Releases · cloudposse-terraform-components/aws-lambda

@johncblandii

fix(lambda): prevent strcontains null error on zip deploys @johncblandii (#54)

## Summary

Fix a plan-time failure that occurred whenever the function was deployed from a zip (image_uri == null) while cicd_ssm_param_name was set.
Add a fast, credential-free terraform test unit suite that reproduces the regression and guards the image_uri resolution logic going forward.

Changes

src/main.tf: make the local.image_uri resolution null-safe. Terraform/OpenTofu's && does not short-circuit, so strcontains(var.image_uri, "%s") was evaluated even when var.image_uri was null, failing with Invalid value for "str" parameter: argument must not be null. The string fed to strcontains() now goes through an inner ternary (var.image_uri == null ? "" : var.image_uri), which does short-circuit. (Note: coalesce(var.image_uri, "") is not a valid fix here — coalesce also rejects empty strings and would error when image_uri is null.)
test/unit/image_uri/: new native terraform test fixture mirroring the local.image_uri logic, runnable without AWS credentials. The component itself can only be planned via the atmos/Terratest harness (it depends on account-map and remote-state modules), so this isolates the pure logic that broke.
test/README.md: document the integration (atmos test run) and new unit test workflows.

Testing

Unit tests added (test/unit/image_uri/image_uri_unit_test.tftest.hcl, 4 cases)
Verified the test fails against the buggy logic, reproducing the exact production error (Invalid value for "str" parameter)
Verified the test passes against the fix — Success! 4 passed, 0 failed
terraform fmt -check -recursive clean

Run the unit tests with:

```bash
terraform -chdir=test/unit/image_uri init
terraform -chdir=test/unit/image_uri test
```

Notes

Covered scenarios: zip deploy with SSM param set (the regression), templated image_uri formatted with the SSM value, static image_uri passthrough, and image_uri passthrough when no SSM param is configured.

The unit fixture mirrors the src/main.tf expression rather than executing it directly (the component can't init standalone in plain CI). Cross-reference comments in both files note they must stay in sync.

Summary by CodeRabbit

Bug Fixes
- Fixed null-value handling in image URI computation to prevent errors when certain parameters are undefined.
Tests
- Added comprehensive unit tests validating image URI resolution behavior across multiple scenarios.
Documentation
- Added testing layer documentation covering integration and native unit tests with setup instructions.

🤖 Automatic Updates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.46.0 @[renovate[bot]](https://github.com/apps/renovate) (#50)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.45.0` → `0.46.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.46.0`

Compare Source

What's Changed

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #1028
rds: accept sqlserver-dev-ee engine by @Nullh in #1045
Update AWS provider/module and generated content by @github-actions[bot] in #1038
Update AWS provider/module and generated content by @github-actions[bot] in #1053

Chores

Fix maintenance script failure by @wata727 in #1027
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1029
Bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #1030
Bump golang.org/x/net from 0.48.0 to 0.49.0 by @dependabot[bot] in #1032
Bump the aws-sdk group with 3 updates by @dependabot[bot] in #1031
Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by @dependabot[bot] in #1033
Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.279.2 to 1.281.0 in the aws-sdk group by @dependabot[bot] in #1035
Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #1034
Bump actions/attest-build-provenance from 3.1.0 to 3.2.0 by @dependabot[bot] in #1036
Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.281.0 to 1.285.0 in the aws-sdk group by @dependabot[bot] in #1037
Bump the aws-sdk group with 2 updates by @dependabot[bot] in #1039
Bump golang.org/x/net from 0.49.0 to 0.50.0 by @dependabot[bot] in #1040
Remove aws_s3_bucket_invalid_region from docs by @kakakakakku in #1041
Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by @dependabot[bot] in #1042
Bump github.com/aws/smithy-go from 1.24.0 to 1.24.1 by @dependabot[bot] in #1044
Bump the aws-sdk group with 3 updates by @dependabot[bot] in #1043
Bump hashicorp/setup-terraform from 3.1.2 to 4.0.0 by @dependabot[bot] in #1046
Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by @dependabot[bot] in #1048
Bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in #1047
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1049
Bump github.com/zclconf/go-cty from 1.17.0 to 1.18.0 by @dependabot[bot] in #1052
Bump golang.org/x/net from 0.50.0 to 0.51.0 by @dependabot[bot] in #1051
Bump github.com/aws/smithy-go from 1.24.1 to 1.24.2 by @dependabot[bot] in #1050
deps: Bump Go version to 1.26 by @wata727 in #1054

New Contributors

@kakakakakku made their first contribution in #1041
@Nullh made their fi...

