v0.26.2

feat: added output cluster_members for resource aws_docdb_cluster @Faris96Hub (#107)

## what Added the Output "cluster_members" for the resource "aws_docdb_cluster".

why

Needed for monitoring reasons of the DocumentDB Cluster on a Node-level. Needed when creating a CloudWatch alarm on Node-level because the Dimesion of the alarm needs the cluster memebers.

references

https://docs.aws.amazon.com/documentdb/latest/developerguide/cloud_watch.html#:~:text=and%20ReadIOPS.-,Amazon%20DocumentDB%20dimensions,-The%20metrics%20for

🤖 Automatic Updates

Update .github/settings.yml @osterman (#109)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#108)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v0.26.1

fix: upgrade aws provider to 5.29.0 to support storage_type @gmeligio (#103)

## what

• Upgrade terraform-aws-provider to 5.29.0
• Add variable for storage_type in the test.

why

• storage_type was released in 5.29.0 but the current minimum version is 5.21.0. This change corrects the minimum required version to 5.29.0

references

closes #86

• https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.29.0

🚀 Enhancements

chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in /test/src @dependabot (#102)

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.4 to 1.7.5.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: hashicorp/go-getter@v1.7.4...v1.7.5

Commits

• 5a63fd9 Merge pull request #497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

🤖 Automatic Updates

chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in /test/src @dependabot (#102)

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.4 to 1.7.5.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: hashicorp/go-getter@v1.7.4...v1.7.5

Commits

• 5a63fd9 Merge pull request #497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Update .github/settings.yml @osterman (#101)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v0.26.0

test: update test framework to use latest best practices and reduce boilerplate @gmeligio (#100)

what

Update this module's test framework. Reduce boilerplate and make reusable functions.

Changelog:

1. Upgrade go to 1.21.
2. Update test/Makefile and test/src/Makefile from https://github.com/cloudposse/terraform-aws-eks-node-group/tree/e9f908c026d8ca5dc30190a050de68a510ff3983/test
3. Create framework_test.go and default_test.go, following how it's done in https://github.com/cloudposse/terraform-aws-eks-node-group/blob/e9f908c026d8ca5dc30190a050de68a510ff3983/test/src/framework_test.go
4. Remove enabled=true from fixtures and add new test TestExamplesCompleteDisabled for when enabled=false
5. Add Test_ExistingDeployment for faster test cycle, and modify Makefile accordingly
6. Update dependencies
7. Migrate test DB Engine from 3.6.0 to 5.0.0

why

• Enable testing with OpenTofu
• Support automated maintenance

references

• Closes #88
• Closes #98
• #94
• https://github.com/cloudposse/terraform-aws-eks-node-group/tree/e9f908c026d8ca5dc30190a050de68a510ff3983/test/src
• https://github.com/cloudposse/terraform-aws-dynamic-subnets/tree/8528dadc5cbdcf657faa1d917c9f069c254f41a3/test/src

[CHORE] Update variable description @RuiSMagalhaes (#99)

what

• Updates enabled_cloudwatch_logs_exports variable description
• Updates examples
• Updates README.md and docs/terraform.md

why

• Ir order to have the right list of logs available in the variable description

references

• closes #36

🚀 Enhancements

feat(aws_docdb_cluster): add allow_major_version_upgrade argument @gmeligio (#94)

what

This PR adds the argument allow_major_version_upgrade that was released in https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.21.0

It includes with the changes in the test framework from #100 .

why

When upgrading the engine_version to a new major version, allow_major_version_upgrade needs to be enabled for AWS to apply the upgrade.

references

• https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.21.0
• https://awscli.amazonaws.com/v2/documentation/api/latest/reference/docdb/modify-db-cluster.html
• https://docs.aws.amazon.com/documentdb/latest/developerguide/docdb-mvu.html

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#97)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#96)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#93)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#92)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#91)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#90)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#87)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

Update README.md and docs @cloudpossebot (#83)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.25.0

feat: add storage_type parameter @adubeniuk (#79)

what

Amazon has announced IO-optimized storage type for DocumentDB. Support for it has been added since HashiCorp AWS provider version 5.29.0

why

Keep standard as default but also add ability to create IO-optimized DocumentDB clusters.

references

https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-documentdb-i-o-optimized/
https://registry.terraform.io/providers/hashicorp/aws/5.29.0/docs/resources/docdb_cluster#storage_type

feat: allow to attach external SG to the documentDB @rasta-rocket (#69)

what

Hey folks 👋

First of all thanks for the work 💪

Here the goal is to allow the user of the module to attach security groups which are managed outside of the module

why

This is pretty useful, when you have some design where security groups are centrally managed and so outside of the scope of the module

references

Note: If you have any questions don't hesitate to ping me 😉

Cheers ☀️

v0.24.0

feat(aws-docdb-cluster): enable the ssm parameter store to record the… @haidargit (#77)

what

In this PR, we can use the Cloud Posse ssm parameter store module to store the documentdb master_password information.

why

The objective behind this PR is to ensure the secure distribution of the docdb cluster's master password within the AWS infrastructure. We can centrally manage and protect sensitive information, increasing operational efficiency.

references

No issue relates to the current improvement.

I have run these required commands.
make init
make readme

Kindly review this PR for documentdb module improvements. Thank you, Cloud Posse Team!

v0.23.0

add variable certificate change @rabihaggle (#72)

what

We need to have the possibility to select the certificate we need to use, or directly the default amazon one.

why

Because https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

references

Please read the link -> https://docs.aws.amazon.com/es_es/documentdb/latest/developerguide/ca_cert_rotation.html

v0.22.0

Fix: Don't create random_password resource if not enabled. @petur (#44)

what

• Reverse the sense of the enabled variable when deciding the count for the random_password resource.

why

• The sense of the variable was backwards - setting enabled to false meant that the count was always set to 1. A minimal configuration to reproduce this is:

module "disabled_docdb" {
  source = "../../work/terraform-aws-documentdb-cluster"
  enabled = false
  vpc_id = ""
  subnet_ids = []
}

v0.21.0

adding a feature to customize the egress rule @haidargit (#54)

what

• Added 4 new variables egress_source_port, egress_dest_port, egress_protocol, and allowed_egress_cidr_blocks for the "aws_security_group_rule" "egress" resource.
• By default, the egress rule 0.0.0.0/0 will be created. If user is expected to restrict outbound traffic, they can specify the required values.

why

• We propose this PR because there are scenarios where users may want to restrict outbound traffic from their DocDB instances.
• if the DocDB cluster is only used internally and do not need to communicate with wide systems or network, users may want to customize the egress rule for 0.0.0.0/0. By providing the option to customize the egress rule, we are giving users a control over their security posture (compliance). For example, our docdb may only connected with internal applications inside the aws eks cluster, or users may integrate their cloud resources with a third party, such as Prisma Cloud or maybe use tfsec as their security scanner, which prompts users to kindly avoid 0.0.0.0/0 for security best practices.

references

• This PR will help to cover the minimum egress exposure of the security group, including: #34

Thank you

v0.20.0

Support AWS Provider V5 @max-lobur (#63)

what

Support AWS Provider V5
Linter fixes

why

Maintenance

references

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0

v0.19.0

Enable intra-security group traffic on DB port @kevcube (#61)

what

• adds variable allow_ingress_from_self which configures the security group to allow traffic within itself on DB port

why

• This is useful in architectures where the db security group will be used to control db access - i.e. it will also be applied to applications.

references

cloudposse/terraform-aws-rds-cluster#145