Releases: cloudposse/terraform-aws-s3-bucket
v2.0.2 minor breaking change (awsutils provider config)
Deprecated
The changes introduce in this release were problematic and have been removed in v3.0.0. It is not recommended to use this version or version 2.0.3.
🤖 Automatic Updates
NOTE: This release requires the cloudposse/awsutils
Terraform provider to be defined with a region. This can and should be the same region you have configured in your aws
provider. The reason for this new provider is due to new functionality with a dependent module (which uses this module which requires cloudposse/awsutils
) in this repo. (The new feature allows configuring S3 user AWS access keys to expire.)
provider "awsutils" {
region = var.region
}
Update Terraform cloudposse/iam-s3-user/aws to v0.15.9 @renovate (#119)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/iam-s3-user/aws (source) | module | patch | 0.15.7 -> 0.15.9 |
v2.0.1
git.io->cloudposse.tools update @dylanbannon (#149)
what and why
Change all references to git.io/build-harness
into cloudposse.tools/build-harness
, since git.io
redirects will stop working on April 29th, 2022.
References
- DEV-143
🚀 Enhancements
Use object lock enabled @nitrocode (#148)
what
- Use object lock enabled
why
- Deprecation of dynamic
object_lock_configuration
forobject_lock_enabled
│ Warning: Argument is deprecated
│
│ with module.bucket.aws_s3_bucket.default,
│ on .terraform/modules/bucket/main.tf line 30, in resource "aws_s3_bucket" "default":
│ 30: resource "aws_s3_bucket" "default" {
│
│ Use the top-level parameter object_lock_enabled and the aws_s3_bucket_object_lock_configuration resource instead
references
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#object_lock_enabled
- Previous PR #144 (this did not use
object_lock_enabled
and only removed the dynamic)
v2.0.0 AWS provider v4/v5 compatibility
Version 2.0 of terraform-aws-s3-bucket is the same as v0.49.0 except for the addition of 2 small bug fixes (see #147). It is labeled v2.0 as part of Cloud Posse's transition to production Semantic Versioning conventions, and to indicate significant changes as compared to v1.0 (essentially version 0.47.1). Additional upgrade information is in the repo Wiki
Breaking change:
- The
website_inputs
are broken (see #141). When we get them fixed, we will likely deprecate the variable in favor of new variables that include new features available in the provider. If you are usingwebsite_inputs
, do not upgrade to v2.x until #141 is closed.
Additional notes
There are some quirks to be aware of:
- NO ACTION IS NEEDED to upgrade directly from v0.49.0 to v2.0.0
- Version 1.0 derives from and is compatible with version 0.47.1. Follow the upgrade instructions if upgrading from one of these versions.
- Version 0.48.0 was an interim release that is not recommended for anyone to use. It has incompatibilities with every other version. If you are on v0.48.0, you can upgrade directly to v2.0.0 and if Terraform gives you no complaints, then you are good to go. See the release notes for v0.48.0 and v0.49.0 for information about how to fix any breakage.
v1.0.0 Important: Read Relase Notes
Version 1.0.0 is part of Cloud Posse's conversion to production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. In the case of this module, the breaking changes have already been released as v2.0.0. This is a quirk due to not previously using production Semantic Versioning.
TAKE NOTE:
- Despite the 1.0 version designation, it is actually not compatible with the latest previous release (v0.49.0) or the current recommended release (v2.0.0). Because of that, this version is only recommended for people currently using v0.47.1 or earlier.
- This release is the same as v0.47.1 except for additional version pinning allowing it to work with AWS provider v4.
- No maintenance is planned for v1. With the release of AWS provider v4.9.0, the upgrade to v2.0 of this module requires no manual intervention as long as you meet the prerequisites (AWS provider v4.9.0 or later, Terraform v1.0.0 or later). So we recommend upgrading to v2.0 to get any bug fixes or new features.
v0.49.0 (Action Needed) AWS provider v4 support
Manual intervention needed
See Upgrading to v0.48.0 and AWS provider version 4.x for details about actions you will need to take when updating to this version related to upgrading to AWS provider v4.x.
Breaking changes
In order to fix #102 (following Hashicorp's advice), this release changes the privileged_principal_arns
input from a map(list(string))
to a list(map(list(string)))
. Where you previously input one map, like
{
arn1 = ["prefix1/", "prefix2/"]
arn2 = ["prefix3/]
}
you now provide a list of maps, each one mapping a single ARN to a list of prefixes:
[{
arn1 = ["prefix1/", "prefix2/"]
}, {
arn2 = ["prefix3/]
}]
🚀 Enhancements
Full support for lifecycle configuration
The new lifecycle_configuration_rules
input allows you to specify all the options the AWS provider supports. See the example for more details.
