Releases: cloudposse/terraform-aws-codebuild
v2.0.2
🚀 Enhancements
feat: custom policy + hardened trust relationship @bt-macole (#132)
what
Updated trust policy so only the codebuild project in this module can use the iam role.
Added ability to toggle on/off default permissions
Added support for attaching a custom policy
Fully backward compatible
why
adding a condition on the trust policy for the codebuild project arn ensures
the iam role can not be used by any other codebuild project.
codebuild projects could be extremely permissive, even when least privileged
so enforcing the role can only be used by the intended codebuild project
limits to ability for a threat actor to quietly take control of a powerful
role and do threat actory things.
the default permissions are good for getting up and running, however, they are far more
permissive than any least privileged policy would like, being `*` for all resources for
anything in the default list + any and all additional_permissions.
this allows users to still utilize the quick up and running policy, while also being able
to disable it and replace it with a least privileged custom policy.
the lifecycle rule ensure that users don't get confused by additional permissions and custom
policy variables, failing on a plan if they attempt to use additional_permissions with
default_permissions_enabled set to `false`.
Test Output:
--- PASS: TestExamplesCustom (62.77s)
--- PASS: TestExamplesComplete (62.87s)
--- PASS: TestExamplesVPC (78.32s)
PASS
ok github.com/cloudposse/terraform-aws-codebuild 78.790s
references
resolves: #131
v2.0.1
🚀 Enhancements
Fix bucket settings @max-lobur (#130)
what
Use standalone resource for bucket ACL
why
Regression after AWS v5 upgrade
v2.0.0
Support AWS Provider V5 @max-lobur (#126)
what
Support AWS Provider V5
Linter fixes
why
Maintenance
references
https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0
Sync github @max-lobur (#122)
Rebuild github dir from the template
v1.0.0 Initial release with production Semantic Versioning
Initial release with production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. This module will evolve with breaking changes as we convert it to use our s3-log-storage
module and be compatible with the new S3 resource structure introduced in AWS Terraform provider v4.0.
This release follows v0.39.0 with the change:
chore: use numeric instead of number as it's deprecated for random_string @dmitrijn (#112)
what
- use numeric instead of number as it's deprecated
why
deprecation warnings
references
https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string#number
v0.39.0
v0.38.1
Add requested inputs @nitrocode (#111)
what
- Add file_system_locations
- Add build_image_pull_credentials_type
- Add s3_cache_bucket_name
- Add encryption_key (bridgecrew)
why
- Newer inputs
references
- Closes #110
- Closes #107
- Closes #95
- Closes #96
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project
git.io->cloudposse.tools update @dylanbannon (#109)
what and why
Change all references to git.io/build-harness
into cloudposse.tools/build-harness
, since git.io
redirects will stop working on April 29th, 2022.
References
- DEV-143
v0.38.0
v0.37.1
🤖 Automatic Updates
Update context.tf @cloudpossebot (#93)
what
This is an auto-generated PR that updates the context.tf
file to the latest version from cloudposse/terraform-null-label
why
To support all the features of the context
interface.
v0.37.0
NOTE: The github_token_type
input defaults to PARAMETER_STORE
meaning that the github_token
input is the SSM key. If previous functionality is desired then set github_token_type = "PLAINTEXT"
.
v0.36.1
🚀 Enhancements
Add `cache_bucket_suffix_enabled` to complete test @nitrocode (#92)
what
- Add
cache_bucket_suffix_enabled
to complete test
why
- Ensure it works
references
- Closes #91