v0.6.9

🐛 Bug Fixes

allow underscores in names @cornfeedhobo (#66)

## what

• allow underscores in log group names

why

• I created a lambda with underscores in the name, which is auto-creating a log group to match, yet the cloudposse lambda module was creating a group without underscores, which was useless.

references

🤖 Automatic Updates

Migrate new test account @osterman (#63)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#62)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#61)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#60)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#59)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#58)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#57)

## what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#56)

## what - Install a repository config (`.github/settings.yaml`)

why

• Programmatically manage GitHub repo settings

Update README.md and docs @cloudpossebot (#53)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @osterman (#54)

## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

Update README.md and docs @cloudpossebot (#51)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.6.8

🚀 Enhancements

Fix mistake in policy. Part2 @ramses999 (#39)

what

This is just a continuation of the fix #38.
Prod environment tested. That's how it works correctly.

v0.6.7

🚀 Enhancements

Fix mistake in policy @ramses999 (#38)

what

Fix mistake in policy

why

The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role.
Without this ":" construct, the policy is created, but it does not work correctly.
This error was discovered when I tried to create a cloudwatch group in the cloudtrail module.
I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions."
After studying the code, I realized that I need to add the construction ":*" in a couple of lines.
My solution looks like this, I need to replace the lines in file :

This line:
join("", aws_cloudwatch_log_group.default..arn),
replaced by
"${join("", aws_cloudwatch_log_group.default..arn)}:*"
You need to do this in both identical lines.

Perhaps you can suggest a better solution, I'm new to terraforming.

references

#37
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55

v0.6.6

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.16.2 @renovate (#33)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	patch	0.16.1 -> 0.16.2

---

v0.6.5

🚀 Enhancements

Add policy boundary and enable_tags for iam resouces @jamengual (#32)

what

• Add policy boundary to cloudwatch IAM resources
• Updating to new tags_enabled variable from I am role module

why

• to pass policy_boundary and to add the ability to disable tags for IAM resources

references

• cloudposse/terraform-aws-iam-role#44

v0.6.4

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.15.0 @renovate (#29)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	minor	0.14.1 -> 0.15.0

---

Release Notes

cloudposse/terraform-aws-iam-role

v0.15.0

Compare Source

allow to set role and policy path @​1david5 (#​40)

#### what * Add `path` argument to role and policy resources #### why * Allow users to set path for role and policy

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.6.3

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.14.1 @renovate (#28)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	patch	0.14.0 -> 0.14.1

---

Release Notes

cloudposse/terraform-aws-iam-role

v0.14.1

Compare Source

Fix: Fix Variable Description Typo for `var.use_fullname` @​korenyoni (#​36)

#### what * Fix variable description typo introduced in #​35 for `var.use_fullname` #### why * Minor typo (unmatched right bracket). #### references * #​35

Drop unused null provider @​Xerkus (#​34)

#### what * Drop `hashicorp/null` provider from dependencies #### why * As far as I can tell the null provider is not used and I do not think it is needed for any kind of indirect dependency * I think it was needed at some point for terraform-null-label #### references * Closes #​31

Fix: fix variable description for `var.use_fullname`, run `make github/init` @​korenyoni (#​35)

#### what - Fix variable description for `var.use_fullname`. - Run `make github/init`. #### why - The `var.use_fullname` variable description is incorrect and refers to ECR repositories instead of IAM roles. - Running `make github/init` will update GHA-workflow related files (and CODEOWNERS), the former of which is required for the `no-release` label (which allows for consolidating multiple small PRs such as this into one release). #### references * N/A

#### 🚀 Enhancements

Add tags to policy @​nitrocode (#​37)

#### what * Add tags to policy #### why * Tag it all #### references N/A

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.6.2

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.14.0 @renovate (#27)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	minor	0.13.0 -> 0.14.0

---

Release Notes

cloudposse/terraform-aws-iam-role

v0.14.0

Compare Source

Add assume role policy conditions and managed iam policies @​sebastianmacarescu (#​33)

#### what * option to attach AWS Managed IAM policies to created role * option to add conditions to trust policy #### why * we should be able to use aws managed policies (or any other policies) and not create new ones dedicated for this role * we should be able to add conditions on who can assume this role (mfa enabled, be part of organization, specific session name, etc) #### references * closes #​24 * documentation for conditions: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document * documentation for conditions in trust role policies: https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.6.1

Docs: Fix usage snippet (missing source attribute) @korenyoni (#25)

what

• Fix usage snippet (missing source attribute)
• Fix module block name in usage snippet (does not match module name)

why

• The usage snippet is incorrect (missing source attribute and does not match module name)

references

• N/A

🚀 Enhancements

Allow slash in log group names @nitrocode (#26)

what

• Custom label for cloudwatch log group name

why

• Allow slash in log group names

references

• https://sweetops.slack.com/archives/CB6GHNLG0/p1636985722167300

test

provider "aws" {
  region = "us-east-2"
}

module "cloudwatch_logs" {
  source = "github.com/cloudposse/terraform-aws-cloudwatch-logs?ref=allow-slash-log-group-names"

  name = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}

results in

  # module.cloudwatch_logs.aws_cloudwatch_log_group.default[0] will be created
  + resource "aws_cloudwatch_log_group" "default" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
      + retention_in_days = 30
      + tags              = {
          + "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
        }
      + tags_all          = {
          + "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
        }
    }

v0.6.0

🚀 Enhancements

Feat: Make IAM Role Optional @korenyoni (#24)

what

• Make IAM role conditional on feature flag.
• Run make github/init.
• Fix unintentional nested array in stream_arns output.
• Fix usage snippet such that it conforms with other modules.

why

• Not all CloudWatch Logs log group use cases require an IAM role meant for assumption by an EC2 instance. The IAM role should be conditional.
• Running make github/init updates GHA workflow-related files.
• Running make github/init updates context.tf to the latest distribution from null-label, which now has new features such as the tenant label.

references

• https://github.com/cloudposse/terraform-null-label/releases/tag/0.25.0