8.6.0 - October 31, 2024

Release Notes

• Terraform version was updated from 1.8.5 to 1.9.6.

• If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, Terraform 1.9.6 will be included in the image.

• If you run this project directly on your machine by executing Terraform CLI commands, ensure you have at least version 1.9.6 installed. See installation documentation from HashiCorp. Update the CLI binaries and run terraform init -upgrade to pull down the latest provider and module updates.

• Updating to the 20.x version of the terraform-aws-eks module introduces the following change in behavior (see details in the UPGRADE-20.0 document):

  • Support for cluster access management has been added with the default authentication mode set as API_AND_CONFIG_MAP. This is a one way change if applied; if you wish to use CONFIG_MAP, you will need to set authentication_mode = "CONFIG_MAP" explicitly when upgrading.

ENHANCEMENTS:

• #307 feat: (PSKD-347) AWS Q4 Tool Version Updates

8.5.1 - September 19, 2024

BUG FIXES:

• #302 fix: (PSKD-678) viya4-aws-iac creates an incomplete IAM policy for the autoscaler Service Account redo
• #303 fix: (PSKD-434) (PSKD-702) AWS no longer has a default storage class with K8s 1.30

DOCUMENTATION:

• #304 docs: Elaborate code review process in CONTRIBUTING.md

ACKNOWLEDGEMENTS:

Thanks to @bkoprivica for his code contribution to this project in PR #292 to help remediate an autoscaler IAM policy issue handled by PR #302.

8.5.0 - August 29, 2024

ENHANCEMENTS:

• #297 feat: (PSKD-517) Add Support for K8s 1.30

8.4.0 - July 22, 2024

ENHANCEMENTS:

• #293: feat: (IAC-1472) AWS - Security Scan 2024.06

BUG FIXES:

• #295: fix: (PSKD-494) AWS - private endpoint type for S3 should be of type Interface

8.3.0 - May 17, 2024

RELEASE NOTES:

Terraform version was updated from 1.7.3 to 1.8.3.

• If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, Terraform 1.8.3 will be included in the image.
• If you run this project directly on your machine by executing terraform CLI commands, ensure you have at least version 1.8.3 installed. See installation documentation from HashiCorp.

ENHANCEMENTS:

• #289: feat: (IAC-1435) AWS - Security Scan 2024.05

8.2.0 - April 18, 2024

ENHANCEMENTS:

• #277: feat: (IAC-1347) Updated external Postgres server version to 15
• #279: feat: (IAC-1376) Add Support for K8s 1.29

DOCUMENTATION:

• #281: docs: (IAC-1411) Updated copyright range to 2024

BUG FIXES:

• #282: fix: (IAC-1380) AWS Autoscaling Launch Template Tags Incorrect

CHORES:

• #274: chore: (IAC-1330) Update container structure workflow to run acceptance test for PRs targeting staging branch
• #276: chore: (IAC-1340) Disable Blank GitHub Issues & Add Feature Request Template

8.1.1 - February 15, 2024

BUG FIXES:

• #269: fix: (IAC-922) Assign tags to resources missing them

8.1.0 - January 19, 2024

RELEASE NOTES:

Terraform version was updated from 1.6.3 to 1.6.6.

• If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, Terraform 1.6.6 will be included in the image.
• If you run this project directly on your machine by executing terraform CLI commands, ensure you have at least version 1.6.6 installed. See installation documentation from HashiCorp.

ENHANCEMENTS:

• #258: feat: (IAC-1265) AWS - Support K8s 1.28 in Viya 2024.02
• #261: feat: (IAC-1259) AWS - Security scan 2024.01
• #262: feat: (IAC-1259) AWS - Security scan 2024.01

CHORES:

• #255: chore: (IAC-1292) remove terraform_documented_outputs explicit definition
• #267: chore: (IAC-1259) Bump container test expected versions for terraform

8.0.1 - December 12, 2023

CHORES:

• #215: chore: (IAC-1119) add a description for all Terraform outputs without one

8.0.0 - December 6, 2023

Major Version Update

v8.0.0 of viya4-iac-aws is a major version update - some behaviors have changed including:

• EKS node groups will be placed in a single availability zone
• BYO network scenario subnet requirements have changed, a NAT gateway is no longer required for BYO network scenarios that used to require it
• Providers, modules and binaries versions were updated

See details below under BREAKING CHANGES.

BREAKING CHANGES:

• 🚨#239: feat!: (IAC-1174) EKS Node Pool Subnets to use Single AZ by Default

  • In order to line up with the recommendations from the SAS Viya Platform Operations documentation we are updating the code base so that when EKS node groups are created they will be placed in a single-AZ rather than spanning over multiple-AZs. This feature is controlled by an update to the subnets and subnets_ids map by adding a new key control_plane to allow finer control for subnet assignment. CIDRs/IDs added to the control_plane list will be used for only for the control plane when creating the EKS cluster, AWS requires that there are at least two CIDR ranges provided in different AZs, both ranges must have at least 6 addresses. The existing private CIDR list will now no longer be shared with the control plane and instead only used for the worker nodes during subnet assignment, we changed the default value of this list to only have 1 CIDR range from a single AZ to meet our single-AZ recommendation from the SAS Viya Platform Operations documentation.

  • Relevant SAS Viya Platform documentation for AWS Cluster Requirements: https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=n098rczq46ffjfn1xbgfzahytnmx.htm#p0vx68bmb3fs88n12d73wwxpsnhu

  • This is considered a breaking change since users who initially created their infrastructure with viya4-iac-aws:7.2.1 or earlier will need to destroy their infrastructure if they want to adopt this latest version. This is due to a limitation of the Terraform AWS EKS module, if a configuration value that AWS does not allow you to change post-resource creation (in this case updating the subnets of an EKS control plane) and requires the cluster to be deleted/recreated, the module will instead throw an error since it does not handle performing that recreate operation for you.

  • Relevant GitHub Issue from terraform-aws-modules/terraform-aws-eks: terraform-aws-modules/terraform-aws-eks#2061

• 🚨#238: feat!: (IAC-619) Support VPCs with private and control_plane subnets, NAT gateway is not required; #238: fix!: (IAC-642) AWS - sg rule not being created when using cluster_endpoint_private_access_cidrs variable

  • Subnet requirements and required inputs for bring your own network scenarios have changed in some cases. Refer to Subnet Requirements and requirements for using existing network resources for additional details.
  • This PR includes breaking changes that update managed security groups and their rules. Existing EC2 instances and their network interfaces with references to the original security groups create an obstacle for direct replacement of the security groups. Users with infrastructure created with the viya4-iac-aws:7.2.1 release or earlier will need to destroy their cluster using the version of viya4-iac-aws used to create their infrastructure and then recreate it with the latest release.

• #246: feat!: (IAC-1190) Update Providers, Modules, & Binaries

  • Terraform Binary:
    • The recommended version of Terraform to use this project has been updated from 1.4.5 to 1.6.3, you can still use any version >= 1.4.5
      If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, Terraform 1.6.3 will be included in the image.
      If you run this project directly on your machine by executing terraform CLI commands, ensure you have at least version v1.6.3 installed. See installation documentation from HashiCorp.
  • Terraform Modules & Providers
    • The required Terraform providers and modules have been updated to the latest version available.
      If you run this project using a Docker container, pull the latest release and rebuild the image using the provided Dockerfile, the updated versions of the modules and providers will be installed.
      If you run this project directly on your machine by executing terraform CLI commands, run terraform init --upgrade to install the updated required versions of the modules and providers. See init documentation from HashiCorp.

Given the breaking changes for PRs #239 and #238 above, the recommendation for users with existing clusters created with viya4-iac-aws:7.2.1 or earlier and that want to adopt this latest release is to:

• Follow the SAS Viya Platform Operation backup and restore documentation to perform a full backup of their environment.
• Uninstall the SAS Viya deployment and destroy the infrastructure using the version of viya4-iac-aws you initially deployed with.
• Recreate your infrastructure using the latest version of viya4-iac-aws
• Follow the SAS Viya Platform Operation backup and restore documentation to restore your environment.

ENHANCEMENTS:

• #235: feat: (IAC-1078) Linting Updates and Code Formatting
• #238: feat!: (IAC-619) Support VPCs with private and control_plane subnets, NAT gateway is not required
• #238: feat: (IAC-550) Provide alternatives to nat_id into IAC clusters
• #238: feat: (IAC-896) Support omitting public,database subnets for BYON models that don't require them
• #239: feat!: (IAC-1174) EKS Node Pool Subnets to use Single AZ by Default
• #240: feat: (IAC-367) Allow Ability To Specify Which Availability Zones the Subnets Get Created In
• #246: feat!: (IAC-1190) Update Providers, Modules, & Binaries

DOCUMENTATION:

• #229: docs: (IAC-1083) AWS - update all SAS doc links to use parameterized format and documentation.sas.com
• #241: docs: (IAC-1218) Update Subnet Example to be Single AZ Only
• #242: docs: (IAC-352) Subnet requirements need more clarity in doc

BUG FIXES:

• #233: fix: (IAC-923) Update Node Pool IAM Role Names to Include Prefix
• #238: fix!: (IAC-642) AWS - sg rule not being created when using cluster_endpoint_private_access_cidrs variable
• #238: fix: (IAC-883) AWS IAC - allow preconfigured VPC and subnets without NAT gateway
• #238: fix: (IAC-1017) AWS VPC Endpoints for ECR not working properly
• #245: fix: (IAC-1229) coalescelist failed: no non-null arguments error with byo_network_scenario=3
• #248: fix: (IAC-1240) cluster_api_mode=public requires ingress rules for API server's private IP address

CHORES:

• #244: chore: (IAC-1226) Ignore terraform_deprecated_lookup rule, resolve in future release.
• #247: chore: (IAC-1227) enable terraform_deprecated_lookup
• #253: chore: (IAC-1190) Bump container test expected versions for terraform and aws-cli