v0.9.1

Bug Fixes

• Limit KMS IAM policy principal to account id (#76)

v0.9.0

Full Changelog: v0.8.2...v0.9.0

Refactor / Breaking Changes

• Image Scanning feature will now be disabled by default (#84)
  • to enable scanning use deploy_image_scanning_ecr and deploy_image_scanning_ecs input variable parameters.

Features

• added a new compute type AppRunner (example/single-account-apprunner) to deploy cloud-connector workload in a lighter way than ECS (#85) (#93) (#97)
• Remove s3 bucket for cloud-connector config, in favor of an environment variable (#86) (#91)

Small Modifications

• consolidate tf 0.15 and review ci (#94)
• notify sysdig internal slack on issue creation (#87)
• fix precommit hook maintenance (#83)

Documentation

• add questionnaire for client requirement gathering and troubleshooting context (#90) (#92)
• add AWS regions reference
• example/organizational; enhance permissions and role usage (#89)

v0.8.2

Small Modifications

• Add telemetry for terraform (#79) (#80)

Doc

• Some clarifications (#81)
  • default admin role usage
  • optional sns region requirement
  • add self-baked helm k8s nodeSelector and toleration usage example
  • add troubleshooting for 409 entityalreadyexists
  • clarify cloudtrail-s3-sns-sqs

v0.8.1

Small Modifications

• pin down permissions for single-k8s example (#74)
• aws_iam_access_key resource, modify lifecycle to reduce possible disruption (#73)
• resouce-group+tags usage awareness (#70)

Documentation

• rotation guidelines for k8s example aws_iam_access_key (#73)
• troubleshooting, sysdig_secure_url and org permissions (#71)

Continuous Integration

• test validate (#69)

v0.8.0

Breaking Changes

• Removed all providers from examples (#66)
  • we mainly did it to let some clients condition the example installation (which could not be done due to Terraform restrictions with conditionals and providers

    A module intended to be called by one or more other modules must not contain any provider blocks.
    A module containing its own provider configurations is not compatible with the for_each, count, and depends_on

  • this aligns with terraform good practices, but requires user to explicitly define all providers

Small Modifications

• Security group, pin down ingress and egress configuration for(#65)
• VPC, remove auto-assign ipv4 (#67)

v0.7.0

Breaking Changes

• Terraform AWS provider launched version 4.0 with breaking changes (#64), upgrade bucket acl/lifecycle/versioning usage to these

Features

• parametrize ecs-task cpu/memory limits (#64),
  Co-authored-by: @r2bit

Small Modifications

• remove secretmanager and kms permissions from workload (#60)

Documentation

• cross provider homogeneization
• add troubleshooting 400 AuthorizationHeaderMalformed on ecs cpu/mem usage
• tips on contribute

v0.6.1

Features

• Enable benchmark on organizational management account ([#58])

• Enable ecr/ecs scanning optionals ([#61])

• Add a new example to trigger AWS events ([#62])

v0.6.0

Feature

• ecs,vpc,sg optionals (#57) (#59)

Documentation

• overall maintenance(#57)

v0.5.0

Feature

• enable vpc region availability zone variables (#53)
  Co-authored-by: Yu Kitazume

Code Refactoring

• remove scanning module (#49)

Small Modifications

• lower kms deletion window

Documentation

• small modifications to self-baked recipee (#51)
• self-baked example library (#50)
• role creation requirement when joining org
• kitchen test. example on howto run a specific kitchen test on local

v0.4.0

Features

• Enable benchmark module on /example/single k8s (#46)

Bug Fixes

• Honor cloudtrail_kms_enable on resource creation (#45)

Code Refactoring

• Merge scanning and connector modules (#44)

Documentation

• clarify cloudconnector sns_topic arn var
• update minimal changes on README