Terraform Aws Iam System User Versions Save

Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI)

1.2.1

2 months ago
Sync github @max-lobur (#74)

Rebuild github dir from the template

πŸ€– Automatic Updates

chore(deps): update terraform cloudposse/ssm-parameter-store/aws to v0.13.0 (main) @renovate (#79)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module minor 0.10.0 -> 0.13.0

Release Notes

cloudposse/terraform-aws-ssm-parameter-store (cloudposse/ssm-parameter-store/aws)

v0.13.0

Compare Source

chore: add overwrite argument back @​gberenice (#​53)

what

  • Unfortunately, we have to add the overwrite argument back due to the confusion of its deprecation:
Lastly, and unfortunately, configurations expecting the standard update flow will need to keep overwrite = true set until this becomes the default behavior in v6.0.0. Removing it in v5.X will result in the default value of false, preventing the parameter value from being updated, causing persistent differences.

why

  • Prevent undesired behaviour.

references

v0.12.0

Compare Source

chore: remove deprecated `overwrite` argument @​meysam81 (#​52)

fixes #​51

Sync github @​max-lobur (#​48)

Rebuild github dir from the template

v0.11.0

Compare Source

  • No changes

1.2.0

11 months ago
  • No changes

1.1.0

1 year ago
Fix `ssm_enabled = false` usage @MaxymVlasov (#71) 
β”‚ Error: Invalid function argument
β”‚ 
β”‚   on .terraform/modules/service_codefresh_serverless/outputs.tf line 41, in output "ses_smtp_password_v4":
β”‚   41:   value       = local.ssm_enabled ? null : join("", aws_iam_access_key.default.*.ses_smtp_password_v4)
β”‚     β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚     β”‚ while calling join(separator, lists...)
β”‚     β”‚ aws_iam_access_key.default is tuple with 1 element
β”‚ 
β”‚ Invalid value for "lists" parameter: element 0 is null; cannot concatenate null values.

1.0.0

1 year ago

Remove expiring keys and awsutils provider, fix bugs @Nuru (#70)

note

Starting with version 0.23.0 of this module, AWS Access Keys created by this module expired in 30 days by default. This release removes the ability to create expiring keys, and non-expiring keys are created by default. This release also defaults to storing the keys in AWS SSM Parameter store and not passing them as outputs, because the outputs are stored unencrypted in the Terraform state file.

We recommend authenticating via an OIDC provider rather than using AWS Access Keys.

what

  • Remove iam_access_key_max_age and the ability to create AWS Access Keys of predefined lifetime
  • Output secrets only when not using SSM Parameter Store
  • Enhance testing

why

  • We are removing this feature due to the confusion to the community of our terraform users that has been caused by requiring the cloudposse/awsutils Terraform provider to provide the feature. The error messages stemming from the missing provider block configuration are causing more of a support headache than it is worth. Since we implemented this feature, most CI/CD providers have implemented a better way to obtain short-lived CI/CD credentials (e.g. GitHub Actions and CircleCI both support OIDC with AWS, GCP, Azure, etc)
  • Secrets that are output from a module, even if marked sensitive, are still stored in plaintext in the Terraform state file, which makes them less secure than AWS Parameter Store.
  • Prevent regression of fixed bugs

references

  • Closes #54
  • Closes #62
  • Closes #67
  • Supersedes and closes #68
feat: add ses smpt password to ssm, add ssm base path option @Gowiem (#65)

what

  • Add option to change the SSM base path under which credentials are stored
  • Store ses_smtp_password_v4 in SSM

why

  • Even if the IAM users are global per account often times there is a need to separeate them per environment (dev, staging). By adding the ssm_base_path parameter we can have a better SSM hierarchy. Example: /dev/system_user/tc-dev-s3 and /staging/system_user/tc-staging-ses
  • Also having the ses_smtp_password_v4 stored in SSM will allow better integration with CI systems when deploying applications (rather than having a script to generate the password or read the terraform state)

references

  • Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
  • closes #60
  • Copy of #61, Closes #61
git.io->cloudposse.tools update @dylanbannon (#64)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

  • DEV-143

0.23.2

2 years ago

πŸ€– Automatic Updates

Update Terraform cloudposse/ssm-parameter-store/aws to v0.9.1 @renovate (#63)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module minor 0.8.4 -> 0.9.1

