v1.535.8

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#60)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/cloudfront-s3-cdn/aws to v1.1.1 @[renovate[bot]](https://github.com/apps/renovate) (#59)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudfront-s3-cdn/aws (source)	module	patch	1.1.0 → 1.1.1

---

Release Notes

cloudposse/terraform-aws-cloudfront-s3-cdn (cloudposse/cloudfront-s3-cdn/aws)

v1.1.1

Compare Source

docs: clarify distribution comment is the description @​oycyc (#​353)

The comment corresponds to the description on the AWS console UI! Updating the text here so it's more easily aware.

Generate readme for submodules @​goruha (#​362)

what

• Generate readme for submodules

why

• Allow all to keep the README updated

references

• https://linear.app/cloudposse/issue/DEV-3521/make-cicd-workflow-support-readmes-in-modules-subfolders

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#58)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.45.0 @[renovate[bot]](https://github.com/apps/renovate) (#57)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	0.44.0 -> 0.45.0

---

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

v0.45.0

Compare Source

What's Changed

Breaking Changes

• Remove aws_route53_record_invalid_zone_id rule by @​wata727 in #​979

Enhancements

• Update AWS provider/module and generated content by @​github-actions[bot] in #​981
• Update AWS provider/module and generated content by @​github-actions[bot] in #​990
• Update AWS provider/module and generated content by @​github-actions[bot] in #​999
• Update AWS provider/module and generated content by @​github-actions[bot] in #​1000
• Update AWS provider/module and generated content by @​github-actions[bot] in #​1004
• Update AWS provider/module and generated content by @​github-actions[bot] in #​1005
• Update AWS provider/module and generated content by @​github-actions[bot] in #​1011
• Update AWS provider/module and generated content by @​github-actions[bot] in #​1021

Bug Fixes

• dms_s3_endpoint: fix enum validations by @​bendrucker in #​991
• resource_missing_tags: handle explicit refs to default provider by @​bendrucker in #​1003

Chores

• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​980
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​982
• Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.67 to 2.0.0-beta.68 by @​dependabot[bot] in #​983
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​987
• Bump golang.org/x/net from 0.46.0 to 0.47.0 by @​dependabot[bot] in #​988
• Replace Ruby SDK models with official Smithy repository by @​bendrucker in #​901
• generator: add tests and improve error handling by @​bendrucker in #​992
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​996
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​995
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​997
• Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 by @​dependabot[bot] in #​994
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​1001
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​1006
• Bump github.com/aws/smithy-go from 1.23.2 to 1.24.0 by @​dependabot[bot] in #​1009
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​1008
• Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 by @​dependabot[bot] in #​1007
• Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 by @​dependabot[bot] in [#​1012](https://redirect.github.com/terraform-linters/tflint-ruleset-aws/pull/...

v1.535.7

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#55)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/cloudfront-s3-cdn/aws to v1.1.0 @[renovate[bot]](https://github.com/apps/renovate) (#54)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudfront-s3-cdn/aws (source)	module	minor	1.0.1 -> 1.1.0

---

Release Notes

cloudposse/terraform-aws-cloudfront-s3-cdn (cloudposse/cloudfront-s3-cdn/aws)

v1.1.0

Compare Source

fix: error: No more than 1 "s3_origin_config" blocks are allowed @​Eyjafjallajokull (#​359)

what

• Fixed No more than 1 s3_origin_config blocks are allowed error when using multiple S3 origins with origin access identity enabled
• Changed for_each from iterating over var.s3_origins to using [1] to create a single s3_origin_config block

why

• AWS CloudFront only allows one s3_origin_config block per origin
• The previous implementation incorrectly created multiple blocks when multiple S3 origins were configured

references

fixes #​325

to reproduce error

1. in examples/complete/main.tf#L102 replace origin_access_control with origin_access_identity
   https://github.com/Eyjafjallajokull/terraform-aws-cloudfront-s3-cdn/blob/96703043867c986ff3fc1550448118111a9f5659/examples/complete/main.tf#L102
2. terraform plan fails with the above error.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#53)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v1.535.6

🚀 Enhancements

Remove deprecated `origin_versioning` argument on module `spa_web` @ronaldsteen (#52)

