Skip to content

Releases: cloudposse/terraform-aws-codebuild

v2.0.2

23 Feb 00:52
@github-actions github-actions
2.0.2
20c1b29
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.2 Latest
Latest

🚀 Enhancements

feat: custom policy + hardened trust relationship @bt-macole (#132)

what

Updated trust policy so only the codebuild project in this module can use the iam role.
Added ability to toggle on/off default permissions
Added support for attaching a custom policy

Fully backward compatible

why

fe75886

adding a condition on the trust policy for the codebuild project arn ensures
the iam role can not be used by any other codebuild project.

codebuild projects could be extremely permissive, even when least privileged
so enforcing the role can only be used by the intended codebuild project
limits to ability for a threat actor to quietly take control of a powerful
role and do threat actory things.

9f0163f

the default permissions are good for getting up and running, however, they are far more
permissive than any least privileged policy would like, being `*` for all resources for
anything in the default list + any and all additional_permissions.

this allows users to still utilize the quick up and running policy, while also being able
to disable it and replace it with a least privileged custom policy.

the lifecycle rule ensure that users don't get confused by additional permissions and custom
policy variables, failing on a plan if they attempt to use additional_permissions with
default_permissions_enabled set to `false`.

Test Output:

    --- PASS: TestExamplesCustom (62.77s)
    --- PASS: TestExamplesComplete (62.87s)
    --- PASS: TestExamplesVPC (78.32s)
    PASS
    ok      github.com/cloudposse/terraform-aws-codebuild   78.790s

references

resolves: #131

Contributors

bt-macole
Assets 2
Loading

v2.0.1

11 Nov 00:27
@github-actions github-actions
2.0.1
41b7d76
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.1

🚀 Enhancements

Fix bucket settings @max-lobur (#130)

what

Use standalone resource for bucket ACL

why

Regression after AWS v5 upgrade

Contributors

max-lobur
Assets 2
Loading

v2.0.0

10 Nov 20:49
@cloudpossebot cloudpossebot
2.0.0
0586277
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0
Support AWS Provider V5 @max-lobur (#126)

what

Support AWS Provider V5
Linter fixes

why

Maintenance

references

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0

Sync github @max-lobur (#122)

Rebuild github dir from the template

Contributors

max-lobur
Assets 2
Loading

v1.0.0 Initial release with production Semantic Versioning

13 Jul 19:22
@Nuru Nuru
1.0.0
6c27093
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0 Initial release with production Semantic Versioning

Initial release with production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. This module will evolve with breaking changes as we convert it to use our s3-log-storage module and be compatible with the new S3 resource structure introduced in AWS Terraform provider v4.0.

This release follows v0.39.0 with the change:

chore: use numeric instead of number as it's deprecated for random_string @dmitrijn (#112)

what

  • use numeric instead of number as it's deprecated

why

deprecation warnings

references

https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string#number

image

Contributors

dmitrijn
Assets 2
Loading

v0.39.0

21 Jun 20:22
@cloudpossebot cloudpossebot
0.39.0
3cfe869
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.39.0
Add support for path and permissions_boundary to IAM role @Gibby (#99)

what

  • Add support for path and permissions_boundary to IAM role

why

  • We use path and permissions_boundary to limit IAM role creation

Contributors

Gibby
Assets 2
Loading

v0.38.1

21 Jun 20:11
@cloudpossebot cloudpossebot
0.38.1
9a5a34f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.38.1
Add requested inputs @nitrocode (#111)

what

  • Add file_system_locations
  • Add build_image_pull_credentials_type
  • Add s3_cache_bucket_name
  • Add encryption_key (bridgecrew)

why

  • Newer inputs

references

git.io->cloudposse.tools update @dylanbannon (#109)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

  • DEV-143

Contributors

nitrocode and dylanbannon
Assets 2
Loading

v0.38.0

18 Nov 02:43
@cloudpossebot cloudpossebot
0.38.0
cdbd219
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.38.0
Add `description` and `concurrent_build_limit` to `aws_codebuild_project` @gui-don (#89)

what

  • allows user to input a concurrent_build_limit for the codebuild project
  • allows user to input a description for the codebuild project

why

  • Missing and needed
Assets 2
Loading

v0.37.1

21 Aug 03:16
@cloudpossebot cloudpossebot
0.37.1
e1a8e03
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.37.1

🤖 Automatic Updates

Update context.tf @cloudpossebot (#93)

what

This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label

why

To support all the features of the context interface.

Contributors

cloudpossebot
Assets 2
Loading

v0.37.0

05 Aug 13:41
@cloudpossebot cloudpossebot
0.37.0
d078282
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.37.0

NOTE: The github_token_type input defaults to PARAMETER_STORE meaning that the github_token input is the SSM key. If previous functionality is desired then set github_token_type = "PLAINTEXT".

Set GitHub token to be stored as a secret @gausnes (#90)

what

  • updating GitHub token to be stored as a secret, it's currently being stored as plaintext

why

  • reducing attack surface area for leaking provisioned tokens

Contributors

gausnes
Assets 2
Loading

v0.36.1

02 Aug 21:32
@cloudpossebot cloudpossebot
0.36.1
99d6d43
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.36.1

🚀 Enhancements

Add `cache_bucket_suffix_enabled` to complete test @nitrocode (#92)

what

  • Add cache_bucket_suffix_enabled to complete test

why

  • Ensure it works

references

Contributors

nitrocode
Assets 2
Loading