v1.11.4

🐛 Bug Fixes

fix(reserved instances): use var.instance_type to determine RI offering instead of optional db_instance_class var @kevcube (#235)

the var `db_instance_class` isn't required, so won't always be available. `instance_type` is required.

v1.11.3

feat: support reserved instances @kevcube (#233)

## questions - do we want to allow customization of the count/size of reserved instances?

🤖 Automatic Updates

Update terratest to '>= 0.46.0' @osterman (#215)

## what - Update terratest `>= 0.46.0`

why

• Support OpenTofu for testing

References

• https://github.com/gruntwork-io/terratest/releases/tag/v0.46.0
• DEV-374 Add opentofu to all our Terragrunt Testing GHA matrix

v1.11.2

Dual stack support @ngoyal16 (#231)

## what

RDS cluster can be run in two network modes - IPV4 or DUAL.
Underlying module already supports this parameter

why

It can be mandatory to enable it to be able to connect from ipv6 only runtimes

references

Closes #175

🤖 Automatic Updates

Migrate new test account @osterman (#232)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#229)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#228)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v1.11.1

🚀 Enhancements

fix: Too long identifier name error @MaxymVlasov (#226)

what

Fix too long identifier name without cluster recreation:

set id_length_limit = 40 for

module "aurora" {
  source  = "cloudposse/rds-cluster/aws"
  version = "1.10.0"
  ...
  id_length_limit = 40
}

will cause such recreation if final module.this.id will be between 40-60 characters

why

https://github.com/cloudposse/terraform-aws-rds-cluster/releases/tag/1.10.0 introduced random_pet, which adds 2 extra words on the top of module.this.id, and that exceed limit of 63 allowed characters for RDS names

╷
│ Error: creating RDS Cluster (company-staging-aurora-payments-ledger-service-aliases) Instance (company-staging-aurora-payments-ledger-service-aliases-promoted-piglet-1): operation error RDS: CreateDBInstance, https response error StatusCode: 400, RequestID: 1979b42f-b1df-4e00-b0ec-d3b629b3002d, api error InvalidParameterValue: Invalid database identifier:  company-staging-aurora-payments-ledger-service-aliases-promoted-piglet-1
│ 
│   with module.aurora_aliases.aws_rds_cluster_instance.default[0],
│   on .terraform/modules/aurora_aliases/main.tf line 261, in resource "aws_rds_cluster_instance" "default":
│  261: resource "aws_rds_cluster_instance" "default" {

This PR limit final identifier to 62-63 chars (depends on count of replica)

references

Fixing #213

🐛 Bug Fixes

fix: Too long identifier name error @MaxymVlasov (#226)

what

Fix too long identifier name without cluster recreation:

set id_length_limit = 40 for

module "aurora" {
  source  = "cloudposse/rds-cluster/aws"
  version = "1.10.0"
  ...
  id_length_limit = 40
}

will cause such recreation if final module.this.id will be between 40-60 characters

why

https://github.com/cloudposse/terraform-aws-rds-cluster/releases/tag/1.10.0 introduced random_pet, which adds 2 extra words on the top of module.this.id, and that exceed limit of 63 allowed characters for RDS names

╷
│ Error: creating RDS Cluster (company-staging-aurora-payments-ledger-service-aliases) Instance (company-staging-aurora-payments-ledger-service-aliases-promoted-piglet-1): operation error RDS: CreateDBInstance, https response error StatusCode: 400, RequestID: 1979b42f-b1df-4e00-b0ec-d3b629b3002d, api error InvalidParameterValue: Invalid database identifier:  company-staging-aurora-payments-ledger-service-aliases-promoted-piglet-1
│ 
│   with module.aurora_aliases.aws_rds_cluster_instance.default[0],
│   on .terraform/modules/aurora_aliases/main.tf line 261, in resource "aws_rds_cluster_instance" "default":
│  261: resource "aws_rds_cluster_instance" "default" {

