Skip to content

Latest commit

 

History

History
1273 lines (625 loc) · 63.3 KB

CHANGELOG.md

File metadata and controls

1273 lines (625 loc) · 63.3 KB

Changelog

All notable changes to this project will be documented in this file.

5.48.0 (2024-11-11)

Features

  • Add ec2:GetSecurityGroupsForVpc for AWS LB Controller v2.10.0 (#536) (9cfab4a)

5.47.1 (2024-10-22)

Bug Fixes

5.47.0 (2024-10-21)

Features

  • Update AWS EBS CSI Driver IAM Policy (#530) (1bc058c)

Bug Fixes

  • Update CI workflow versions to latest (#527) (15fd175)

5.46.0 (2024-10-04)

Features

  • Update IAM policy for AWS Load Balancer Controller to support Listener Attributes (#525) (966c4f8)

5.45.0 (2024-10-04)

Features

  • Allow modifying the iam-github-oidc-role subject condition (#523) (f2ade86)

5.44.2 (2024-10-01)

Bug Fixes

  • Add required S3 PutObjectTagging permission to Velero IRSA policy (#517) (f0e65a7)

5.44.1 (2024-09-24)

Bug Fixes

  • Ensure IRSA for EKS FSX can Update File Systems (#520) (b84b3c2)

5.44.0 (2024-08-08)

Features

  • Add support for OIDC policy conditions (#480) (02a5b7f)

5.43.0 (2024-08-05)

Features

  • Allow changing iss for the github oidc role (#507) (56e4364)

5.42.0 (2024-07-29)

Features

  • Add cloudwatch logs policy to vpc-cni for networkpolicy logging (#504) (88ee443)

5.41.0 (2024-07-11)

Features

  • Adding sse-kms support for Mountpoint S3 CSI driver EKS IRSA (#493) (5039e10)

5.40.0 (2024-07-05)

Features

  • Add support for inline policy creation (#479) (e13cb1e)

5.39.1 (2024-05-15)

Bug Fixes

  • Fixed trust condition in modules/iam-github-oidc-role to be https (#490) (ecaed18)

5.39.0 (2024-04-08)

Features

  • Enable override policy name iam-group-with-assumable-roles-policy (#468) (bf013d2)
  • Update VPC CNI policy to 3/4/24 (#476) (f9d5e28)

5.38.0 (2024-04-02)

Features

  • EBS fast snapshot restores persmission for EKS IRSA (#469) (9ea77ca)

5.37.2 (2024-03-25)

Bug Fixes

  • Allow user to change own password when no MFA is present (#470) (ef0056b)

5.37.1 (2024-03-07)

Bug Fixes

  • Update CI workflow versions to remove deprecated runtime warnings (#465) (82348df)

5.37.0 (2024-03-03)

Features

  • Extend self-management policy to read account summary (iam-group-with-policies) (#462) (0bedaf4)

5.36.0 (2024-03-03)

Features

  • Add support for Mountpoint S3 CSI driver to EKS IRSA (#459) (21fb8d9)

5.35.0 (2024-02-27)

Features

  • Allow users to set and read own access keys description (iam-group-with-policies) (#461) (c80cd10)

5.34.0 (2024-02-02)

Features

  • Support new mTLS feature in awslb IAM policy (#458) (452c37f)

5.33.1 (2024-01-18)

Bug Fixes

  • Skip retrieving EKS cluster data when not creating the role (#436) (bcdf554)

5.33.0 (2023-12-16)

Features

  • Add support for Amazon CloudWatch Observability IRSA role (#446) (25e2bf9)

5.32.1 (2023-12-11)

Bug Fixes

  • Remove unused TLS provider in iam-github-oidc-role (#439) (2ce3885)

5.32.0 (2023-11-17)

Features

  • Add instance profile permissions to Karpenter IRSA policy (#434) (50348dd), closes #433

5.31.0 (2023-11-13)

Features

  • Allow users to change own password in iam-group-with-policies module (#435) (eb5b218)

