Merge branch 'main' into escape-hatch-dd-region

cloudposse · Nov 6, 2024 · 400688c · 400688c
2 parents 2dda1dc + ab42d89
commit 400688c
Show file tree

Hide file tree

Showing 32 changed files with 2,306 additions and 26 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,67 @@
 # CHANGELOG
 
+## 1.523.1
+
+
+
+<details>
+  <summary>feat(elasticache-redis): add snapshot retention limit @nitrocode (#1171)</summary>
+## what
+
+<!--
+- Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
+- Use bullet points to be concise and to the point.
+-->
+- add snapshot retention limit
+
+## why
+
+<!--
+- Provide the justifications for the changes (e.g. business case).
+- Describe why these changes were made (e.g. why do these commits fix the problem?)
+- Use bullet points to be concise and to the point.
+-->
+- Resolves [ElastiCache.1](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-1) (ElastiCache (Redis OSS) clusters should have automatic backups enabled) securityhub control by giving the ability to set this value to a number greater than 0
+
+## references
+
+<!--
+- Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
+- Use `closes #123`, if this PR closes a GitHub issue `#123`
+-->
+- Default is 0 https://github.com/cloudposse/terraform-aws-elasticache-redis/blob/9104d9a6a120ae9c90f59c5eb4ea711cc2d2c6bb/variables.tf#L223-L227
+- Module received the feature 5 years ago so no need to update the module version https://github.com/cloudposse/terraform-aws-elasticache-redis/pull/45
+- Related PR #1170 which upgrades the module
+</details>
+
+
+## 🤖 Automatic Updates
+
+<details>
+  <summary>Update Changelog for `1.523.0` @github-actions (#1174)</summary>
+Update Changelog for [`1.523.0`](https://github.com/cloudposse/terraform-aws-components/releases/tag/1.523.0)
+</details>
+
+
+
+## 1.523.0
+
+
+
+<details>
+  <summary>feat: Support `enabled` flag for EKS Storage Classes @milldr (#1173)</summary>
+## what
+- Add support for enabled flag in storage class variables
+
+## why
+- Create option to disable a given storage-class if it's include in an imported default component catalog
+
+## references
+- n/a
+</details>
+
+
+
 ## 1.517.1
 
 

diff --git a/modules/dns-delegated/README.md b/modules/dns-delegated/README.md
@@ -7,17 +7,34 @@ tags:
 
 # Component: `dns-delegated`
 
-This component is responsible for provisioning a DNS zone which delegates nameservers to the DNS zone in the primary DNS
+This component is responsible for provisioning a DNS zone which manages subdomains delegated from a DNS zone in the primary DNS
 account. The primary DNS zone is expected to already be provisioned via
 [the `dns-primary` component](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/dns-primary).
 
+If you are deploying a root zone (e.g `example.com`) rather than a subdomain delegated from a root zone (e.g `prod.example.com`),
+and only a single account needs to manage or update the zone you are deploying, then you should use `dns-primary` instead to deploy 
+that root zone into the target account. See 
+[Why not use dns-delegated for all vanity domains?](https://docs.cloudposse.com/layers/network/faq/#why-not-use-dns-delegated-for-all-vanity-domains)
+for more details on that.
+
 This component also provisions a wildcard ACM certificate for the given subdomain.
 
+This component should only be deployed globally, which is to say once per account. See 
+[Why should the dns-delegated component be deployed globally rather than regionally?](https://docs.cloudposse.com/layers/network/faq/#why-should-the-dns-delegated-component-be-deployed-globally-rather-than-regionally)
+for details on why. 
+
+Note that once you delegate a subdomain (e.g. `prod.example.com`) to an account, that 
+account can deploy multiple levels of sub-subdomains (e.g. `api.use1.prod.example.com`) without further configuration,
+although you will need to create additional TLS certificates, as the wildcard in a wildcard TLS certificate
+only matches a single level. You can use [our `acm` component](https://github.com/cloudposse/terraform-aws-components/tree/readme-global-only/modules/acm)
+for that.
+
 ## Usage
 
-**Stack Level**: Global or Regional
+**Stack Level**: Global
+
 
-Here's an example snippet for how to use this component. Use this component in global or regional stacks for any
+Here's an example snippet for how to use this component. Use this component in global stacks for any
 accounts where you host services that need DNS records on a given subdomain (e.g. delegated zone) of the root domain
 (e.g. primary zone).
 
@@ -243,5 +260,10 @@ Takeaway
 
 - [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/dns-delegated) -
   Cloud Posse's upstream component
+- [The `dns-primary` component](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/dns-primary).
+- [The `acm` component](https://github.com/cloudposse/terraform-aws-components/tree/readme-global-only/modules/acm)
+component for that.
+- [Why not use dns-delegated for all vanity domains?](https://docs.cloudposse.com/layers/network/faq/#why-not-use-dns-delegated-for-all-vanity-domains)
+- [Why should the dns-delegated component be deployed globally rather than regionally?](https://docs.cloudposse.com/layers/network/faq/#why-should-the-dns-delegated-component-be-deployed-globally-rather-than-regionally)
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)