@milldr

Guard resources against enabled: false @milldr (#49)

## What

Gate function_name, function_url_enabled, and cloudwatch_event_rules locals on local.enabled so dependent resources are not created when the component is disabled. Guard filename zip reference with local.enabled to prevent index errors. Switch all for_each in triggers_cloudwatch_event_rules.tf from var.cloudwatch_event_rules to local.cloudwatch_event_rules.

Why

Setting enabled: false on a Lambda component causes plan/destroy errors because resources like CloudWatch event rules, function URLs, and zip archives still attempt to reference or create resources that don't exist.

Summary by CodeRabbit

Bug Fixes
- Fixed Lambda function and CloudWatch event rule resources from being created when feature gates are disabled.
- Improved conditional resource provisioning logic to respect configuration settings.

@goruha

🚀 Enhancements

Improve s3_key assignment based on conditions @goruha (#47)

## what * Improve s3_key assignment based on conditions

why

Ensure s3_key set null if s3_bucket_name is null

import:
  - catalog/lambda/defaults

components:
  terraform:
    lambda/hello-world-py:
      metadata:
        component: lambda
        inherits:
          - lambda/defaults
      vars:
        name: hello-world-py
        function_name: main
        description: Hello Lambda from Python!
        handler: lambda.lambda_handler # in go this is the compiled binary, python it's filename.function
        memory_size: 256
        # https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html
        runtime: python3.9
        package_type: Zip # `Zip` or `Image`
        policy_json: null

        # Filename example
        filename: lambdas/hello-world-python/output.zip # generated by zip variable.
        zip:
          enabled: true
          input_dir: hello-world-python
          output: hello-world-python/output.zip

        # S3 Source Example
        # s3_bucket_name: lambda-source # lambda main.tf calculates the rest of the bucket_name
        # s3_key: hello-world-go.zip

this stack configuration lead to error

│ Error: Missing required argument
│ 
│   with module.lambda.aws_lambda_function.this[0],
│   on .terraform/modules/lambda/main.tf line 40, in resource "aws_lambda_function" "this":
│   40:   s3_key                         = var.s3_key
│ 
│ "s3_key": all of `s3_bucket,s3_key` must be specified

Summary by CodeRabbit

Improvements
- Improved deployment configuration handling so storage key assignment is skipped when no storage bucket is configured, preventing invalid configuration and preserving prior behavior when a bucket is present.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#46)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.45.0 @[renovate[bot]](https://github.com/apps/renovate) (#45)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.44.0` -> `0.45.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.45.0`

Compare Source

What's Changed

Breaking Changes

Remove aws_route53_record_invalid_zone_id rule by @wata727 in #979

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #981
Update AWS provider/module and generated content by @github-actions[bot] in #990
Update AWS provider/module and generated content by @github-actions[bot] in #999
Update AWS provider/module and generated content by @github-actions[bot] in #1000
Update AWS provider/module and generated content by @github-actions[bot] in #1004
Update AWS provider/module and generated content by @github-actions[bot] in #1005
Update AWS provider/module and generated content by @github-actions[bot] in #1011
Update AWS provider/module and generated content by @github-actions[bot] in #1021

Bug Fixes

dms_s3_endpoint: fix enum validations by @bendrucker in #991
resource_missing_tags: handle explicit refs to default provider by @bendrucker in #1003