## what * remove deprecated `origin_versioning` on module `spa_web`.

why

• The argument is deprecated

references

• https://github.com/orgs/cloudposse/discussions/100

🤖 Automatic Updates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.43.0 @[renovate[bot]](https://github.com/apps/renovate) (#51)

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	0.42.0 -> 0.43.0

---

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

v0.43.0

Compare Source

What's Changed

Breaking Changes

• Remove aws_ecs_account_setting_default_invalid_name rule by @​wata727 in #​949

Enhancements

• Update AWS provider/module and generated content by @​github-actions[bot] in #​921
• Update AWS provider/module and generated content by @​github-actions[bot] in #​948

Chores

• Bump golang.org/x/net from 0.42.0 to 0.43.0 by @​dependabot[bot] in #​927
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​928
• Bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by @​dependabot[bot] in #​931
• Bump github.com/hashicorp/terraform-json from 0.25.0 to 0.26.0 by @​dependabot[bot] in #​930
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​929
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​932
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​933
• Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @​dependabot[bot] in #​934
• Bump github.com/zclconf/go-cty from 1.16.3 to 1.16.4 by @​dependabot[bot] in #​935
• dependabot: allow actions writes by @​wata727 in #​936
• Fix E2E tests to take into account the newly added JSON fields by @​wata727 in #​944
• Bump actions/attest-build-provenance from 2.4.0 to 3.0.0 by @​dependabot[bot] in #​937
• Bump github.com/aws/smithy-go from 1.22.5 to 1.23.0 by @​dependabot[bot] in #​938
• Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @​dependabot[bot] in #​940
• Bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 by @​dependabot[bot] in #​942
• Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.65 to 2.0.0-beta.66 by @​dependabot[bot] in #​943
• Bump the aws-sdk group with 7 updates by @​dependabot[bot] in #​939
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​941
• Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @​dependabot[bot] in #​945
• Bump golang.org/x/net from 0.43.0 to 0.44.0 by @​dependabot[bot] in #​946
• deps: Bump Go version to 1.25 by @​wata727 in #​950

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.42.0...v0.43.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#50)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#49)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/cloudfront-s3-cdn/aws to v1.0.1 @[renovate[bot]](https://github.com/apps/renovate) (#48)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudfront-s3-cdn/aws (source)	module	patch	1.0.0 -> 1.0.1

---

Release Notes

cloudposse/terraform-aws-cloudfront-s3-cdn (cloudposse/cloudfront-s3-cdn/aws)

v1.0.1

Compare Source

🚀 Enhancements

fix: Resolve unsupported attribute error in S3 website block @​jwadolowski (#​358)

what

Restore lookup() calls in main.tf to address the website_enabled = true use case that was broken when #​340 replaced them with explicit variable calls to avoid silent default value assignments. Additionally includes corresponding module instances in the test suite.

why

website_enabled = true implies a reference to 2 mutually exclusive configurations defined as the local.website_config variable. In the default case, index_document, `erro...

v1.535.5

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#42)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/cloudfront-s3-cdn/aws to v1 @[renovate[bot]](https://github.com/apps/renovate) (#41)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudfront-s3-cdn/aws (source)	module	major	0.98.1 -> 1.0.0

---

Release Notes

cloudposse/terraform-aws-cloudfront-s3-cdn (cloudposse/cloudfront-s3-cdn/aws)

v1.0.0

Compare Source

feat: Backport cloudposse/cloudfront-cdn/aws improvements @​jwadolowski (#​340)

what

Backport of the following cloudposse/terraform-aws-cloudfront-cdn improvements:

• https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/140
• https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/142
• https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/147
• https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/149

Detailed breakdown:

• aws_s3_bucket_cors_configuration is deployed only when at least one CORS origin is defined (examples/complete/minimal.tf fails if this isn't handled)
• don't use lookup() (or any other default variable value fallback method) - all defaults should be defined in the variables.tf file
• wrap optional variables with optional() and provide sane defaults (in most cases that'd be empty string/list/null or predefined AWS default when applicable, e.g. timeout values)
• default origin
  • add origin_keepalive_timeout and origin_read_timeout
• custom origin improvements
  • enable shield configuration
• custom s3 origins
  • allow for shield configuration
  • fix origin_access_control_id assignment (origin.value.s3_origin_config.origin_access_control_id doesn't exist, but origin.value.origin_access_control_id does)
• ordered cache improvements
  • gRPC support
• cookie block should set whitelisted_names param only when forward=whitelist (in all other cases, all and none, the whitelisted_names is automatically set to null)

why

Both CloudPosse CDN modules should stay in sync (feature-wise) and leverage the same set of improvements.

