Skip to content

Releases: cloudposse/terraform-aws-iam-system-user

v1.2.1

03 Mar 09:59
@github-actions github-actions
1.2.1
754b8cc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.1 Latest
Latest
Sync github @max-lobur (#74)

Rebuild github dir from the template

🤖 Automatic Updates

chore(deps): update terraform cloudposse/ssm-parameter-store/aws to v0.13.0 (main) @renovate (#79)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module minor 0.10.0 -> 0.13.0

Release Notes

cloudposse/terraform-aws-ssm-parameter-store (cloudposse/ssm-parameter-store/aws)

v0.13.0

Compare Source

chore: add overwrite argument back @​gberenice (#​53)

what

  • Unfortunately, we have to add the overwrite argument back due to the confusion of its deprecation:
Lastly, and unfortunately, configurations expecting the standard update flow will need to keep overwrite = true set until this becomes the default behavior in v6.0.0. Removing it in v5.X will result in the default value of false, preventing the parameter value from being updated, causing persistent differences.

why

  • Prevent undesired behaviour.

references

v0.12.0

Compare Source

chore: remove deprecated `overwrite` argument @​meysam81 (#​52)

fixes #​51

Sync github @​max-lobur (#​48)

Rebuild github dir from the template

v0.11.0

Compare Source

  • No changes

Contributors

renovate and max-lobur
Assets 2
Loading

v1.2.0

17 May 09:12
@cloudpossebot cloudpossebot
1.2.0
ab6e143
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.0
  • No changes
Assets 2
Loading

v1.1.0

14 Dec 16:17
@cloudpossebot cloudpossebot
1.1.0
ab6e143
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0
Fix `ssm_enabled = false` usage @MaxymVlasov (#71) 
│ Error: Invalid function argument
│ 
│   on .terraform/modules/service_codefresh_serverless/outputs.tf line 41, in output "ses_smtp_password_v4":
│   41:   value       = local.ssm_enabled ? null : join("", aws_iam_access_key.default.*.ses_smtp_password_v4)
│     ├────────────────
│     │ while calling join(separator, lists...)
│     │ aws_iam_access_key.default is tuple with 1 element
│ 
│ Invalid value for "lists" parameter: element 0 is null; cannot concatenate null values.

Contributors

MaxymVlasov
Assets 2
Loading

v1.0.0 (Breaking changes)

03 Sep 23:29
@cloudpossebot cloudpossebot
1.0.0
7069480
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0 (Breaking changes)

Remove expiring keys and awsutils provider, fix bugs @Nuru (#70)

note

Starting with version 0.23.0 of this module, AWS Access Keys created by this module expired in 30 days by default. This release removes the ability to create expiring keys, and non-expiring keys are created by default. This release also defaults to storing the keys in AWS SSM Parameter store and not passing them as outputs, because the outputs are stored unencrypted in the Terraform state file.

We recommend authenticating via an OIDC provider rather than using AWS Access Keys.

what

  • Remove iam_access_key_max_age and the ability to create AWS Access Keys of predefined lifetime
  • Output secrets only when not using SSM Parameter Store
  • Enhance testing

why

  • We are removing this feature due to the confusion to the community of our terraform users that has been caused by requiring the cloudposse/awsutils Terraform provider to provide the feature. The error messages stemming from the missing provider block configuration are causing more of a support headache than it is worth. Since we implemented this feature, most CI/CD providers have implemented a better way to obtain short-lived CI/CD credentials (e.g. GitHub Actions and CircleCI both support OIDC with AWS, GCP, Azure, etc)
  • Secrets that are output from a module, even if marked sensitive, are still stored in plaintext in the Terraform state file, which makes them less secure than AWS Parameter Store.
  • Prevent regression of fixed bugs

references

  • Closes #54
  • Closes #62
  • Closes #67
  • Supersedes and closes #68
feat: add ses smpt password to ssm, add ssm base path option @Gowiem (#65)

what

  • Add option to change the SSM base path under which credentials are stored
  • Store ses_smtp_password_v4 in SSM

why

  • Even if the IAM users are global per account often times there is a need to separeate them per environment (dev, staging). By adding the ssm_base_path parameter we can have a better SSM hierarchy. Example: /dev/system_user/tc-dev-s3 and /staging/system_user/tc-staging-ses
  • Also having the ses_smtp_password_v4 stored in SSM will allow better integration with CI systems when deploying applications (rather than having a script to generate the password or read the terraform state)

references

  • Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
  • closes #60
  • Copy of #61, Closes #61
git.io->cloudposse.tools update @dylanbannon (#64)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

  • DEV-143

Contributors

Gowiem, Nuru, and dylanbannon
Assets 2
Loading

v0.23.2

07 Mar 18:01
@cloudpossebot cloudpossebot
0.23.2
bcf8696
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.23.2

🤖 Automatic Updates

Update Terraform cloudposse/ssm-parameter-store/aws to v0.9.1 @renovate (#63)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module minor 0.8.4 -> 0.9.1

