Skip to content

chore(deps): update terraform cloudposse/vpc/aws to v2.3.0 #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update terraform cloudposse/vpc/aws to v2.3.0 #139

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 13, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
cloudposse/vpc/aws (source) module minor 2.1.1 -> 2.3.0

Release Notes

cloudposse/terraform-aws-vpc (cloudposse/vpc/aws)

v2.3.0

Compare Source

Fixes "Error: no association of default Security Group (sg-XXX) with VPC Endpoint (vpce-YYY)" @​j4zzcat (#​158) This PR updates the `vpc-endpoints` module to prevent recurring no association of default Security Group (...) with VPC Endpoint (...) errors when managing Interface VPC Endpoints. See also https://github.com/cloudposse-terraform-components/aws-vpc/issues/49.

The issue occurred because AWS automatically attaches the default VPC security group to an Interface endpoint when no SGs are specified at creation. The module previously relied on replace_default_association to swap it out for the desired SG. This worked only on the first run - subsequent runs failed because the default SG was no longer attached.

Changes

  1. Attach first SG at creation time
    • Added security_group_ids to aws_vpc_endpoint.interface_endpoint with the first SG from var.interface_vpc_endpoints.
    • Prevents AWS from attaching the default SG and removes the need for replace_default_association.
  2. Limit SG associations to index > 0
    • Updated security_group_associations_list and security_group_associations_map locals to only include SGs beyond the first one.
    • Ensures Terraform doesn’t try to re-attach the already-attached first SG.
  3. Remove replace_default_association
    • Association resources now only attach additional SGs.
    • Eliminates fragile “replace default” logic that failed on repeated applies.

Benefits

  • Idempotent applies — no more failing after the first run.
  • Simpler logic — no special-case handling for the default SG.
  • Clean AWS state — the default SG is never attached in the first place.

Testing

  • Applied changes in a test environment with multiple endpoints and SGs.
  • Verified that:
    • First SG is attached at endpoint creation.
    • Additional SGs are attached via association resources.
    • No errors occur on repeated terraform apply runs.

v2.2.0

Compare Source

🚀 Enhancements
feat(internet-gateways): add better tagging for naming visibility @​oycyc (#​157)
what
  1. Add additional label for set the attribute which sets the final "Name" tag for IGW and EIGW.
  • @​gberenice made a good comment below. This does not replace the resource. Only updates in place by updating the tags. See screenshot in comments. No actual AWS physical infra updated. Only tag/naming.
  1. This also fixes TF test errors - VPC endpoint security sroup association "OperationInProgress" errors
  • Problem: VPC endpoint tests were failing with "api error OperationInProgress: VpcEndpoint modify operation in progress" because multiple security group associations were attempting to modify the same VPC endpoint simultaneously.
  • Root Cause: The module was using separate aws_vpc_endpoint_security_group_association resources with for_each, causing concurrent API calls that AWS doesn't allow.
  • Solution: Replaced separate security group association resources with the built-in security_group_ids parameter on aws_vpc_endpoint. This approach eliminates concurrent modification conflicts and follows AWS Provider best practices.
why
  1. Screenshot redacted. For IGW and EIGW, there's no name attribute. So on the AWS console UI, the name is determined by the "Name" tag. Without "igw", when looking at the resource map of the VPC, it looks very off when the subnets -> route tables -> network connection is all the same name.

I should easily be able to tell what network connection it is, igw, eigw, or NAT (which does have this): https://github.com/cloudposse/terraform-aws-dynamic-subnets/blob/main/nat-gateway.tf#L1

image image
  1. Tests were failing. Screenshot 2025-07-31 at 15 40 43
🤖 Automatic Updates
Fix go version in tests @​osterman (#​155)
what
  • Update go 1.24
why
  • Error loading shared library libresolv.so.2 in Go 1.20
References
Replace Makefile with atmos.yaml @​osterman (#​154)
what
  • Remove Makefile
  • Add atmos.yaml
why
  • Replace build-harness with atmos for readme genration
References
  • DEV-3229 Migrate from build-harness to atmos
Migrate new test account @​osterman (#​150)
what
  • Update .github/settings.yml
  • Update .github/chatops.yml files
why
  • Re-apply .github/settings.yml from org level to get terratest environment
  • Migrate to new test account
References
  • DEV-388 Automate clean up of test account in new organization
  • DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
  • DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @​osterman (#​149)
what
  • Update .github/settings.yml
  • Drop .github/auto-release.yml files
why
  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings
references
  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @​osterman (#​148)
what
  • Update .github/settings.yml
  • Drop .github/auto-release.yml files
why
  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings
references
  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write @​osterman (#​147)
what
  • Update workflow (.github/workflows/release.yaml) to have permission to comment on PR
why
  • So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo @​osterman (#​146)
what
  • Update workflows (.github/workflows) to use shared workflows from .github repo
why
  • Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action @​osterman (#​145)
what
  • Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action
why
  • The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @​osterman (#​144)
what
  • Update workflows (.github/workflows/settings.yaml)
why
  • Support new readme generation workflow.
  • Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo @​osterman (#​141)
what
  • Install latest GitHub Action Workflows
why
  • Use shared workflows from cldouposse/.github repository
  • Simplify management of workflows from centralized hub of configuration
Bump golang.org/x/crypto from 0.0.0-20220926161630-eccd6366d1be to 0.17.0 in /test/src @​[dependabot[bot]](https://redirect.github.com/apps/dependabot) (#​132) Bumps [golang.org/x/crypto](https://redirect.github.com/golang/crypto) from 0.0.0-20220926161630-eccd6366d1be to 0.17.0.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Add GitHub Settings @​osterman (#​137)
what
  • Install a repository config (.github/settings.yaml)
why
  • Programmatically manage GitHub repo settings
Add GitHub Settings @​osterman (#​136)
what
  • Install a .github/settings.yaml
why
  • Programmatically manage GitHub repo settings
Add GitHub Settings @​osterman (#​130)
what
  • Install a .github/settings.yaml
why
  • Programmatically manage GitHub repo settings
Update Scaffolding @​osterman (#​129)
what
  • Reran make readme to rebuild README.md from README.yaml
  • Migrate to square badges
  • Add scaffolding for repo settings and Mergify
why
  • Upstream template changed in the .github repo
  • Work better with repository rulesets
  • Modernize look & feel
Update README.md and docs @​cloudpossebot (#​128)
what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @​osterman (#​127)
what
  • Reran make readme to rebuild README.md from README.yaml
  • Migrate to square badges
  • Add scaffolding for repo settings and Mergify
why
  • Upstream template changed in the .github repo
  • Work better with repository rulesets
  • Modernize look & feel
Update README.md and docs @​cloudpossebot (#​126)
what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the auto-update This PR was automatically generated label Sep 13, 2025
@renovate renovate bot requested review from a team as code owners September 13, 2025 09:14
@renovate renovate bot requested review from gberenice and jamengual September 13, 2025 09:14
@mergify
Copy link

mergify bot commented Sep 13, 2025

/terratest

@renovate renovate bot force-pushed the renovate/cloudposse-vpc-aws-2.x branch from 185521f to d61939c Compare September 14, 2025 10:09
@renovate renovate bot force-pushed the renovate/cloudposse-vpc-aws-2.x branch from d61939c to b87f449 Compare October 1, 2025 04:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamengual jamengual Awaiting requested review from jamengual jamengual is a code owner automatically assigned from cloudposse/contributors

@gberenice gberenice Awaiting requested review from gberenice gberenice is a code owner automatically assigned from cloudposse/contributors

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

auto-update This PR was automatically generated

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant