Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI)
Rebuild github dir from the template
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | minor | 0.10.0 -> 0.13.0 |
v0.13.0
overwrite
argument back due to the confusion of its deprecation:Lastly, and unfortunately, configurations expecting the standard update flow will need to keep overwrite = true set until this becomes the default behavior in v6.0.0. Removing it in v5.X will result in the default value of false, preventing the parameter value from being updated, causing persistent differences.
v0.12.0
fixes #β51
Rebuild github dir from the template
v0.11.0
β Error: Invalid function argument
β
β on .terraform/modules/service_codefresh_serverless/outputs.tf line 41, in output "ses_smtp_password_v4":
β 41: value = local.ssm_enabled ? null : join("", aws_iam_access_key.default.*.ses_smtp_password_v4)
β βββββββββββββββββ
β β while calling join(separator, lists...)
β β aws_iam_access_key.default is tuple with 1 element
β
β Invalid value for "lists" parameter: element 0 is null; cannot concatenate null values.
awsutils
provider, fix bugs @Nuru (#70)Starting with version 0.23.0 of this module, AWS Access Keys created by this module expired in 30 days by default. This release removes the ability to create expiring keys, and non-expiring keys are created by default. This release also defaults to storing the keys in AWS SSM Parameter store and not passing them as outputs, because the outputs are stored unencrypted in the Terraform state file.
We recommend authenticating via an OIDC provider rather than using AWS Access Keys.
iam_access_key_max_age
and the ability to create AWS Access Keys of predefined lifetimecloudposse/awsutils
Terraform provider to provide the feature. The error messages stemming from the missing provider block configuration are causing more of a support headache than it is worth. Since we implemented this feature, most CI/CD providers have implemented a better way to obtain short-lived CI/CD credentials (e.g. GitHub Actions and CircleCI both support OIDC with AWS, GCP, Azure, etc)ssm_base_path
parameter we can have a better SSM hierarchy. Example: /dev/system_user/tc-dev-s3
and /staging/system_user/tc-staging-ses
ses_smtp_password_v4
stored in SSM will allow better integration with CI systems when deploying applications (rather than having a script to generate the password or read the terraform state)This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | minor | 0.8.4 -> 0.9.1 |
v0.9.1
v0.9.0
v0.8.5
Change default parameter type from SecretString to SecureString.
SecretString is a term from AWS Secrets Manager, and is not valid with SSM Parameter Store. The corresponding type is "SecureString".
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | patch | 0.8.3 -> 0.8.4 |
v0.8.4
π Schedule: At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
This release introduces a minor breaking change. It now requires the cloudposse/awsutils
provider, which in turn requires a region
argument to set the AWS region to work in, just like the Hashicorp AWS provider does. So, if you currently have this:
provider "aws" {
region = var.region
}
you should update it to this:
provider "aws" {
region = var.region
}
provider "awsutils" {
region = var.region
}
and you should also update terraform.required_providers
to include
awsutils = {
source = "cloudposse/awsutils"
version = ">= 0.11.0"
}
create_iam_access_key
variable is true
, create an IAM Access Key that will expire after 30 days.iam_access_key_max_age
have elapsed, running terraform plan
and terraform apply
again will produce a new secret access key.This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | patch | 0.8.2 -> 0.8.3 |
v0.8.3
π Schedule: At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | patch | 0.8.1 -> 0.8.2 |
v0.8.2
π Schedule: At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.