Allow AWS accounts to publish to an SNS topic in a different account. Use the cross_account_publication_ids parameter to the sns module.
Use topic_arns in the sqs module instead of topic_name to allow to subscribe to a topic in a different account than the one of the queue.
Expose target group deregistration delay on ECS prebuilt REST services
Export the bucket_arn from the VHS module.
Adds a max_session_duration to assumable roles in the iam module
Adds a "publisher" role to the account template for accounts to publish containers to ECR
Adds a prebuilt module for ECS service task combinations using the default base service.
removes infra role from account prebuilt
Improve the description of the security group created for RDS.
Add version as a range key to DynamoDB tables created by the vhs module.
add module for AWS Config
allow federated login for users.
allow federated login for users.
Add cross account access permissions to be set for SNS topics
In the ecs/prebuilt/scaling modules, actually export the ARN as task_role_arn, not the name.
Export the task role ARN from the prebuilt ECS modules, and make some of the other module outputs more consistent.
This release adds some defaults to a few variables in ECS-related modules, and adds the ability to set users in container definitions.
Ignore changes to desired task counts in the scaling ecs module in order that TF applies don't mess with task counts.
Removes custom scaling and adds a scaling alarm for queue length.
Fixes a bug in scaling+nvm where it would complain about a vpc_id variable.
Adds an images module to ECS tf
Security groups in prebuild ecs scaling is confusing.
Should fix some issues with default & scaling ECS services
Allow users assuming the developer prebuilt role to read but not write user/group iam
Allow omitting the key_name variable in the prebuilt EC2 modules (if you're not allowing SSH access to the instances).
Fix a silly bug in the container_with_sidecar module that meant environment variables didn't work.
Add IAM permissions to the tasks/secrets module, so your execution role has the permissions it needs to read secrets.
Allows console users to switch role!
Adds a name output to the ecr module.
Adds route table associations to gateway_endpoints in prebuilt VPC
Adds monitoring assume role
Adds secrets to ecs task defs.
Fixes for VHS dynamo module
Allow variable billing mode for VHS dynamo
Optionally (and by default) protect ECR repos from deletion.
-
When using
ecs/modules/security_groups, skip creating a security group to grant SSH access to instances if there aren't any CIDR blocks or security groups that the ingress rule applies to. -
New module:
network/prebuilt/vpc/egress_security_group, which creates a security group that allows all egress traffic and sets up VPC interface endpoints. -
New module:
network/prebuilt/vpc/interface_endpoints, which creates some common VPC interface endpoints. -
The
network/prebuilt/vpc/public-private-igwmodule automatically created VPC gateway endpoints for S3 and DynamoDB.
This release removes a bunch of variables from modules when they weren't being used by the module code, and adds a script to prevent unused variables creeping back in later.
- Force creation of new api gateway deployment by using variables instead of description.
- Output aws_api_gateway_integration_response.resource_id for static resources.
Adds some addition outputs to the VHS module for the contained dynamo table.
Adds a module for the VHS (https://github.com/wellcometrust/scala-storage).
Adds a kms/key module.
This module allows creation of a KMS key and permissions for use.
Simplifies users module
Addition of account template in IAM modules
Scaling ECS prebuild needs id & name for cluster because data blocks are rubbish
Splits the load_balanced module into tcp & http variants for easier composition.
Small fix for prebuilt ECS modules removing data blocks.
enable_dns_hostnames by default
Fix load_balanced ecs module http target group
Removes variables from deployment (as they will blat stage vars).
Adds the ability to remove base path mapping in stage.
Updates the ECS example modules & provides task_count as a defaulted variable
More bugfixes in the lambda module:
- Don't use data block for iam_role because it can result in race conditions
- Use different name for cloudwatch policy document and dlq policy document
- Prepend lambda to the iam role name
Adds outputs to the network modules that expose route table ids in outputs (sol you can add routes)!
