v0.26.0

test: update test framework to use latest best practices and reduce boilerplate @gmeligio (#100)

what

Update this module's test framework. Reduce boilerplate and make reusable functions.

Changelog:

1. Upgrade go to 1.21.
2. Update test/Makefile and test/src/Makefile from https://github.com/cloudposse/terraform-aws-eks-node-group/tree/e9f908c026d8ca5dc30190a050de68a510ff3983/test
3. Create framework_test.go and default_test.go, following how it's done in https://github.com/cloudposse/terraform-aws-eks-node-group/blob/e9f908c026d8ca5dc30190a050de68a510ff3983/test/src/framework_test.go
4. Remove enabled=true from fixtures and add new test TestExamplesCompleteDisabled for when enabled=false
5. Add Test_ExistingDeployment for faster test cycle, and modify Makefile accordingly
6. Update dependencies
7. Migrate test DB Engine from 3.6.0 to 5.0.0

why

• Enable testing with OpenTofu
• Support automated maintenance

references

• Closes #88
• Closes #98
• #94
• https://github.com/cloudposse/terraform-aws-eks-node-group/tree/e9f908c026d8ca5dc30190a050de68a510ff3983/test/src
• https://github.com/cloudposse/terraform-aws-dynamic-subnets/tree/8528dadc5cbdcf657faa1d917c9f069c254f41a3/test/src

[CHORE] Update variable description @RuiSMagalhaes (#99)

what

• Updates enabled_cloudwatch_logs_exports variable description
• Updates examples
• Updates README.md and docs/terraform.md

why

• Ir order to have the right list of logs available in the variable description

references

• closes #36

🚀 Enhancements

feat(aws_docdb_cluster): add allow_major_version_upgrade argument @gmeligio (#94)

what

This PR adds the argument allow_major_version_upgrade that was released in https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.21.0

It includes with the changes in the test framework from #100 .

why

When upgrading the engine_version to a new major version, allow_major_version_upgrade needs to be enabled for AWS to apply the upgrade.

references

• https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.21.0
• https://awscli.amazonaws.com/v2/documentation/api/latest/reference/docdb/modify-db-cluster.html
• https://docs.aws.amazon.com/documentdb/latest/developerguide/docdb-mvu.html

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#97)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#96)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#93)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#92)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#91)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#90)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#87)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

Update README.md and docs @cloudpossebot (#83)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.25.0

feat: add storage_type parameter @adubeniuk (#79)

what

Amazon has announced IO-optimized storage type for DocumentDB. Support for it has been added since HashiCorp AWS provider version 5.29.0

why

Keep standard as default but also add ability to create IO-optimized DocumentDB clusters.

references

https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-documentdb-i-o-optimized/
https://registry.terraform.io/providers/hashicorp/aws/5.29.0/docs/resources/docdb_cluster#storage_type

feat: allow to attach external SG to the documentDB @rasta-rocket (#69)

what

Hey folks 👋

First of all thanks for the work 💪

Here the goal is to allow the user of the module to attach security groups which are managed outside of the module

why

This is pretty useful, when you have some design where security groups are centrally managed and so outside of the scope of the module

references

Note: If you have any questions don't hesitate to ping me 😉

Cheers ☀️

v0.24.0

feat(aws-docdb-cluster): enable the ssm parameter store to record the… @haidargit (#77)

what

In this PR, we can use the Cloud Posse ssm parameter store module to store the documentdb master_password information.

why

The objective behind this PR is to ensure the secure distribution of the docdb cluster's master password within the AWS infrastructure. We can centrally manage and protect sensitive information, increasing operational efficiency.

references

No issue relates to the current improvement.

I have run these required commands.
make init
make readme

Kindly review this PR for documentdb module improvements. Thank you, Cloud Posse Team!

v0.23.0

add variable certificate change @rabihaggle (#72)

what

We need to have the possibility to select the certificate we need to use, or directly the default amazon one.

why

Because https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

references

Please read the link -> https://docs.aws.amazon.com/es_es/documentdb/latest/developerguide/ca_cert_rotation.html

v0.22.0

Fix: Don't create random_password resource if not enabled. @petur (#44)

what

• Reverse the sense of the enabled variable when deciding the count for the random_password resource.

why

• The sense of the variable was backwards - setting enabled to false meant that the count was always set to 1. A minimal configuration to reproduce this is:

module "disabled_docdb" {
  source = "../../work/terraform-aws-documentdb-cluster"
  enabled = false
  vpc_id = ""
  subnet_ids = []
}

v0.21.0

adding a feature to customize the egress rule @haidargit (#54)

what

• Added 4 new variables egress_source_port, egress_dest_port, egress_protocol, and allowed_egress_cidr_blocks for the "aws_security_group_rule" "egress" resource.
• By default, the egress rule 0.0.0.0/0 will be created. If user is expected to restrict outbound traffic, they can specify the required values.

why

• We propose this PR because there are scenarios where users may want to restrict outbound traffic from their DocDB instances.
• if the DocDB cluster is only used internally and do not need to communicate with wide systems or network, users may want to customize the egress rule for 0.0.0.0/0. By providing the option to customize the egress rule, we are giving users a control over their security posture (compliance). For example, our docdb may only connected with internal applications inside the aws eks cluster, or users may integrate their cloud resources with a third party, such as Prisma Cloud or maybe use tfsec as their security scanner, which prompts users to kindly avoid 0.0.0.0/0 for security best practices.

references

• This PR will help to cover the minimum egress exposure of the security group, including: #34

Thank you

v0.20.0

Support AWS Provider V5 @max-lobur (#63)

what

Support AWS Provider V5
Linter fixes

why

Maintenance

references

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0

v0.19.0

Enable intra-security group traffic on DB port @kevcube (#61)

what

• adds variable allow_ingress_from_self which configures the security group to allow traffic within itself on DB port

why

• This is useful in architectures where the db security group will be used to control db access - i.e. it will also be applied to applications.

references

cloudposse/terraform-aws-rds-cluster#145

v0.18.0

Add master_password output to return generated password. @petur (#45)

what

• Add a master_password output for the generated password.

why

• The generated password needs to be stored somewhere so that it's possible to use it to connect to the cluster.
• This can for example be done by storing it in an aws_secretsmanager_secret_version as part of the terraform configuration that creates the cluster.
• Exposing the password as a module output makes it available to other parts of the configuration so that the password can be passed to the resource that stores it.

references

• closes #43

Sync github @max-lobur (#60)

Rebuild github dir from the template

v0.17.1

Sync .github @max-lobur (#58)

Sync github workflows with the template

🚀 Enhancements

fix: propagate `preferred_maintenance_window` to the docdb cluster instances resources @sherifkayad (#57)

propagated preferred_maintenance_window to the docdb cluster instances resources

what

• The maintenance window given as a variable is given to the Terraform Resource aws_docdb_cluster_instance.default such that the cluster and its instances have the same value given by the user
• Closes #55

why

• Without that the cluster instances were having "random" windows that don't match the expectations of "potential" down time
• Users want to be in control of when their databases can go under maintenance not just at any "random" time

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster_instance#preferred_maintenance_window