Bump 0.11.3 (#138)

Author: jinroh

CHANGELOG.md

@@ -1,16 +1,36 @@
 # Changelog
 
-## Version TBD
+## Version 0.11.3
 
-### agentless-scanner 2024032202
+- Add permissions to copy AMIs (ec2:CopyImage) to improve coverage of cross-account AMI scanning
+- Fix permissions to be able to scan for volumes encrypted with a customer-managed key
 
-- Bump Trivy to version 2024-02-28.
+## Version 0.11.2
+
+- Adds a scanner_channel variable at the root module level to allow specifying the channel to install the agentless scanner from
+- Upgrade datadog-agent to version 7.53
+- Add permissions to be able to scan for Lambda layers
+- Add sensitive_data_scanning_enabled parameter to opt-in to DSPM scanning
+- Add validation to api_key_secret_arns to be non-empty
+- Add parameters to allow specififying custom configuration for the agent and scanner
+
+## Version 0.11.1
+
+- Allow auto-update of the agentless scanner package
+
+## Version 0.11.0
+
+- Encrypted snapshots: allow granting KMS keys for AWS resources (#79) [Pierre Guilleminot]
+
+## Version 0.10.0
 
 ### Terraform
 
+- Add IAM permission to allow decrypting snapshots using CMK (#71)
 - Add missing CopySnapshot permissions to allow AMI scanning
 - Create a dedicated security-group for scanner instead of relying on the VPC default one.
 - Always rely on SecretsManager to store the Datadog API Key
+- Add subnets per Availability Zone to the scanner
 
 ### CloudFormation
 

examples/cross_account/other_account/main.tf

@@ -14,7 +14,7 @@ provider "aws" {
 }
 
 module "delegate_role" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.3"
 
   scanner_roles = [var.scanner_role_arn]
 }

examples/cross_account/scanner_account/main.tf

@@ -14,7 +14,7 @@ provider "aws" {
 }
 
 module "scanner_role" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/agentless-scanner-role?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/agentless-scanner-role?ref=0.11.3"
 
   # compact remove empty value for cross_account_delegate_arn during the first run
   account_roles = compact([
@@ -25,13 +25,13 @@ module "scanner_role" {
 }
 
 module "self_delegate_role" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.3"
 
   scanner_roles = [module.scanner_role.role.arn]
 }
 
 module "agentless_scanner" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner?ref=0.11.3"
 
   api_key               = var.api_key
   instance_profile_name = module.scanner_role.instance_profile.name

examples/custom_vpc/main.tf

@@ -20,20 +20,20 @@ module "agentless_scanner_role" {
 }
 
 module "delegate_role" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.3"
 
   scanner_roles = [module.agentless_scanner_role.role.arn]
 }
 
 module "user_data" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/user_data?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/user_data?ref=0.11.3"
 
   hostname = "agentless-scanning-us-east-1"
   api_key  = var.api_key
 }
 
 module "instance" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/instance?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/instance?ref=0.11.3"
 
   user_data            = module.user_data.install_sh
   iam_instance_profile = module.agentless_scanner_role.profile.name

examples/multi_region/main.tf

@@ -20,7 +20,7 @@ provider "aws" {
 }
 
 module "agentless_scanner_role" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/agentless-scanner-role?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/agentless-scanner-role?ref=0.11.3"
 
   account_roles = [module.delegate_role.role.arn]
   api_key_secret_arns = [
@@ -30,13 +30,13 @@ module "agentless_scanner_role" {
 }
 
 module "delegate_role" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.3"
 
   scanner_roles = [module.agentless_scanner_role.role.arn]
 }
 
 module "agentless_scanner_us" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner?ref=0.11.3"
 
   providers = {
     aws = aws.us
@@ -47,7 +47,7 @@ module "agentless_scanner_us" {
 }
 
 module "agentless_scanner_eu" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner?ref=0.11.3"
 
   providers = {
     aws = aws.eu

examples/single_region/main.tf

@@ -14,20 +14,20 @@ provider "aws" {
 }
 
 module "scanner_role" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/agentless-scanner-role?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/agentless-scanner-role?ref=0.11.3"
 
   account_roles       = [module.delegate_role.role.arn]
   api_key_secret_arns = [module.agentless_scanner.api_key_secret_arn]
 }
 
 module "delegate_role" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner//modules/scanning-delegate-role?ref=0.11.3"
 
   scanner_roles = [module.scanner_role.role.arn]
 }
 
 module "agentless_scanner" {
-  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner?ref=0.11.2"
+  source = "git::https://github.com/DataDog/terraform-module-datadog-agentless-scanner?ref=0.11.3"
 
   api_key               = var.api_key
   instance_profile_name = module.scanner_role.instance_profile.name

modules/azure/custom-data/templates/install.sh.tftpl

@@ -97,7 +97,7 @@ api_key: $DD_API_KEY
 site: $DD_SITE
 azure_client_id: ${azure_client_id}
 installation_mode: terraform
-installation_version: 0.11.2
+installation_version: 0.11.3
 %{if length(scanner_configuration) > 0}
 ${yamlencode(scanner_configuration)}
 %{endif}

modules/user_data/templates/install.sh.tftpl

@@ -102,7 +102,7 @@ hostname: $DD_HOSTNAME
 api_key: $DD_API_KEY
 site: $DD_SITE
 installation_mode: terraform
-installation_version: 0.11.2
+installation_version: 0.11.3
 %{if length(scanner_configuration) > 0}
 ${yamlencode(scanner_configuration)}
 %{endif}