From fa10617229a23122bf8b9103455793e0f16e8132 Mon Sep 17 00:00:00 2001 From: gruntwork-ci Date: Wed, 1 Apr 2026 08:31:00 +0000 Subject: [PATCH] Update Gruntwork releases as of 2026-03-31 --- docs/guides/stay-up-to-date/index.md | 4 +- .../stay-up-to-date/releases/2026-02/index.md | 59 +- .../stay-up-to-date/releases/2026-03/index.md | 507 ++++++++++++++++++ docs/guides/stay-up-to-date/releases/index.md | 5 +- 4 files changed, 570 insertions(+), 5 deletions(-) create mode 100644 docs/guides/stay-up-to-date/releases/2026-03/index.md diff --git a/docs/guides/stay-up-to-date/index.md b/docs/guides/stay-up-to-date/index.md index 886799638..d27471399 100644 --- a/docs/guides/stay-up-to-date/index.md +++ b/docs/guides/stay-up-to-date/index.md @@ -17,6 +17,7 @@ import CardGroup from "/src/components/CardGroup" + @@ -31,7 +32,6 @@ import CardGroup from "/src/components/CardGroup" - @@ -115,6 +115,6 @@ href="/guides/stay-up-to-date/cis/cis-1.5.0" diff --git a/docs/guides/stay-up-to-date/releases/2026-02/index.md b/docs/guides/stay-up-to-date/releases/2026-02/index.md index f7b28d79f..f9998399c 100644 --- a/docs/guides/stay-up-to-date/releases/2026-02/index.md +++ b/docs/guides/stay-up-to-date/releases/2026-02/index.md @@ -766,6 +766,63 @@ Each release will include detailed notes indicating whether changes are breaking ## terraform-aws-data-storage +### [v0.47.0](https://github.com/gruntwork-io/terraform-aws-data-storage/releases/tag/v0.47.0) + +

+ Published: 2/28/2026 | Modules affected: opensearch, - redshift, - aurora, - rds | Release notes +

+ +
+ + +- `opensearch` **(NEW)** +- `redshift` +- `aurora` +- `rds` +- `rds-proxy` +- `rds-replicas` +- `lambda-create-snapshot` **(DEPRECATED)** +- `lambda-share-snapshot` **(DEPRECATED)** +- `lambda-copy-shared-snapshot` **(DEPRECATED)** +- `lambda-cleanup-snapshots` **(DEPRECATED)** + + + +- **OpenSearch**: Added `opensearch` module supporting VPC/public endpoints, fine-grained access control, SAML/Cognito auth, auto-tune, GP3 storage, warm/cold storage tiers, multi-AZ standby, and off-peak maintenance windows (#570) + + +The following Lambda-based snapshot modules are now **deprecated** in favor of AWS Backup's native capabilities. Use [backup-plan](/modules/backup-plan) and [backup-vault](/modules/backup-vault) instead. See the [backup-rds-cross-account example](/examples/backup-rds-cross-account) for a full end-to-end replacement. + +- `lambda-create-snapshot` → Backup plan with cron schedule +- `lambda-share-snapshot` → `copy_action` in backup plan rule +- `lambda-copy-shared-snapshot` → `copy_action` with automatic KMS re-encryption +- `lambda-cleanup-snapshots` → `lifecycle { delete_after }` on source and destination + + +- **Redshift**: Add option to manage master password with AWS Secrets Manager (`manage_master_password`), fix snapshot schedule variable, mark `master_password` as sensitive, fix `apply_immediately` type (#565) +- **RDS**: Add `dedicated_log_volume`, `engine_lifecycle_support` for Extended Support control, update storage/instance type guidance (gp3, Graviton4) (#571) +- **Aurora**: Add `engine_lifecycle_support`, `network_type` (dual-stack IPv4/IPv6), `enable_global_write_forwarding`, `enable_local_write_forwarding`, update Serverless v2 scaling limits (min 0 / max 256 ACUs) (#571) +- **RDS Proxy**: Add `debug_logging`, `custom_tags`, `allow_connections_from_security_groups`, add SQLSERVER to `engine_family` (#571) +- **RDS Replicas**: Update storage type and Performance Insights deprecation guidance (#571) +- Add cross-account RDS backup example with end-to-end test (#569) + + +- Update deprecated `dms.t2.micro` to `dms.t3.micro` in DMS examples (#568) +- Fix CI: use `gh api` instead of `gh release list` for fetching latest tag (#572) +- Expand upgrade test coverage to all modules (#564) + + +- https://github.com/gruntwork-io/terraform-aws-data-storage/pull/571 +- https://github.com/gruntwork-io/terraform-aws-data-storage/pull/570 +- https://github.com/gruntwork-io/terraform-aws-data-storage/pull/569 +- https://github.com/gruntwork-io/terraform-aws-data-storage/pull/568 +- https://github.com/gruntwork-io/terraform-aws-data-storage/pull/565 +- https://github.com/gruntwork-io/terraform-aws-data-storage/pull/564 +- https://github.com/gruntwork-io/terraform-aws-data-storage/pull/572 + +
+ + ### [v0.46.1](https://github.com/gruntwork-io/terraform-aws-data-storage/releases/tag/v0.46.1)