5.30.2 (2023-11-10)

Bug Fixes

  • Update AllowManageOwnAccessKeys statement (#432) (741afc9)

5.30.1 (2023-11-04)

Bug Fixes

  • Direct policy attachment of iam-policy-created resources (#428) (543f101)

5.30.0 (2023-08-31)

Features

  • Add create_custom_role_trust_policy to control when a custom_role_trust_policy should be used (#321) (481095e)

5.29.2 (2023-08-30)

Bug Fixes

  • Expand Permissions for external-secrets IRSA Policy towards AWS Secrets Manager (#416) (fa74a18)

5.29.1 (2023-08-30)

Bug Fixes

  • Add missing condition role_session_name when assuming a role (#418) (89d011e)

5.29.0 (2023-08-23)

Features

  • Add variable for adding statement for secretsmanager:CreateSecret (#414) (24996cd)

5.28.0 (2023-07-19)

Features

  • Added direct policy attachment in iam-user module (#387) (9fa481f)

5.27.0 (2023-07-04)

Features

  • Correct enable_mfa_enforcement spelling (#404) (54b7165)

5.26.0 (2023-07-03)

Features

  • Github OIDC add extra thumbprints as needed (#403) (56511f3)

5.25.0 (2023-07-02)

Features

  • Added variable load_balancer_controller_targetgroup_arns in iam-role-for-service-accounts-eks module (#402) (61a5dbe)

5.24.0 (2023-06-29)

Features

  • Add path variable to IAM group module (#390) (e5c42c3)

5.23.1 (2023-06-29)

Bug Fixes

  • Ensure role_name_condition is set correctly (#389) (0024928)

5.23.0 (2023-06-29)

Features

  • Added variable trusted_role_actions to sub modules as a "Action of STS" (#393) (5702679)

5.22.0 (2023-06-26)

Features

5.21.0 (2023-06-23)

Features

  • Added permissions to list zone tags in iam-role-for-service-accounts-eks module (#394) (740945f)

5.20.0 (2023-05-22)

Features

  • Add support for AWS Gateway controller (VPC Lattice) to IRSA module (#378) (fdee003)

5.19.0 (2023-05-17)

Features

  • Add support for condition role_session_name when assuming a role (#379) (5aabe67)

5.18.0 (2023-05-07)

Features

  • iam-eks-role: Add variable to allow change of IAM assume role condition test operator (#367) (542fc5a)

5.17.1 (2023-05-05)

Bug Fixes

  • Remove "autoscaling:UpdateAutoScalingGroup" permission from cluster-autoscaler IRSA (#357) (aeb5d7f)

5.17.0 (2023-04-08)

Features

  • Add name_prefix to iam-policy and iam-read-only-policy modules (#369) (5bf5f6f)

5.16.0 (2023-03-27)

Features

  • Add elasticloadbalancing:AddTags permissions to AWS Load Balancer Controller policy required for version 2.4.7+ (#358) (e1403c1)

5.15.0 (2023-03-27)

Features

  • Add permissions for instance requirements support for cluster autoscaler IRSA policy (#356) (fac0cdc)

5.14.4 (2023-03-24)

Bug Fixes

  • Add kms:decrypt policy for External Secret (#349) (2359a03)

5.14.3 (2023-03-23)

Bug Fixes

  • Do not attach force MFA statement for iam-groups-with-policies by default (#333) (b9f3409)

5.14.2 (2023-03-21)

Bug Fixes

  • Add ssm:DescribeParameters permission to external-secrets IAM role for service account (IRSA) (#348) (fe8d73b)

5.14.1 (2023-03-21)

Bug Fixes

  • Update self manage policy to support users with path (#335) (9a8d5cb)

5.14.0 (2023-03-17)

Features

  • Update efs_csi policy to support resource tagging (#352) (47cb7a2)

5.13.0 (2023-03-10)

Features

  • Add support for path in iam-group-with-assumable-roles-policy (#345) (761368e)

