Skip to content

v0.27.0 (WARNING: Potential Data Loss) Prepare for AWS provider v4
Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 24 Feb 18:53
0.27.0
2c17ca6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Update: This version no longer recommended

With the release of version 1.0.0 of this module, use of this version is no longer recommended. When you are able to use Terraform v1.3.0 or later and Terraform AWS provider v4.9.0 or later, upgrade directly to v1.0.0 or later of this module.

Warning: Potential total data loss

This release is a refactoring in preparation for supporting Terraform AWS Provider v4. One feature was removed, but otherwise there are no changes to inputs or behavior. However, the Terraform "addresses" of resources have changed, so you are need to run several terraform state mv commands.

Warning: failure to run the required terraform state mv commands will cause Terraform to delete your existing S3 bucket and create a new one, deleting all the data stored in the bucket in the process.

Details on how to safely upgrade are in this repository's Wiki here

Support for "MFA delete" removed

In #54 a contributor added support for MFA delete via the versioning_mfa_delete_enabled. In AWS provider version 3.x this argument was documented with the caveat

This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS.

With AWS provider version 4.0, this argument now does toggle the setting. Unfortunately, that adds the requirement then when it is enabled, you must supply a current MFA token every time you run terraform apply. That is not compatible with automation, and therefore we have no intention to support it and have removed the versioning_mfa_delete_enabled input.

🚀 Enhancements

Refactor to use s3-bucket module, update in general @Nuru (#66)

what

  • Refactor to use terraform-aws-s3-bucket
  • Remove support for mfa_delete
  • Pin AWS provider < 4.0 and disable Renovate bot, closes #64
  • General updates

why

  • Simplify maintenance and standardize on single S3 bucket module, in preparation for upgrade to Terraform AWS provider v4
  • With Terraform AWS provider v4, having mfa_delete enabled requires entering an MFA token for every Terraform operation, which is incompatible with automation. Users requiring mfa_delete should either not use Terraform or create their own fork.
  • Current module does not work with AWS v4, but Renovate would try to update it anyway
  • Stay current with boilerplate and management tools

notes

This is the first of 2 upgrade releases to get this module to support Terraform AWS Provider v4. We are breaking it into 2 releases so that users have the option of upgrading step-by-step rather than all at once. Upgrade instructions are here.

Cleanups and safety checks for upgrade @Nuru (#70)

what

  • Add warning to README and error when force_destroy is true
  • Maintain rule name for lifecycle rule
  • Disable Renovate bot

why

  • If force_destroy is true then an automated, unattended process could cause the S3 bucket to be deleted and all data in it irretrievably lost
  • Remove an unwanted and unneeded source of changes created by upgrading
  • This version should not be updated, it is pinned for compability

references

Closes Renovate PRs:

  • Closes #67 (do not want)
  • Closes #68 (incorporated via build-harness)
  • Closes #69 (do not want)

Contributors

Nuru
Assets 2