cloudposse / terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the `terraform.tfstate` file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption.
https://cloudposse.com/accelerate
Apache License 2.0
408 stars 177 forks source link

Update Terraform cloudposse/s3-log-storage/aws to v1 (release/v0) #133

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

notes

Mend Renovate

This PR contains the following updates:

Package Type Update Change
cloudposse/s3-log-storage/aws (source) module major 0.26.0 -> 1.1.0

Release Notes

cloudposse/terraform-aws-s3-log-storage ### [`v1.1.0`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/1.1.0) [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/1.0.0...1.1.0)
Adding "object_lock_configuration" variable @​ramses999 (#​84) #### what Adding "object_lock_configuration" variable which is used in module "cloudposse/s3-bucket/aws" #### why Must be able to use the Object Lock option for S3 in this module #### references https://github.com/cloudposse/terraform-aws-s3-bucket/blob/6837ed7b2f2460043d6be3981f16ed90563fd12a/main.tf#L5
### [`v1.0.0`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/1.0.0) [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/0.28.3...1.0.0) #### Important Notes - Terraform version 1.3.0 and Terraform AWS version 4.9.0 or later are required - The new `bucket_key_enabled` flag defaults to `false` for backward compatibility. At one point we recommend setting it to true for significant savings on KMS usage, but since bucket keys are only reused within a user session, it is not clear if it provides any savings at all. See [AWS docs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html) for more information. - The new `lifecycle_configuration_rules` input replaces the now deprecated individual inputs for individual settings of a single lifecycle rule. See the [terraform-aws-s3-bucket documentation](https://togithub.com/cloudposse/terraform-aws-s3-bucket/blob/6837ed7b2f2460043d6be3981f16ed90563fd12a/variables.tf#L122-L154) for details on how to specify lifecycles using `lifecycle_configuration_rules`. This mechanism is much more flexible and closely follows the Terraform `aws_s3_bucket_lifecycle_configuration` resource. - The new `source_policy_documents` input replaces the now deprecated `policy` input to match changes to the `aws_iam_policy_document` resource - You can now select default values for (non-deprecated) inputs by setting them to `null` - With Terraform 1.3 the manual interventions documented for upgrading to this module's versions 0.27.0 and 0.28.0 are no longer needed. You can safely upgrade from any earlier version to this one (although we always recommend leaving `force_destroy` at its default value of `false`, and if you have it set to `true` but want extra safety against the S3 bucket being destroyed, set it to `false` ***before*** upgrading). - The `force_destroy_enabled` flag introduced in v0.27.0 has been removed - In version 0.28.0, old lifecycle rule variables were deprecated and the new `lifecycle_configuration_rules` input was introduced. In that version, you would continue to get the old default lifecycle rule even if you supplied new rules via `lifecycle_configuration_rules`. Now, the default behavior is to ignore all the deprecated lifecycle inputs when the `lifecycle_configuration_rules` input is not empty, unless you explicitly set `lifecycle_rule_enabled` to true. *** ##### Enhancements
Automate upgrade using `moved` blocks @​Nuru (#​81) #### what - Automate the upgrade process from v0.26.0 or earlier by using `moved` block functionality introduced in Terraform 1.3.0 - Add `nullable = false` for module input variables which have a default value and where null is not a sensible/handled value for the variable. #### why - Safely upgrade without loss of data or manual intervention - Allow users to select default values by setting inputs to `null`, closes [#​63](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/63)
### [`v0.28.3`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/0.28.3): Not recommended, use v0.26.0 or v1.x instead [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/0.28.2...0.28.3) ### Update: This version no longer recommended With the release of version 1.0.0 of this module, use of this version is no longer recommended. When you are able to use Terraform v1.3.0 or later and Terraform AWS provider v4.9.0 or later, upgrade directly to v1.0.0 or later of this module. #### 🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v3 @​renovate (#​78) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [cloudposse/s3-bucket/aws](https://registry.terraform.io/modules/cloudposse/s3-bucket/aws) ([source](https://togithub.com/cloudposse/terraform-aws-s3-bucket)) | module | major | `2.0.1` -> `3.0.0` | ***
### [`v0.28.2`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/0.28.2): Action required if updating from prior to v0.28.0 [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/0.28.1...0.28.2) ### Update: This version no longer recommended With the release of version 1.0.0 of this module, use of this version is no longer recommended. When you are able to use Terraform v1.3.0 or later and Terraform AWS provider v4.9.0 or later, upgrade directly to v1.0.0 or later of this module. [v0.28.0](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/0.28.0) introduced breaking changes with **high risk of permanent data loss**. See release notes there. This is only a safe upgrade if upgrading from v0.28.0. We will convert to semantic versioning (incrementing the major version number for breaking changes), but having missed the opportunity to do that for earlier versions of this module, we are waiting for the next major change, expected to be soon after Terraform v1.3 is released. #### 🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v2.0.1 @​renovate (#​76) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [cloudposse/s3-bucket/aws](https://registry.terraform.io/modules/cloudposse/s3-bucket/aws) ([source](https://togithub.com/cloudposse/terraform-aws-s3-bucket)) | module | patch | `2.0.0` -> `2.0.1` |
### [`v0.28.1`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/0.28.1): accidental release, do not use [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/0.28.0...0.28.1) [v0.28.0](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/0.28.0) introduced breaking changes with **high risk of permanent data loss**. See release notes there. This is only a safe upgrade if upgrading from v0.28.0. We will convert to semantic versioning (incrementing the major version number for breaking changes), but having missed the opportunity to do that for earlier versions of this module, we are waiting for the next major change, expected to be soon after Terraform v1.3 is released.
git.io->cloudposse.tools update @​dylanbannon (#​73) #### what and why Change all references to `git.io/build-harness` into `cloudposse.tools/build-harness`, since `git.io` redirects will stop working on April 29th, 2022. #### References - DEV-143
