v0.28.0 Rename inputs, add egress-only gateway

With this release, we renamed most of the module inputs to conform to current Cloud Posse naming conventions. The old inputs remain supported for now, but we recommend converting to the new names as soon as is reasonable.

See #99 for details.

Normalize input names as part of "Security group" upgrade @Nuru (#100)

what

• Normalize input names according to current Cloud Posse standards
• Deprecate old input names
• Add option to create IPv6 egress-only internet gateway

why

• Part of overhaul of all modules to bring consistency
• Provide backward compatibility while encouraging use of new variable names
• Feature request #93

references

• Closes #93
• Supersedes and closes #94
• Implements and closes #99

v0.27.0

Restore compatibility @Nuru (#98)

what

• Restore compatibility with v0.25.0
  • closes #91
  • closes #92
• Update to null-label v0.25.0

why

• Restore proper functioning of auto-update
• Unblock for future PRs

v0.26.3

🤖 Automatic Updates

chore(deps): update terraform cloudposse/label/null to v0.25.0 @renovate (#95)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/label/null (source)	module	minor	0.24.1 -> 0.25.0

---

Release Notes

cloudposse/terraform-null-label

v0.25.0

Compare Source

Add "tenant", "labels_as_tags", and "descriptors" @​Nuru (#​132)

#### what - Add additional label and `id` component: `tenant` - New input `labels_as_tags` controls which labels are exported as tags - New input `descriptor_formats` generates new output `descriptors` - Update README, remove link to obsolete `terraform-terraform-label` #### why - Support users that host resources on behalf of and/or dedicated to single customers - Supersedes and closes #​131, giving people control over which tags the module generates - Simple mechanism for creating multiple identifiers from the same inputs, reducing the need to create multiple instances of `null-label` - Document `tenant`, `labels_as_tags`, `descriptor_formats`, add additional clarification, stop promoting obsolete module

Fix: Update README Snippets @​korenyoni (#​130)

#### what * Update README snippets to reflect use of Terraform Registry. #### why * Including snippets that reflect use of the Terraform Registry make it easier for users to quickly instantiate a null_label module. * README is out of date and does not include snippets that reflect use of the Terraform Registry. #### references * N/A

Bridgecrew compliance @​Nuru (#​125)

#### what - Resolve Bridgecrew compliance complaint about example Autoscaling Group (BC_AWS_GENERAL_31) - Fix typo in README - Include Terraform lock file in `.gitignore` #### why - Get clean Bridgecrew badge - Correct confusing error - Ensure lock files are not checked into GitHub #### note The PR can and should be merged into `master` to update README and Bridgecrew without triggering a new release/version. These changes have no effect on the actual module in use and a release will create unnecessary ripple effects. However, merging to `master` will update the README and badges, so is worthwhile, and the changes will move forward into the next release.

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.26.2

🤖 Automatic Updates

Update context.tf @cloudpossebot (#96)

what

This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label

why

To support all the features of the context interface.

v0.26.1 Breaking Changes. Not recommended.

Release version 0.26.0 broke backward compatibility by unnecessarily removing vpc_default_security_group_id . That has been fixed in this release. The remaining breaking changes have not been addressed. This version is not recommended.

🐛 Bug Fixes

Add back `vpc_default_security_group_id` output @nitrocode (#88)

what

• Add back vpc_default_security_group_id output

why

• It's a necessary output

references

• Previous PR #86

v0.26.0 Breaking Changes

Breaking Changes. Not recommended.

Previously, this module would, by default, remove all ingress and egress rules from the default VPC security group. This release inadvertently removed that behavior.

feat: use security-group module instead of resource @SweetOps (#86)

what

• use security-group module instead of resource
• update tests

why

• more flexible than current implementation
• bring configuration of security group/rules to one standard

references

• CPCO-409

v0.25.0

Fix: Bridgecrew Failed Policies @korenyoni (#85)

what

• Disable bridgecrew check for VPC Flow Logs on VPC, because CloudPosse has modules in place to handle VPC Flow Log enablement.
• Skip Bridgecrew check on aws_default_security_group ingresses/egresses as the default security group implementation does not include any ingress/egress rules and is inherently secure.

why

• Bridgecrew benchmarks are being failed as a result of BC_AWS_LOGGING_9 and BC_AWS_NETWORKING_4 failing.

references

• https://docs.bridgecrew.io/docs/networking_4
• https://docs.bridgecrew.io/docs/logging_9-enable-vpc-flow-logging

v0.24.0

Fix: fix var.enabled conditional Logic within for_each Meta-argument in vpc-endpoints Submodule @korenyoni (#84)

what

• Fix var.enabled conditional logic within for_each meta-argument in vpc-endpoints submodule

why

• set() is neither a real Terraform function nor will the valid toset([]) work in this instance of for_each (due to type mismatch in the ternary operator), however due to the short-circuit with enabled=true, this wasn't picked up in tests.

references

• #82

v0.23.0

Update vpc-endpoints submodule docs, examples/vpc-endpoints use null label @korenyoni (#83)

what

• Update docs for vpc-endpoints submodule using terraform-docs
• Update examples/vpc-endpoints to not manually override tags for aws_security_group resources in examples/vpc-endpoints — insantiate a new null label module and supply it attributes.

why

• The vpc-endpoints submodule generated docs are out-of-date.
• The use of tag overrides in examples/vpc-endpoints is not in line with CloudPosse style.

references

• #82

v0.22.0

Feature: Allow VPC Endpoints to be Created via vpc-endpoints Submodule @korenyoni (#82)

what

• Add vpc-endpoints submodule to this repo, which allows users to provision Interface and/or Gateway VPC Endpoints to the VPC they have created with the terraform-aws-vpc module.
• Add Terratest tests for testing the vpc-endpoints submodule
• Update automated testing via Terratest in this repo to use us-east-2 region instead of us-west-1, as going forward CloudPosse repositories will be using us-east-2

why

• Currently, there is no option within the VPC module to enable any VPC Endpoints. A simple switch for each type of endpoint is not possible, because there are dozens of possible endpoints —particularly Interface Endpoints— that can be created. Furthermore, VPC Endpoints may depend on resources that are themselves dependant on the terraform-aws-vpc module (i.e. subnet IDs), so an external module is required, but a standalone module is not necessarily justified.

references

• It's useful to read the AWS Documentation to make a distinction between Interface VPC Endpoints and Gateway VPC Endpoints