v4.10.0

🚀 Enhancements

feat: add deletion protection option to EKS cluster RoseSecurity (#260)

## what

• Added a new deletion_protection_enabled variable for configuring EKS cluster deletion protection.
• Wired the variable to the EKS cluster deletion protection setting.
• Defaulted the variable to false to preserve existing behavior.

why

• Allows users to prevent accidental EKS cluster deletion when needed.
• Keeps deletion protection opt-in so existing deployments are not affected.

references

• AWS EKS deletion protection documentation: https://docs.aws.amazon.com/eks/latest/userguide/deletion-protection.html

v4.9.0

feat: add EKS Auto Mode support Ben (@Benbentwo) (#259)

## Summary - Add `compute_config`, `storage_config`, and `elastic_load_balancing` object variables for fully configurable Auto Mode support - Add dynamic blocks for `compute_config`, `storage_config`, and `elastic_load_balancing` on `aws_eks_cluster` - Add `sts:TagSession` to cluster role trust policy when Auto Mode enabled - Attach 4 Auto Mode cluster IAM policies (`AmazonEKSComputePolicy`, `AmazonEKSBlockStoragePolicy`, `AmazonEKSLoadBalancingPolicy`, `AmazonEKSNetworkingPolicy`) - Add `auto_mode_enabled` output - Add consistency check ensuring all three capabilities are toggled together - Auto-set `bootstrap_self_managed_addons = false` when Auto Mode is enabled - Bump AWS provider minimum to `>= 5.79.0`

All defaults preserve current behavior -- this is additive and non-breaking.

Test plan

• terraform validate passes (verified locally)
• terraform plan on existing cluster shows no changes (backward compat)
• Deploy new cluster with Auto Mode enabled, verify via aws eks describe-cluster
• Verify cluster IAM role has Auto Mode policies attached
• Verify bootstrap_self_managed_addons is correctly auto-set

🤖 Generated with Claude Code

v4.8.0

Feat: Add remote_network_config configuration Maksymilian Szczepańczyk (@mszczepanczyk-soprasteria) (#258)

## what

• Add configuration for remote node and pod networks

why

• Support for hybrid nodes
• We use it in combination with Cilium in overlay mode so that the cluster correctly recognizes IPs in cilium pod CIDR as pods

references

• https://docs.aws.amazon.com/eks/latest/userguide/hybrid-nodes-cluster-create.html
• https://medium.com/@the.jfnadeau/eks-cilium-as-the-only-cni-driver-with-simplified-hybrid-nodes-and-admission-webhooks-routing-1f351d11f9dd

v4.7.0

feat: add pod identity association support for EKS addons Pavlo Kryvko (@litanyofmadness) (#256)

## what

• Added pod_identity_association parameter to EKS addons configuration
• Maps service account names to IAM role ARNs for pod identity authentication
• Maintains backward compatibility with existing configurations

why

• Enables modern IAM authentication for EKS addons using pod identities
• Aligns with AWS best practices for EKS

references

Terraform EKS Addon Pod Identity: Docs
Closes: #252

🤖 Automatic Updates

Fix go version in tests Erik Osterman (Cloud Posse) (@osterman) (#255)

## what - Update go `1.24`

why

• Error loading shared library libresolv.so.2 in Go 1.20

References

• https://sweetops.slack.com/archives/G014YEKDH4K/p1746672149263629
• golang/go#59305 (comment)
• cloudposse/terraform-aws-cloudfront-s3-cdn#294

Replace Makefile with atmos.yaml Erik Osterman (Cloud Posse) (@osterman) (#254)

## what - Remove `Makefile` - Add `atmos.yaml`

why

• Replace build-harness with atmos for readme genration

References

• DEV-3229 Migrate from build-harness to atmos

v4.6.0

🚀 Enhancements

• Allow extra tags specific to addons
• Make access_scope optional in access_policy_associations

Enhancements (#250)

