v1.7.0 Add support for Valkey cache

This release adds a new input, engine, which you can set to redis (the default) or valkey to choose which cache engine you want to use.

feat: Add support for Valkey engine @adamantike (#249)

## what

This change allows setting the engine variable, to allow using Valkey as the cache engine.

No breaking changes are expected, as the default value for the engine variable is set to redis. Also, the minimum AWS provider version is not changed as using Redis does not require using a newer provider.

references

• Amazon ElastiCache and Amazon MemoryDB announce support for Valkey
• AWS Provider - v5.73.0 release

v1.6.0

Dualstack support @ngoyal16 (#247)

## what

Redis cluster can be run in 3 network modes - ipv4, ipv6 or dual_stack.
Underlying module already supports this parameter

why

It can be mandatory to enable it to be able to connect from dual_stack or ipv6 only runtimes

references

v1.5.0

🚀 Enhancements

Allow config endpoint as reader endpoint output @justinfranco (#245)

## what This avoids a situation where the reader endpoint tries to use `coalesce(null, null, null)` when in cluster mode and instead uses the configuration endpoint.

why

When using cluster mode there is no reader endpoint so the output tries to use coalesce(null, null, null) which results in a plan error. As outlined in the AWS docs the config endpoint should be used instead when in cluster mode.

references

Closes #236

chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in /test/src in the go_modules group across 1 directory @dependabot (#246)

Bumps the go_modules group with 1 update in the /test/src directory: [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter).

Updates github.com/hashicorp/go-getter from 1.7.4 to 1.7.5

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: hashicorp/go-getter@v1.7.4...v1.7.5

Commits

• 5a63fd9 Merge pull request #497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

🤖 Automatic Updates

chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in /test/src in the go_modules group across 1 directory @dependabot (#246)

Bumps the go_modules group with 1 update in the /test/src directory: [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter).

Updates github.com/hashicorp/go-getter from 1.7.4 to 1.7.5

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: hashicorp/go-getter@v1.7.4...v1.7.5

Commits

• 5a63fd9 Merge pull request #497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this...

v1.4.1

🚀 Enhancements

fix: Default transit_encryption_mode to null if var.transit_encryption_enabled is false @amontalban (#238)

what

Fixing this problem when var.transit_encryption_enabled is false the transit_encryption_mode value should be null.

why

I was blindsided with my use case of encrypting everything and I should have covered the default use case.

references

• #231 (comment)

v1.4.0

feat: Allow configuring transit_encryption_mode @amontalban (#231)

what

Allow configuring transit_encryption_mode.

why

This was added in AWS Provider v5.47.0 as part of hashicorp/terraform-provider-aws#30403

This is needed if you want to migrate to in-transit encryption with no downtime.

references

• Closes #190

v1.3.0

feat: add support for redis serverless @syphernl (#235)

what

• Add support for Serverless Redis instances

why

• Supporting Redis Serverless for demanding applications

notes

• This upgrades the required version of the AWS provider from ">= 5.27.0" to ">= 5.32" as this is the first release where aws_elasticache_serverless_cache was introduced

v1.2.3

feat: Allow configuring auth_token_update_strategy @amontalban (#232)

what

Allow configuring auth_token_update_strategy provider setting.

This has been added to AWS Provider on v5.27.0 in this PR hashicorp/terraform-provider-aws#16203

why

Give user the flexibility to change the update strategy when setting/changing the auth_token.

references

Closes #55

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#233)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#230)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#229)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#228)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#226)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#224)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update README.md and docs @cloudpossebot (#222)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @osterman (#223)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

chore(deps): update terraform cloudposse/vpc/aws to v2.2.0 @renovate (#220)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/vpc/aws (source)	module	minor	2.1.1 -> 2.2.0

---

Release Notes

cloudposse/terraform-aws-vpc (cloudposse/vpc/aws)

v2.2.0

Compare Source

---

chore(deps): update terraform cloudposse/cloudwatch-logs/aws to v0.6.8 @renovate (#214)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudwatch-logs/aws (source)	module	patch	0.6.5 -> 0.6.8

---

Release Notes

cloudposse/terraform-aws-cloudwatch-logs (cloudposse/cloudwatch-logs/aws)

v0.6.8

Compare Source

🚀 Enhancements

Fix mistake in policy. Part2 @​ramses999 (#​39)

what

This is just a continuation of the fix https://github.com/cloudposse/terraform-aws-cloudwatch-logs/pull/38.
Prod environment tested. That's how it works correctly.

v0.6.7

Compare Source

🚀 Enhancements

Fix mistake in policy @​ramses999 (#​38)

what

Fix mistake in policy

why

The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role.
Without this ":" construct, the policy is created, but it does not work correctly.
This error was discovered when I tried to create a cloudwatch group in the cloudtrail module.
I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions."
After studying the code, I realized that I need to add the construction ":*" in a couple of lines.
My solution looks like this, I need to replace the lines in file :

This line:
join("", aws_cloudwatch_log_group.default..arn),
replaced by
"${join("", aws_cloudwatch_log_group.default..arn)}:*"
You need to do this in both identical lines.