Release Notes

cloudposse/terraform-aws-ssm-parameter-store

v0.9.1

Compare Source

🚀 Enhancements

update outputs to work with ignore_value_changes ssm parameters @​1david5 (#​41) #### what * Update outputs to include the name and values of the `ignore_value_changes` parameters. #### why * Output arguments for the `ignore_value_changes` resource

v0.9.0

Compare Source

Parameters that can be modified by another tool @​1david5 (#​40) ##### what * Add an alternative parameter resource with a lifecycle that ignores value changes. * Also add the new `data_type` argument to the `aws_ssm_parameter` resource. ##### why * Allow the user to create parameters that can be modified by another tool in the future without affecting terraform apply, preventing errors like this: ![image](https://user-images.githubusercontent.com/19425457/150651839-61577182-d5a4-4237-a74f-7b69b8c9d777.png)

v0.8.5

Compare Source

🚀 Enhancements
Change default param type from SecretString to SecureString. @​MattCWheeler (#​39)

Change default parameter type from SecretString to SecureString.

SecretString is a term from AWS Secrets Manager, and is not valid with SSM Parameter Store. The corresponding type is "SecureString".

Contributors

renovate
Assets 2
Loading

v0.23.1

24 Nov 16:34
@cloudpossebot cloudpossebot
0.23.1
c4b873b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.23.1

🤖 Automatic Updates

Update Terraform cloudposse/ssm-parameter-store/aws to v0.8.4 @renovate (#59)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module patch 0.8.3 -> 0.8.4

Release Notes

cloudposse/terraform-aws-ssm-parameter-store

v0.8.4

Compare Source

🚀 Enhancements

Use context for tags @​nitrocode (#​38) #### what * Use context for tags #### why * Fixes an issue if only context is passed in, it won't tag it unless var.tags is also passed in. This change will use context if it's available. #### references N/A

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Contributors

renovate
Assets 2
Loading

v0.23.0 Breaking change: New provider

19 Nov 15:54
@cloudpossebot cloudpossebot
0.23.0
78b5d9b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.23.0 Breaking change: New provider

This release introduces a minor breaking change. It now requires the cloudposse/awsutils provider, which in turn requires a region argument to set the AWS region to work in, just like the Hashicorp AWS provider does. So, if you currently have this:

provider "aws" {
  region = var.region
}

you should update it to this:

provider "aws" {
  region = var.region
}

provider "awsutils" {
  region = var.region
}

and you should also update terraform.required_providers to include

    awsutils = {
      source  = "cloudposse/awsutils"
      version = ">= 0.11.0"
    }
add expiring iam_access_key @mcalhoun (#58)

what

  • By default, when the create_iam_access_key variable is true, create an IAM Access Key that will expire after 30 days.
  • After the iam_access_key_max_age have elapsed, running terraform plan and terraform apply again will produce a new secret access key.

why

  • Security best practices dictate that you should rotate your password/credentials on a periodic basis

references

Contributors

mcalhoun
Assets 2
Loading

v0.22.5

28 Oct 22:02
@cloudpossebot cloudpossebot
0.22.5
d1d4d68
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.22.5

🤖 Automatic Updates

Update Terraform cloudposse/ssm-parameter-store/aws to v0.8.3 @renovate (#57)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module patch 0.8.2 -> 0.8.3

Release Notes

cloudposse/terraform-aws-ssm-parameter-store

v0.8.3

Compare Source

🚀 Enhancements
feat: Template provider removed from versions.tf @​DovnarAlexander (#​36) ##### what * Template provider removed from versions.tf ##### why * This provider is not used and deprecated. On ARM platforms Terraform raises an exception (because it does not have a build for it) ##### references * https://registry.terraform.io/providers/hashicorp/template/latest/docs

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Contributors

renovate
Assets 2
Loading

v0.22.4

26 Oct 18:37
@cloudpossebot cloudpossebot
0.22.4
9e3f413
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.22.4

🚀 Enhancements

Disable writing to store when create_iam_access_key is set to false @FilipNikolovski (#56)

Setting the create_iam_access_key parameter to false throws an error when running terraform plan.

references

Contributors

FilipNikolovski
Assets 2
Loading

v0.22.3

18 Oct 22:27
@cloudpossebot cloudpossebot
0.22.3
7fb8307
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.22.3

🤖 Automatic Updates

Update Terraform cloudposse/ssm-parameter-store/aws to v0.8.2 @renovate (#53)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module patch 0.8.1 -> 0.8.2

Release Notes

cloudposse/terraform-aws-ssm-parameter-store

v0.8.2

Compare Source

🚀 Enhancements
Fix: `var.enabled` for Parameter Read, Testing Suite Overhaul @​korenyoni (#​33) ##### what * Fix `var.parameter_read` not honoring `var.enabled`. * Overhaul tests to properly test for `map` output. * Overhaul tests to have a parallel test for a disabled context. * Test that module outputs work as expected in both enabled and disabled contexts. * Misc: Fix README snippets. * Misc: Bump module in examples/complete. ##### why * This module will still read from SSM Parameter Store even if `var.enabled` is `false`. * Tests are not sufficient to test for the use case described above. * Tests do not properly test `map` output. * Misc: README is out of date (git source instead of Terraform registry). ##### references * N/A

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Contributors

renovate
Assets 2
Loading