Chores

Bump the aws-sdk group with 7 updates by @dependabot[bot] in #980
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #982
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.67 to 2.0.0-beta.68 by @dependabot[bot] in #983
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #987
Bump golang.org/x/net from 0.46.0 to 0.47.0 by @dependabot[bot] in #988
Replace Ruby SDK models with official Smithy repository by @bendrucker in #901
generator: add tests and improve error handling by @bendrucker in #992
Bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #996
Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #995
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #997
Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 by @dependabot[bot] in #994
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1001
Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #1006
Bump github.com/aws/smithy-go from 1.23.2 to 1.24.0 by @dependabot[bot] in #1009
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1008
Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 by @dependabot[bot] in #1007
Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 by @dependabot[bot] in #1012
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.68 to 2.0.0-beta.69 by @dependabot[bot] in #1014
Bump golang.org/x/net from 0.47.0 to 0.48.0 by @dependabot[bot] in #1015
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1013
Bump actions/attest-build-provenance from 3.0.0 to 3.1.0 by [@dependabot](https://redi...

@wavemoran

🚀 Enhancements

Change scaling_config to dynamic block @wavemoran (#44)

## what * Changes the `scaling_config` block to a dynamic config that defaults to `null`

why

If an SQS trigger is used, but no scaling_config variable is passed, we'll see a constant no-op drift in Terraform trying to apply scaling_config that looks like:

# aws_lambda_event_source_mapping.event_source_mapping["foo"] will be updated in-place
~ resource "aws_lambda_event_source_mapping" "event_source_mapping" {
      id                                 = "1234"
      tags                               = {}
      # (21 unchanged attributes hidden)

    + scaling_config {}
  }

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping#scaling_config-configuration-block

Summary by CodeRabbit

Refactor
- Improved Lambda event source mapping configuration to make scaling settings optional, enabling deployments to only apply concurrency limits when explicitly configured.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

🤖 Automatic Updates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.44.0 @[renovate[bot]](https://github.com/apps/renovate) (#43)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.43.0` -> `0.44.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.44.0`

Compare Source

What's Changed

Support for Cosign signatures has been removed from this release. The checksums.txt.keyless.sig and checksums.txt.pem will not be included in the release.
These files are not used in normal use cases, so in most cases this will not affect you, but if you are affected, you can use Artifact Attestations instead.

Breaking Changes

Bump github.com/terraform-linters/tflint-plugin-sdk from 0.22.0 to 0.23.1 by @dependabot[bot] in #966
- Requires TFLint v0.46+

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #954
Update AWS provider/module and generated content by @github-actions[bot] in #959
Update Lambda runtime deprecation dates by @Copilot in #969
Add missing ElastiCache node type: cache.r6gd.large by @Copilot in #971
Fix typos in AWS RDS DB instance types by @Copilot in #972
Add missing AWS S3 bucket naming restrictions by @Copilot in #976

Chores

Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.251.2 to 1.253.0 in the aws-sdk group by @dependabot[bot] in #952
Bump github.com/hashicorp/terraform-json from 0.26.0 to 0.27.2 by @dependabot[bot] in #953
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #956
Bump the aws-sdk group with 2 updates by @dependabot[bot] in #957
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.66 to 2.0.0-beta.67 by @dependabot[bot] in #958
Bump github.com/aws/aws-sdk-go-v2/service/rds from 1.108.0 to 1.108.2 in the aws-sdk group by @dependabot[bot] in #960
Bump golang.org/x/net from 0.44.0 to 0.46.0 by @dependabot[bot] in #961
Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @dependabot[bot] in #962
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #963
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #965
Drop support for Cosign signatures by @wata727 in #968
Add documentation to AWS MQ engine type validation rules by @Copilot in #974
Reorder S3 bucket ACL enum values for consistency by @Copilot in #975

New Contributors

@Copilot made their first contribution in #969

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.43.0...v0.44.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#42)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.43.0 @[renovate[bot]](https://github.com/apps/renovate) (#41)

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.42.0` -> `0.43.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.43.0`

Compare Source

What's Changed

Breaking Changes

Remove aws_ecs_account_setting_default_invalid_name rule by @wata727 in #949

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #921
Update AWS provider/module and generated content by @github-actions[bot] in #948

Chores

...

@Benbentwo

Bugfix: Invalid Policy @Benbentwo (#36)

## TL;DR Bugfixing the policy in the SQS file. This bug is present since #6 where Mergify & Rennovate updated our module to 2.0.2 but that was a breaking change. We do not yet have tests for this component which wouldve caught it.

