feat: v10.1.0

[esacteksab]

#150 Introduces breaking changes. While I believe the changes should exist, short of quite a bit more effort, there isn't an upgrade path for users of the existing module where the changes that exist in this update provide. So this is a compromise.

I had imagined cutting two releases.

• v10.1.0 (this one) which would allow users of the existing module to reap these benefits without further work (maybe setting appropriate variables).
• v11.0.0 (BREAKING_CHANGES: V11 #150). This would allow anyone adopting the module for the first time to not have to deal with the breaking changes that exist as a result of the changes.

Long-term, I don't want to manage two branches.

I can add something to the existing README on both releases that talks about the versions and usage for both.

Closes:

• attach more security groups to load balancer #125

Additions:

• Adds support for Connection Logging on the ALB, disabled by default.
• In addition to passing in a bucket name with logs_s3_bucket, the bool enable_access_logs and enable_connection_logs (both default to false) need to be set to true to enable logging of either type.
• Supports adding the ALB to additional security groups.
• Changed the default alb_ssl_policy to ELBSecurityPolicy-TLS13-1-2-2021-06.
• Added enable_waf_fail_open with a default value of false.
• Added preserve_host_header variable with a default value of false.
• Added drop_invalid_host_headers variable with default value of true.

POTENTIAL BREAKING CHANGES

• This pins AWS Provider to ~> 5.0.

General Housekeeping

• Trivy support has been added, but not to .pre-commit-config.yaml because it is not possible to ignore the examples directory. So a target check has been added to the Makefile.
• Markdown Lint Pre-Commit was Replaced with Markdownlint-cli2
• Added Schema validation with check-jsonschema pre-commit for .pre-commit-config.yaml, .markdownlint.yml and renovate along with github-workflows (which is their name for Actions).
• I've fought quite a bit with our CI/CD tooling. I think I finally got it. This uses a pre-commit-hook of terraform-docs-system which has an expectation that terraform-docs is installed locally. This also uses the official GitHub Action but there is a bug. So across the org, I've tried to find the right configuration adopting the official action along with pre-commit-hook and making it work everywhere. I believe this combination works. terraform-docs will still continue to work locally, but in GitHub Actions, we pass an ENV VAR of SKIP=terraform-system-go to not call terraform-docs a second time via pre-commit.