v0.9.0

create nothing if len(statements) == 0 @nitrocode (#15)

what

• create nothing if len(statements) == 0

why

• SCPs cannot be created without a statement

references

N/A

v0.8.1

🐛 Bug Fixes

StringNotLike must match entire string @Nuru (#14)

what

• Fix broken ec2-policies

why

• StringLike and StringNotLike allow wildcards, but still must match the full string. If the value is r5n.large and the test is StringLike r5n the test will fail, because it is not a full string match.
• t3 and r5n are not Instance Types, they are Instance Families. A test on InstanceTypes needs to include the size designator, e.g. r5n.large or m5.metal

v0.8.0

add policy to deny instances that do not support encryption in transit @mcalhoun (#13)

what

• Add an SCP to Deny using instance types that do not support Nitro's Encryption-in-transit as described in the AWS Documentation

why

• To provide automatic encryption in transit between nodes in the VPC

v0.7.0

add policy to deny non-nitro instances @mcalhoun (#12)

what

• Add a policy to deny instances that are not based on the Nitro system

why

• AWS Nitro provides a number of enhanced feature, including automatic instance-to-instance encryption

references

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances

v0.6.1

🤖 Automatic Updates

Update README.md and docs @cloudpossebot (#8)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.6.0

context.tf updated to v0.24.1, minimum required Terraform version bumped to 0.13.0 when needed, readme updated @maximmi (#10)

what

• update context.tf to v0.24.1
• minimum required Terraform version bumped to 0.13.0
• readme updated, Bridgecrew compliance badges added

why

• It allows for setting the letter case of tag names and labels, back compatibility with context v0.22.0 and below
• we have dropped support for Terraform 0.12
• To be able see and fix the recommendations from Bridgecrew so we can position our modules as standards compliant

v0.5.0

Terraform 0.14 upgrade @maximmi (#6)

what

• Upgrade to support Terraform 0.14 and bring up to current Cloud Posse standard

why

• Support Terraform 0.14

v0.4.0

Add catalog of SCPs @aknysh (#5)

what

• Add catalog of SCPs

why

• The catalog is the one place to maintain our collection of SCPs
• The policies from the catalog will be used (remotely downloaded) in other modules (e.g. reference architectures)

v0.3.0

Use `terraform-yaml-config` module in the example @aknysh (#4)

what

• Use terraform-yaml-config module in the example

why

• Simplify the logic to convert YAML configs into Terraform lists and maps (the complex conversion logic is in one place now in the terraform-yaml-config module)
• terraform-yaml-config is a Terraform module to convert local and remote YAML configuration templates into Terraform lists and maps.
• The module accepts paths to local and remote YAML configuration template files and converts the templates into Terraform lists and maps for consumption in other Terraform modules.
• The module also accepts a map of parameters for interpolation within the YAML config templates.

v0.2.0

Add Service Control Policies. Make the `condition` statement in SCPs a list @aknysh (#3)

what

• Add Service Control Policies
• Make the condition statement in SCPs a list

why

• Extend our catalog of SCPs
• Make the condition statement in SCPs a list to allow specifying multiple conditions in a SCP, which will allow all SCPs described in orgs_manage_policies_scps_examples (e.g. "Example: Deny access to AWS based on the requested AWS Region")