5.12.0 (2023-03-08)

Features

  • Add eks:DescribeCluster for Karpenter cluster endpoint auto discovery (#343) (3f2cdc8)

5.11.2 (2023-02-15)

Bug Fixes

  • Allow Change Password when no MFA present (#340) (0c1cfaa)

5.11.1 (2023-01-19)

Bug Fixes

  • Reflect the changes in the ebs_csi driver (#326) (cadfe47)

5.11.0 (2023-01-19)

Features

  • Allow multiple MFA devices and users to manage MFA devices (#313) (57a5d70)

5.10.0 (2023-01-06)

Features

  • Added Extra STS actions param in assumable role with SAML (#317) (a2ad4cd)

Bug Fixes

  • Use a version for to avoid GitHub API rate limiting on CI workflows (#323) (90349fa)

5.9.2 (2022-12-10)

Bug Fixes

5.9.1 (2022-12-07)

Bug Fixes

  • Add ssm:GetParameters permission to external-secrets policy (#316) (0e77849)

5.9.0 (2022-12-01)

Features

5.8.0 (2022-11-21)

Features

  • Add additional permissions to Karpenter EKS IRSA role for native node termination handling support (#304) (d6865d2)

5.7.0 (2022-11-21)

Features

  • Ensure that GitHub OIDC subject prefixes are normalied for repo: (#310) (b9873a0)

5.6.0 (2022-11-19)

Features

  • Add support for creating IAM GitHub OIDC provider and role(s) (#308) (cc44693)

5.5.7 (2022-11-09)

Bug Fixes

  • Add secretsmanager:ListSecrets to external-secrets policy (#305) (d3fb017)

5.5.6 (2022-11-07)

Bug Fixes

  • Update CI configuration files to use latest version (#302) (4c1c958)

5.5.5 (2022-11-01)

Bug Fixes

  • Add missing locals in iam-assumable-role module (#290) (8af6d28)

5.5.4 (2022-10-26)

Bug Fixes

  • Insufficient permissions for karpenter policy when not using karpenter discovery tags on security group (#294) (5ad496b)

5.5.3 (2022-10-26)

Bug Fixes

  • Correct tflint errors for latest version of tflint (#296) (b40ade4)

5.5.2 (2022-10-13)

Bug Fixes

  • Explicitly assume with condition matching role arn (#283) (470b6ff)

5.5.1 (2022-10-12)

Bug Fixes

  • Allow TagUser to SelfManagement policy (#287) (87624b6)

5.5.0 (2022-09-27)

Features

  • Add support for roles created to explicitly assume their own role if desired (#281) (3d29d26)

5.4.0 (2022-09-15)

Features

  • Add support for spot request permissions with Karpenter IRSA role (#277) (b3b99d9)

5.3.3 (2022-09-06)

Bug Fixes

  • Fixed iam-user module when encrypted_ses_smtp_password_v4 is null (#275) (936d0f1)

5.3.2 (2022-09-05)

Bug Fixes

  • Correct encrypted ses_smtp_password_v4 output (#259) (ff9d783)

5.3.1 (2022-08-25)

Bug Fixes

  • Don't force users to reset passwords in modules/iam-user (#271) (358f7d4)

5.3.0 (2022-08-10)

Features

  • Add additional permission for karpenter IAM policy added in v0.14.0 release (#264) (bce17b2)

5.2.0 (2022-06-27)

Features

  • Add additional Karpenter permissions for spot pricing improvements (#258) (14cc1df)

5.1.0 (2022-06-01)

Features

  • Update cluster autoscaler policy for recent permission changes upstream (#255) (2f1b2bf)

5.0.0 (2022-05-18)

âš  BREAKING CHANGES

  • Replace use of toset() for policy attachment, bump min version of AWS provider to 4.0 and Terraform to 1.0 (#250)

Features

  • Replace use of toset() for policy attachment, bump min version of AWS provider to 4.0 and Terraform to 1.0 (#250) (835135b)