Various bugfixes for lambda, network & ecs modules
This change adds a rest/container_with_sidecar option to prebuilt ecs service modules In addition it moves the single container version to rest/single_container.
- Optional target group for prebuilt rest ECS module
- Static resource for API Gateway
- CORS module for API Gateway
Proxy integration for api gateway, uses HTTP_PROXY not HTTP type
Rework api-gw deps so as to avoid borken deploys
Complete re-work of network module to provide the ability to vary network infra.
Allow custom domains to be created seperately from stages.
Refactoring API GW module for further flexibility
module.rds.aws_rds_cluster_instance
set publicly_accessible = true to false
This adds the function_arn output to the prebuilt Lambda modules.
ECS modules redone to simplify rest/scaling approach
Allow to optionally create lambdas in a VPC
Adds support for optional PGP key for client_bucket_user
Allow to optionally create TCP target groups for services
Adds support for command and mount_points to the ecs single_container task definition.
Fix a bug with calling a data block instead of resource for ecs iam roles
Allow optional scaling of a gsi in a dynamo table
And let the Jupyter notebook user in the dlami write to the EFS mount.
Okay, but now with the dlami variables in the right place.
Add userdata configuration to mount an EFS volume in the data science VMs upon startup.
This adds better error reporting to the sqs module, so it errors if
you set the topic_count variable incorrectly.
Add cloudwatch alb alarm modules
This adds an output for the lambda module, so that the invoke_arn property of the aws_lambda_function can be integrated with API Gateway.
Modify SQS autoscaling to scale down on messages deleted <= 0 instead of messages visible on the queue.
Fix computed map issue for rds
Fix duplicate instance role policy names
Update port mappings module in /ecs to presume awsvpc networking.
Force specifying number of environment variavles when passing them to tasks
Allow multiple containers in task definitions and add support for DAEMON tasks.
Major overhaul of many modules.
network: Public & private subnetsec2: Run Autoscaling groups with prebuilt modules for EBS/EFSecs: Support for fargate, private services, use of EFS/EBS from container host
Removed some unused and out of place modules.
This release fixes a bug in dlami_asg, where instances would fail to start
because they were trying to install an invalid version of s3contents.
Additionally, this release pins all the Python dependencies installed on a deep learning image, so dependencies should be consistent between reboots.
This release deprecates the following variables:
config_vars_lengthinecs/service/ecs_taskenv_vars_lengthinecs/serviceenv_vars_lengthinsqs_autoscaling_service
Their existence was always a nasty hack around some Terraform interpolation issues, and it looks like we can get rid of them. They can be safely removed with no effect.
This change adds an APP_NAME environment variable to the task definition of tasks created with the ecs module. The APP_NAME variable is set to the value of the container uri used as the primary container in the service.
Adds networkx to the default list of packages installed in the deep learning ami
Adds beautifulsoup4 to the default list of packages installed in the deep learning ami
Allow instances with both EBS and EFS volumes.
This change adds the ability to set the ECS Service launch type to FARGATE
This release makes spot price a mandatory variable.
This release adds a default_environment parameter to the dlami_asg module,
which lets the user decide which environment we install packages in.
This release adds a data science infra module.
This release fixes an issue with adding tags to ASGs previouisly merged.
This release adds a V2 ASG module intended to supersede the existing ECS only ASG description in the ecs module.
module "test" {
source = "../terraform-modules/ec2/asg"
name = "tf-asg-v2"
image_id = "ami-0bc19972"
key_name = "${var.key_name}"
subnet_list = "${module.vpc.subnets}"
vpc_id = "${module.vpc.vpc_id}"
}This release adds the log_retention_in_days parameter to the following modules:
- ecs/service/ecs_task
- ecs/service
- ecs_script_task
- lambda
- sqs_autoscaling_service
- userdata
which controls the log retention policies for CloudWatch log groups.
It defaults to none (i.e. retain logs forever).
This release adds a dev_user module for provisioning developer users.
In addition modules for provisioning other user types are moved inside the same namespace.
