v2.3.0

misc: Allow setting init_containers with null condition @adamantike (#289)

## what

This change allows configuring init_containers that are not added to the depends_on list for the main container, by setting null as the container condition.

why

This is useful for containers that actually depend on the main container, and not the other way around. For example, a nginx sidecar that needs to wait for the main container to be healthy before starting.

By allowing null as the container condition, this is a non-breaking change.

v2.2.0

fix: Regression for NLB container name @adamantike (#291)

## what

A regression was introduced in a previous commit, where the NLB container name is being set to the value of the alb_container_name variable, instead of using nlb_container_name.

v2.1.5

fix: Existing linting issues @adamantike (#290)

## what

• lookup call with two arguments is deprecated since Terraform v0.7 [1].
• Full splat operator is available since Terraform v0.12 [2].

[1] https://developer.hashicorp.com/terraform/language/functions/lookup
[2] https://www.hashicorp.com/blog/terraform-0-12-generalized-splat-operator

🤖 Automatic Updates

Migrate new test account @osterman (#288)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#287)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#286)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v2.1.4

🐛 Bug Fixes

Fix EFS volume configuration getting discarded @kim0 (#284)

This is a copy of #235 as I would like to get it merged and it needed rebasing

v2.1.3

linux parameters add @mihaiplesa (#285)

Re-do of https://github.com//pull/189

what

• set initProcessEnabled = true in container definition if user has opted to enable ecs_exec (it is optional, but recommended by AWS)

why

• it will remove zombie processes in containers after exec is run
• because AWS recommended it

🤖 Automatic Updates

Update .github/settings.yml @osterman (#281)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v2.1.2

🚀 Enhancements

fix: added target type input property for alb ingress module @vsamofal (#275)

what

added configuration for target type, to support instance type for EC2

why

Seems like awsvpc network doesn't work properly with ec2 (at least I didn't manage to get it work for few hours)

v2.1.1

🚀 Enhancements

chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4 in /test/src @dependabot (#269)

Bumps github.com/hashicorp/go-getter from 1.7.1 to 1.7.4.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​jbardin in hashicorp/go-getter#459

New Contributors

• @​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: hashicorp/go-getter@v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​nl-brett-stime hashicorp/go-getter#300

Full Changelog: hashicorp/go-getter@v1.7.1...v1.7.2

Commits

• 268c11c escape user provide string to git (#483)
• 975961f Merge pull request #433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• e80b3dc Result of tsccr-helper -log-level=info -pin-all-workflows .
• 2d49e24 Merge pull request #432 from hashicorp/tsccr-auto-pinning/trusted/2023-04-21
• 5ccb39a Make addAuthFromNetrc ignore ENOTDIR errors
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

🤖 Automatic Updates

chore(deps): update terraform aws to v5 (main) @renovate (#258)

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	major	>= 3.34, < 5.0 -> < 5.44

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.43.0

Compare Source

FEATURES:

• New Data Source: aws_resourceexplorer2_search (#​36560)
• New Data Source: aws_servicecatalogappregistry_application (#​36596)
• New Resource: aws_cloudfrontkeyvaluestore_key (#​36534)
• New Resource: aws_devopsguru_notification_channel (#​36557)
• New Resource: aws_ec2_instance_metadata_defaults (#​36589)
• New Resource: aws_lakeformation_resource_lf_tag (#​36537)
• New Resource: aws_m2_application (#​35399)
• New Resource: aws_m2_deployment (#​35408)
• New Resource: aws_m2_environment (#​35311)
• New Resource: aws_redshiftserverless_custom_domain_association (#​35865)
• New Resource: aws_servicecatalogappregistry_application (#​36277)

ENHANCEMENTS:

• data-source/aws_cloudfront_functi...

v2.1.0

🚀 Enhancements

fix: updated alb ingress module to the latest version @vsamofal (#274)

what

Just update alb version module, I need it mostly because this target group name limit is killing

why

Sounds like a good idea to keep it up to date as well

references

No issue for this, it super simple update, I tested it on my setup so it should be fine, but will see when all tests passes

🤖 Automatic Updates

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#273)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#270)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

v2.0.2

chore: add load_balancing_algorithm_type variable @dmitrijn (#236)

what

• add load_balancing_algorithm_type variable for alb-ingress module

why

• allow to switch between round_robin and least_outstanding_requests for alb target groups

🤖 Automatic Updates

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#265)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

v2.0.1

🤖 Automatic Updates

chore(deps): update terraform cloudposse/ecr/aws to v0.41.0 (main) @renovate (#257)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/ecr/aws (source)	module	minor	0.34.0 -> 0.41.0

---

Release Notes

cloudposse/terraform-aws-ecr (cloudposse/ecr/aws)

v0.41.0

Compare Source

Allow to use ECR replication @​dmitrijn (#​103)

• Allow to use ECR replication
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_replication_configuration

Closes https://github.com/cloudposse/terraform-aws-ecr/issues/99

v0.40.1

Compare Source

Allow cache though enabled repositories to fetch image from upstream @​mfuhrmeisterDM (#​117)

what

Add a principal list (principals_pull_though_access) which are allowed to use specific repositories as pull through cache (import images from upstream). This holds for repositories where one of the strings in prefixes_pull_through_repositories is a prefix of the repository name.

why

We are using ecr-public pull through cache and we want also new images to be downloaded automatically to the cache. Allowed principals for respective repos can use it with the newly introduced variables.

🤖 Automatic Updates

Update README.md and docs @​cloudpossebot (#​116)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @​cloudpossebot (#​115)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @​cloudpossebot (#​114)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.40.0

Compare Source

feat: support scan_type @​dudymas (#​113)

what

• add scanning_configuration as child module

why

• support scan_type settings
• should be deployed as a per-account global, rather than per-ecr-repo

Notes

• fixes #​90

v0.39.0

Compare Source

feat: add organizations as readonly access @​dragosmc (#​106)

what

• Add the ability to have organizations as trustees (read-only) for the ECR repository

why

• As described in #​82 , it's sometimes useful to allow an entire organization to consume images from a centralized repository

references

• closes #​82

v0.38.0

Compare Source

fix: cleans up principals lambda logic to separate policy doc @​Gowiem (#​105)

what

• Clean up of the logic surrounding the var.principals_lambda policies

why

• When this was originally implemented it was copy / pastad across multiple policy docs, which isn't necessary and creates a bunch of bloat.

references

• Discovered in #​98
• Originally introduced in #​88

v0.37.0

Compare Source

add optional policy allowing push access @​kpankonen (#​98)

what

• adds the ability to give push-only access to the repository

why

• full access was more than we wanted in our situation (CI pushing images to the repo) so we added a principals_push_access to give push-only access.

references

• policy is based on this AWS doc

Sync github @​max-lobur (#​104)

Sync github from the template

v0.36.0

Compare Source

• No changes

v0.35.0

Compare Source

adding force_delete @​pcartas (#​101)

Hi! im adding "force_delete" parameter, is implemented in aws 4.22.0 for an easier delete of the ecr

references

https://registry.terraform.io/providers/hashicorp/aws/4.22.0/docs/resources/ecr_repository

git.io->cloudposse.tools update @​dylanbannon (#​95)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

---