v1.468.0

[eks/cluster] Fix AWS SSO support @Nuru (#1072)

what

• [eks/cluster] Fix bug preventing use of aws_sso_permission_sets_rbac

why

• Bug fix

references

• Broken in #1033

v1.467.0

[eks/cluster] Update eks-node-group to v3.0.1 @Nuru (#1071)

what

• [eks/cluster] Update cloudposse/eks-node-group/aws to v3.0.1

why

• Fix failure to create userdata for AL2 and Windows when needed

references

• cloudposse/terraform-aws-eks-node-group#187

v1.466.0

[alb-controller] Make default_ingress_ip_address_type default to `ipv4` @Nuru (#1070)

what

• [alb-controller] Make default_ingress_ip_address_type default to ipv4

why

When dualstack is configured, the Ingress will fail if the VPC does not have an IPv6 CIDR block, which is still a common case. When ipv4 is configured, the Ingress will work with only an IPv4 CIDR block, and simply will not use IPv6 if it exists. This makes ipv4 the
more conservative default.

v1.465.0

Update eks/cluster to use eks-node-group v3 @Nuru (#1069)

what

• Update eks/cluster to use eks-node-group v3

why

• Support Amazon Linux 2023 on EKS
• Other bug fixes and improvements

references

• https://github.com/cloudposse/terraform-aws-eks-node-group/releases/tag/3.0.0

v1.464.0

External-Secrets: Add variable for decrypting aliased KMS keys @Benbentwo (#1068)

what

• adds support for decrypting KMS keys by alias

why

• it's a pain to lookup AWS KMS keys by arn or ID. so this adds alias support

v1.463.0

Drop wrong workflows @goruha (#1065)

what

• Remove release-branch and release-published workflows

why

• The workflows are related to terraform modules, not terraform components.
• The workflows added to the repo by mistake

v1.462.0

feat: Grafana Prometheus and Loki @milldr (#1054)

what

• Introducing a new set of monitoring components built around the Amazon managed services for Grafana and Prometheus and using Loki and Promtail to read logs from EKS

why

• This whole suite of components introduces a new set of monitoring components
• The additional managed-grafana sub components are used for setting up complete infrastructure as code provisioning of the monitoring system

references

• https://linear.app/cloudposse/issue/DEV-2137/upstream-all-components-to-terraform-aws-components
• Documentation included with private repo PR: cloudposse/refarch-scaffold#666

v1.461.0

feat(aurora-postgres): backup configs @oycyc (#1063)

what

The CloudPosse RDS cluster module https://github.com/cloudposse/terraform-aws-rds-cluster has these backup configurations that would be helpful to have!

why

1. Allows me to set backup configurations
2. Without these inputs, the cluster is forced to use the default configs from the module
3. Allows me to set these variable values to null or empty when I don't want any backing up happening
4. Without these inputs to set it as empty values, there's a conflict when using RDS clusters with AWS Backup plans because the RDS resource maintains its backup values, while AWS Backup plans wants other values.

references

• CloudPosse's RDS module

- AWS Backup conflict with default backup values unless explictly set https://github.com/hashicorp/terraform-provider-aws/issues/33465

v1.460.0

chore: update modules for spa-s3-cloudfront @dudymas (#1064)

what

• updated cloudposse/cloudfront-s3-cdn/aws in spa-s3-cloudfront
• updated cloudposse/acm-request-certificate/aws in spa-s3-cloudfront

why

• essential bugfixes. Private cloudfront buckets do not work without
  the bucket policy fix from 0.95.0 of the cloudfront module.

references

• see Cloudfront Bucket Policy
  Fix

v1.459.0

feat: spa-s3-cloudfront creates cache policies @dudymas (#1061)

what

• spa-s3-cloudfront can manage ordered_cache policies

why

• otherwise clickops would need to be used

Improve `eks/karpenter-node-pool` Comments @milldr (#1062)

what

• Update node_pools documentation for time duration format

why

• Disambiguate from the acronym for "SMH"

references

• Internal slack request
• Follow up #1060