This pull request updates the structure of the iam_policy in the sqs_iam_policy module to use a list format instead of a map. This change ensures compatibility with downstream modules that expect a list format.

Changes to `iam_policy` structure:

src/triggers_sqs_queue.tf: Updated iam_policy from a map to a list of maps in the sqs_iam_policy module. This involves wrapping the policy definition in square brackets to convert it into a list. [1] [2]

Summary by CodeRabbit

Chores
- Updated configuration format for IAM policy settings to improve compatibility. No changes to functionality or user experience.

@Benbentwo

Feature: Allow lambda images to utilize the `ssm_param_name` variable @Benbentwo (#34)

This pull request introduces enhancements to the Terraform module for managing AWS Lambda functions. Key updates include support for dynamically formatting `image_uri` using SSM parameters, a refactor of the `iam_policy` variable to improve compatibility and usability, and minor adjustments to ensure consistent behavior. Below are the most important changes grouped by theme:

Lambda Deployment Enhancements:

Added logic to dynamically format image_uri using the value of an SSM parameter when cicd_ssm_param_name is set. This allows deploying Lambda functions with tags stored in SSM parameters (src/main.tf, src/main.tfR20-R23).
Updated the module "lambda" block to use the newly defined local.image_uri instead of directly referencing var.image_uri (src/main.tf, src/main.tfL73-R77).

IAM Policy Improvements:

References: https://github.com/cloudposse/terraform-aws-iam-policy/blob/main/variables.tf#L1-L34
Refactored the iam_policy variable type from a single object to a list of objects for better compatibility with the Terraform aws_iam_policy_document data source (src/variables.tf, src/variables.tfL266-R266).
Updated the iam_policy variable description to clarify usage and added nullable = false with a default value of an empty list for stricter validation (src/variables.tf, src/variables.tfL290-R297).

Summary by CodeRabbit

New Features
- Enabled dynamic substitution in the image URI using values from AWS SSM parameters for Lambda deployments.
Improvements
- Updated IAM policy input to accept a list of policy objects instead of a single object, allowing for more flexible policy definitions.
- Improved documentation for the IAM policy variable to clarify its structure and usage.

🤖 Automatic Updates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.41.0 @[renovate[bot]](https://github.com/apps/renovate) (#33)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.40.0` -> `0.41.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.41.0`

Compare Source

What's Changed

@Benbentwo

chore(deps): restrict aws provider version to < 6.0.0 @Benbentwo (#30)

This pull request includes a version constraint update for the AWS provider in the Terraform configuration file `src/versions.tf`. The change ensures compatibility with versions up to but not including 6.0.0.

src/versions.tf: Updated the version constraint for the aws provider to >= 4.9.0, < 6.0.0 to ensure compatibility with future versions while avoiding potential breaking changes in version 6.0.0.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#31)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Enable merge queue @goruha (#29)

## what - Added `auto-merge` workflow - Update `settings.yaml` - Fix CodeOwners files

why

Support auto merge PRs
Create merge queue
Implement new CodeOwners policy

Enable merge queue @goruha (#28)

## what - Added `auto-merge` workflow - Update `settings.yaml` - Fix CodeOwners files

why

Support auto merge PRs
Create merge queue
Implement new CodeOwners policy

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.40.0 @[renovate[bot]](https://github.com/apps/renovate) (#4)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.23.1` -> `0.40.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.40.0`

Compare Source

What's Changed

Enhancements

feat: warn against data sources with ephemeral alternatives by @aristosvo in https://github.com/terraform-linters/tflint-ruleset-aws/pull/861
rules: Update Lambda deprecated runtimes by @wata727 in https://github.com/terraform-linters/tflint-ruleset-aws/pull/886
Update AWS provider/module and generated content by @github-actions in https://github.com/terraform-linters/tflint-ruleset-aws/pull/870