@@ -1110,6 +1167,6 @@ Each release will include detailed notes indicating whether changes are breaking diff --git a/docs/guides/stay-up-to-date/releases/2026-03/index.md b/docs/guides/stay-up-to-date/releases/2026-03/index.md new file mode 100644 index 000000000..7e5f382eb --- /dev/null +++ b/docs/guides/stay-up-to-date/releases/2026-03/index.md @@ -0,0 +1,507 @@ + +# Gruntwork release 2026-03 + +

Guides / Update Guides / Releases / 2026-03

+ +This page is lists all the updates to the [Gruntwork Infrastructure as Code +Library](https://gruntwork.io/infrastructure-as-code-library/) that were released in 2026-03. For instructions +on how to use these updates in your code, check out the [updating +documentation](/library/stay-up-to-date/updating). + +Here are the repos that were updated: + +- [boilerplate](#boilerplate) +- [pipelines-cli](#pipelines-cli) +- [pipelines-credentials](#pipelines-credentials) +- [pipelines-workflows](#pipelines-workflows) +- [terraform-aws-cache](#terraform-aws-cache) +- [terraform-aws-eks](#terraform-aws-eks) +- [terraform-aws-load-balancer](#terraform-aws-load-balancer) +- [terraform-aws-security](#terraform-aws-security) +- [terraform-aws-service-catalog](#terraform-aws-service-catalog) + + +## boilerplate + + +### [v0.15.0](https://github.com/gruntwork-io/boilerplate/releases/tag/v0.15.0) + +

+ Published: 3/23/2026 | Release notes +

+ +
+ + + +Added support for recursive dependencies to the manifest to ensure that nested and ancestor dependencies are properly processed and resolved. Additional testing has also been included to verify this behavior. + +Note that although this isn't a breaking change, this does require an update to the [manifest](https://boilerplate.gruntwork.io/advanced/manifest/) schema, and as such you'll want to ensure that your manifest parsing isn't impacted. Due to the fact that a field has only been added, this risk is minimal if you use a modern YAML/JSON parser. + +* fix: Handling ancestor dependencies by @yhakbar in https://github.com/gruntwork-io/boilerplate/pull/294 + + +**Full Changelog**: https://github.com/gruntwork-io/boilerplate/compare/v0.14.0...v0.15.0 + +
+ + +### [v0.14.0](https://github.com/gruntwork-io/boilerplate/releases/tag/v0.14.0) + +

