Skip to content

Releases: sassoftware/viya4-iac-aws

8.0.0 - December 6, 2023

06 Dec 19:51
@dhoucgitter dhoucgitter
8.0.0
cee4a94
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
8.0.0 - December 6, 2023

Major Version Update

v8.0.0 of viya4-iac-aws is a major version update - some behaviors have changed including:

  • EKS node groups will be placed in a single availability zone
  • BYO network scenario subnet requirements have changed, a NAT gateway is no longer required for BYO network scenarios that used to require it
  • Providers, modules and binaries versions were updated

See details below under BREAKING CHANGES.

BREAKING CHANGES:

  • 🚨#239: feat!: (IAC-1174) EKS Node Pool Subnets to use Single AZ by Default

    • In order to line up with the recommendations from the SAS Viya Platform Operations documentation we are updating the code base so that when EKS node groups are created they will be placed in a single-AZ rather than spanning over multiple-AZs. This feature is controlled by an update to the subnets and subnets_ids map by adding a new key control_plane to allow finer control for subnet assignment. CIDRs/IDs added to the control_plane list will be used for only for the control plane when creating the EKS cluster, AWS requires that there are at least two CIDR ranges provided in different AZs, both ranges must have at least 6 addresses. The existing private CIDR list will now no longer be shared with the control plane and instead only used for the worker nodes during subnet assignment, we changed the default value of this list to only have 1 CIDR range from a single AZ to meet our single-AZ recommendation from the SAS Viya Platform Operations documentation.

    • Relevant SAS Viya Platform documentation for AWS Cluster Requirements: https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=n098rczq46ffjfn1xbgfzahytnmx.htm#p0vx68bmb3fs88n12d73wwxpsnhu

    • This is considered a breaking change since users who initially created their infrastructure with viya4-iac-aws:7.2.1 or earlier will need to destroy their infrastructure if they want to adopt this latest version. This is due to a limitation of the Terraform AWS EKS module, if a configuration value that AWS does not allow you to change post-resource creation (in this case updating the subnets of an EKS control plane) and requires the cluster to be deleted/recreated, the module will instead throw an error since it does not handle performing that recreate operation for you.

    • Relevant GitHub Issue from terraform-aws-modules/terraform-aws-eks: terraform-aws-modules/terraform-aws-eks#2061

  • 🚨#238: feat!: (IAC-619) Support VPCs with private and control_plane subnets, NAT gateway is not required; #238: fix!: (IAC-642) AWS - sg rule not being created when using cluster_endpoint_private_access_cidrs variable

    • Subnet requirements and required inputs for bring your own network scenarios have changed in some cases. Refer to Subnet Requirements and requirements for using existing network resources for additional details.
    • This PR includes breaking changes that update managed security groups and their rules. Existing EC2 instances and their network interfaces with references to the original security groups create an obstacle for direct replacement of the security groups. Users with infrastructure created with the viya4-iac-aws:7.2.1 release or earlier will need to destroy their cluster using the version of viya4-iac-aws used to create their infrastructure and then recreate it with the latest release.

  • #246: feat!: (IAC-1190) Update Providers, Modules, & Binaries

    • Terraform Binary:
      • The recommended version of Terraform to use this project has been updated from 1.4.5 to 1.6.3, you can still use any version >= 1.4.5
        If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, Terraform 1.6.3 will be included in the image.
        If you run this project directly on your machine by executing terraform CLI commands, ensure you have at least version v1.6.3 installed. See installation documentation from HashiCorp.
    • Terraform Modules & Providers
      • The required Terraform providers and modules have been updated to the latest version available.
        If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, the updated versions of the modules and providers will be installed.
        If you run this project directly on your machine by executing terraform CLI commands, run terraform init --upgrade to install the updated required versions of the modules and providers. See init documentation from HashiCorp.

Given the breaking changes for PRs #239 and #238 above, the recommendation for users with existing clusters created with viya4-iac-aws:7.2.1 or earlier and that want to adopt this latest release is to:

  • Follow the SAS Viya Platform Operation backup and restore documentation to perform a full backup of their environment.
  • Uninstall the SAS Viya deployment and destroy the infrastructure using the version of viya4-iac-aws you initially deployed with.
  • Recreate your infrastructure using the latest version of viya4-iac-aws
  • Follow the SAS Viya Platform Operation backup and restore documentation to restore your environment.

ENHANCEMENTS:

  • #235: feat: (IAC-1078) Linting Updates and Code Formatting
  • #238: feat!: (IAC-619) Support VPCs with private and control_plane subnets, NAT gateway is not required
  • #238: feat: (IAC-550) Provide alternatives to nat_id into IAC clusters
  • #238: feat: (IAC-896) Support omitting public,database subnets for BYON models that don't require them
  • #239: feat!: (IAC-1174) EKS Node Pool Subnets to use Single AZ by Default
  • #240: feat: (IAC-367) Allow Ability To Specify Which Availability Zones the Subnets Get Created In
  • #246: feat!: (IAC-1190) Update Providers, Modules, & Binaries

DOCUMENTATION:

  • #229: docs: (IAC-1083) AWS - update all SAS doc links to use parameterized format and documentation.sas.com
  • #241: docs: (IAC-1218) Update Subnet Example to be Single AZ Only
  • #242: docs: (IAC-352) Subnet requirements need more clarity in doc

BUG FIXES:

  • #233: fix: (IAC-923) Update Node Pool IAM Role Names to Include Prefix
  • #238: fix!: (IAC-642) AWS - sg rule not being created when using cluster_endpoint_private_access_cidrs variable
  • #238: fix: (IAC-883) AWS IAC - allow preconfigured VPC and subnets without NAT gateway
  • #238: fix: (IAC-1017) AWS VPC Endpoints for ECR not working properly
  • #245: fix: (IAC-1229) coalescelist failed: no non-null arguments error with byo_network_scenario=3
  • #248: fix: (IAC-1240) cluster_api_mode=public requires ingress rules for API server's private IP address