4.24.1 (2022-05-10)

Bug Fixes

  • Avoid restricting Karpenter RunInstances subnets by tag key (#247) (bbbe0c0)

4.24.0 (2022-05-03)

Features

4.23.0 (2022-04-25)

Features

  • Improved iam-eks-role module (simplified, removed provider_url_sa_pairs, updated docs) (#236) (d014730)

4.22.1 (2022-04-25)

Bug Fixes

  • Correct invalid policy for app mesh controller (#238) (7362f20)

4.22.0 (2022-04-23)

Features

4.21.1 (2022-04-22)

Bug Fixes

  • Correct aws arn partition for service account eks (#235) (e51b6c3)

4.21.0 (2022-04-22)

Features

  • Added appmesh controller support to iam-role-for-service-accounts-eks (#231) (0492955)

4.20.3 (2022-04-20)

Bug Fixes

  • Correct policy attachment to cert_manager in example (#234) (6a28193)

4.20.2 (2022-04-19)

Bug Fixes

4.20.1 (2022-04-15)

Bug Fixes

  • Fixed example where VPC CNI permissions should apply to the aws-node account (#225) (1fb1cfc)

4.20.0 (2022-04-13)

Features

  • Add support for AMP, cert-manager, and external-secrets to iam-role-for-service-accounts-eks (#223) (f53d409)

4.19.0 (2022-04-12)

Features

  • Add variable to allow changing tag condition on Karpenter iam-role-for-service-accounts-eks policy (#218) (3d7ea33)

4.18.0 (2022-04-02)

Features

  • Add support for EFS CSI driver to iam-role-for-service-accounts-eks (#215) (5afe63f)

4.17.2 (2022-03-31)

Bug Fixes

  • Fixed output of iam_user_login_profile_password in iam-user submodule (#214) (932a7d8)

4.17.1 (2022-03-29)

Bug Fixes

  • Backwards compatibility in 4.x.x series in iam-user submodule (#212) (2c57668)

4.17.0 (2022-03-26)

Features

4.16.0 (2022-03-25)

Features

  • Add load_balancer_controller targetgroup binding only role (#199) (e00526e)

4.15.1 (2022-03-23)

Bug Fixes

  • Permit RunInstances permission for Karpenter when request contains karpenter.sh/discovery tag key (#209) (18081d1)

4.15.0 (2022-03-23)

Features

  • Made it clear that we stand with Ukraine (8e2b836)

Bug Fixes

  • Policy generation when ebs_csi_kms_cmk_ids is set (#203) (e2b4054)

4.14.0 (2022-03-09)

Features

  • Add variable to change IAM condition test operator to suite; defaults to StringEquals (#201) (8469c03)

4.13.2 (2022-03-02)

Bug Fixes

  • Trigger release for adding ec2:DescribeInstanceTypes patched in #192 (#196) (0f5979f)

4.13.1 (2022-02-18)

Bug Fixes

  • Correct permission on AWS load balancer controller (#191) (a912557)

4.13.0 (2022-02-17)

Features

  • Add new addon policy for AWS load balancer controller to IRSA role (#189) (e2ce5c9)

4.12.0 (2022-02-16)

Features

  • Add conditional policy statement attachments for EKS IAM role module (#184) (e29b94f)

4.11.0 (2022-02-02)

Features

  • Include cost explorer to default console services in iam-read-only-policy module (#186) (e701139)

4.10.1 (2022-01-21)

Bug Fixes

  • Fixed incorrect example of iam-eks-role (#183) (c26c44e)

4.10.0 (2022-01-19)

Features

  • Allow setting custom trust policy in iam-assumable-role (#176) (095cb29)

4.9.0 (2022-01-14)

Features

4.8.0 (2022-01-03)

Bug Fixes

  • update CI/CD process to enable auto-release workflow (#175) (9278e6f)