+ Published: 3/20/2026 | Release notes +

+ +
+ + + +Dependencies in templates now generate concurrently by default, with the option to run sequentially or with different concurrency limits using the `--parallelism` flag. + +This will be a breaking change for any templates that relied on dependencies generating in the exact order in which they are defined in templates (e.g. if multiple dependencies generate the same file, expecting later dependencies to overwrite earlier ones). + +For more information read the [`for_each` documentation](https://boilerplate.gruntwork.io/configuration/dependencies/#for_each). + + +* feat: Generate dependencies concurrently by @yhakbar in https://github.com/gruntwork-io/boilerplate/pull/283 +* chore: Bump peter-evans/create-pull-request from 7 to 8 by @dependabot[bot] in https://github.com/gruntwork-io/boilerplate/pull/266 +* chore: Bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in https://github.com/gruntwork-io/boilerplate/pull/259 +* chore: Bump actions/cache from 4 to 5 by @dependabot[bot] in https://github.com/gruntwork-io/boilerplate/pull/258 +* chore: Bump actions/checkout from 5 to 6 by @dependabot[bot] in https://github.com/gruntwork-io/boilerplate/pull/254 + + +**Full Changelog**: https://github.com/gruntwork-io/boilerplate/compare/v0.13.0...v0.14.0 + +
+ + +### [v0.13.0](https://github.com/gruntwork-io/boilerplate/releases/tag/v0.13.0) + +

+ Published: 3/20/2026 | Release notes +

+ +
+ + + +Boilerplate can now produce a manifest file that records every file generated during a run, along with SHA256 checksums. Enable it with the new --manifest flag: + +```bash +boilerplate \ + --template-url ./templates/service \ + --output-folder ./output \ + --non-interactive \ + --manifest +``` + +This creates a boilerplate-manifest.yaml in the output directory containing: + +- File inventory — every generated file with its relative path and sha256: checksum +- Source checksum — a checksum of the template source (git commit SHA or directory hash) +- Variables & dependencies — the resolved variable values and dependency tree used during the run +- Schema version — a URL pointing to a published https://boilerplate.gruntwork.io/schemas/manifest/v1/schema.json for easy validation + +The manifest format is auto-detected from the file extension: `.json` produces JSON, everything else produces YAML. To write to a custom path, use `--manifest-file`: + +```bash +boilerplate \ + --template-url ./templates/service \ + --output-folder ./output \ + --non-interactive \ + --manifest-file ./reports/manifest.json +``` + +This is useful for auditing which files came from a template, drift detection by comparing checksums after the fact, and CI/CD pipelines that need to programmatically consume the list of generated files in downstream steps. + +See https://boilerplate.gruntwork.io/advanced/manifest/ for details. + + +The validation package is now exported directly, so consumers of Boilerplate as a library can import validation instead of relying on the re-export through the variables package. + + +- Added a docs homepage, Windows support page, and terminology page +- Fixed miscellaneous docs bugs + + +- Removed CircleCI configuration +- Fixed tests to avoid relying on the current branch existing in the remote + +* feat: Adding manifest by @yhakbar in https://github.com/gruntwork-io/boilerplate/pull/285 +* docs: Docs homepage, add Windows support and terminology pages by @josh-padnick in https://github.com/gruntwork-io/boilerplate/pull/278 +* docs: Fixing docs bugs by @yhakbar in https://github.com/gruntwork-io/boilerplate/pull/286 +* chore: Remove CircleCI by @josh-padnick in https://github.com/gruntwork-io/boilerplate/pull/279 +* chore: Exporting `validation` by @yhakbar in https://github.com/gruntwork-io/boilerplate/pull/287 +* chore: Avoid relying on the current branch existing in remote for tests by @yhakbar in https://github.com/gruntwork-io/boilerplate/pull/288 + + +**Full Changelog**: https://github.com/gruntwork-io/boilerplate/compare/v0.12.1...v0.13.0 + +
+ + + +## pipelines-cli + + +### [v0.48.1](https://github.com/gruntwork-io/pipelines-cli/releases/tag/v0.48.1) + +

