SNS Topics @azec-pdx (#35)
#### what * Adds ability to support deploying FIFO - type SNS Topics #### why * Customers might need FIFO SNS Topics with FIFO SQS queues subscribed * This allows them to use module in following way ```terraform module "sns" { source = "git::https://github.com/cloudposse/terraform-aws-sns-topic.git//?ref=tags/" fifo_topic = var.fifo_topic
name = module.this.id # e.g. mytopic.fifo
regex_replace_chars = var.regex_replace_chars # e.g. "/[^.a-zA-Z0-9-]/" - required to prevent removal of '.' char in '.fifo' suffix
sqs_dlq_enabled = false # Until valid case neeed for this and until CP fixes https://github.com/cloudposse/terraform-aws-sns-topic/blob/master/main.tf#L20
subscribers = var.subscribers
content_based_deduplication = var.content_based_deduplication
SNS Topic policies related variables
sns_topic_policy_json = var.sns_topic_policy_json
allowed_aws_services_for_sns_published = var.allowed_aws_services_for_sns_published
allowed_iam_arns_for_sns_publish = var.allowed_iam_arns_for_sns_publish
}
and then upstream to use this as:
```terraform
module "my_topic_and_subscribers" {
source = "../../components/sns_topic_w_subscribers"
environment = var.environment
fifo_topic = true # has to be fifo for FIFO SQS queue subscribers (which all are)
content_based_deduplication = true
name = "my-topic.fifo" # suffix .fifo is required by AWS for this type of SNS Topic
namespace = var.namespace
regex_replace_chars = "/[^.a-zA-Z0-9-]/" # required to prevent removal of '.' char in '.fifo' suffix
region = var.region
subscribers = {
my_sqs_fifo = {
endpoint = module.my_queue_fifo.queue_arn # ARN of the SQS that will be subscribed to SNS topic
endpoint_auto_confirms = true
protocol = "sqs",
raw_message_delivery = false
}
}
sns_topic_policy_json = data.aws_iam_policy_document.my_topic_policy_document.json
}
#### references
* N/A
</details>
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by WhiteSource Renovate. View repository job log here.
Contributors
renovate
Assets 2
v0.2.1
🤖 Automatic Updates
Update context.tf @cloudpossebot (#12)
what
This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label
why
To support all the features of the context interface.
Contributors
cloudpossebot
Assets 2
v0.2.0
Correct the ARN string, also fix the tag sets and allow tag filters as per the api @StephenTan-TW (#9)
what
- The tagging for EC2 tag sets is broken. This is now sorted. I have added a variable to allow ec2 filters and not just tag sets.
- There is a bit where the ARN string for the role is missing "/service-role" for EC2 and Lambda. This is different to ECS where our tests are run on ( this is NOT a complete example despite the name! Where are the lambda and EC2 tests? )
- I have amended the ARN lookups to give the correct ARNs for each platform type.
why
- To allow full range of tagging
- To allow the IAM role to be created for all Platform types
Contributors
StephenTan-TW
Assets 2
v0.1.2
🚀 Enhancements
Fix broken ec2_tag_filter block @StephenTan-TW (#7)
what
- This is to fix a bug when using the ec2-tag-filters
why
- The dynamic block for_each and map lookups are broken
references
- Closes #6
Contributors
StephenTan-TW
Assets 2
v0.1.1
🚀 Enhancements
Tag codedeploy group and app @nitrocode (#4)
what
- Tag codedeploy group and app
- local.enabled
why
- Tagging standards
- local.enabled best practices
references
Contributors
nitrocode
