v0.20.0

feat: support inline policies @nitrocode (#79)

## what

• support inline policies

why

• Most of the time users want to create a specific policy for a specific role and don't realize that the same policy can be accidentally reused for another purpose which makes it difficult to delete the role and policy
• Inline policies do not need to be tagged
• If a managed policy is updated and is attached to multiple roles, now it will impact multiple roles

references

• closes #78

🤖 Automatic Updates

Migrate new test account @osterman (#77)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#76)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#75)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#74)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#72)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#71)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#70)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#69)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#66)

## what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Bump golang.org/x/net from 0.0.0-20220421235706-1d1ef9303861 to 0.17.0 in /test/src @dependabot (#65)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220421235706-1d1ef9303861 to 0.17.0.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Add GitHub Settings @osterman (#62)

## what - Install a repository config (`.github/settings.yaml`)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#60)

## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v0.19.0

IAM Role name length limit @goruha (#58)

what

• Fix IAM role name length limit

why

• Fix IAM role name length limited to 64

Sync github @max-lobur (#54)

Rebuild github dir from the template

v0.18.0

• No changes

v0.17.0

Update main.tf @karinatitov (#50)

have a chance to configure the name of the policy

what

• With this change i want to have an ability to provide a custom name for the policy

why

• the resources i'm working with were not created in the same way this module assumes
• to have a chance to configure the name of the policy

git.io->cloudposse.tools update @dylanbannon (#46)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

v0.16.2

🚀 Enhancements

Add enabled check to data source @nitrocode (#45)

what

• Add enabled check to data source
• Add TestExamplesCompleteDisabled check

why

• Prevent creation if enabled is false

references

• cloudposse/terraform-aws-s3-bucket#148

v0.16.1

🚀 Enhancements

Disabling all tags in all iam resources @jamengual (#44)

what

• In #43 I added the option to disable role tags but in environments where roles are created under very strict controls, the policy tags for the roles sometimes can't be tagged. This change disable tags for all IAM related resources.

why

• to disable tags for role-related things. Use one variable instead of two.

references

• #43

v0.16.0

Making tags for roles optional @jamengual (#43)

what

• Make role tags optional

why

• Restrictive policy boundaries do not allow tag roles in highly secure environments.

v0.15.0

allow to set role and policy path @1david5 (#40)

what

• Add path argument to role and policy resources

why

• Allow users to set path for role and policy

v0.14.1

Fix: Fix Variable Description Typo for `var.use_fullname` @korenyoni (#36)

what

• Fix variable description typo introduced in #35 for var.use_fullname

why

• Minor typo (unmatched right bracket).

references

• #35

Drop unused null provider @Xerkus (#34)

what

• Drop hashicorp/null provider from dependencies

why

• As far as I can tell the null provider is not used and I do not think it is needed for any kind of indirect dependency
• I think it was needed at some point for terraform-null-label

references

• Closes #31

Fix: fix variable description for `var.use_fullname`, run `make github/init` @korenyoni (#35)

what

• Fix variable description for var.use_fullname.
• Run make github/init.

why

• The var.use_fullname variable description is incorrect and refers to ECR repositories instead of IAM roles.
• Running make github/init will update GHA-workflow related files (and CODEOWNERS), the former of which is required for the no-release label (which allows for consolidating multiple small PRs such as this into one release).

references

• N/A

🚀 Enhancements

Add tags to policy @nitrocode (#37)

what

• Add tags to policy

why

• Tag it all

references

N/A

v0.14.0

Add assume role policy conditions and managed iam policies @sebastianmacarescu (#33)

what

• option to attach AWS Managed IAM policies to created role
• option to add conditions to trust policy

why

• we should be able to use aws managed policies (or any other policies) and not create new ones dedicated for this role
• we should be able to add conditions on who can assume this role (mfa enabled, be part of organization, specific session name, etc)

references

• closes #24
• documentation for conditions: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document
• documentation for conditions in trust role policies: https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/