+ Published: 3/25/2026 | Release notes +

+ +
+ + * DEV-1406 Add TG stack directories to excludes by @Resonance1584 in https://github.com/gruntwork-io/pipelines/pull/540 +* DEV-1385 Fix comment CTA should use per platform terminology by @Resonance1584 in https://github.com/gruntwork-io/pipelines/pull/539 + + +**Full Changelog**: https://github.com/gruntwork-io/pipelines/compare/v0.48.0...v0.48.1 + + +
+ + +### [v0.48.0](https://github.com/gruntwork-io/pipelines-cli/releases/tag/v0.48.0) + +

+ Published: 3/4/2026 | Release notes +

+ +
+ + * Add table-name arg to unlock all by @Resonance1584 in https://github.com/gruntwork-io/pipelines/pull/535 +* Add stack blocks to inventory scan by @Resonance1584 in https://github.com/gruntwork-io/pipelines/pull/533 +* chore: Bumping Terragrunt to RC3 by @yhakbar in https://github.com/gruntwork-io/pipelines/pull/536 +* Fix panic by @Resonance1584 in https://github.com/gruntwork-io/pipelines/pull/537 +* Increase build timeout by @Resonance1584 in https://github.com/gruntwork-io/pipelines/pull/538 + + +**Full Changelog**: https://github.com/gruntwork-io/pipelines/compare/v0.47.0...v0.48.0 + + +
+ + + +## pipelines-credentials + + +### [v1.3.0](https://github.com/gruntwork-io/pipelines-credentials/releases/tag/v1.3.0) + +

+ Published: 3/6/2026 | Release notes +

+ +
+ + * Fix retry bug. Add test suite by @Resonance1584 in https://github.com/gruntwork-io/pipelines-credentials/pull/19 +* Handle free tier limits by @Resonance1584 in https://github.com/gruntwork-io/pipelines-credentials/pull/21 + + +**Full Changelog**: https://github.com/gruntwork-io/pipelines-credentials/compare/v1.2.1...v1.3.0 + +
+ + +### [v1.2.1](https://github.com/gruntwork-io/pipelines-credentials/releases/tag/v1.2.1) + +

+ Published: 3/3/2026 | Release notes +

+ +
+ + * Add more retry conditions by @Resonance1584 in https://github.com/gruntwork-io/pipelines-credentials/pull/18 + + +**Full Changelog**: https://github.com/gruntwork-io/pipelines-credentials/compare/v1.2.0...v1.2.1 + +
+ + + +## pipelines-workflows + + +### [v4.10.1](https://github.com/gruntwork-io/pipelines-workflows/releases/tag/v4.10.1) + +

+ Published: 3/25/2026 | Release notes +

+ +
+ + +:bug: Terragrunt stack directories are now excluded from Terragrunt discovery if they are ignored by the Pipelines ignore list or `PIPELINES_FEATURE_EXPERIMENT_IGNORE_UNITS_WITHOUT_ENVIRONMENT`. This affects the startup of Terragrunt during the Plan/Apply, but does not affect stack generation. + +:bug: Fixed the text at the bottom of Plan comments to correctly say pull request instead of merge request. + +* Pipelines CLI v0.48.1 by @Resonance1584 in https://github.com/gruntwork-io/pipelines-workflows/pull/197 + + +**Full Changelog**: https://github.com/gruntwork-io/pipelines-workflows/compare/v4...v4.10.1 + +
+ + +### [v4.10.0](https://github.com/gruntwork-io/pipelines-workflows/releases/tag/v4.10.0) + +

+ Published: 3/11/2026 | Release notes +

+ +
+ + +:bug: Fixed a panic in Account Factory when account creation fails +:bug: Fixed some retry cases in pipelines-credentials not retrying +:nut_and_bolt: Added graceful handling of free tier limits +:nut_and_bolt: Internal telemetry updates + +* pipelines-credentials v1.2.1 by @Resonance1584 in https://github.com/gruntwork-io/pipelines-workflows/pull/194 +* Handle free tier limits by @Resonance1584 in https://github.com/gruntwork-io/pipelines-workflows/pull/196 + + +**Full Changelog**: https://github.com/gruntwork-io/pipelines-workflows/compare/v4.9.0...v4.10.0 + +
+ + + +## terraform-aws-cache + + +### [v1.0.5](https://github.com/gruntwork-io/terraform-aws-cache/releases/tag/v1.0.5) + +