This PR limit final identifier to 62-63 chars (depends on count of replica)

references

Fixing #213

v1.11.0

feat: manage master credentials in secrets manager @pazaan (#221)

what

Allow to manage master credentials in Secrets Manager

why

Managed secrets are more secure and easy to use.

references

• closes #166
• Duplicate of #218, but that PR looks like it's gone stale. I pushed the same fixes to the original branch as well, in case @salemgolemugoo wanted to push them forward to Pull 218, but that hasn't had any activity either.

v1.10.2

🚀 Enhancements

fix: pass var.db_port to RDS cluster instances @emmanuelchibuogwu (#222)

what

Currently, the var.db_port variable is not passed to both aws_rds_cluster resources.

why

var.db_port is passed to the security group but not the cluster instances, this results to the following cases:

1. setting var.db_port to a value other than the default makes the cluster inaccessible .
2. No way to expose the RDS cluster on a different port

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster.html#port
• closes #120

🐛 Bug Fixes

fix: pass var.db_port to RDS cluster instances @emmanuelchibuogwu (#222)

what

Currently, the var.db_port variable is not passed to both aws_rds_cluster resources.

why

var.db_port is passed to the security group but not the cluster instances, this results to the following cases:

1. setting var.db_port to a value other than the default makes the cluster inaccessible .
2. No way to expose the RDS cluster on a different port

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster.html#port
• closes #120

v1.10.1

🚀 Enhancements

Fix conflicting `restore_to_point_in_time` attributes @ericluria (#217)

what

• Fixes handling of use_latest_restorable_time and restore_to_time while preserving existing default values for backwards compatibility

why

• Original attempt at fixing this (#216) was insufficient

references

• Follow-up to original attempt: #216
• Correctly fixes #163

🐛 Bug Fixes

Fix conflicting `restore_to_point_in_time` attributes @ericluria (#217)

what

• Fixes handling of use_latest_restorable_time and restore_to_time while preserving existing default values for backwards compatibility

why

• Original attempt at fixing this (#216) was insufficient

references

• Follow-up to original attempt: #216
• Correctly fixes #163

v1.10.0

reopen #192 @finchr (#213)

what
I implemented create_before_destroy on the aws_rds_cluster_instance default instances.
Originally in #192 but that was closed for reasons we won't go into here.

why
Making a change to any parameter that triggers a replace on a aws_rds_cluster_instance results in all instances being destroyed before attempting to create a new instance which causes an outage. This a faster (and safer) altenative to #191

references
This closes #190 and is an alternative to #191

v1.9.1

Support restoring to a specific time @ericluria (#216)

what

• Adds restore_to_time as an attribute of the restore_to_point_in_time parameter, allowing to restore to a specific datetime rather than the latest restorable time.

why

• Fixes missing functionality that's supported by the aws_rds_cluster resource.

references

• Closes #163

questions

I noticed while making this PR that source_cluster_identifier defaults to "120m", which looks like an inadvertent copy-and-paste from another parameter. In the aws_rds_cluster resource, this parameter is required, so it doesn't make sense to have a default anyway. Would you recommend leaving this parameter as-is, or should we fix it?

edit: fixed as part of this PR

🤖 Automatic Updates

Update release workflow to allow pull-requests: write @osterman (#214)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#212)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#211)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#210)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#207)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

v1.9.0

add option for enabling global write forwarding @tdockseydt (#186)

what

Add option for enabling global write forwarding for aws rds cluster.

why

• Ability to enable global write forwarding across our aws rds clusters.
• https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-write-forwarding-apg.html
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#enable_global_write_forwarding

🤖 Automatic Updates

Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /test/src @dependabot (#204)

Bumps google.golang.org/grpc from 1.51.0 to 1.56.3.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
• faab873 Update version.go to v1.56.2 (#6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
• ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
• cd6a794 Update version.go to v1.56.2-dev (#6387)
• 5b67e5e Update version.go to v1.56.1 (#6386)
• d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
• 997c1ea Change version to 1.56.1-dev (#6345)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• `@dep...