Release Notes

cloudposse/terraform-aws-ssm-parameter-store

v0.9.1

Compare Source

πŸš€ Enhancements

update outputs to work with ignore_value_changes ssm parameters @​1david5 (#​41) #### what * Update outputs to include the name and values of the `ignore_value_changes` parameters. #### why * Output arguments for the `ignore_value_changes` resource

v0.9.0

Compare Source

Parameters that can be modified by another tool @​1david5 (#​40) ##### what * Add an alternative parameter resource with a lifecycle that ignores value changes. * Also add the new `data_type` argument to the `aws_ssm_parameter` resource. ##### why * Allow the user to create parameters that can be modified by another tool in the future without affecting terraform apply, preventing errors like this: ![image](https://user-images.githubusercontent.com/19425457/150651839-61577182-d5a4-4237-a74f-7b69b8c9d777.png)

v0.8.5

Compare Source

πŸš€ Enhancements
Change default param type from SecretString to SecureString. @​MattCWheeler (#​39)

Change default parameter type from SecretString to SecureString.

SecretString is a term from AWS Secrets Manager, and is not valid with SSM Parameter Store. The corresponding type is "SecureString".

0.23.1

2 years ago

πŸ€– Automatic Updates

Update Terraform cloudposse/ssm-parameter-store/aws to v0.8.4 @renovate (#59)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module patch 0.8.3 -> 0.8.4

Release Notes

cloudposse/terraform-aws-ssm-parameter-store

v0.8.4

Compare Source

πŸš€ Enhancements

Use context for tags @​nitrocode (#​38) #### what * Use context for tags #### why * Fixes an issue if only context is passed in, it won't tag it unless var.tags is also passed in. This change will use context if it's available. #### references N/A

Configuration

πŸ“… Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

0.23.0

2 years ago

This release introduces a minor breaking change. It now requires the cloudposse/awsutils provider, which in turn requires a region argument to set the AWS region to work in, just like the Hashicorp AWS provider does. So, if you currently have this:

provider "aws" {
  region = var.region
}

you should update it to this:

provider "aws" {
  region = var.region
}

provider "awsutils" {
  region = var.region
}

and you should also update terraform.required_providers to include

    awsutils = {
      source  = "cloudposse/awsutils"
      version = ">= 0.11.0"
    }
add expiring iam_access_key @mcalhoun (#58)

what

  • By default, when the create_iam_access_key variable is true, create an IAM Access Key that will expire after 30 days.
  • After the iam_access_key_max_age have elapsed, running terraform plan and terraform apply again will produce a new secret access key.

why

  • Security best practices dictate that you should rotate your password/credentials on a periodic basis

references

0.22.5

2 years ago

πŸ€– Automatic Updates

Update Terraform cloudposse/ssm-parameter-store/aws to v0.8.3 @renovate (#57)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module patch 0.8.2 -> 0.8.3

Release Notes

cloudposse/terraform-aws-ssm-parameter-store

v0.8.3

Compare Source

πŸš€ Enhancements
feat: Template provider removed from versions.tf @​DovnarAlexander (#​36) ##### what * Template provider removed from versions.tf ##### why * This provider is not used and deprecated. On ARM platforms Terraform raises an exception (because it does not have a build for it) ##### references * https://registry.terraform.io/providers/hashicorp/template/latest/docs

Configuration

πŸ“… Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

0.22.4

2 years ago

πŸš€ Enhancements

Disable writing to store when create_iam_access_key is set to false @FilipNikolovski (#56)

Setting the create_iam_access_key parameter to false throws an error when running terraform plan.

references

  • Closes #55

0.22.3

2 years ago

πŸ€– Automatic Updates

Update Terraform cloudposse/ssm-parameter-store/aws to v0.8.2 @renovate (#53)

This PR contains the following updates:

Package Type Update Change
cloudposse/ssm-parameter-store/aws (source) module patch 0.8.1 -> 0.8.2

Release Notes

cloudposse/terraform-aws-ssm-parameter-store

v0.8.2

Compare Source

πŸš€ Enhancements
Fix: `var.enabled` for Parameter Read, Testing Suite Overhaul @​korenyoni (#​33) ##### what * Fix `var.parameter_read` not honoring `var.enabled`. * Overhaul tests to properly test for `map` output. * Overhaul tests to have a parallel test for a disabled context. * Test that module outputs work as expected in both enabled and disabled contexts. * Misc: Fix README snippets. * Misc: Bump module in examples/complete. ##### why * This module will still read from SSM Parameter Store even if `var.enabled` is `false`. * Tests are not sufficient to test for the use case described above. * Tests do not properly test `map` output. * Misc: README is out of date (git source instead of Terraform registry). ##### references * N/A

Configuration

πŸ“… Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.