+ Published: 3/30/2026 | Release notes +

+ +
+ + * fix(ci): disable mise legacy version file parsing by @james00012 in https://github.com/gruntwork-io/terraform-aws-cache/pull/174 +* Fix elasticache_user_group engine case deprecation warning by @james00012 in https://github.com/gruntwork-io/terraform-aws-cache/pull/176 +* feat: add gw: namespaced tagging and scheduled cloud-nuke cleanup by @james00012 in https://github.com/gruntwork-io/terraform-aws-cache/pull/177 + + +**Full Changelog**: https://github.com/gruntwork-io/terraform-aws-cache/compare/v1.0.4...v1.0.5 + +
+ + + +## terraform-aws-eks + + +### [v4.3.0](https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v4.3.0) + +

+ Published: 3/26/2026 | Modules affected: eks-alb-ingress-controller | Release notes +

+ +
+ + + +- Add `extra_args` support to `eks-alb-ingress-controller` for feature gates. + + + +
+ + +### [v4.2.0](https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v4.2.0) + +

+ Published: 3/17/2026 | Modules affected: eks-alb-ingress-controller-iam-policy | Release notes +

+ +
+ + + +- Update ALB (LB) Ingress Controller IAM Policy to support `v2.11.0` and `v2.13.0`. + + + +
+ + + +## terraform-aws-load-balancer + + +### [v1.2.1](https://github.com/gruntwork-io/terraform-aws-load-balancer/releases/tag/v1.2.1) + +

+ Published: 3/10/2026 | Modules affected: acm-tls-certificate | Release notes +

+ +
+ + + +- Added export attribute support to the options block in the acm-tls-certificate module, enabling users to create exportable ACM certificates + + + + +
+ + +### [v1.2.0](https://github.com/gruntwork-io/terraform-aws-load-balancer/releases/tag/v1.2.0) + +

+ Published: 3/10/2026 | Modules affected: acm-tls-certificate | Release notes +

+ +
+ + +- Added `certificate_transparency_logging_preference` (as part of var.acm_tls_certificates) to `modules/acm-tls-certificate` + + + + + +
+ + + +## terraform-aws-security + + +### [v1.4.0](https://github.com/gruntwork-io/terraform-aws-security/releases/tag/v1.4.0) + +

+ Published: 3/12/2026 | Modules affected: account-alternate-contact, s3-account-public-access-block, s3-tls-enforcement-scp | Release notes +

+ +
+ + + +- New modules to support CIS AWS Foundations Benchmark v3.0.0 + + + + +
+ + + +## terraform-aws-service-catalog + + +### [v2.2.0](https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v2.2.0) + +

+ Published: 3/30/2026 | Modules affected: networking/vpc, services/eks-argocd, services/eks-cluster, services/eks-core-services | Release notes +

+ +
+ + + +- Expose `exclude_ports_from_inbound_all` in VPC module +- Add `gw:` namespaced tagging and scheduled cloud-nuke cleanup +- Bump `terraform-aws-eks` to `v4.3.0` (from `v4.0.0`), pulling in changes from `v4.1.0`, `v4.2.0`, and `v4.3.0`: + - **v4.1.0**: Add `attach_default_iam_policies` toggle to `eks-cluster-managed-workers` to optionally skip attaching default IAM policies to the Managed Node Group IAM role + - **v4.2.0**: Update ALB Ingress Controller IAM policy to support AWS Load Balancer Controller `v2.11.0` and `v2.13.0` + - **v4.3.0**: Add `extra_args` support to `eks-alb-ingress-controller` for passing feature gates and other controller flags +- Add `managed_node_group_attach_default_iam_policies` variable to `eks-workers` — set to `false` when using an existing IAM role that already has the required policies (`AmazonEKSWorkerNodePolicy`, `AmazonEKS_CNI_Policy`, `AmazonEC2ContainerRegistryReadOnly`) attached +- Add `alb_ingress_controller_extra_args` variable to `eks-core-services` — pass additional arguments to the AWS Load Balancer Controller, e.g. feature gates like `--feature-gates=NLBGatewayAPI=true,ALBGatewayAPI=true` +- Add `extra_args` passthrough for ALB ingress controller + + + +
+ + +### [v2.1.0](https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v2.1.0) + +

