Releases: ministryofjustice/modernisation-platform-terraform-bastion-linux
Releases · ministryofjustice/modernisation-platform-terraform-bastion-linux
v4.4.1
What's Fixed
- The original behaviour of the
bastion_security_groupoutput has been reinstated. It will once again output theidof the"aws_security_group" "bastion_linux" { ... }resource. - The updated output is still available through the
bastion_security_group_mapoutput.
What's Changed
- Bump bridgecrewio/checkov-action from 12.2879.0 to 12.2882.0 by @dependabot in #575
- Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 by @dependabot in #574
- Bump ministryofjustice/github-actions from 18.2.4 to 18.3.1 by @dependabot in #576
- Bump bridgecrewio/checkov-action from 12.2882.0 to 12.2883.0 by @dependabot in #577
- Reinstated original behaviour of security group output by @dms1981 in #579
- Bump bridgecrewio/checkov-action from 12.2883.0 to 12.2884.0 by @dependabot in #578
Full Changelog: v4.4.0...v4.4.1
Contributors
dms1981 and dependabot
Assets 2
v4.4.0
What's Changed
- All module resources use
name_prefixinstead ofnameto ensure uniqueness where possible. - The module output -
bastion_security_group- now exposes the full content of theaws_security_group.bastion_linuxresource. You can still retrieve theidattribute but will need to define it specifically. EG.module.bastion.bastion_security_group.id.
What's Changed
- Bump bridgecrewio/checkov-action from 12.2877.0 to 12.2879.0 by @dependabot in #573
- Ensure uniqueness in naming by @dms1981 in #572
Full Changelog: v4.3.1...v4.4.0
Contributors
dms1981 and dependabot
Assets 2
v4.3.1
What's Fixed
- The AWS KMS key used to encrypt the S3 bucket that holds ssh keys is now created with
name_prefixinstead ofnameto ensure uniqueness. - The module output -
bastion_security_group- now exposes the full content of theaws_security_group.bastion_linuxresource. You can still retrieve theidattribute but will need to define it specifically. EG.module.bastion.bastion_security_group.id.
What's Changed
Full Changelog: v4.3.0...v4.3.1
Contributors
dms1981
Assets 2
v4.3.0
What's New
Launch templates will now resolve the SSM Parameter for amzn2-ami-hvm-x86_64-gp2 and resolve the latest version when creating instances. You can read the AWS documentation on using parameter resolution in templates here.
What's Changed
- A lot of dependabot version bumps
- Feature/trivy by @ep-93 in #413
- updated README.md and unit test name by @Khatraf in #436
- add tfsec exception to fix static-analysis check failure by @robertsweetman in #460
- Adds the redact of sensitive data items from test workflow output. by @mikereiddigital in #465
- Fixes unredacted data values in workflow log. by @mikereiddigital in #473
- Update main.tf by @ep-93 in #474
- issue/7689 by @mikereiddigital in #544
- Bump Go versions by @ASTRobinson in #551
- Updated template to use dynamic resolution of SSM parameter store value by @dms1981 in #563
New Contributors
- @Kudzai-moj made their first contribution in #415
- @Khatraf made their first contribution in #436
- @robertsweetman made their first contribution in #460
Full Changelog: v4.2.1...v4.3.0
Contributors
robertsweetman, dms1981, and 5 other contributors
Assets 2
v4.2.1
What's Changed
- Build(deps): bump bridgecrewio/checkov-action from 12.2671.0 to 12.2672.0 by @dependabot in #365
- Build(deps): bump bridgecrewio/checkov-action from 12.2672.0 to 12.2673.0 by @dependabot in #366
- Build(deps): bump bridgecrewio/checkov-action from 12.2673.0 to 12.2674.0 by @dependabot in #367
- Build(deps): bump bridgecrewio/checkov-action from 12.2674.0 to 12.2675.0 by @dependabot in #368
- Build(deps): bump bridgecrewio/checkov-action from 12.2675.0 to 12.2676.0 by @dependabot in #369
- Build(deps): bump bridgecrewio/checkov-action from 12.2676.0 to 12.2678.0 by @dependabot in #371
- Build(deps): bump bridgecrewio/checkov-action from 12.2678.0 to 12.2680.0 by @dependabot in #372
- Build(deps): bump bridgecrewio/checkov-action from 12.2680.0 to 12.2681.0 by @dependabot in #374
- Build(deps): bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #373
- Build(deps): bump bridgecrewio/checkov-action from 12.2681.0 to 12.2683.0 by @dependabot in #375
- Build(deps): bump bridgecrewio/checkov-action from 12.2683.0 to 12.2684.0 by @dependabot in #376
- Build(deps): bump bridgecrewio/checkov-action from 12.2684.0 to 12.2686.0 by @dependabot in #377
- Build(deps): bump bridgecrewio/checkov-action from 12.2686.0 to 12.2687.0 by @dependabot in #378
- Build(deps): bump bridgecrewio/checkov-action from 12.2687.0 to 12.2688.0 by @dependabot in #380
- Build(deps): bump bridgecrewio/checkov-action from 12.2688.0 to 12.2689.0 by @dependabot in #382
- Build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #379
- Build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.33.0 in /test by @dependabot in #381
- Build(deps): bump bridgecrewio/checkov-action from 12.2689.0 to 12.2691.0 by @dependabot in #384
- Build(deps): bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #385
- Build(deps): bump bridgecrewio/checkov-action from 12.2691.0 to 12.2695.0 by @dependabot in #387
- Build(deps): bump terraform-docs/gh-actions from 1.0.0 to 1.1.0 by @dependabot in #389
- Build(deps): bump bridgecrewio/checkov-action from 12.2695.0 to 12.2696.0 by @dependabot in #388
- Build(deps): bump bridgecrewio/checkov-action from 12.2696.0 to 12.2699.0 by @dependabot in #391
- Build(deps): bump bridgecrewio/checkov-action from 12.2699.0 to 12.2700.0 by @dependabot in #392
- Build(deps): bump bridgecrewio/checkov-action from 12.2700.0 to 12.2702.0 by @dependabot in #394
- Build(deps): bump bridgecrewio/checkov-action from 12.2702.0 to 12.2703.0 by @dependabot in #395
- Build(deps): bump bridgecrewio/checkov-action from 12.2703.0 to 12.2705.0 by @dependabot in #396
- Build(deps): bump bridgecrewio/checkov-action from 12.2705.0 to 12.2707.0 by @dependabot in #397
- Build(deps): bump bridgecrewio/checkov-action from 12.2707.0 to 12.2712.0 by @dependabot in #398
- Build(deps): bump bridgecrewio/checkov-action from 12.2712.0 to 12.2715.0 by @dependabot in #399
- Build(deps): bump bridgecrewio/checkov-action from 12.2715.0 to 12.2717.0 by @dependabot in #400
- Build(deps): bump bridgecrewio/checkov-action from 12.2717.0 to 12.2720.0 by @dependabot in #401
- Build(deps): bump bridgecrewio/checkov-action from 12.2720.0 to 12.2723.0 by @dependabot in #403
- Build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #404
- Build(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 in /test by @dependabot in #405
- Build(deps): bump bridgecrewio/checkov-action from 12.2723.0 to 12.2726.0 by @dependabot in #408
- Build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #409
- Build(deps): bump hashicorp/setup-terraform from 3.0.0 to 3.1.0 by @dependabot in #410
- Add optional volume size variable by @pricemg in #412
New Contributors
Full Changelog: v4.2.0...v4.2.1
Contributors
pricemg and dependabot
Assets 2
v4.2.0
What's Changed
Add ability to pass in a custom KMS key
- Build(deps): bump bridgecrewio/checkov-action from 12.2659.0 to 12.2660.0 by @dependabot in #361
- Build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #360
- Build(deps): bump bridgecrewio/checkov-action from 12.2660.0 to 12.2664.0 by @dependabot in #362
- Build(deps): bump bridgecrewio/checkov-action from 12.2664.0 to 12.2669.0 by @dependabot in #363
- Build(deps): bump bridgecrewio/checkov-action from 12.2669.0 to 12.2671.0 by @dependabot in #364
- Allow using a custom kms key by @georgepstaylor in #351
Full Changelog: v4.1.2...v4.2.0
Contributors
georgepstaylor and dependabot
Assets 2
v4.1.2
What's New
The variables "bucket_versioning" and "bucket_force_destroy" have been removed as they are set to true in the module. As they're redundant the tflint action was failing.
NOTE - Do not use switch to this version for an existing implementation of a bastion using this module as the changes could result in the stack's deletion & recreation.
What's Changed
- Add user sync script call to userdata by @georgepstaylor in #352
- Allow a custom instance name by @georgepstaylor in #350
- Issue #6114. by @mikereiddigital in #359
New Contributors
- @mikereiddigital made their first contribution in #339
Full Changelog: v4.1.1...v4.1.2
Contributors
georgepstaylor and mikereiddigital
Assets 2
v4.1.1
What's New
Incorrectly positioned variables for scale up and scale down times have been repositioned
What's Changed
- Bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in #283
- Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /test by @dependabot in #285
- Bump bridgecrewio/checkov-action to 12.2553.0 by @dependabot in #288
- Correct switched up/down keys by @georgepstaylor in #289
Full Changelog: v4.1.0...v4.1.1
Contributors
georgepstaylor and dependabot
Assets 2
v4.1.0
What's New
Users can now set customisable schedules for their bastion, through supplying the var.autoscaling_cron variable.
By default, this variable is set as follows:
variable "autoscaling_cron" {
description = "Cron expressions for scale up and scale down"
type = map(string)
default = {
"up" = "0 5 * * *" # 5.00 UTC or 6.00 BST
"down" = "0 20 * * *" # 20.00 UTC or 21.00 BST
}
}
What's Changed
- Bump bridgecrewio/checkov-action a lot
- Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in #190
- Bump ministryofjustice/github-actions from 13 to 14 by @dependabot in #191
- Bump google.golang.org/grpc from 1.50.1 to 1.53.0 in /test by @dependabot in #198
- Bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #221
- Bump terraform-linters/setup-tflint from 3.0.0 to 3.1.0 by @dependabot in #233
- Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #234
- MOJ Compliant Badge Update by @ASTRobinson in #237
- Bump terraform-linters/setup-tflint from 3.1.0 to 3.1.1 by @dependabot in #240
- Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #241
- Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in #244
- Bump actions/cache from 3.3.1 to 3.3.2 by @dependabot in #246
- Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #257
- Bump terraform-linters/setup-tflint from 3.1.1 to 4.0.0 by @dependabot in #258
- Bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @dependabot in #267
- Bump golang.org/x/net from 0.7.0 to 0.17.0 in /test by @dependabot in #268
- Secure code analysis fixes by @dms1981 in #272
- Bump bridgecrewio/checkov-action from 12.2528.0 to 12.2530.0 by @dependabot in #274
- Pointed to latest s3-bucket release and stopped a KMS checkov - CKV2_A… by @SteveLinden in #275
- Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #277
- Allow customisable cron expression for bastion scale up/down schedules by @georgepstaylor in #276
New Contributors
- @ASTRobinson made their first contribution in #237
- @georgepstaylor made their first contribution in #276
Full Changelog: v4.0.0...v4.1.0
Contributors
georgepstaylor, dms1981, and 3 other contributors
Assets 2
v4.0.0
Breaking Changes
- AWS Provider constraint is now set to
~> 5.x. - This will conflict with modules that enforce a constraint of
~> 4.x. You can useterraform providersto show any potential conflicts.
What's Changed
- Bump bridgecrewio/checkov-action from 12.2306.0 to 12.2314.0 by @dependabot in #148
- Bump bridgecrewio/checkov-action from 12.2314.0 to 12.2316.0 by @dependabot in #149
- Bump bridgecrewio/checkov-action from 12.2316.0 to 12.2322.0 by @dependabot in #150
- Bump github/codeql-action from 2.3.2 to 2.3.3 by @dependabot in #152
- Bump bridgecrewio/checkov-action from 12.2322.0 to 12.2325.0 by @dependabot in #151
- Bump bridgecrewio/checkov-action from 12.2325.0 to 12.2333.0 by @dependabot in #154
- Bump bridgecrewio/checkov-action from 12.2333.0 to 12.2336.0 by @dependabot in #155
- Bump bridgecrewio/checkov-action from 12.2336.0 to 12.2338.0 by @dependabot in #156
- Bump bridgecrewio/checkov-action from 12.2338.0 to 12.2339.0 by @dependabot in #157
- Bump bridgecrewio/checkov-action from 12.2339.0 to 12.2341.0 by @dependabot in #158
- Bump bridgecrewio/checkov-action from 12.2341.0 to 12.2346.0 by @dependabot in #161
- Bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #160
- Bump bridgecrewio/checkov-action from 12.2346.0 to 12.2348.0 by @dependabot in #163
- Bump ministryofjustice/github-actions from 12 to 13 by @dependabot in #162
- Bump bridgecrewio/checkov-action from 12.2348.0 to 12.2352.0 by @dependabot in #164
- Bump bridgecrewio/checkov-action from 12.2352.0 to 12.2357.0 by @dependabot in #165
- Bump bridgecrewio/checkov-action from 12.2357.0 to 12.2359.0 by @dependabot in #166
- Bump github/codeql-action from 2.3.3 to 2.3.4 by @dependabot in #167
- Bump github/codeql-action from 2.3.4 to 2.3.5 by @dependabot in #168
- Bump bridgecrewio/checkov-action from 12.2359.0 to 12.2361.0 by @dependabot in #169
- Bump bridgecrewio/checkov-action from 12.2361.0 to 12.2366.0 by @dependabot in #171
- Bump bridgecrewio/checkov-action from 12.2366.0 to 12.2372.0 by @dependabot in #172
- Bump github/codeql-action from 2.3.5 to 2.3.6 by @dependabot in #173
- Bump bridgecrewio/checkov-action from 12.2372.0 to 12.2375.0 by @dependabot in #174
- Bump bridgecrewio/checkov-action from 12.2375.0 to 12.2377.0 by @dependabot in #175
- Adding CONTRIBUTING.md to the top level by @SteveLinden in #176
- Bump bridgecrewio/checkov-action from 12.2377.0 to 12.2380.0 by @dependabot in #177
- Bump github/codeql-action from 2.3.6 to 2.13.4 by @dependabot in #182
- Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #181
- Bump bridgecrewio/checkov-action from 12.2380.0 to 12.2386.0 by @dependabot in #180
- Bump bridgecrewio/checkov-action from 12.2386.0 to 12.2388.0 by @dependabot in #183
- AWS Provider 5.0 upgrade by @dms1981 in #184
Full Changelog: v3.0.8...v4.0.0
Contributors
dms1981, dependabot, and SteveLinden