v1.1.0

Make allow_all_egress a variable @dlacosteGFM (#126)

What changes in this PR?

• Default change is nothing (with this PR applied, nobody would have to change anything)
• Makes a new parameter allow_all_egress which defaults to false
• When creating the security group for the EFS volume, this line makes the security-group have an "allow egress to 0.0.0.0/0" rule entry. This PR makes that a configurable parameter instead

Why make this change?

• EFS doesn't actually do egress, so this really makes no impact difference at all
• ...but during a security audit we have a dangling "why do you allow egress to 0.0.0.0/0 on this?" question with no really good answer (so let's get rid of it as it doesn't do anything anyways)

References

• PCI DSS 3.2.1 rule 1.1.7 - Requirement to review firewall and router rule sets every 6 months
• PCI DSS 3.2.1 rule 1.2.1 - Restrict inbound and outbound traffic to that which is necessary for the environment

v1.0.0

🤖 Automatic Updates

chore(deps): update terraform cloudposse/security-group/aws to v2 (main) @renovate (#135)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/security-group/aws (source)	module	major	1.0.1 -> 2.2.0

---

Release Notes

cloudposse/terraform-aws-security-group (cloudposse/security-group/aws)

v2.2.0

Compare Source

`.editorconfig` Typo @​milldr (#​50)

what

fixed intent typo

why

should be spelled "indent"

references

https://cloudposse.slack.com/archives/C01EY65H1PA/p1685638634845009

Sync github @​max-lobur (#​47)

Rebuild github dir from the template

v2.1.0

Compare Source

• No changes

v2.0.1

Compare Source

🐛 Bug Fixes

Properly handle enabled = false @​Nuru (#​45)

what

• Properly handle enabled = false

why

• Fixes #​43

v2.0.0: Breaking changes

Compare Source

For details about migrating from v1 to v2, read the migration documentation.

Version 1 of this module had a flaw in that it tried to create new security group rules before deleting the old ones, which the Terraform provider does not handle properly and caused most attempted changes to fail. Version 2 resolves this issue by also creating a new security group when the rules change, installing the new rules in the new security group, then changing the security group assignments. Read the README and the migration documentation for more details.

Document migration from v1 to v2 @​Nuru (#​42)

what

• Document migration from v1 to v2 of this module
• Fix #​40

why

• Serious issues exist in v1, causing v2 to have different defaults and new settings. Documentation is needed to guide users on how to upgrade while minimizing service interruptions.

references

• Closes #​40

Fixes the link for examples/complete/main.tf @​jdmedeiros (#​41)

Fixes the link for examples/complete/main.tf on the README.md file.

---

v0.36.0

🤖 Automatic Updates

chore(deps): update terraform cloudposse/route53-cluster-hostname/aws to v0.13.0 (main) @renovate (#136)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/route53-cluster-hostname/aws (source)	module	minor	0.12.2 -> 0.13.0

---

Release Notes

cloudposse/terraform-aws-route53-cluster-hostname (cloudposse/route53-cluster-hostname/aws)

v0.13.0

Compare Source

• No changes

v0.12.3

Compare Source

Add zone inputs, update tests, add usage @​nitrocode (#​42)

what

• Add zone inputs, update tests, add usage

why

• Verify zone name exists
• Dynamically retrieve zone name based on data source inputs

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone
• Closes https://github.com/cloudposse/terraform-aws-route53-cluster-hostname/issues/41

git.io->cloudposse.tools update @​dylanbannon (#​40)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

---

Update README.md and docs @cloudpossebot (#131)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.35.0

variables.tf: transition_to_ia -- add AFTER_1_DAY as valid value @michw (#130)

what

• Add AFTER_1_DAY as a valid value for transition_to_ia
• Add efs_file_system_policy resource

why

• AFTER_1_DAY is a valid value for transition_to_ia argument for lifecycle policy.
• efs_file_system_policy resource was missing.

Sync github @max-lobur (#124)

Rebuild github dir from the template

v0.34.0

• No changes

v0.33.0

Groundwork new workflows @max-lobur (#122)

Fix lint/format before workflows rollout

v0.32.7

git.io->cloudposse.tools update @dylanbannon (#111)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

🤖 Automatic Updates

chore(deps): update terraform cloudposse/security-group/aws to v1 @renovate (#112)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/security-group/aws (source)	module	major	0.4.3 -> 1.0.1

---

v0.32.6

🚀 Enhancements

Fix secondary gids and lifecycle hooks @nitrocode (#109)

what

• Fix secondary gids
• Fix lifecycle hooks (thanks to @kevouellet)
• Fix broken tests
• Use local.enabled for all resources including outputs

why

• Secondary gids now show up in the plan
• Lifecycle hooks show up appropriately

references

• Closes #107 (comment)
• Closes #104
• Related to #85
• Related to #94

v0.32.5

🤖 Automatic Updates

chore(deps): update terraform cloudposse/security-group/aws to v0.4.3 @renovate (#106)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/security-group/aws (source)	module	patch	0.4.2 -> 0.4.3

---

Release Notes

cloudposse/terraform-aws-security-group

v0.4.3

Compare Source

Update recommended inputs and outputs @​Nuru (#​26)

#### what - Update recommended inputs and outputs #### why - Changes based on experience implementing several modules

#### 🚀 Enhancements

Rename the exported `security_group_inputs.tf` file to `security-group-inputs.tf` @​aknysh (#​30)

#### what * Rename the exported `security_group_inputs.tf` file to `security-group-inputs.tf` * Update GitHub workflows and LICENSE #### why * Our naming convention is to use `kebab-case` for all files. Having a file in `snake_case` (after adding it to a repo) together with all the other files in `kebab-case` in the same repo does not look correct * Keep up to date

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.32.4

🚀 Enhancements

Associated Security Groups doesn't work #102 @gandraa (#105)

what

• remove sort function in security_groups

why

• if create_security_group is false, then the module throws exception "Call to function "sort" failed: given list element 0 is null; a null string cannot be sorted."

references

• Associated Security Groups doesn't work