+ Published: 3/11/2026 | Modules affected: networking, services | Release notes +

+ +
+ + + +- Updated terraform-aws-load-balancer to v1.2.1 across all module references +- networking/route53: + - Add support for the ACM certificate export option, allowing users to create exportable certificates by setting export = "ENABLED" on their public zones or service discovery namespaces + - Bump the AWS provider minimum version to >= 6.4.0 as required by the export option +- Test CI updates + + + + + + +
+ + +### [v2.0.0](https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v2.0.0) + +

+ Published: 3/4/2026 | Modules affected: networking/vpc, services/eks-argocd, services/eks-cluster, services/eks-core-services | Release notes +

+ +
+ + +- `networking/vpc` +- `services/eks-argocd` +- `services/eks-cluster` +- `services/eks-core-services` +- `services/eks-karpenter` +- `services/eks-workers` +- `services/helm-service` +- `services/k8s-service` + + +- Bump `terraform-aws-eks` to `v4.0.0` +- Remove the `kubergrunt` dependency completely from the service catalog, as it has been removed from `terraform-aws-eks` in `v4.0.0` +- Replace all `kubergrunt` EKS token fetching with `aws eks get-token` CLI +- Remove all kubergrunt-related variables from modules and examples +- Remove kubergrunt installation from CI, Jenkins AMI builds, and test helpers +- Update documentation to remove kubergrunt references + +> [!WARNING] +> #### Breaking Changes +> - All `kubergrunt`-related variables have been removed. If you are currently passing any of the removed variables listed below, you must remove them from your Terraform configurations. +> - EKS token fetching now always uses `aws eks get-token`. Ensure the AWS CLI is available in your environment. +> - VPC CNI customization via `kubergrunt` is no longer supported. Use [EKS managed add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) with the `enable_eks_addons` variable instead. +> - Core component syncing via `kubergrunt` upgrade scripts is no longer supported. Use EKS managed add-ons instead. +> +> **Removed variables from `eks-cluster` module:** +> - `use_kubergrunt_verification` +> - `kubergrunt_download_url` +> - `use_kubergrunt_sync_components` (previously `use_upgrade_cluster_script`) +> - `upgrade_cluster_script_wait_for_rollout` +> - `upgrade_cluster_script_skip_coredns` +> - `upgrade_cluster_script_skip_kube_proxy` +> - `upgrade_cluster_script_skip_vpc_cni` +> - `use_vpc_cni_customize_script` +> - `vpc_cni_enable_prefix_delegation` +> - `vpc_cni_warm_ip_target` +> - `vpc_cni_minimum_ip_target` +> +> **Removed variables from `eks-cluster`, `eks-core-services`, `eks-workers`, and example modules:** +> - `use_kubergrunt_to_fetch_token` + + +- https://github.com/gruntwork-io/terraform-aws-service-catalog/pull/2353 +- https://github.com/gruntwork-io/terraform-aws-eks/releases/tag/v4.0.0 + + +
+ + diff --git a/docs/guides/stay-up-to-date/releases/index.md b/docs/guides/stay-up-to-date/releases/index.md index 6b09b2e28..8ab53695a 100644 --- a/docs/guides/stay-up-to-date/releases/index.md +++ b/docs/guides/stay-up-to-date/releases/index.md @@ -11,7 +11,8 @@ Library](https://gruntwork.io/infrastructure-as-code-library/), grouped by month updates in your code, check out the [updating documentation](/library/stay-up-to-date/updating). - + + @@ -133,6 +134,6 @@ updates in your code, check out the [updating documentation](/library/stay-up-to