v0.27.0

New Authentication

support AssumeRoleWithWebIdentity arn swap by @jessesanford

New CRDs!

In v0.27.0, there are 26 new CRDs! See https://doc.crds.dev/github.com/crossplane/[email protected] for the full list.

• AccessPoint in efs @EdgeJ
• Environment in mwaa @MisterMX
• Permission in lambda @MisterMX
• Cluster in dax @DanielTemesgen
• ParameterGroup in dax @DanielTemesgen
• SubnetGroup in dax @DanielTemesgen
• +20 Resources in apigateway @tiagoposse

What's Changed

• Add Certificate refs for https listeners by @EdgeJ in #1211
• Handle NoSuchHostedZone errors on ResourceRecordSet delete by @bobh66 in #1255
• Add Api Gateway RestAPI and Resource resources by @tiagoposse in #1230
• Add AccessPoint resource for EFS by @EdgeJ in #1201
• fix(efs): generate latest master stuff for efs access point by @haarchri in #1263
• feat(routeTable): ignoreRoutes to use route resource by @haarchri in #1084
• Add additional fields to the atProvider status for eks Cluster and eks NodeGroup by @cdenneen in #1204
• feat(assumeWebIdentityRole): support AssumeRoleWithWebIdentity arn swap by @jessesanford in #1258
• feat(rdsinstance): Support for point in time restore by @petteja in #1214
• Store CallerReference value for import scenarios by @ezgidemirel in #1261
• feat(mwaa): Add environment controller by @MisterMX in #1249
• feat(lambda): Add support for lambda permissions by @MisterMX in #1254
• fix(permission): Fix dealing with Pricipal being just a string by @schroeder-paul in #1275
• DBInstance: Late Initialize all fields that cannot be set when connecting to a DBCluster by @iAnomaly in #1285
• ec2.SecurityGroup: Observe existing SecurityGroup by @ONordander in #1283
• fix(routetable): fix panic on sorting both v4 and v6 routes by @jessesuen in #1279
• Replication group fixes: multiAz and Tag update support by @stevendborrelli in #1277
• feat(dax): Add support for Dax by @DanielTemesgen in #1256
• feat(rds): Add family selector to DBClusterParameterGroup by @MisterMX in #1274
• bugfix(panic): fix panic route resource in CIDRBlocksEqual by @haarchri in #1292
• feat (CloudFront): Add support to update Elasticache ReplicationGroup number of cache clusters by @stevendborrelli in #1294
• fix(Cloudfront): LateInit missing fields by @ezgidemirel in #1298

New Contributors

• @bobh66 made their first contribution in #1255
• @tiagoposse made their first contribution in #1230
• @cdenneen made their first contribution in #1204
• @jessesanford made their first contribution in #1258
• @petteja made their first contribution in #1214
• @schroeder-paul made their first contribution in #1275
• @ONordander made their first contribution in #1283
• @jessesuen made their first contribution in #1279
• @DanielTemesgen made their first contribution in #1256

Full Changelog: v0.26.1...v0.27.0

v0.26.1

v0.26.1 is a bug fix release that addresses #1260.

What's Changed

• [Backport release-0.26] Store CallerReference value for import scenarios by @github-actions in #1268

Full Changelog: v0.26.0...v0.26.1

v0.26.0

Notable Changes

v0.26.0 includes support for external secret stores. Follow this guide to set it up.

What's Changed

• fix rds connection secret move to observe and fix issue in dbinstance by @haarchri in #1197
• Update to the latest crossplane-runtime by @muvaf in #1187
• fix(rebase): adopted latest runtime to services late v0.25 release by @haarchri in #1208
• Add Ref/Selector referencer fields to DBInstance.DBClusterIdentifier by @iAnomaly in #1220
• add default Crossplane tags to iam.Policy by @cebernardi in #1207
• Add Cloudfront Response Headers Policy resource by @ezgidemirel in #1218
• Update CI to work with Crossplane v1.7.0 by @hasheddan in #1239
• Add support for IAM AssumeRole tags by @stevendborrelli in #1240
• Add External Secret Stores support as an alpha feature by @turkenh in #1242
• Set Crossplane user agent on AWS clients by @clareliguori in #1243
• linter: make sure it uses the version given in GH action file by @muvaf in #1250

New Contributors

• @iAnomaly made their first contribution in #1220
• @clareliguori made their first contribution in #1243

Full Changelog: v0.25.0...v0.26.0

v0.25.0

Breaking Changes

• #1186 removes quantity fields from the CRD in cloudfront. No user action is needed, it will be dropped automatically and calculated by the provider.
• #1122 removes zookeeperConnectString and zookeeperConnectStringTLS fields from the CRD in kafka since they were not used as input to any call. No user action is needed.
• #1122 adds required marker to the following fields autoMinorVersionUpgrade,deploymentMode, engineType, engineVersion, hostInstanceType publiclyAccessible, in CRD mq.broker. They were already required by AWS, so no user action is required if these values existed already.

New CRDs!