CHORES:

  • #244: chore: (IAC-1226) Ignore terraform_deprecated_lookup rule, resolve in future release.
  • #247: chore: (IAC-1227) enable terraform_deprecated_lookup
  • #253: chore: (IAC-1190) Bump container test expected versions for terraform and aws-cli
Assets 2
Loading

7.2.1 - September 8, 2023

08 Sep 20:11
@dhoucgitter dhoucgitter
7.2.1
2aed084
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
7.2.1 - September 8, 2023

Support FSx for NetApp ONTAP

The base IAM Policy document has been updated for the 7.2.0 release. Review the policy updates made to that document. You will need to add the iam:AttachUserPolicy and iam:DetachUserPolicy permissions to your user's existing policy document to use FSx for NetApp ONTAP features added in the 7.2.0 release.

BUG FIXES:

  • #231: fix: (IAC-1165) Error: attaching policy msg occurs with a previously working tfvars file
Assets 2
Loading

7.2.0 - September 6, 2023

06 Sep 14:35
@dhoucgitter dhoucgitter
7.2.0
9c486bf
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
7.2.0 - September 6, 2023

Support FSx for NetApp ONTAP

The base IAM Policy document has been updated for this release. Review the policy updates made to that document. You will need to add the IAM AttachUserPolicy and DetachUserPolicy permissions to your user's policy document in order to take advantage of FSx for NetApp ONTAP features added to the viya4-iac-aws project in this release.

ENHANCEMENTS:

  • #228: feat: (IAC-1121) AWS support FSx for NetApp ONTAP
Assets 2
Loading

7.1.0 - August 18, 2023

18 Aug 14:18
@dhoucgitter dhoucgitter
7.1.0
8a5bf5e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
7.1.0 - August 18, 2023

ENHANCEMENTS:

  • #223: feat: (IAC-1123) EKS - Support k8s 1.27 in 2023.09 cadence
Assets 2
Loading

7.0.0 - August 9, 2023

09 Aug 14:05
@dhoucgitter dhoucgitter
7.0.0
c0a6941
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
7.0.0 - August 9, 2023

Major Version Update

v7.0.0 of viya4-iac-aws is a major version update - provider and module versions were updated, an input variable was deprecated and behavior has changed. See details below in breaking changes.

BREAKING CHANGES:

  • #218: feat!: (IAC-722) update terraform-aws-eks module version
    • The aws provider version was updated from 3.76.1 to 5.4.0.
    • If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, the updated versions of the modules and providers will be installed.
    • If you run this project directly on your machine by executing terraform CLI commands, run terraform init --upgrade to install the updated required versions of the modules and providers. See init documentation from HashiCorp.

ENHANCEMENTS:

  • #221: feat: (IAC-722) restore previous aws-rds module behavior, set create_random_password=false
Assets 2
Loading

6.2.0 - June 26, 2023

26 Jun 18:21
@dhoucgitter dhoucgitter
6.2.0
53527b1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
6.2.0 - June 26, 2023

DOCUMENTATION

  • #211: docs: (IAC-1005) EKS - Update IAC CDS Postgres CONFIG VARS documentation

BUG FIXES:

  • #212: fix: (IAC-1068) IAC jumpvm cloud-init, only set folder permissions and ownership initially
  • #213: fix: (IAC-1036) AWS - Security scan remediation for High CVEs
Assets 2
Loading

6.1.0 - June 15, 2023

15 Jun 14:25
@dhoucgitter dhoucgitter
6.1.0
3492d86
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
6.1.0 - June 15, 2023

BUG FIXES:

  • #210: fix: (IAC-998) Remediate critical security vulnerabilities
Assets 2
Loading

6.0.0 - May 25, 2023

25 May 15:02
@dhoucgitter dhoucgitter
6.0.0
5e8459b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
6.0.0 - May 25, 2023

Major Version Update

v6.0.0 of viya4-iac-aws is a major version update - behavior has changed. See details below in breaking changes.

BREAKING CHANGES:

  • #206: feat!: (IAC-969) Update Terraform version to latest - 1.4.5
    • Terraform version was updated from 1.0.0 to 1.4.5.
    • If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, Terraform 1.4.5 will be included in the image.
    • If you run this project directly on your machine by executing terraform CLI commands, ensure you have at least version 1.4.5 installed. See installation documentation from HashiCorp.

ENHANCEMENTS:

  • #193: feat: (IAC-168) added efs_throughput_mode & rate variables needed in iac-aws terraform.tfvars
  • #175: feat: (IAC-811) Automated Terraform Formatting
  • #176: feat: (IAC-811) Added GitHub Actions (hadolint, shellcheck, tflint) to the AWS repo.

DOCUMENTATION:

  • #195: docs: (IAC-948) fixed viya4-iac-aws doc points to AWS EKS doc
Assets 2
Loading

5.9.0 - May 18, 2023

18 May 14:18
@dhoucgitter dhoucgitter
5.9.0
4ca126e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
5.9.0 - May 18, 2023

ENHANCEMENTS:

  • #205 feat: (IAC-980) add K8s 1.26 support, set kubectl default to 1.25
Assets 2
Loading

5.8.0 - April 20, 2023

20 Apr 14:51
@dhoucgitter dhoucgitter
5.8.0
41f127f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
5.8.0 - April 20, 2023

ENHANCEMENTS:

  • #201 feat: (IAC-507) Allow empty tags {} map in AWS example tfvars
Assets 2
Loading