references

• ~includeshttps://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/3477 to re-generate docs after changes. #347 should get merged first~

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.42.0 @[renovate[bot]](https://github.com/apps/renovate) (#40)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	0.41.0 -> 0.42.0

---

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

v0.42.0

Compare Source

What's Changed

Breaking Changes

• Remove aws_guardduty_member_invalid_email rule by @​wata727 in https://github.com/terraform-linters/tflint-ruleset-aws/pull/925
  • This auto-generated rule had invalid regexp.

Chores

• Bump the aws-sdk group with 7 updates by @​dependabot[bot] inhttps://github.com/terraform-linters/tflint-ruleset-aws/pull/9244

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.41.0...v0.42.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.41.0 @[renovate[bot]](https://github.com/apps/renovate) (#38)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	0.40.0 -> 0.41.0

---

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

v0.41.0

Compare Source

What's Changed

Breaking Changes

• fix: update mappings for AWS Provider v6 compatibility by @​bendrucker in https://github.com/terraform-linters/tflint-ruleset-aws/pull/902

Enhancements

• Update AWS provider/module and generated content by @​github-actions[bot] inhttps://github.com/terraform-linters/tflint-ruleset-aws/pull/8888
• Update AWS provider/module and generated content by @​github-actions[bot] inhttps://github.com/terraform-linters/tflint-ruleset-aws/pull/9199

Chores

• Bump the aws-sdk group with 2 updates by @​dependabot[bot] inhttps://github.com/terraform-linters/tflint-ruleset-aws/pull/8877
• Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.222.0 to 1.224.0 in the aws-sdk group by @​dependabot[bot] inhttps://github.com/terraform-linters/tflint-ruleset-aws/pull/8899
• Bump golang.org/x/net from 0.40.0 to 0.41.0 by @​dependabot[bot] inhttps://github.com/terraform-linters/tflint-ruleset-aws/pull/8911
• Bump the aws-sdk group with 6 updates by @​dependabot[bot] in[https://github.com/terraform-linters/tflint-ruleset-aws/pull/892](https://redirect.github.com/terraform-linters/tflint-ruleset-aws/...

v1.535.4

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#37)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/cloudfront-s3-cdn/aws to v0.98.1 @[renovate[bot]](https://github.com/apps/renovate) (#36)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudfront-s3-cdn/aws (source)	module	patch	0.98.0 -> 0.98.1

---

Release Notes

cloudposse/terraform-aws-cloudfront-s3-cdn (cloudposse/cloudfront-s3-cdn/aws)

v0.98.1

Compare Source

fix(lambda@edge): Add support for doc auto-generation with atmos @​jwadolowski (#​347)

what

README.md generation support with atmos CLI.

why

https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/342 replaced Makefile with atmos.yaml for the main module, but Lambda@Edge submodule got overlooked.

references

• https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/342

🤖 Automatic Updates

Fix go version in tests @​osterman (#​343)

what

• Update go 1.24

why

• Error loading shared library libresolv.so.2 in Go 1.20

References

• https://sweetops.slack.com/archives/G014YEKDH4K/p1746672149263629
• https://github.com/golang/go/issues/59305#issuecomment-1488478737
• https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/294/#issuecomment-2859195553

Replace Makefile with atmos.yaml @​osterman (#​342)

what

• Remove Makefile
• Add atmos.yaml

why

• Replace build-harness with atmos for readme genration

References

• DEV-3229 Migrate from build-harness to atmos

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

v1.535.3

chore(deps): restrict aws provider version to < 6.0.0 @Benbentwo (#33)

This pull request includes a version constraint update for the AWS provider in the Terraform configuration file `src/versions.tf`. The change ensures compatibility with versions up to but not including 6.0.0.