Perhaps you can suggest a better solution, I'm new to terraforming.

references

https://github.com/cloudposse/terraform-aws-cloudwatch-logs/issues/37
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55

v0.6.6

Compare Source

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.16.2 @​renovate (#​33)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	patch	0.16.1 -> 0.16.2

---

---

chore(deps): update terraform cloudposse/vpc/aws to v2.1.1 @renovate (#215)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/vpc/aws (source)	module	patch	2.1.0 -> 2.1.1

---

Release Notes

cloudposse/terraform-aws-vpc (cloudposse/vpc/aws)

v2.1.1

Compare Source

Add support for network address usage metrics @​lanzrein (#​124)

what

This PR adds support for Network Address Usage Metrics on the VPC.
AWS documentation : https://docs.aws.amazon.com/vpc/latest/userguide/network-address-usage.html
Terraform documentation : https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#enable_network_address_usage_metrics

why

Network Address Usage metrics can help monitor the growth of a VPC and would be useful for any user.
Enable this after creating a VPC does not trigger recreation of the VPC.

references

closes #​115

Sync github @​max-lobur (#​120)

Rebuild github dir from the template

🤖 Automatic Updates

Update README.md and docs @​cloudpossebot (#​125)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

---

v1.2.2

🤖 Automatic Updates

chore(deps): update terraform cloudposse/route53-cluster-hostname/aws to v0.13.0 @renovate (#219)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/route53-cluster-hostname/aws (source)	module	minor	0.12.2 -> 0.13.0

---

Release Notes

cloudposse/terraform-aws-route53-cluster-hostname (cloudposse/route53-cluster-hostname/aws)

v0.13.0

Compare Source

• No changes

v0.12.3

Compare Source

Add zone inputs, update tests, add usage @​nitrocode (#​42)

what

• Add zone inputs, update tests, add usage

why

• Verify zone name exists
• Dynamically retrieve zone name based on data source inputs

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone
• Closes https://github.com/cloudposse/terraform-aws-route53-cluster-hostname/issues/41

git.io->cloudposse.tools update @​dylanbannon (#​40)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

---

chore(deps): update terraform cloudposse/dynamic-subnets/aws to v2.4.1 @renovate (#216)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/dynamic-subnets/aws (source)	module	minor	2.3.0 -> 2.4.1

---

Release Notes

cloudposse/terraform-aws-dynamic-subnets (cloudposse/dynamic-subnets/aws)

v2.4.1

Compare Source

🚀 Enhancements

Add subnet ARNs to outputs @​Nuru (#​188)

what

• Add subnet ARNs to outputs

why

• Closes #​171

v2.4.0

Compare Source

Update dependencies, remove deprecation, add NACL example @​Nuru (#​184)

Note

Dropping support for deprecated EC2-Classic

With this release, EIPs allocated for NAT ingress are allocated in the default domain. This most likely does not affect you, but for accounts created before 2013-12-04 (almost 10 years ago as of this writing), the default domain could be EC2-Classic rather than the current VPC. Previously this module forced the EIPs to be in the VPC domain, but the breaking changes between AWS Provider v4 and v5 make that difficult.

If you find yourself in the rare situation where the EIPs allocated by this module are in EC2-Classic but you want them in VPC, then create the EIPs outside of this module and supply them to this module via nat_elastic_ips.

Custom NACLs

This release includes an example (examples/nacls/) showing how to create custom NACLs in conjunction with this module. Note that by default, this module creates wide-open NACLs, and subnets can only have one NACL associated with them. If you try to add a NACL to a subnet without disabling the default NACLs, you may get a possibly confusing error like:

│ Error: creating EC2 Network ACL: creating EC2 Network ACL (acl-0376c5f12dd9d784d) Association: InvalidAssociationID.NotFound: The association ID 'aclassoc-0818d5a9e3876a2bb' does not exist

See https://github.com/hashicorp/terraform-provider-aws/issues/31888

what

• Make appropriate inputs non-nullable (treat an input of null as meaning "default")
• Remove aws_eip vpc = true
• Update terraform cloudposse/utils/aws to v1.3.0 (Supersedes and closes #​182)
• Add example of how to add custom NACLs to subnets created by this module (Supersedes and closes #​176)
• Update tests and test framework

why

• Allow better, more consistent configuration
• Deprecated
• Include support for new AWS regions
• Encourage composition of modules and resources rather than aggregation of functionality into bloated modules (c.f. #​176)
• Stay current with features, bug fixes, and security updates

references

• Terraform AWS Provider Version 5 Upgrade Guide: aws_eip
• Disallowing Null Input Values
• EC2 Classic

---

v1.2.1

🚀 Enhancements

fix: remove transit_encryption != null, auth_token rotation support @Steve-Louie-Bose (#195)

what

• This conditional causes this module to not support dynamic auth_token rotation in a nice way. This conditional forces us into a destroy/create instead of an in place modify

why

• Avoiding a destroy / create when the aws providers supports this behavior is worth it. It would allow one to use random_password and feed that into an auth_token and rotate it gracefully.

references

• closes #194

v1.2.0

bugfix: import existing replication groups @y3ti (#217)

what

Ignore security_group_names for aws_elasticache_replication_group resource.

why

There is a bug in the terraform aws provider: hashicorp/terraform-provider-aws#32835
When importing an aws_elasticache_replication_group resource the attribute security_group_names is imported as null.

The security_group_names attribute is not used by this module.

references

• #207
• hashicorp/terraform-provider-aws#32835