- Make scale up and down period for an sqs_autoscaling_service be configurable
- Fix a bug in the way the cloudwatch metrics alarm are defined which caused them to scale down (or up) before the scaledown period had passed
- Make the ecs cluster use the submodules from the same release
This release fixes a suspected bug in SQS autoscaling where both scale down and scale up alarms where triggered at the same time.
This release removes the unused variable use_task_definition_template_path
introduced from the last release.
This release adds task_definition_template_path to the ecs_task to allow
the use of a custom task definition file.
This update allows you to specify multiple hosted zones within one hosted zone role.
This release adds min_capacity and max_capacity to the sqs_autoscaling_service to allow to customise the minimum and maximum number of tasks per service.
This release adds a asg_security_group_ids output on the ecs/cluster module. It is a list containing the list of security groups that instances in the cluster belong to
This release exposes some new parameters on the sqs module:
visibility_timeout_secondsmessage_retention_secondsmax_message_sizedelay_secondsreceive_wait_time_seconds
These are passed directly to parameters of the same name on aws_sqs_queue. Defaults are as before, so there should be no change to your queues until you override one of the parameters above.
This adds a new module: autoscaling/dynamodb, which allows you to define auto scaling rules for DynamoDB tables. See the module README for usage details.
This adds a new parameter enable_alb_alarm to the sqs_autoscaling_alarm module.
It is passed through directly to the underlying ecs/service module.
It defaults to true; set it to false to disable ALB alarms in autoscaled services.
This fixes a bug in the ALB alarms introduced in v6.1.0 for ecs/service.
We added a new ALB alarm for "not enough healthy hosts". Previously it would fire if the number of healthy hosts was equal to the minimum allowed number (minimum healthy percentage * desired count) -- even though this is normal behaviour, e.g. when ECS is changing task definitions.
Now the alarm only fires if the number of hosts drops below the minimum allowed number.
This adds two new CloudWatch alarms to the ecs/service module:
-
One which alarms whenever the UnHealthyHostCount metric in the ALB target group is non-zero.
-
One which alarms whenever the HealthyHostCount metric in the ALB target group is less than the desired number of hosts.
These alarms are created if you pass enable_alb_alarm = true when creating
the instance of the module.
Instances of the ecs/service module no longer ignore changes to the
desired_count parameter. Practically speaking, that means you can edit the
parameter in Terraform and those changes will stick, rather than having to
adjust the desired count in a separate process.
The alb_priority variable is now optional on ecs/service and
sqs_autoscaling_service. If you don't set an explicit ALB priority, a
priority will be randomly chosen and assigned.
This is useful if, for example, your services distinguish ALB routing targets
with non-overlapping path patterns. One service replies to /ingestor/,
another to /id_minter/, another to /transformer/ --- and so ALB priorities
are irrelevant for routing.
This is a bugfix release.
There was a bug in the previous version of the autoscaling/app/ecs module that meant that autoscaling targets were continually deleted and recreated, and getting a complete set of working targets was a bit of a "whack-a-mole" process.
Autoscaling targets are now created consistently, and only once.
See wellcometrust/terraform-modules #34.
This is a bugfix release.
Previously the ecs/cluster module could throw an error if you tried
to create a cluster with a name containing an underscore (_).
The module creates an ALB target group with the same name, and underscores aren't allowed in target group names. Now it replaces underscores with hyphens in the ALB target group name.
This creates a new ecs/cluster module for spinning up an ECS cluster with spot and on-demand instances, and auto-scaling rules for both.
The following modules have been renamed:
- ecs_asg is now ecs/asg
- ecs_alb is now ecs/alb
- service is now ecs/service
This is a bugfix release.
This adds create_before_destroy to the autoscaling target in autoscaling/app/ecs.
This should fix some issues when creating aws_appautoscaling_policy.
This fixes a bug in v5.0.0 where the sqs_autoscaling_service module was pointing to a non-existent version of the service module.