v1.2.0

🚀 Enhancements

Add origin_access_control_id feature @Genesys05 (#112)

## what

• add origin_access_control_id optional variable to define origin_access_control on Cloudfront
• add origin_access_control_id argument on cloudfront_distribution resource
• Update the Readme with new vars

why

I done that because before you can't use Origin access control with this module.

🤖 Automatic Updates

Update .github/settings.yml @osterman (#135)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#134)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#133)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#132)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#131)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

v1.1.0

🚀 Enhancements

feat: allow aws_cloudfront_origin_access_identity to be toggled on/off @venkatamutyala (#127)

what

Even when i'm using an external origin (ex. a GCP IP) it appears aws_cloudfront_origin_access_identity always gets created. This is to provide a toggle to disable it.

why

The aws_cloudfront_origin_access_identity resource isn't required for all use cases Ex. using cloudfront in front of non-AWS resources.

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity

🤖 Automatic Updates

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#128)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

v1.0.1

🚀 Enhancements

Update default minimum viewer protocol to TLSv1.2_2021 @venkatamutyala (#117)

what

By default deprecated protocols are being supported:

This change would disable support for viewers using TLS 1.1 and TLS 1.0.

why

1.0 and 1.1 are known to be deprecated/insecure. To save folks trouble by their security teams using the latest version seems the most appropriate.

references

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html

🤖 Automatic Updates

Bump golang.org/x/net from 0.0.0-20210614182718-04defd469f4e to 0.17.0 in /test/src @dependabot (#122)

Bumps golang.org/x/net from 0.0.0-20210614182718-04defd469f4e to 0.17.0.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Add GitHub Settings @osterman (#118)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#115)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v1.0.0

Support AWS Provider V5 @max-lobur (#103)

what

Support AWS Provider V5
Major release due to breaking change in S3 upgraded module
Linter fixes

why

Maintenance

references

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0

Sync .github @max-lobur (#98)

Rebuild github dir from the template

v0.26.0

• No changes

v0.25.0

Add response_headers_policy_id to ordered cache options @adamcrews (#93)

what

• Add the ability to specify the response_headers_policy_id in the ordered cache

why

• This setting is available for the default cache config, and should also be available for ordered cache config.

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#response_headers_policy_id

v0.24.2

enable http3 @kevcube (#90)

what

• Enable HTTP/3 support in CloudFront

why

• It's faster, and shinier than http/2

references

• https://aws.amazon.com/blogs/aws/new-http-3-support-for-amazon-cloudfront/
• https://blog.cloudflare.com/http-3-vs-http-2/
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#http_version

git.io->cloudposse.tools update @dylanbannon (#87)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

🤖 Automatic Updates

Update Terraform cloudposse/route53-alias/aws to v0.13.0 @renovate (#81)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/route53-alias/aws (source)	module	minor	0.12.1 -> 0.13.0

---

Release Notes

cloudposse/terraform-aws-route53-alias

v0.13.0

Compare Source

BREAKING CHANGE: Because this release changes resource addresses, it will result in Terraform destroying and recreating some resources. Please consider removing aws_route53_record resources from the state and importing them to the new resource addresses if you do not with for any destructive changes.

Fix: Add BridgeCrew Suppressions @​korenyoni (#​39)

##### what

• Add BridgeCrew suppressions

why

Add suppressions appearing in #​37

##### references * #​37

Chore: Run 'make github/init' @​korenyoni (#​38)

##### what * Run `make github/init` ##### why * Updates GHA-workflow-related files to their latest distribution in https://github.com/cloudposse/build-harness * Allows using `no-release` label for consolidating multiple PRs into a single release. ##### references * N/A

##### 🐛 Bug Fixes

Fix: create records using `for_each` instead of `count` @​1david5 (#​37)

##### what * Modify `default` and `ipv6` `aws_route53_record` resources to use `for_each` instead of `count`. ##### why * Prevent destroying and recreating DNS records when removing elements from `aliases` list.

---

Update Terraform cloudposse/s3-log-storage/aws to v0.26.0 @renovate (#71)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/s3-log-storage/aws (source)	module	minor	0.24.1 -> 0.26.0

---

Release Notes

cloudposse/terraform-aws-s3-log-storage

v0.26.0

Compare Source

Add S3 bucket ownership controls @​max-lobur (#​61)

#### what * Set aws_s3_bucket_ownership_controls to BucketOwnerPreferred #### why * Per [docs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) this setting will let object uploader decide ownership. If `bucket-owner-full-control` ACL is specified, the bucket account take ownership, otherwise the writer account keeps ownership. Bucket on its side may enforce presence of the `bucket-owner-full-control` ACL which we already do when needed. So this setting was the only missing piece to make ownership work like we expected * I found no use cases for the other value of this resource: `ObjectWriter`. It corresponds to legacy S3 behavior which was broken for us. Decided to always set to `BucketOwnerPreferred` and not allow to customize. If the owner must be preserved, we should not pass `bucket-owner-full-control` - this is a more clear way to control the behavior. #### references * https://aws.amazon.com/blogs/storage/enforcing-ownership-of-amazon-s3-objects-in-a-multi-account-environment/ * https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls#ObjectWriter

v0.25.0

Compare Source

Add support for bucket notifications @​max-lobur (#​60)

#### what * Add support for bucket notifications * Only SQS destination for now #### why * To enable log collection

---

v0.24.1

🚀 Enhancements

Dont send ssl_support_method for default certificate @rusowyler (#80)

what

• Don't send ssl_support_method when using cloudfront_default_certificate

why

• It's only required if you specify acm_certificate_arn or iam_certificate_id
• Sending it will cause Terraform to try to update CF on every deploy

  ~ viewer_certificate {
      + ssl_support_method             = "sni-only"
        # (2 unchanged attributes hidden)
    }
    # (5 unchanged blocks hidden)

v0.24.0

Adding origin shield variables @justnom (#78)

what

• Add variables to enable the Origin Shield for the CloudFront distribution

why

• Using Origin Shield can help reduce the load on your origin.

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin_shield

v0.23.1

🤖 Automatic Updates

Update Terraform cloudposse/route53-alias/aws to v0.12.1 @renovate (#77)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/route53-alias/aws (source)	module	patch	0.12.0 -> 0.12.1

---

Release Notes

cloudposse/terraform-aws-route53-alias

v0.12.1

Compare Source

🤖 Automatic Updates

Update context.tf @​cloudpossebot (#​36)

##### what This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` ##### why To support all the features of the `context` interface.

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.