v0.13.1

feat: expose amazon_side_asn variable PePe Amengual (@jamengual) (#67)

## what

Adds optional amazon_side_asn variable to the module (default 64512, matching the AWS provider default) and plumbs it through to the aws_ec2_transit_gateway resource.

variable "amazon_side_asn" {
  type    = number
  default = 64512
}

 resource "aws_ec2_transit_gateway" "default" {
   ...
+  amazon_side_asn                    = var.amazon_side_asn
   auto_accept_shared_attachments     = var.auto_accept_shared_attachments
   ...
 }

why

The module currently does not expose amazon_side_asn, so all Transit Gateways created by it share the AWS default ASN 64512. This is a problem in several real-world deployments:

• TGW-to-TGW peering (same or cross-region) — AWS rejects peering attachments when both TGWs share an ASN.
• Direct Connect Gateway associations — each TGW associated with a DXGW must have a unique ASN.
• BGP-based Site-to-Site VPN — when multiple TGWs terminate against the same on-premises customer gateway, identical ASNs cause unpredictable BGP best-path selection.

In our SALUS landing zone we run two Transit Gateways (prod + non-prod) in the same account; without distinct ASNs we cannot move to BGP VPNs or DX in the future without destroying and recreating both TGWs (because `amazon_side_asn` is `ForceNew` on the underlying resource).

references

• AWS Terraform provider — `aws_ec2_transit_gateway` argument reference
• AWS API — `TransitGatewayRequestOptions.AmazonSideAsn`
• AWS whitepaper — Building a Scalable and Secure Multi-VPC AWS Network Infrastructure

test

• `terraform init -backend=false` — OK
• `terraform validate` — Success! The configuration is valid.
• `terraform fmt -recursive -check` — clean
• Default value preserves current behavior; no existing deployment will see drift.

Generate readme for submodules Igor Rodionov (@goruha) (#66)

## what * Generate readme for submodules

why

• Allow all to keep the README updated

references

• https://linear.app/cloudposse/issue/DEV-3521/make-cicd-workflow-support-readmes-in-modules-subfolders

v0.13.0

fix: cleanup ram association destruction RoseSecurity (#65)

## what

• This updates the logic for enabling AWS Resource Access Manager (RAM) features by centralizing the enablement flag and ensuring consistent usage throughout the ram.tf file. The main focus is to improve maintainability and ensure resources are destroyed as intended when the module is disabled.

Refactoring and consistency improvements:

• Added a new local variable ram_resource_share_enabled to encapsulate the logic for enabling RAM resource sharing, and updated all references to use this local instead of the raw input variable
• Updated the calculation of ram_principals to use local.ram_resource_share_enabled, ensuring principal logic is consistent with the new enablement flag.
• Modified the count attribute for aws_ram_resource_share, aws_ram_resource_association, and the aws_organizations_organization data source to use local.ram_resource_share_enabled, improving clarity and maintainability.

why

• Ensure resources are destroyed as intended when the module is disabled

v0.12.0

feat: allow sg referencing support Bruce (@brucex) (#64)

## what

• Allow users to enable SG support for transit gateway

why

• Allows SG referencing when using transit gateways from other accounts

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway#security_group_referencing_support-1
• closes #63

🤖 Automatic Updates

Fix go version in tests Erik Osterman (Cloud Posse) (@osterman) (#59)

## what - Update go `1.24`

why

• Error loading shared library libresolv.so.2 in Go 1.20

References

• https://sweetops.slack.com/archives/G014YEKDH4K/p1746672149263629
• golang/go#59305 (comment)
• cloudposse/terraform-aws-cloudfront-s3-cdn#294

Replace Makefile with atmos.yaml Erik Osterman (Cloud Posse) (@osterman) (#57)

## what - Remove `Makefile` - Add `atmos.yaml`

why

• Replace build-harness with atmos for readme genration

References

• DEV-3229 Migrate from build-harness to atmos

Migrate new test account Erik Osterman (Cloud Posse) (@osterman) (#52)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml Erik Osterman (Cloud Posse) (@osterman) (#49)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v0.11.3

Update README.yaml Gary Mclean (@garym-krrv) (#48)

ram_principal is deprecated as per source code.
We should now be using ram_principals variable in the module

what

why

references

🤖 Automatic Updates

Update release workflow to allow pull-requests: write Erik Osterman (Cloud Posse) (@osterman) (#47)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo Erik Osterman (Cloud Posse) (@osterman) (#46)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action Erik Osterman (Cloud Posse) (@osterman) (#45)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows Erik Osterman (Cloud Posse) (@osterman) (#44)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo Erik Osterman (Cloud Posse) (@osterman) (#43)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings Erik Osterman (Cloud Posse) (@osterman) (#42)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

v0.11.2

Configurable timeoutes Hans Donner (@hans-d) (#40)

what

• Replace hardcoded (but default) timeout for aws_route with configurable one

why

• more flexibilty needed re tiemouts

🤖 Automatic Updates

Update Scaffolding Erik Osterman (Cloud Posse) (@osterman) (#39)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v0.11.1

🚀 Enhancements

Updating default value description to match actual default value @joshuabalduff (#26)

what

default_route_table_association and default_route_table_propagation are set to disable so the description should reflect default values that to avoid possible confusion.

why

So it matches :) unless the default value really should be enable

references

🤖 Automatic Updates

Update README.md and docs Cloud Posse Bot (CI/CD) (@cloudpossebot) (#36)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.11.0

Support AWS Provider V5 Max Lobur (@max-lobur) (#35)

what

Support AWS Provider V5
Linter fixes

why

Maintenance

references

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0

Sync github Max Lobur (@max-lobur) (#33)

Rebuild github dir from the template

v0.10.0

• No changes

v0.9.1

git.io->cloudposse.tools update dylanbannon (#21)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

🚀 Enhancements

Bump aws provider to v4.4.0 RB (@nitrocode) (#23)

what

• Bump aws provider to v4.4.0

why

• Prevent people from using an older provider version which would cause issues

references

• https://github.com/hashicorp/terraform-provider-aws/releases/tag/v4.4.0
• Previous PR #20
• Closes #24

v0.9.0

Support multiple RAM principals Alex Jurkiewicz (@alexjurkiewicz) (#19)

Introduce new variable var.ram_principals, and deprecate
var.ram_principal. Deprecating rather than removing the old variable is
a lot more complex, code-wise, but the complexity is contained and
should ease the upgrade path for existing customers.

Fixes #14