Releases: cloudposse/terraform-aws-iam-role
Releases · cloudposse/terraform-aws-iam-role
v0.20.0
feat: support inline policies @nitrocode (#79)
## what- support inline policies
why
- Most of the time users want to create a specific policy for a specific role and don't realize that the same policy can be accidentally reused for another purpose which makes it difficult to delete the role and policy
- Inline policies do not need to be tagged
- If a managed policy is updated and is attached to multiple roles, now it will impact multiple roles
references
- closes #78
🤖 Automatic Updates
Migrate new test account @osterman (#77)
## what - Update `.github/settings.yml` - Update `.github/chatops.yml` fileswhy
- Re-apply
.github/settings.yml
from org level to getterratest
environment - Migrate to new
test
account
References
- DEV-388 Automate clean up of test account in new organization
- DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
- DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @osterman (#76)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.yml
from org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#75)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.yml
from org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @osterman (#74)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.yml
from org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write @osterman (#72)
## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PRwhy
- So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#71)
## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repowhy
- Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#70)
## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` actionwhy
- The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @osterman (#69)
## what - Update workflows (`.github/workflows/settings.yaml`)why
- Support new readme generation workflow.
- Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#66)
## what- Install latest GitHub Action Workflows
why
- Use shared workflows from
cldouposse/.github
repository - Simplify management of workflows from centralized hub of configuration
Bump golang.org/x/net from 0.0.0-20220421235706-1d1ef9303861 to 0.17.0 in /test/src @dependabot (#65)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220421235706-1d1ef9303861 to 0.17.0.Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
v0.19.0
IAM Role name length limit @goruha (#58)
what
- Fix IAM role name length limit
why
- Fix IAM role name length limited to 64
Sync github @max-lobur (#54)
Rebuild github dir from the template
v0.18.0
- No changes
v0.17.0
Update main.tf @karinatitov (#50)
have a chance to configure the name of the policy
what
- With this change i want to have an ability to provide a custom name for the policy
why
- the resources i'm working with were not created in the same way this module assumes
- to have a chance to configure the name of the policy
git.io->cloudposse.tools update @dylanbannon (#46)
what and why
Change all references to git.io/build-harness
into cloudposse.tools/build-harness
, since git.io
redirects will stop working on April 29th, 2022.
References
- DEV-143
v0.16.2
🚀 Enhancements
Add enabled check to data source @nitrocode (#45)
what
- Add enabled check to data source
- Add TestExamplesCompleteDisabled check
why
- Prevent creation if enabled is false
references
v0.16.1
🚀 Enhancements
Disabling all tags in all iam resources @jamengual (#44)
what
- In #43 I added the option to disable role tags but in environments where roles are created under very strict controls, the policy tags for the roles sometimes can't be tagged. This change disable tags for all IAM related resources.
why
- to disable tags for role-related things. Use one variable instead of two.
references
v0.16.0
Making tags for roles optional @jamengual (#43)
what
- Make role tags optional
why
- Restrictive policy boundaries do not allow tag roles in highly secure environments.
v0.15.0
v0.14.1
Fix: Fix Variable Description Typo for `var.use_fullname` @korenyoni (#36)
what
- Fix variable description typo introduced in #35 for
var.use_fullname
why
- Minor typo (unmatched right bracket).
references
Drop unused null provider @Xerkus (#34)
what
- Drop
hashicorp/null
provider from dependencies
why
- As far as I can tell the null provider is not used and I do not think it is needed for any kind of indirect dependency
- I think it was needed at some point for terraform-null-label
references
- Closes #31
Fix: fix variable description for `var.use_fullname`, run `make github/init` @korenyoni (#35)
what
- Fix variable description for
var.use_fullname
. - Run
make github/init
.
why
- The
var.use_fullname
variable description is incorrect and refers to ECR repositories instead of IAM roles. - Running
make github/init
will update GHA-workflow related files (and CODEOWNERS), the former of which is required for theno-release
label (which allows for consolidating multiple small PRs such as this into one release).
references
- N/A
🚀 Enhancements
v0.14.0
Add assume role policy conditions and managed iam policies @sebastianmacarescu (#33)
what
- option to attach AWS Managed IAM policies to created role
- option to add conditions to trust policy
why
- we should be able to use aws managed policies (or any other policies) and not create new ones dedicated for this role
- we should be able to add conditions on who can assume this role (mfa enabled, be part of organization, specific session name, etc)
references
- closes #24
- documentation for conditions: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
- documentation for conditions in trust role policies: https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/