• src/versions.tf: Updated the version constraint for the aws provider to >= 4.9.0, < 6.0.0 to ensure compatibility with future versions while avoiding potential breaking changes in version 6.0.0.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#34)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Enable merge queue @goruha (#32)

## what - Added `auto-merge` workflow - Update `settings.yaml` - Fix CodeOwners files

why

• Support auto merge PRs
• Create merge queue
• Implement new CodeOwners policy

Enable merge queue @goruha (#31)

## what - Added `auto-merge` workflow - Update `settings.yaml` - Fix CodeOwners files

why

• Support auto merge PRs
• Create merge queue
• Implement new CodeOwners policy

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.40.0 @[renovate[bot]](https://github.com/apps/renovate) (#7)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	0.23.1 -> 0.40.0

---

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

v0.40.0

Compare Source

What's Changed

Enhancements

• feat: warn against data sources with ephemeral alternatives by @​aristosvo in https://github.com/terraform-linters/tflint-ruleset-aws/pull/861
• rules: Update Lambda deprecated runtimes by @​wata727 in https://github.com/terraform-linters/tflint-ruleset-aws/pull/886
• Update AWS provider/module and generated content by @​github-actions in https://github.com/terraform-linters/tflint-ruleset-aws/pull/870

Chores

• Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/872
• Bump the aws-sdk group with 3 updates by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/873
• Bump actions/attest-build-provenance from 2.2.3 to 2.3.0 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/874
• Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.212.0 to 1.213.0 in the aws-sdk group by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/875
• docs: Rename aws_write_only_attributes.md -> aws_write_only_arguments.md by @​wata727 in https://github.com/terraform-linters/tflint-ruleset-aws/pull/876
• Bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/877
• Bump golang.org/x/net from 0.39.0 to 0.40.0 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/879
• Bump the aws-sdk group with 2 updates by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/878
• Bump github.com/zclconf/go-cty from 1.16.2 to 1.16.3 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/883
• Bump the aws-sdk group with 3 updates by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/882
• Bump github.com/hashicorp/terraform-json from 0.24.0 to 0.25.0 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/884

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.39.0...v0.40.0

v0.39.0

Compare Source

What's Changed

Enhancements

• Update AWS provider/module and generated content by @​github-actions in https://github.com/terraform-linters/tflint-ruleset-aws/pull/840
• Add aws_iam_role_deprecated_policy_attributes rule by @​alexjfisher in https://github.com/terraform-linters/tflint-ruleset-aws/pull/833
• aws_write_only_arguments: recommend write-only arguments where available by @​aristosvo in https://github.com/terraform-linters/tflint-ruleset-aws/pull/860
• Update AWS provider/module and generated content by @​github-actions in https://github.com/terraform-linters/tflint-ruleset-aws/pull/855

Bug Fixes

• provider_missing_default_tags: correctly handle unknown values by @​bendrucker in https://github.com/terraform-linters/tflint-ruleset-aws/pull/851

Chores

• Bump the aws-sdk group with 7 updates by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/839
• Bump golang.org/x/net from 0.35.0 to 0.37.0 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/842
• Bump the aws-sdk group with 7 updates by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/841
• Bump the aws-sdk group with 2 updates by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/845
• Pin GitHub Action versions by @​wata727 in https://github.com/terraform-linters/tflint-ruleset-aws/pull/846
• Bump actions/setup-go from 5.3.0 to 5.4.0 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/847
• Bump the aws-sdk group with 2 updates by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/848
• Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.62 to 2.0.0-beta.63 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/849
• Bump golang.org/x/net from 0.37.0 to 0.38.0 by @​dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/853
• Bump the aws-sdk group with 3 updates...

v1.535.2

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#29)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#28)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/cloudfront-s3-cdn/aws to v0.98.0 @[renovate[bot]](https://github.com/apps/renovate) (#27)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudfront-s3-cdn/aws (source)	module	minor	0.97.0 -> 0.98.0

---

Release Notes

cloudposse/terraform-aws-cloudfront-s3-cdn (cloudposse/cloudfront-s3-cdn/aws)

v0.98.0

Compare Source

fix: terratest w/ go updates @​oycyc (#​337)

Not familiar with how Go works, but following the suggestions to update packages looks to fix the tests in this repository!

