Releases: terraform-ibm-modules/terraform-ibm-landing-zone
v4.0.1
v4.0.0
4.0.0 (2023-05-30)
Features
BREAKING CHANGES
- All patterns will now utilize the
clean_default_security_groupandclean_default_aclvariables added toterraform-ibm-landing-zone-vpcin v7.1.0, which if set to "true" will remove all rules from the default security groups and ACLs created automatically when new VPCs are deployed.
All patterns will now set both variables to "true" by default for all VPCs, and you can override these values for each VPC when using the "override.json" file. Please reference the example override.json files in each pattern for examples. The new settings will look like the following:
"vpcs": [
{
"default_security_group_rules": [],
"clean_default_security_group": true,
"clean_default_acl": true,Since the default security group and ACL for a VPC are created with very permissive rules, setting these values to "true" to remove those rules will increase the overall security posture of the deployment.
v3.8.4
v3.8.3
v3.8.2
v3.8.1
3.8.1 (2023-05-12)
Bug Fixes
The terraform-ibm-landing-zone-vpc module used by this solution will now add appropriate IBM Cloud ACL rules for all created VPCs. This solution was also adding those same rules. The result was VPC ACLs that had duplicate rules.
This release will remove the IBM Cloud ACL rules from this solution, and allow the terraform-ibm-landing-zone-vpc module to add these rules when creating the VPC.
NOTE: when upgrading to this release, you may notice that existing ACLs created by previous versions will be marked as Terraform as needing to be removed or updated. This is expected, as the duplicate rules would be removed from existing ACLs.
v3.8.0
3.8.0 (2023-05-11)
Features
- added a fix (by introducing new optional variable
existing_ssh_key_name) to prevent SSH keys being identified for destroy due to regression introduced in v3.5.0 (#434) (19e26f3)
NOTES:
- For patterns that need an ssh key for configuration of a Virtual Server Instance (VSI), you can either create a new SSH Key resource, or use an existing resource, by doing the following:
- to create a new SSH Key resource, supply the input variable
ssh_public_key - to use an existing SSH Key resource in your account, supply the input variable
existing_ssh_key_name - if neither value is supplied, and no keys are provided via override, a Terraform error will be thrown
- to create a new SSH Key resource, supply the input variable
- If you are using the
override.jsonto provide SSH Keys:- to create new SSH Key resources, supply both "name" and "public_key" fields
- to use existing keys, supply only "name" field
v3.7.0
3.7.0 (2023-05-03)
Dependency updates:
- terraform-ibm-landing-zone-vpc v6.0.1 -> v7.0.1
- Required IBM terraform provider is now >= 1.52.0
Consumer update actions:
Consumers using override.json and looking to update to this version need to:
- modify their JSON to remove
use_manual_address_prefixesfrom thevpcsarray, as this was removed in terraform-ibm-landing-zone-vpc 7.x - add an
address_prefixesmap to all of the VPC items in thevpcsarray. For example:
"address_prefixes": {
"zone-1": [],
"zone-2": [],
"zone-3": []
}
NB: If address_prefixes is not set, the VPC 7.x module will assume "auto prefix" and attempt to destroy/create the VPC