Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI)
APACHE-2.0 License
Bot releases are visible (Hide)
Rebuild github dir from the template
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | minor |
0.10.0 -> 0.13.0
|
v0.13.0
overwrite
argument back due to the confusion of its deprecation:Lastly, and unfortunately, configurations expecting the standard update flow will need to keep overwrite = true set until this becomes the default behavior in v6.0.0. Removing it in v5.X will result in the default value of false, preventing the parameter value from being updated, causing persistent differences.
v0.12.0
fixes #​51
Rebuild github dir from the template
v0.11.0
Published by cloudpossebot over 1 year ago
Published by cloudpossebot almost 2 years ago
│ Error: Invalid function argument
│
│ on .terraform/modules/service_codefresh_serverless/outputs.tf line 41, in output "ses_smtp_password_v4":
│ 41: value = local.ssm_enabled ? null : join("", aws_iam_access_key.default.*.ses_smtp_password_v4)
│ ├────────────────
│ │ while calling join(separator, lists...)
│ │ aws_iam_access_key.default is tuple with 1 element
│
│ Invalid value for "lists" parameter: element 0 is null; cannot concatenate null values.
Published by cloudpossebot about 2 years ago
awsutils
provider, fix bugs @Nuru (#70)
Starting with version 0.23.0 of this module, AWS Access Keys created by this module expired in 30 days by default. This release removes the ability to create expiring keys, and non-expiring keys are created by default. This release also defaults to storing the keys in AWS SSM Parameter store and not passing them as outputs, because the outputs are stored unencrypted in the Terraform state file.
We recommend authenticating via an OIDC provider rather than using AWS Access Keys.
iam_access_key_max_age
and the ability to create AWS Access Keys of predefined lifetimecloudposse/awsutils
Terraform provider to provide the feature. The error messages stemming from the missing provider block configuration are causing more of a support headache than it is worth. Since we implemented this feature, most CI/CD providers have implemented a better way to obtain short-lived CI/CD credentials (e.g. GitHub Actions and CircleCI both support OIDC with AWS, GCP, Azure, etc)ssm_base_path
parameter we can have a better SSM hierarchy. Example: /dev/system_user/tc-dev-s3
and /staging/system_user/tc-staging-ses
ses_smtp_password_v4
stored in SSM will allow better integration with CI systems when deploying applications (rather than having a script to generate the password or read the terraform state)Change all references to git.io/build-harness
into cloudposse.tools/build-harness
, since git.io
redirects will stop working on April 29th, 2022.
Published by cloudpossebot over 2 years ago
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | minor |
0.8.4 -> 0.9.1
|
v0.9.1
v0.9.0
v0.8.5
Change default parameter type from SecretString to SecureString.
SecretString is a term from AWS Secrets Manager, and is not valid with SSM Parameter Store. The corresponding type is "SecureString".
Published by cloudpossebot almost 3 years ago
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | patch |
0.8.3 -> 0.8.4
|
v0.8.4
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
Published by cloudpossebot almost 3 years ago
This release introduces a minor breaking change. It now requires the cloudposse/awsutils
provider, which in turn requires a region
argument to set the AWS region to work in, just like the Hashicorp AWS provider does. So, if you currently have this:
provider "aws" {
region = var.region
}
you should update it to this:
provider "aws" {
region = var.region
}
provider "awsutils" {
region = var.region
}
and you should also update terraform.required_providers
to include
awsutils = {
source = "cloudposse/awsutils"
version = ">= 0.11.0"
}
create_iam_access_key
variable is true
, create an IAM Access Key that will expire after 30 days.iam_access_key_max_age
have elapsed, running terraform plan
and terraform apply
again will produce a new secret access key.Published by cloudpossebot almost 3 years ago
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | patch |
0.8.2 -> 0.8.3
|
v0.8.3
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
Published by cloudpossebot almost 3 years ago
Setting the create_iam_access_key parameter to false
throws an error when running terraform plan
.
Published by cloudpossebot almost 3 years ago
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/ssm-parameter-store/aws (source) | module | patch |
0.8.1 -> 0.8.2
|
v0.8.2
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
Published by cloudpossebot about 3 years ago
make github/init
.context.tf
, meaning some features such as the tenant
label are not present.Published by cloudpossebot about 3 years ago
This is an auto-generated PR that updates the context.tf
file to the latest version from cloudposse/terraform-null-label
To support all the features of the context
interface.
Published by cloudpossebot about 3 years ago
Published by cloudpossebot about 3 years ago
output
block in the root module. This is inconvenient and I believe it's preferable to lookup these values from parameter store instead of writing them to output
(even as sensitive) all the time.Published by cloudpossebot over 3 years ago
ses_smtp_password_v4
attribute is missingPublished by cloudpossebot over 3 years ago
Published by cloudpossebot over 3 years ago
create_iam_access_key
boolean variable to conditionally create aws_iam_access_key
.true
which aligns with current expected behaviorYou guys and your modules rock!
Published by cloudpossebot over 3 years ago
This is an auto-generated PR that updates the context.tf
file to the latest version from cloudposse/terraform-null-label
To support all the features of the context
interface.
Published by cloudpossebot over 3 years ago
Published by cloudpossebot almost 4 years ago