Features

v4.7.0 - 2021-10-14

  • feat: Added support for trusted_role_actions for MFA in iam-assumable-role (#171)

v4.6.0 - 2021-09-20

  • feat: Added output group_arn to iam-group-with-policies (#165)

v4.5.0 - 2021-09-16

  • feat: Added id of iam assumable role to outputs (#164)

v4.4.0 - 2021-09-10

  • feat: Add ability for controlling whether or not to create a policy (#163)
  • docs: Update version constraints (#162)

v4.3.0 - 2021-08-18

  • feat: Add support for cross account access in iam-assumable-role-with-oidc (#158)

v4.2.0 - 2021-06-29

  • feat: Support External ID with MFA in iam-assumable-role (#159)

v4.1.0 - 2021-05-03

  • feat: Add support tags to additional IAM modules (#144)
  • chore: update CI/CD to use stable terraform-docs release artifact and discoverable Apache2.0 license (#151)

v4.0.0 - 2021-04-26

  • feat: Shorten outputs (removing this_) (#150)

v3.16.0 - 2021-04-20

  • feat: Add iam role unique_id to outputs (#149)

v3.15.0 - 2021-04-15

  • fix: Set sensitive=true for sensitive outputs and use tolist() (#148)

v3.14.0 - 2021-04-07

  • feat: Add role unique_id output in iam-assumable-role module (#143)
  • chore: update documentation and pin terraform_docs version to avoid future changes (#142)

v3.13.0 - 2021-03-11

  • feat: Allows multiple STS External IDs to be provided to an assumable role (#138)

v3.12.0 - 2021-03-05

  • feat: Add iam-assumable-role-with-saml module (#127)

v3.11.0 - 2021-03-04

  • fix: handle unencrypted secrets (#139)
  • chore: update ci-cd workflow to allow for pulling min version from each directory (#137)

v3.10.0 - 2021-03-01

  • fix: Update syntax for Terraform 0.15 (#135)
  • chore: Run pre-commit terraform_docs hook (#133)
  • chore: add ci-cd workflow for pre-commit checks (#132)

v3.9.0 - 2021-02-20

  • chore: update documentation based on latest terraform-docs which includes module and resource sections (#131)

v3.8.0 - 2021-01-29

  • feat: Add arn of created group(s) to outputs (#128)

v3.7.0 - 2021-01-14

  • fix: Multiple provider_urls not working with iam-assumable-role-with-oidc (#115)

v3.6.0 - 2020-12-04

  • feat: Fixed number of policies everywhere (#121)

v3.5.0 - 2020-12-04

  • fix: automatically determine the number of role policy arns (#119)

v3.4.0 - 2020-11-13

  • feat: iam-assumable-roles-with-saml - Allow for multiple provider ids (#110)

v3.3.0 - 2020-11-02

  • ci: Updated pre-commit hooks, added terraform_validate (#106)

v3.2.0 - 2020-10-30

  • docs: Updated examples in README (#105)

v3.1.0 - 2020-10-30

  • Bump new major release v3

v3.0.0 - 2020-10-30

  • feat: Added number_of_ variables for iam-assumable-role submodules (#96)

v2.25.0 - 2020-10-30

  • fix: remove empty string elements from local.urls in iam-assumable-role-with-oidc submodule (#99)

v2.24.0 - 2020-10-30

  • feat: Add role_name_prefix option for oidc roles (#101)

v2.23.0 - 2020-10-30

  • feat: Updated to support Terraform 0.13 also (#103)
  • ci: Update pre-commit-terraform (#100)

v2.22.0 - 2020-10-16

  • feat: Add role description variable for assumable role with oidc (#98)

v2.21.0 - 2020-09-22

  • fix: Fixed ses_smtp_password_v4 output name

v2.20.0 - 2020-09-08

  • fix: simplify count statements (#93)

v2.19.0 - 2020-09-08

  • fix: Allow running on custom AWS partition (incl. govcloud) (#94)

v2.18.0 - 2020-08-18

  • feat: modules/iam-assumable-role-with-oidc: Support multiple provider URLs (#91)