#### 🤖 Automatic Updates
Update Terraform cloudposse/s3-bucket/aws to v2 @​renovate (#​72) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [cloudposse/s3-bucket/aws](https://registry.terraform.io/modules/cloudposse/s3-bucket/aws) ([source](https://togithub.com/cloudposse/terraform-aws-s3-bucket)) | module | major | `0.49.0` -> `2.0.3` | ***
### [`v0.28.0`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/0.28.0): (Action Needed) Support AWS v4 provider [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/0.27.0...0.28.0) ### WARNING, DATA LOSS LIKELY if you do not follow upgrade instructions: - Upgrade instructions: [v0.27.0 to v0.28.0](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-\(POTENTIAL-DATA-LOSS\)) - Upgrade instructions: [versions prior to v0.27.0 to v0.27.0 ](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-\(POTENTIAL-DATA-LOSS\)) #### 🚀 Enhancements
Support AWS v4 provider @​Nuru (#​71) #### what - Migrate to AWS v4 Terraform provider - Add features - Allow full S3 storage lifecycle configuration - Allow multiple bucket policy documents - Allow specifying the bucket name directly, rather than requiring it to be generated by `null-label` - Allow specifying S3 object ownership - Allow enabling S3 bucket keys for encryption - Deprecate variable by variable specification of a single storage lifecycle rule - Add extra safety measure `force_destroy_enabled` #### why - AWS v4 broke this module - Feature parity - Replaced with more power and more flexible input - Reduce the chance that automated upgrades will cause data loss #### references - Upgrade instructions: [v0.27.0 to v0.28.0](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)) - Upgrade instructions: [versions prior to v0.27.0 to v0.27.0 ](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS))
### [`v0.27.0`](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/0.27.0): (WARNING: Potential Data Loss) Prepare for AWS provider v4 [Compare Source](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/compare/0.26.0...0.27.0) ### Update: This version no longer recommended With the release of version 1.0.0 of this module, use of this version is no longer recommended. When you are able to use Terraform v1.3.0 or later and Terraform AWS provider v4.9.0 or later, upgrade directly to v1.0.0 or later of this module. ### Warning: Potential total data loss This release is a refactoring in preparation for supporting Terraform AWS Provider v4. One feature was removed, but otherwise there are no changes to inputs or behavior. However, the Terraform "addresses" of resources have changed, so you are need to run several `terraform state mv` commands. **Warning:** failure to run the required `terraform state mv` commands will cause Terraform to delete your existing S3 bucket and create a new one, **deleting all the data stored in the bucket in the process.** Details on how to safely upgrade are in this repository's Wiki [here](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-\(POTENTIAL-DATA-LOSS\)) #### Support for "MFA delete" removed In [#​54](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/54) a contributor added support for [MFA delete](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html) via the `versioning_mfa_delete_enabled`. In AWS provider version 3.x this argument was [documented](https://registry.terraform.io/providers/hashicorp/aws/3.74.3/docs/resources/s3\_bucket#mfa_delete) with the caveat > This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS. With AWS provider version 4.0, this argument now does toggle the setting. Unfortunately, that adds the requirement then when it is enabled, you must supply a current MFA token every time you run `terraform apply`. That is not compatible with automation, and therefore we have no intention to support it and have removed the `versioning_mfa_delete_enabled` input. #### 🚀 Enhancements
Refactor to use s3-bucket module, update in general @​Nuru (#​66) #### what - Refactor to use [terraform-aws-s3-bucket](https://togithub.com/cloudposse/terraform-aws-s3-bucket) - Remove support for `mfa_delete` - Pin AWS provider `< 4.0` and disable Renovate bot, closes #​64 - General updates #### why - Simplify maintenance and standardize on single S3 bucket module, in preparation for upgrade to Terraform AWS provider v4 - With Terraform AWS provider v4, having `mfa_delete` enabled requires entering an MFA token for every Terraform operation, which is incompatible with automation. Users requiring `mfa_delete` should either not use Terraform or create their own fork. - Current module does not work with AWS v4, but Renovate would try to update it anyway - Stay current with boilerplate and management tools #### notes This is the first of 2 upgrade releases to get this module to support Terraform AWS Provider v4. We are breaking it into 2 releases so that users have the option of upgrading step-by-step rather than all at once. Upgrade instructions are [here](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0).
Cleanups and safety checks for upgrade @​Nuru (#​70) #### what - Add warning to README and error when `force_destroy` is `true` - Maintain rule name for lifecycle rule - Disable Renovate bot #### why - If `force_destroy` is `true` then an automated, unattended process could cause the S3 bucket to be deleted and all data in it irretrievably lost - Remove an unwanted and unneeded source of changes created by upgrading - This version should not be updated, it is pinned for compability #### references Closes Renovate PRs: - Closes [#​67](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/67) (do not want) - Closes [#​68](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/68) (incorporated via `build-harness`) - Closes [#​69](https://togithub.com/cloudposse/terraform-aws-s3-log-storage/issues/69) (do not want)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

âš  Warning: custom changes will be lost.

Nuru commented 1 year ago

/test all

Nuru commented 1 year ago

/test all