Chores

Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/872
Bump the aws-sdk group with 3 updates by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/873
Bump actions/attest-build-provenance from 2.2.3 to 2.3.0 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/874
Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.212.0 to 1.213.0 in the aws-sdk group by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/875
docs: Rename aws_write_only_attributes.md -> aws_write_only_arguments.md by @wata727 in https://github.com/terraform-linters/tflint-ruleset-aws/pull/876
Bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/877
Bump golang.org/x/net from 0.39.0 to 0.40.0 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/879
Bump the aws-sdk group with 2 updates by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/878
Bump github.com/zclconf/go-cty from 1.16.2 to 1.16.3 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/883
Bump the aws-sdk group with 3 updates by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/882
Bump github.com/hashicorp/terraform-json from 0.24.0 to 0.25.0 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/884

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.39.0...v0.40.0

`v0.39.0`

Compare Source

What's Changed

Enhancements

Update AWS provider/module and generated content by @github-actions in https://github.com/terraform-linters/tflint-ruleset-aws/pull/840
Add aws_iam_role_deprecated_policy_attributes rule by @alexjfisher in https://github.com/terraform-linters/tflint-ruleset-aws/pull/833
aws_write_only_arguments: recommend write-only arguments where available by @aristosvo in https://github.com/terraform-linters/tflint-ruleset-aws/pull/860
Update AWS provider/module and generated content by @github-actions in https://github.com/terraform-linters/tflint-ruleset-aws/pull/855

Bug Fixes

provider_missing_default_tags: correctly handle unknown values by @bendrucker in https://github.com/terraform-linters/tflint-ruleset-aws/pull/851

Chores

Bump the aws-sdk group with 7 updates by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/839
Bump golang.org/x/net from 0.35.0 to 0.37.0 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/842
Bump the aws-sdk group with 7 updates by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/841
Bump the aws-sdk group with 2 updates by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/845
Pin GitHub Action versions by @wata727 in https://github.com/terraform-linters/tflint-ruleset-aws/pull/846
Bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/847
Bump the aws-sdk group with 2 updates by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/848
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.62 to 2.0.0-beta.63 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/849
Bump golang.org/x/net from 0.37.0 to 0.38.0 by @dependabot in https://github.com/terraform-linters/tflint-ruleset-aws/pull/853
Bump the aws-sdk group with 3 updates...

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#26)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#25)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/iam-policy/aws to v2 @[renovate[bot]](https://github.com/apps/renovate) (#6)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-policy/aws (source)	module	major	`1.0.1` -> `2.0.2`

Release Notes

cloudposse/terraform-aws-iam-policy (cloudposse/iam-policy/aws)

`v2.0.2`

Compare Source

feat: support policy attachments @nitrocode (#52)

what

feat: support policy attachments

why

It's very convenient to be able to attach managed policies or attach inline policies to roles in a single module
All cloudposse modules that use IAM roles and policies have to reinvent this technology and support both inline and managed. For a while, cloudposse defaulted to creating managed policies which isnt best practice. Each module is getting updated to support inline as an option. To make this easier, this module can support a toggle and then this module can be adopted into the other modules to make it easier to support both cases.

references

closes #21

Update Readme @Benbentwo (#46)

what

Small appearance tweaks to readme

why

cleanup from interpolation by GitHub

🤖 Automatic Updates

Migrate new test account @osterman (#51)

what

Update .github/settings.yml
Update .github/chatops.yml files

why

Re-apply .github/settings.yml from org level to get terratest environment
Migrate to new test account

References

DEV-388 Automate clean up of test account in new organization
DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#50)

what

Update .github/settings.yml
Drop .github/auto-release.yml files

why

Re-apply .github/settings.yml from org level
Use organization level auto-release settings

references

DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#48)

what

Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#47)

what

Update workflows (.github/workflows) to use shared workflows from .github repo

why

Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#45)

what

Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#44)

what

Update workflows (.github/workflows/settings.yaml)

why

Support new readme generation workflow.
Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#41)

what

Install latest GitHub Action Workflows

why

Use shared workflows from cldouposse/.github repository
Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#36)

what

Install a repository config (.github/settings.yaml)

why

Programmatically manage GitHub repo settings

Update README.md and docs @cloudpossebot (#33)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @osterman (#34)

what

Reran make readme to rebuild README.md from README.yaml
Migrate to square badges
Add scaffolding for repo settings and Mergify

why

Upstream template changed in the .github repo
Work better with repository rulesets
Modernize look & feel

Update README.md and docs @cloudpossebot (#32)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

