Skip to content

Releases: cloudposse/terraform-aws-codebuild

v2.0.2

23 Feb 00:52
20c1b29
Compare
Choose a tag to compare

🚀 Enhancements

feat: custom policy + hardened trust relationship @bt-macole (#132)

what

Updated trust policy so only the codebuild project in this module can use the iam role.
Added ability to toggle on/off default permissions
Added support for attaching a custom policy

Fully backward compatible

why

fe75886

adding a condition on the trust policy for the codebuild project arn ensures
the iam role can not be used by any other codebuild project.

codebuild projects could be extremely permissive, even when least privileged
so enforcing the role can only be used by the intended codebuild project
limits to ability for a threat actor to quietly take control of a powerful
role and do threat actory things.

9f0163f

the default permissions are good for getting up and running, however, they are far more
permissive than any least privileged policy would like, being `*` for all resources for
anything in the default list + any and all additional_permissions.

this allows users to still utilize the quick up and running policy, while also being able
to disable it and replace it with a least privileged custom policy.

the lifecycle rule ensure that users don't get confused by additional permissions and custom
policy variables, failing on a plan if they attempt to use additional_permissions with
default_permissions_enabled set to `false`.

Test Output:

    --- PASS: TestExamplesCustom (62.77s)
    --- PASS: TestExamplesComplete (62.87s)
    --- PASS: TestExamplesVPC (78.32s)
    PASS
    ok      github.com/cloudposse/terraform-aws-codebuild   78.790s

references

resolves: #131

v2.0.1

11 Nov 00:27
41b7d76
Compare
Choose a tag to compare

🚀 Enhancements

Fix bucket settings @max-lobur (#130)

what

Use standalone resource for bucket ACL

why

Regression after AWS v5 upgrade

v2.0.0

10 Nov 20:49
0586277
Compare
Choose a tag to compare
Support AWS Provider V5 @max-lobur (#126)

what

Support AWS Provider V5
Linter fixes

why

Maintenance

references

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0

Sync github @max-lobur (#122)

Rebuild github dir from the template

v1.0.0 Initial release with production Semantic Versioning

13 Jul 19:22
6c27093
Compare
Choose a tag to compare

Initial release with production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. This module will evolve with breaking changes as we convert it to use our s3-log-storage module and be compatible with the new S3 resource structure introduced in AWS Terraform provider v4.0.

This release follows v0.39.0 with the change:

chore: use numeric instead of number as it's deprecated for random_string @dmitrijn (#112)

what

  • use numeric instead of number as it's deprecated

why

deprecation warnings

references

https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string#number

image

v0.39.0

21 Jun 20:22
3cfe869
Compare
Choose a tag to compare
Add support for path and permissions_boundary to IAM role @Gibby (#99)

what

  • Add support for path and permissions_boundary to IAM role

why

  • We use path and permissions_boundary to limit IAM role creation

v0.38.1

21 Jun 20:11
9a5a34f
Compare
Choose a tag to compare
Add requested inputs @nitrocode (#111)

what

  • Add file_system_locations
  • Add build_image_pull_credentials_type
  • Add s3_cache_bucket_name
  • Add encryption_key (bridgecrew)

why

  • Newer inputs

references

git.io->cloudposse.tools update @dylanbannon (#109)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

  • DEV-143

v0.38.0

18 Nov 02:43
cdbd219
Compare
Choose a tag to compare
Add `description` and `concurrent_build_limit` to `aws_codebuild_project` @gui-don (#89)

what

  • allows user to input a concurrent_build_limit for the codebuild project
  • allows user to input a description for the codebuild project

why

  • Missing and needed

v0.37.1

21 Aug 03:16
e1a8e03
Compare
Choose a tag to compare

🤖 Automatic Updates

Update context.tf @cloudpossebot (#93)

what

This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label

why

To support all the features of the context interface.

v0.37.0

05 Aug 13:41
d078282
Compare
Choose a tag to compare

NOTE: The github_token_type input defaults to PARAMETER_STORE meaning that the github_token input is the SSM key. If previous functionality is desired then set github_token_type = "PLAINTEXT".

Set GitHub token to be stored as a secret @gausnes (#90)

what

  • updating GitHub token to be stored as a secret, it's currently being stored as plaintext

why

  • reducing attack surface area for leaking provisioned tokens

v0.36.1

02 Aug 21:32
99d6d43
Compare
Choose a tag to compare

🚀 Enhancements

Add `cache_bucket_suffix_enabled` to complete test @nitrocode (#92)

what

  • Add cache_bucket_suffix_enabled to complete test

why

  • Ensure it works

references