The commands I executed per @​Nuru 's suggestion on Slack:

cd test/src
go get -u ./... [github.com/gruntwork-io/terratest](http://github.com/gruntwork-io/terratest) [github.com/stretchr/testify](http://github.com/stretchr/testify) go@1.23
go mod tidy

Slack thread here on CloudPosse: https://sweetops.slack.com/archives/G014YEKDH4K/p1748635698940509?thread_ts=1746672149.263629\&cid=G014YEKDH4K

🚀 Enhancements

replace TLSv1.2_2019 with TLSv1.2_2021 as default policy @​jamerply (#​294)

what

This PR updates the mimimum_protocol_version variable so that it defaults to TLSv1.2_2021 (the current recommended security policy recommended by AWS) instead of TLSv1.2_2019.

why

The most current security policy is no longer TLSv1.2_2019 but is TLSv1.2_2021.

references

See the "Security Policy" heading under the "Distribution Setting" section of the AWS CloudFront Documentation for further information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update terraform cloudposse/utils/aws to v1.4.0 @[renovate[bot]](https://github.com/apps/renovate) (#6)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/utils/aws (source)	module	minor	1.3.0 -> 1.4.0

---

Release Notes

cloudposse/terraform-aws-utils (cloudposse/utils/aws)

v1.4.0

Compare Source

Add il-central-1 region @​jasonmk (#​31)

what

Add new Tel Aviv (il-central-1) region

why

Provide full coverage

references

Sync github @​max-lobur (#​27)

Rebuild github dir from the template

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update terraform cloudposse/stack-config/yaml to v1.8.0 @[renovate[bot]](https://github.com/apps/renovate) (#4)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/stack-config/yaml (source)	module	minor	1.5.0 -> 1.8.0

---

Release Notes

cloudposse/terraform-yaml-stack-config (cloudposse/stack-config/yaml)

v1.8.0: [remote-state] Improve backend compatibility

Compare Source

Among other things detailed below, this release enables users to fix deprecation warnings like:

│ Warning: Deprecated Parameters
│ 
│   with module.account_map.data.terraform_remote_state.data_source[0],
│   on .terraform/modules/account_map/modules/remote-state/data-source.tf line 88, in data "terraform_remote_state" "data_source":
│   88: data "terraform_remote_state" "data_source" {
│ 
│ The following parameters have been deprecated. Replace them as follows:
│   * role_arn -> assume_role.role_arn

(cf. #​93 and #​96)

If you are receiving deprecation warnings from remote-state, they can now be resolved by updating your backend/remote_state_backend configuration to match the version of Terraform or Tofu you are using. For example, change

terraform:
  backend:
    s3:
      bucket: my-tfstate-bucket
      dynamodb_table: my-tfstate-lock-table
      role_arn: arn:aws:iam::123456789012:role/my-tfstate-access-role
  remote_state_backend:
    s3:
      role_arn: arn:aws:iam::123456789012:role/my-tfstate-access-read-only-role

to

terraform:
  backend:
    s3:
      bucket: my-tfstate-bucket
      dynamodb_table: my-tfstate-lock-table
      assume_role:
        role_arn: arn:aws:iam::123456789012:role/my-tfstate-access-role
  remote_state_backend:
    s3:
      assume_role:
        role_arn: arn:aws:iam::123456789012:role/my-tfstate-access-read-only-role

🚀 Enhancements

[remote-state] Improve backend compatibility @​Nuru (#​105)

what

• Improve remote-state backend compatibility

Rather than trying to parse the backend configuration, as a general rule we now just pass it through to the data source. This provides future-proof compatibility with all backends supported by Terraform and OpenTofu.

why

• This prevents the need for updates like #​99 to provide configuration for future S3 backends, while eliminating compatibility issues like #​102.
• This also eliminates deprecation warnings caused by forcing configuration to look a certain way.
• Now, users can manage their own remote state configuration to match their toolset.

references

• Closes #​102

v1.7.0: (not recommended)

[Compare Source](https://redire...

v1.535.1

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#20)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/cloudfront-s3-cdn/aws to v0.97.0 @[renovate[bot]](https://github.com/apps/renovate) (#3)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/cloudfront-s3-cdn/aws (source)	module	minor	0.95.0 -> 0.97.0
cloudposse/cloudfront-s3-cdn/aws (source)	module	minor	0.92.0 -> 0.97.0

---

Release Notes

cloudposse/terraform-aws-cloudfront-s3-cdn (cloudposse/cloudfront-s3-cdn/aws)

v0.97.0

Compare Source

🚀 Enhancements

feat: Add support for custom Lambda@Edge policies @​jwadolowski (#​333)

what

Execution role associated with Lambda@Edge comes with a hardcoded policy that enables write access to CloudWatch logs. This PR adds support for additional policies. It was implemented in a similar fashion to additional_bucket_policy from the parent module.

why

It's a fairly common situation that a Lambda@Edge function needs access to other AWS services/resources than CloudWatch logs. aws_lambda_function's role argument expects a single role ARN, therefore the only reasonable option is to append new policy statements to the IAM role created in scope of this module.

references

closes #​261

v0.96.2

Compare Source

🚀 Enhancements

Set allowed and cache methods as non nullable @​travis-reed (#​324)

what

Set allowed_methods and cached_methods as non nullable

Setting nullable to false ensures that the variable value will never be null within the module. If nullable is false and the variable has a default value, then Terraform uses the default when a module input argument is null.

why

I want to be able to sometimes call this module with explicit allowed_methods and cached_methods and sometimes just use the module defaults.

As it stands, I cannot do that without making my default value match your default value. It would be better for the module to use its defaults when I pass in null

Right now I am hitting

Error: Missing required argument

  with module.fanx.module.sdp_assets.module.static_cdn.aws_cloudfront_distribution.default[0],
  on /tmp/terraform-data-dir/modules/fanx.sdp_assets.static_cdn/main.tf line 522, in resource "aws_cloudfront_distribution" "default":
 522:     allowed_methods            = var.allowed_methods

The argument "default_cache_behavior.0.allowed_methods" is required, but no
definition was found.

Which I can work around by setting a default on my side, but it isn't ideal behavior

references

• https://developer.hashicorp.com/terraform/language/values/variables#disallowing-null-input-values
• https://stackoverflow.com/questions/72213875/transformer-how-to-call-a-module-with-variables-as-default-value

Additional Notes

I wouldn't consider this a breaking change. Today, the behavior if you pass in null as the argument to the module you will get a failure as shown above. This makes passing in null possible without negatively impacting existing users.

Make sure tags are associated with Lambda functions(#​332)

why

tags argument is not set at all which results in an empty tag list.

references

https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/blob/v0.96.1/modules/lambda%40edge/main.tf#L78-L86

v0.96.1

Compare Source

🚀 Enhancements

memory and timeout vars for lambda@edge @​mihaiplesa (#​330)

what

Allow to configure memory size and timeout for Lambda@Edge module.

why

These fields are not configurable now.

references

Resolves https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues/331

v0.96.0

Compare Source

Adding origin_access_control_id to custom_origins @​jjchiw (#​326)

Adding Origin Access Control Id to Custom Origins

what

Custom Origins didn't have Origin Access Control

Implements this infrastructure

https://aws.amazon.com/blogs/networking-and-content-delivery/image-optimization-using-amazon-cloudfront-and-aws-lambda/

why

Custom Origins didn't have Origin Access Control if we wanted to invoke a lambda we were not able to do it

references

Summary by CodeRabbit

• New Features

  • Enhanced configuration options for custom origins in CloudFront with the addition of origin_access_control_id.
  • Updated variable definitions for custom_origins and s3_origins to include access control ID.

• Bug Fixes

  • Deprecated certain variables to streamline configuration and encourage best practices.

• Documentation

  • Updated documentation to reflect changes in variable structures and configurations.

v0.95.1

Compare Source

Add support for origin-access-control @​rankin-tr (#​319)

what

• add Origin Access Control feature
  • add var.origin_access_type to enable Origin Access Identity or Origina Access Control policy
  • add aws_cloudfront_origin_access_control.default resource
  • add origin_access_control_id argument to origin config on aws_cloudfront_distribution.default
• update example code
• update README

why

• provide the ability to make use of an Origin Access Control
  • retain default origin access identity behavior
• AWS recommends using origin access control
• Origin Access Identities are flagged in AWS Security Hub

references

• Closes #​244
• https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

</det...

v1.535.0

Migrate component from cloudposse/terraform-aws-components

v1.534.0

Migrate component from cloudposse/terraform-aws-components