`v2.0.1`

Compare Source

🐛 Bug Fixes

Remove problematic conditional @Nuru (#31)

what

Remove problematic conditional

why

local.deprecated_statements_values can be a tuple, and Terraform does not have a concept of an empty or null tuple to use as an alternative in a conditional, so you can get an error like:

The true and false result expressions must have consistent types. The 'true' tuple has length 0, but the 'false' tuple has length 2.

references

https://github.com/hashicorp/terraform/issues/33303

`v2.0.0`: Revert breaking change in 1.0, add new breaking change

Compare Source

Revert deprecated input to type "any" @Nuru (#30)

Breaking Change

The iam_policy input introduced in v1.0.0 has been changed from type object to type list(object). This allows multiple policy objects to be provided, but more importantly, allows no input or allows the iam_policy input to be used along with the deprecated iam_policy_statements input.

Reversion of Breaking Change

In v1.0.0, the iam_policy_statements input was deprecated, but it was also converted from type any to type map(object), which was how it was documented. However, it was, in practice, allowed to be a list or a map, and many users were supplying lists. This made it an unintentional breaking change for those users.

In this release, iam_policy_statements (while still deprecated) is reverted to type any and accepts both a map and a list.

what

Revert iam_policy_statements back to type = any
Convert iam_policy input to list
Update documentation

why

Preserve backward compatibility with pre v1.0 module
Enable all inputs to be used in any combination
Reflect changes to usage, remove leftovers from initial template

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update terraform cloudposse/stack-config/yaml to v1.8.0 @[renovate[bot]](https://github.com/apps/...

@supersidor

fix: 'Missing required argument' when using image_uri @supersidor (#16)

## what

While applying Lambda component from image_uri next error reported: "s3_key": all of s3_bucket,s3_key must be specified
The reason for this problem is that locals.s3_key is always not null, which conflicts with not null image_url
(see cloudposse/lambda-function/aws).
The solution is to add a additional check when generating locals.s3_key

how to reproduce

components:
  terraform:
    lambda2-test/lambda:
      metadata:
        component: lambda
      vars:
        name: my-service-lambda-test
        service_name: lambda2-test
        package_type: Image
        timeout: 15
        image_uri: "778631511111.dkr.ecr.us-east-1.amazonaws.com/hello:latest"
        image_config:
          command:
            - "test.handler.handler"

why

Lambda component should work with image_url variable

references

Summary by CodeRabbit

Chores
- Updated internal asset handling to better manage image inputs, ensuring more streamlined processing in the background.

Update teams access @goruha (#14)

## what * Update teams access

Summary by CodeRabbit

Chores
- Minor whitespace update in configuration file

Migrate component from cloudposse/terraform-aws-components

Uh oh!

Releases: cloudposse-terraform-components/aws-lambda

v1.538.1

Changes

Testing

Notes

Summary by CodeRabbit

🤖 Automatic Updates

Release Notes

What's Changed

Enhancements

Chores

New Contributors

Contributors

Uh oh!

v1.538.0

Why

Summary by CodeRabbit

Contributors

Uh oh!

v1.537.2

🚀 Enhancements

why

Summary by CodeRabbit

🤖 Automatic Updates

why

Release Notes

What's Changed

Breaking Changes

Enhancements

Bug Fixes

Chores

Contributors

Uh oh!

v1.537.1

🚀 Enhancements

why

references

Summary by CodeRabbit

🤖 Automatic Updates

Release Notes

What's Changed

Breaking Changes

Enhancements

Chores

New Contributors

Configuration

why

Release Notes

What's Changed

Breaking Changes

Enhancements

Chores

Contributors

Uh oh!

v1.537.0

Changes to iam_policy structure:

Summary by CodeRabbit

Contributors

Uh oh!

v1.536.3

Lambda Deployment Enhancements:

IAM Policy Improvements:

Summary by CodeRabbit

🤖 Automatic Updates

Release Notes

What's Changed

Breaking Changes

Enhancements

Chores

Contributors

Uh oh!

v1.536.2

🤖 Automatic Updates

why

why

why

Release Notes

What's Changed

Enhancements

Changes to `iam_policy` structure: