v0.18.1

chore: Add certificate export option @rankin-tr (#92)

## what

• Add var.certificate_export

why

• Add ability to export the requested certificate

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate#export-1
• https://aws.amazon.com/blogs/aws/aws-certificate-manager-introduces-exportable-public-ssl-tls-certificates-to-use-anywhere/

🤖 Automatic Updates

Fix go version in tests @osterman (#91)

## what - Update go `1.24`

why

• Error loading shared library libresolv.so.2 in Go 1.20

References

• https://sweetops.slack.com/archives/G014YEKDH4K/p1746672149263629
• golang/go#59305 (comment)
• cloudposse/terraform-aws-cloudfront-s3-cdn#294

Replace Makefile with atmos.yaml @osterman (#90)

## what - Remove `Makefile` - Add `atmos.yaml`

why

• Replace build-harness with atmos for readme genration

References

• DEV-3229 Migrate from build-harness to atmos

Migrate new test account @osterman (#88)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#87)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#86)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#85)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#84)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#83)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#80)

## what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#77)

## what - Install a repository config (`.github/settings.yaml`)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#76)

## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v0.18.0

• Bump minimum Terraform version form 0.13 to 0.14
• Revert changes in pre-release version 0.17
• Update tests
• Add ability to specify key_algorithm closes #69 by @joke in #74

v0.16.3

Allow management of ACM certs with SANs in multiple zones @nitrocode (#61)

what

• Allow management of ACM certs with SANs in multiple zones
• Add versions.tf to examples/complete

why

• This is useful for more complex certificates and validation of those certificates
• Workaround without this is to manage validation records outside of the module

resource "aws_route53_record" "default" {
  for_each = {
    for dvo in module.acm_certificate.domain_validation_options[0] : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  name    = each.value.name
  records = [each.value.record]
  type    = each.value.type
  zone_id = data.aws_route53_zone.default[local.domain_to_zone[each.key]].id
  ttl     = 300
}

references

• Closes #55
• Closes #60
• https://github.com/cloudposse/terraform-aws-route53-cluster-zone

🚀 Enhancements

fix spilt of root domain @shovelwagon (#68)

what

This fixes what was mentioned in - #66

why

Adding a simple length check to where domains get update in an array fixes the mentioned issue.

  Error: no matching Route53Zone found
  
    with module.acm_request_certificate.data.aws_route53_zone.default["io"],
    on .terraform/modules/acm_request_certificate/main.tf line 38, in data "aws_route53_zone" "default":
    38: data "aws_route53_zone" "default" {

references

• #66

v0.17.0

This is a pre-release due to #62

Allow management of ACM certs with SANs in multiple zones @nitrocode (#61)

NOTE: This feature requires that the zone to use for validation is the immediate parent of the name in the SAN. See #62.

what

• Allow management of ACM certs with SANs in multiple zones
• Add versions.tf to examples/complete

why

• This is useful for more complex certificates and validation of those certificates
• Workaround without this is to set process_domain_validation_options = false and manage validation records outside of the module

resource "aws_route53_record" "default" {
  for_each = {
    for dvo in module.acm_certificate.domain_validation_options[0] : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  name    = each.value.name
  records = [each.value.record]
  type    = each.value.type
  zone_id = data.aws_route53_zone.default[local.domain_to_zone[each.key]].id
  ttl     = 300
}

references

• Closes #55
• Closes #60
• https://github.com/cloudposse/terraform-aws-route53-cluster-zone

v0.16.2

🚀 Enhancements

Private CA: Skip validation method, correct data source input @nitrocode (#54)

what

• Skip validation method, correct data source input

why

• Validation method is only applicable for public hosted zone acm certs
• Use correct private_zone input for route53 zone data source

references

• N/A

v0.16.1

git.io->cloudposse.tools update @dylanbannon (#57)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

🚀 Enhancements

adding validation certificate_arn output @tbpoetke (#59)

what

• added acm_certificate_validation.certification_arn output

why

• to avoid alb module can't create listener because of not validated cert
• use this output as certification arn in alb module

references

• #58
• closes #58

v0.16.0

Add certificate_authority_arn for private CAs @nitrocode (#53)

what

• Add certificate_authority_arn
• Add validation id output
• Add verification of lowercase sans and domain names

why

• For private CAs

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate
• Thanks to @razorsedge this PR closes #37
• Thanks to @alexjurkiewicz this PR closes #46

v0.15.2

🤖 Automatic Updates

Update README.md and docs @cloudpossebot (#52)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.15.1

🚀 Enhancements

Chore: update `context.tf`, `build-harness` assets @korenyoni (#50)

what

• Update context.tf.
• Update build-harness assets by running make github/init.
• Clean up unused providers.
• Drop Terraform support prior to 0.13.

why

• The latest version of context.tf (null-label:0.25.0), contains new labels. A module instantiating this module with version 0.25.0 of null-label and making use of new labels will not be able to use this module.
• Running make github/init updates build-harness assets, which includes GitHub Actions Workflows and related files.
• The latest distribution of context.tf (null-label:0.25.0) is not compatible with Terraform 0.12.* because it makes use of validation blocks.

references

• https://github.com/cloudposse/terraform-null-label/releases/tag/0.25.0
• closes #41

v0.15.0

Add zone id @nitrocode (#49)

what

• Add zone_id

why

• Create an implicit link between zone creation and acm creation
• This gives the consumer the option to use domain name, zone name, or zone id to use the data source to retrieve the existing hosted zone

references

• Closes #24
• Previous PR #45
  • Did not see this PR unfortunately. It does not update the failing test so if this gets merged, I'll close the other PR.