Skip to content

v3.0.0 Static Website Support, remove awsutils provider
Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 07 Sep 22:41
3.0.0
6837ed7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Breaking changes

This release has what can be considered breaking changes, but mostly because it either reverts breaking changes introduced in v2.0.2 or fixes features that were previously broken and unusable.

  • If an IAM user and access key is created by this module, the AWS Access Key does not expire, restoring the behavior in and prior to v2.0.1. In v2.0.2 and v2.0.3, keys expired in 30 days. If you are upgrading from v2.0.1 or earlier, this is not a breaking change.
  • The website_inputs input is replaced by website_configuration and website_redirect_all_requests_to. The cors_rule_inputs input is replaced by cors_configuration. Thanks to @jurgen-weber-deltatre for helping with this. If you were not using these inputs, then this is not a breaking change.

If neither of the above issues affects you, then there are no breaking changes between v2.0.0 and this release and you can safely upgrade without making any changes to your code.

New Features

  • The breaking change introduced in v2.0.2 that required you to initialize the cloudposse/awsutils Terraform provider with the AWS region and been reverted. This module no longer uses that provider.
  • Support for S3 static websites is greatly improved. Configure with website_configuration and cors_configuration, or with website_redirect_all_requests_to. The website endpoint and base domain are now available as outputs.
  • You can now store the IAM user's access key in SSM via store_access_key_in_ssm. When stored in SSM, the secret key is not output by this module as a Terraform output, preventing it from being stored unencrypted in the Terraform state file.
  • You can now create a user but not create an access key by setting access_key_enabled = false. You can also use this feature to rotate an access key by setting it to false and applying to delete the key, then setting it to true and applying to create a new one.

Note that in general we now recommend against creating an IAM user, and recommend using AWS OIDC to create an authentication path for users and systems that do not have native IAM credentials. Also note that you can assign permissions to existing AWS users and roles via grants or privileged_principal_arns.

what && why

  • Update terraform-aws-s3-user to v1.0.0 and add inputs access_key_enabled, store_access_key_in_ssm, and ssm_base_path in order to
    • Make creating an IAM key for the S3 user optional
    • Enable saving the IAM key in SSM Parmeter store and omitting it from Terraform state
    • Remove dependency on cloudposse/awsutils Terraform provider. See terraform-aws-iam-system-user v1.0.0 Release Notes for further details and justification.
  • Replace input website_inputs (which never worked) with website_configuration and website_redirect_all_requests_to. See #142 for further details and justification.
  • Replace input cors_rule_inputs with cors_configuration to match resource name.

references

  • Implements and closes #3
  • Fixes #141
  • Supersedes and closes #142
  • Obsoletes and closes #151
  • Supersedes and closes #154
  • Obsoletes and closes #155
  • Supersedes and closes #157

Contributors

jurgen-weber-deltatre
Assets 2
Loading