## what

• Ensure access entries are created before associating them with policies
• Allow extra tags specific to addons
• Make access_scope optional in access_policy_associations
• Add testing for enabled=false
• Fix typo in hyperlink

why

• Some addons require specific tags for configuration
• All the elements of access_scope are optional, so access_scope itself is not required

references

• Supersedes and closes #230
• Supersedes and closes #233
• Closes #247
• Closes #248

🐛 Bug Fixes

• Ensure access entries are created before associating them with policies
• Add testing for enabled=false
• Fix typo in hyperlink

Bugfixes Nuru (@Nuru) (#250)

## what

• Ensure access entries are created before associating them with policies
• Add testing for enabled=false
• Fix typo in hyperlink

why

• Race condition can cause cluster creation to fail if Terraform attempts to create access entries and policy associations in parallel
• Standard testing requirement, ensure no resources are created and module functions without error when enabled=false
• Fix typo

references

• Supersedes and closes #230
• Supersedes and closes #233
• Closes #247
• Closes #248

v4.5.0

Add support for upgrade policy configuration Ihor Urazov (@z0rc) (#245)

## what

Add module variable to set aws_eks_cluster's upgrade_policy.

why

I need to be able to downgrade EKS support policy from default "Extedned" to "Standard".

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#upgrade_policy

https://aws.amazon.com/about-aws/whats-new/2024/07/amazon-eks-controls-kubernetes-version-support-policy/

Summary by CodeRabbit

• New Features

  • Introduced a new input parameter upgrade_policy for configuring the support policy of the EKS cluster.
  • Added a new variable zonal_shift_config to the Terraform configuration.

• Documentation

  • Updated README and Terraform documentation to include details about the new upgrade_policy input.
  • Enhanced clarity and comprehensiveness of existing inputs and outputs documentation.
  • Added examples for the upgrade_policy configuration in the fixtures and variable files.

• Bug Fixes

  • Updated default values for existing variables to improve clarity and usability.

v4.4.1

Add support for zonal shift configuration Ihor Urazov (@z0rc) (#243)

## what

Add support of zonal shift config for the cluster. Closes #242

why

See linked ticket.

references

See linked ticket.

additional info

<br> to <br/> changes are caused by new version of terraform-docs and are intended, see terraform-docs/terraform-docs#787

🤖 Automatic Updates

Update terratest to '>= 0.46.0' Erik Osterman (Cloud Posse) (@osterman) (#232)

## what - Update terratest `>= 0.46.0`

why

• Support OpenTofu for testing

References

• https://github.com/gruntwork-io/terratest/releases/tag/v0.46.0
• DEV-374 Add opentofu to all our Terragrunt Testing GHA matrix

Migrate new test account Erik Osterman (Cloud Posse) (@osterman) (#240)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml Erik Osterman (Cloud Posse) (@osterman) (#239)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml Erik Osterman (Cloud Posse) (@osterman) (#238)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v4.4.0

🚀 Enhancements

feat: Add support bootstrap_self_managed_addons sergeyrudenko111 (#236)

## what

• Add support of bootstrap_self_managed_addons for aws_eks_cluster resource

why

• This change will provide an opportunity to not bootstrap default networking addons for new cluster

references

https://aws.amazon.com/about-aws/whats-new/2024/06/amazon-eks-cluster-creation-flexibility-networking-add-ons/

v4.3.0

feat: Add missed tags Maksym Vlasov (@MaxymVlasov) (#235)

## what

Add tags to resources where they missed

🤖 Automatic Updates

Update .github/settings.yml Erik Osterman (Cloud Posse) (@osterman) (#234)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v4.2.0

add cloudwatch_log_group_class config peter-novata (#229)

what

• Add configuration option for the cloudwatch log infrequent access

why

terraform AWS provider added support for the recent cloudwatch log infrequent access feature which reduces cloudwatch log costs by up to 50%

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group.html#log_group_class
https://aws.amazon.com/blogs/aws/new-amazon-cloudwatch-log-class-for-infrequent-access-logs-at-a-reduced-price/

🤖 Automatic Updates

Update release workflow to allow pull-requests: write Erik Osterman (Cloud Posse) (@osterman) (#231)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo Erik Osterman (Cloud Posse) (@osterman) (#228)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows