v1.7.1

🚀 Enhancements

Add depends_on to S3 bucket locking resource @goruha (#195)

## what * Add depends_on to S3 bucket locking resource

why

• Locking can be enabled only after versioning is enabled
• Fix cold start

v1.7.0

Backend config file is not compliant with the canonical format when the S3 lockfile option is enabled @vonZeppelin (#193)

## what Generated backend config file is not compliant with the canonical Terraform format and style when the S3 lockfile option is enabled due to excessive indent. Additionally, the `use_lockfile` param is boolean, not string. ``` ...

use_lockfile = "true"

## why
After formatting the generated file with `terraform fmt` command to follow the TF style, running `terraform apply` will revert the change.
</details>

v1.6.0

add support for S3 object based TF state lock @smangels (#192)

## what

This PR provides the code changes necessary to support Terraform state lock based on S3 object locks. It is closes #184 . I've decided to create the branch from release v1.5.0. Note that the change allow for smooth migration by keeping the DynamoDB related resources in place until all dependent deployments using the same framework have been migrated. After that the DynamoDB related switch can be changed to FALSE.

why

The Hashicorp Terraform project has marked the DynamoDB-based state lock as 'deprecated' and encourages the new TF state lock mechanism.

references

https://github.com/hashicorp/terraform/blob/v1.11/CHANGELOG.md#1110-february-27-2025

🤖 Automatic Updates

Fix go version in tests @osterman (#190)

## what - Update go `1.24`

why

• Error loading shared library libresolv.so.2 in Go 1.20

References

• https://sweetops.slack.com/archives/G014YEKDH4K/p1746672149263629
• golang/go#59305 (comment)
• cloudposse/terraform-aws-cloudfront-s3-cdn#294

Replace Makefile with atmos.yaml @osterman (#189)

## what - Remove `Makefile` - Add `atmos.yaml`

why

• Replace build-harness with atmos for readme genration

References

• DEV-3229 Migrate from build-harness to atmos

Migrate new test account @osterman (#182)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

v1.5.0

• No changes

v1.4.2

feature: Add ability to use KMS encryption @pazaan (#178)

what

• Add the ability to use KMS encryption through the addition of the sse_encryption and kms_master_key_id variables.

why

• Some business have security policies that require the use of customer-managed keys.
• As per the statement in #105, the default behavior has been left the same as it currently is.

references

• closes #105

v1.4.1

feature: Add support for deletion_protection_enabled attribute for DynamoDB @Hamza-Aziz (#156)

what

This PR add support for the attribute deletion_protection_enabled in the DynamoDB ressource

why

To address an issue #143
To present or force DynamoDB table deletion

references

To address an issue #143
https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-dynamodb-table-deletion-protection/

chore: points to correct issue in README link @Gowiem (#154)

what

• Fixes link in README that was pointing to wrong issue

why

• We don't want to lead people astray 👍

references

• This is a redo of #153 by @tripplilley. Fame, fortune, and internet points go to him 😄

🤖 Automatic Updates

Update README.md and docs @cloudpossebot (#155)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @cloudpossebot (#152)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v1.4.0

fix: s3 backend deprecated role_arn field @basvandijk (#151)

what

The following step was returning an error:

terraform init -force-copy

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing modules...
Terraform encountered problems during initialisation, including problems
with the configuration, described below.

The Terraform configuration must be valid before initialization so that
Terraform can determine which modules and providers need to be installed.
╷
│ Error: Argument or block definition required
│
│   on backend.tf line 9, in terraform:
│    9:     assume_role.role_arn = ""
│
│ An argument or block definition is required here. To set an argument, use the equals sign "=" to introduce the argument value.
╵

🤖 Automatic Updates

Update README.md and docs @cloudpossebot (#150)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v1.3.0

fix: Better TF formating when dynamodb_table is empty when creating backend template file @SMontiel (#149)

what

Improve TF formatting when a DynamoDB table is not specified.

why

As our CI pipeline checks formatting and we don't use a DynamoDB for locking, we keep committing changes made to the backend file which is handled by this module.

references

N/A

v1.2.0

feat: add user_policy_document parameter @dod38fr (#142)

what

This parameter allows the user to specify policies that are applied to the S3 bucket with the policies defined by this module.

why

We want to add policies that forbid non admin users to access the bucket containing tfstates.

This commit allow us to specify a policy that implement these restriction without clobbering the policies put in place by this module.

Note that I have no problem to change the name of this new parameter if you want another.

references

Closes: #115

v1.1.1

tfsec ignores added @davenicoll (#136)

what

• added tfsec ignores to false positives

why

• the terraform aws_s3_bucket resource was updated some time ago to deprecate access policies, encryption and logging as arguments, instead preferring separate terraform resources. tfsec incorrectly highlights the aws_s3_bucket resource are CRITICALly vulnerable.

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#argument-reference

Sync github @max-lobur (#138)

Rebuild github dir from the template

🐛 Bug Fixes

Always require TLS connection to S3 bucket @Nuru (#139)

what

• Always require TLS connection to S3 bucket

why

• Restores intended behavior
• Fixes crash. Supersedes and closes #135. Thank you @dod38fr