v2.17.0 - 2020-08-17

  • feat: Strip https:// from OIDC provider URL if present (#50)

v2.16.0 - 2020-08-17

  • fix: Allow modules/iam-assumable-role-with-oidc to work in govcloud (#83)

v2.15.0 - 2020-08-17

  • feat: Added support for sts:ExternalId in modules/iam-assumable-role (#90)

v2.14.0 - 2020-08-13

  • fix: Delete DEPRECATED ses_smtp_password in iam-user. (#88)

v2.13.0 - 2020-08-13

  • feat: Support for Terraform v0.13 and AWS provider v3 (#87)
  • docs: Updated example in README (#52)

v2.12.0 - 2020-06-10

  • Updated formatting
  • fix: Fix conditions with multiple subjects in assume role with oidc policy (#74)

v2.11.0 - 2020-06-10

  • feat: Allow to set force_detach_policies on roles (#68)

v2.10.0 - 2020-05-26

  • fix: Allow customisation of trusted_role_actions in iam-assumable-role module (#76)

v2.9.0 - 2020-04-23

  • feat: modules/iam-user - Output SMTP password generated with SigV4 algorithm (#70)

v2.8.0 - 2020-04-22

  • docs: Add note about pgp_key when create_iam_login_profile is set (#69)
  • fix: Fix module source and name in README (#65)
  • fix typo (#62)

v2.7.0 - 2020-02-22

  • Updated pre-commit-terraform with README
  • Add instance profile to role sub-module (#46)

v2.6.0 - 2020-01-27

  • Rename module from "-iodc" to "-oidc" (#48)

v2.5.0 - 2020-01-27

  • New sub-module for IAM assumable role with OIDC (#37)

v2.4.0 - 2020-01-09

  • Updated pre-commit hooks
  • iam-assumable-role: add description support (#45)
  • Removed link to missing complete example (fixed #34)

v2.3.0 - 2019-08-21

  • Added description support for custom group policies using a lookup (#33)

v2.2.0 - 2019-08-21

  • Added trusted_role_services to iam-assumable-roles, autoupdated docs
  • Add Trusted Services to iam-assumable-role (#31)
  • Fix link to iam-assumable-role example in README (#35)

v2.1.0 - 2019-06-11

  • Removed duplicated tags from variables in iam-user (#30)

v2.0.0 - 2019-06-11

  • Upgraded module to support Terraform 0.12 (#29)

v1.0.0 - 2019-06-11

  • Fixed styles after #26
  • iam-user,iam-assumable-role,iam-assumable-roles,iam-assumable-roles-with-saml tags support (#26)

v0.5.0 - 2019-05-15

  • Added support for list of policies to attach to roles (#25)

v0.4.0 - 2019-03-16

  • Minor adjustments
  • assumable roles for Users with SAML Identity Provider (#19)

v0.3.0 - 2019-02-20

  • Added iam-group-with-policies and iam-group-complete

v0.2.0 - 2019-02-19

  • Added iam-group-with-assumable-roles-policy and iam-assumable-role (#18)

v0.1.0 - 2019-02-19

  • Updated examples for iam-policy and formatting
  • Added iam policy (#15)
  • Permission boundary (#16)

v0.0.7 - 2018-08-19

  • Follow-up after #12, added possibility to upload IAM SSH public keys
  • Ssh key support (#12)
  • fix descriptions of variables (#10)

v0.0.6 - 2018-05-28

  • Custom Session Duration (#9)

v0.0.5 - 2018-05-16

  • Added pre-commit hook to autogenerate terraform-docs
  • Implement conditional logic for role creation (#7)

v0.0.4 - 2018-03-01

  • Add max_password_age for password policy (#5)

v0.0.3 - 2018-02-28

  • Added iam-user module (#4)

v0.0.2 - 2018-02-12

  • Added iam-assumable-roles (#2)
  • Added iam-account (#1)

v0.0.1 - 2018-02-05

  • Do pre-commit run on all code
  • Added iam-account
  • Initial commit