Skip to content

Clarification on the 2.2.0 tag/release issue #164

New issue
New issue
Open
Open
Clarification on the 2.2.0 tag/release issue#164
Labels
documentationImprovements or additions to documentationmigrationThis PR involves a migration
@goruha

Description

@goruha
goruha
opened on Sep 4, 2025

We sincerely apologize for the issues caused by the removal of the 2.2.0 tag. This is the first time, in more than seven years, that we have developed and maintained the open-source Terraform module library, and we have a situation where tag removal was the solution.

Problem Description

We recently received report #160 of unexpected behavior when using version 2.2.0 of this module.

Users encountered unexpected changes (including resource destruction) with the vpc-endpoints submodule's Terraform plan output when referencing version 2.2.0.

The root cause was that:

  • The tag 2.2.0 (without a v) existed since last year.
  • A new tag v2.2.0 (with a v) was created 3 weeks ago, pointing to a different commit.
  • Terraform’s registry tag resolution logic can interpret both forms, and in this case, it preferred the newer v2.2.0 tag.
  • This caused Terraform to install a different commit than intended, leading to drift and changes.

As noted in #161, the maintainers removed duplicate version tags to enforce consistency. For tag 2.2.0, the workaround is to switch to the 2.2.0-alpha1
tag, which references the same commit as the original 2.2.0.

After the recent report, we audited all our Terraform components and modules:
185 Terraform modules and 170 Terraform components were reviewed
We found 4 cases of semantically duplicated tags (tags pointing to different commits)
All of them were more than a year old, except cloudposse/terraform-aws-vpc@2.2.0
To reconcile the discrepancies between Git tags and how the Terraform Registry interprets them, we removed older, duplicate tags.

We accept the criticism that the solution was not the best for this particular case, but we want to stop making any changes with tags/release to avoid new disruptions for other users.

Impact on this module

For this repo, that meant removing the 2.2.0 tag.
To avoid leaving users stranded, we created 2.2.0-alpha1, which points to the same commit.

If your code currently references 2.2.0, you’ll need to update it like this:

# Before
module "vpc_endpoints" {
  source  = "cloudposse/vpc/aws//modules/vpc-endpoints"
  version = "2.2.0"
}

# After
module "vpc_endpoints" {
  source = "git::https://github.com/cloudposse/terraform-aws-vpc.git//modules/vpc-endpoints?ref=2.2.0-alpha1"
}

Background & Standardization

We are limited in human resources for developing and maintaining such a big library.
Standardization and automation are the key stones to succeed in the mission.

About a year ago, we standardized our release and versioning process across all Cloud Posse repos.
Since then:

  • All versions are prefixed with v
  • Releases are created automatically by GitHub Actions
  • Tags and releases are immutable — no developer or maintainer can create, update, or delete them manually

This gives us confidence that the same problems won’t occur going forward.

Moving forward

We understand this requires extra effort on your side, and we’re grateful for your understanding.

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationmigrationThis PR involves a migration

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions