Terraform Gce Atlantis Versions Save

A set of Terraform configurations for running Atlantis on @googlecloud Compute Engine

4.1.0

1 month ago

What's Changed

Full Changelog: https://github.com/runatlantis/terraform-gce-atlantis/compare/3.0.3...4.1.0

3.0.3

5 months ago
Update README.md @bschaatsbergen (#135)

3.0.2

5 months ago
Minor fix in Cloud Armor README @bschaatsbergen (#134)

what

  • Fix a typo in the README.

why

  • It's referencing the incorrect example usage.

3.0.1

5 months ago
feat: add monitoring and fluentbit tags @bschaatsbergen (#126)

what

  • See #116

why

  • See #116

references

  • Closes #116

🚀 Enhancements

feat: add option to attach a security policy to the default backend @d-costa (#132)

what

  • Give clients the option to attach a security policy to the default backend service.
  • Create a new deployment example, using IAP and Cloud Armor, allowing only events coming from GitHub Webhooks.

why

  • Google Cloud Armor security policies to protect applications running behind a load balancer from distributed denial-of-service (DDoS) and other web-based attacks. It also features preconfigured security policies.
  • Improve the security of the default backend service: even if the webhook secret is compromised, only requests coming from the whitelisted IPs are allowed.

references

3.0.0

6 months ago
Allow metrics to be exposed publicly @bschaatsbergen (#123)

what

  • Added a host rule and patch matcher to possibly expose metrics publicly.

why

  • As Atlantis uses the /metrics path to expose certain metrics, we should make it possible to access it without IAP.

references

  • Closes #120

2.1.5

7 months ago
chore: fix typo in IAP example related to oauth2 config @bschaatsbergen (#124)

what

  • Fixed a typo in the IAP section related to oauth2 config.

references

  • Closes #121

2.1.4

7 months ago

🚀 Enhancements

feat: add checkov @bschaatsbergen (#125)

what

  • Added checkov to pre-commit
  • Fixed some checkov warnings in the /examples.
  • Added a GitHub Workflow to run pre-commit on each PR.

references

  • Closes #63

2.1.3

10 months ago

🚀 Enhancements

feat: add simple Terraform registry syntax example @bschaatsbergen (#119)

what

  • Adds a simple example of the Terraform Module Registry syntax.

why

  • Makes it easier to implement as there's a bit of reference code.

references

  • Closes #56

2.1.2

11 months ago
SSL Policy for Certificate is configurable @artusiep (#118)

what

  • Adding new optional variable for SSL Policy
  • Adding example with the most secure SSL Policy GCP provide

why

  • configurable SSL Policy should be possible for Atlantis Server to be more secure

2.1.1

1 year ago

🚀 Enhancements

Allow configuring Shielded VM options @kpocius (#113)

Secure Boot (enabled in #93 -- my bad) causes issues when updating COS image, as noted by @dennislapchenko in #112. This is because it saves the known boot configuration and compares to it upon instance restart, but since we're swapping out the image, it fails.

One way around it is to run gcloud compute instances update <atlantis-vm-name> --shielded-learn-integrity-policy, but there's no way to handle it gracefully in terraform.

This PR introduces an option to turn off secure boot, but does not change the current default behavior as it would cause instances to be recreated.

However, long term it would probably make sense to have secure boot set to off by default for most but the most locked down deployments. Otherwise as it currently stands, the instance needs to be either manually removed or the command given above needs to be executed after each COS update.