Full support for lifecycle configuration @Nuru (#135)
what && why
- Breaking change: convert
privileged_principal_arns
input to list.- Fixes #102
- Add
lifecycle_configuration_rules
input closely matching Terraform provider arguments to fully support features. - Remove
acl_grants
input added in #131, because the oldgrants
input is more convenient and more powerful.
references
v0.47.1 Pin to AWS provider v3, Add lifecycle IDs
- Ease refactoring by adding backward compatible lifecycle IDs (#134)
- Pin AWS Provider to version 3.x
v0.48.0 (Action Needed) Update to AWS provider v4.x
This release is an early release in order to unblock people who are blocked because v0.47.0 does not work with AWS Provider v4. However, the newly introduced lifecycle_configuration_rules
will be replaced in the next release with a more flexible (and completely incompatible) structure that supports the evolving variety of storage options AWS provides. For this reason, we recommend users continue to use the Deprecated lifecycle_rules
input for now, and anticipate it will be supported for a considerable length of time going forward.
See Upgrading to v0.48.0 and AWS provider version 4.x for details about actions you will need to take when updating to this version.
🚀 Enhancements
Upgrade to v4 aws provider @nitrocode (#131)
what
- Upgrade to v4 aws provider
- Deprecated
policy
in favor ofsource_policy_documents
, closes #124 - Deprecated
grants
in favor ofacl_grants
- Deprecated
lifecycle_rules
in favor oflifecycle_configuration_rules
- All tests pass
- Current tests pass
- Tests do not check website inputs. The
website_inputs
is unavailable in the tests. - Tests do not check cors. The
cors_rule_inputs
is available but unused.
- Backwards compatible - Is it possible to make it backwards compatible ?
- Generate the lifecycle rule ids ?
- Translate the
grant.permissions
into separategrant.permission
blocks ?
- Migration document in this repo's Wiki
why
- Current version incompatible with AWS provider v4.x
│ Error: Unsupported attribute
│
│ on .terraform-mdev/modules/s3_bucket/main.tf line 166, in resource "aws_s3_bucket" "default":
│ 166: for_each = local.s3_replication_rules == null ? [] : local.s3_replication_rules
│
│ This object does not have an attribute named "s3_replication_rules".
- One upgraded to version 4.x, module no longer works with AWS provider 3.x
- Pin to
>= 4.2.0
because of relevant bug fixes needed by this module
references
- Closes #132
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade
- https://github.com/hashicorp/terraform-provider-aws/releases/tag/v4.0.0
- Versions
- Some of the individual resources
notes
grants
is now deprecated, but still supported. New input replacing it isacl_grants
. The only difference is thatgrants
takes a list ofpermissions
andacl_grants
takes a singlepermission
. The only reason we are makinggrants
deprecated is so that our inputs track the AWS resource inputs.lifecycle_rules
is now deprecated but still supported, replaced withlifecycle_configuration_rules
, which is identical except thatlifecycle_configuration_rules
has anid
for each rule, which is now required by the AWS resource (doc). This module supplies anid
forlifecycle_rules
.aws_s3_bucket_lifecycle_configuration
requires a staticrules.filter
element due to hashicorp/terraform-provider-aws#23299
v0.47.0
🚀 Enhancements
Feat: Enable Replication Metrics @max-lobur (#116)
what
- Enable replication metrics by default
- Allow override via variables
AWS provider requirements update due to: hashicorp/terraform-provider-aws#21901
why
- To be able to track replication status
references
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-metrics.html
v0.46.0
🚀 Enhancements
Enable bucket key for reducing the cost of SSE-KMS with Amazon S3 @bkmnaidu (#115)
Signed-off-by: Krishna Mohan Bandi [email protected]
what
- Allow S3 bucket key to be enabled to reduce the cost of SSE-KMS usage with Amazon S3
why
- When KMS encryption is enabled for an Amazon S3 bucket, there is a limit on the number of KMS API calls that can be made. Enabling bucket key not only allows to reduce the number of KMS API calls but also reduces the cost of SSE-KMS with Amazon S3.
references
🐛 Bug Fixes
Fix: Change `s3_object_ownership` Description to Reflect All Possible Values @korenyoni (#127)
what
- Fix
s3_object_ownership
description to reflect all possible values.
why
- The
s3_object_ownership
variable description does not reflect all possible values.
references
- N/A
Remove unused variable `abort_incomplete_multipart_upload_days` @adamantike (#92)
What
Remove variable abort_incomplete_multipart_upload_days
.
Why
The abort_incomplete_multipart_upload_days
variable isn't being used since the introduction of lifecycle_rules
in #85.
Notes
closes #128
v0.45.0
feat: add delete_marker_replication_status in replication rules @DesmondH0 (#126)
what
- There are no control ability for enable
Delete marker replication
in this module
why
- The reason of this was because empty
filter
would always be generated in this line - And this will disable the
Delete marker replication
option in replication rule