In v0.25.0, there are 9 new CRDs! See https://doc.crds.dev/github.com/crossplane/[email protected] for the full list.

• groups in cognitoidentityprovider @Benedikt1992
• identityproviders in cognitoidentityprovider @Benedikt1992
• userpoolclients in cognitoidentityprovider @Benedikt1992
• userpooldomains in cognitoidentityprovider @Benedikt1992
• userpools in cognitoidentityprovider @Benedikt1992
• domains in cloudsearch @mhoff
• workspaces in prometheusservice @haarchri
• instanceprofiles in iam @ytsarev
• dbinstanceroleassociations in rds @chlunde

AWS-GO-SDK-V1 bump 1.37.10 to 1.42.0

• feat(ack): bump ack & aws-go-sdk-v1 1.37.10 to 1.42.0 by @haarchri in #1122

What's Changed

• Update format of authentication guide by @micnncim in #1131
• s3: Empty routing rules refused by AWS by @chlunde in #1156
• Added default tags to CertificateAuthority by @cebernardi in #1113
• fix(s3): Extract QueueARN instead of external name by @MisterMX in #1161
• feat(resolvers): resolvers in sqs queue for KMSMasterKeyIDRef/Selector by @haarchri in #1163
• feat(ack): bump ack & aws-go-sdk-v1 1.42.0 by @haarchri in #1122
• Fix code generation doc discrepancies with the current state by @ytsarev in #1178
• Add tags management to OpenIDConnectProvider (iam) by @cebernardi in #1059
• feat(ec2-tags): tags vpc/subnet default,add,delete by @haarchri in #1170
• fix(vpcendpointserviceconfiguration): fix missing field in status by @liubog2008 in #1180
• Improve Cloudfront Configuration by @ezgidemirel in #1186
• Expose eks cluster certificate authority data in status by @hanlins in #966
• feat(amp): added prometheusservice amp workspace by @haarchri in #1054
• feat(ec2): add kmsKeyID Ref & Selector in ec2-instance ebs dbm by @haarchri in #1157
• feat(InstanceProfile): Add IAM InstanceProfile Managed Resource by @ytsarev in #1159
• fix(InstanceProfile): follow up fix of #1159 by @ytsarev in #1194
• Add support for CloudSearch by @mhoff in #1016
• feat(s3): bucketKeyEnabled implemented by @haarchri in #1158
• Make eventThreshold an optional field for s3 bucket replication by @AlexLast in #1129
• rds: Add DBInstanceRoleAssociation by @chlunde in #1141
• feat(cognito-idp): Code Generation for Cognito IdentityProvider by @Benedikt1992 in #1125
• rds.rdsinstance: Compare bool correctly via LateInitialize by @chlunde in #971
• rds.DBInstance - fix "up to date" when using ApplyImmediately by @chlunde in #1196

New Contributors

• @micnncim made their first contribution in #1131
• @ytsarev made their first contribution in #1178
• @liubog2008 made their first contribution in #1180
• @mhoff made their first contribution in #1016
• @AlexLast made their first contribution in #1129
• @Benedikt1992 made their first contribution in #1125

Full Changelog: v0.24.1...v0.25.0

v0.24.1

New CRDs!

In v0.24.1, there are 3 new CRDs! See https://doc.crds.dev/github.com/crossplane/[email protected] for the full list.

• ResolverRuleAssociation in route53resolver
• CacheParameterGroup in elasticache
• DBCluster in neptune

Deprecated Versions

Several resources are bumped to v1beta1 in this release but none of those bumps were breaking changes. The following is the list of CRDs that will be converted to v1beta1 automatically by Kubernetes API server.

• VPCLink in apigatewayv2
• Secret in secretsmanager
• Function in lambda

The only action you need to take is to update your YAML files and base templates in your Composition objects before v1alpha1 is removed from the supported versions, which will be done in v0.27.0.

In addition, the whole notification group is now duplicated as sns group with new kind names. The deprecated CRDs of notification will be kept in the provider and their controllers will continue to run but it's highly advised to move to the new sns group as soon as possible. They will be removed from the provider in v0.27.0. See this guide (section titled as Upgrade from v0.32.x to v0.33.x since that's where it's necessary to migrate) for more details about how to migrate. Keep in mind that you can opt not to migrate now and still have all SNS resources reconciled.

• SNSTopic of notification -> Topic of sns
• SNSSubscription of notification -> Subscription of sns

What's Changed

• Add support for external ID when assume role by @hanlins in #1013
• fix(eks-addon): Replace ListTagsForResource with DescribeAddon to save one API call by @MisterMX in #1068
• Restore RDS instance from a MySQL backup by @danports in #770
• fix(ec2-instance): make some blockDevicMapping fields in CRD optional by @mariobris in #1091
• read endpoint info from dbinstance status rather than aws out values by @clive-jevons in #1092
• feat(ack-bump): bump ack-version by @haarchri in #1027
• feat(database): resolvers by @haarchri in #1086
• doc(assumeRoleARN): #1065 added documentation for assumeRoleARN by @haarchri in #1082
• Update Go version from 1.16 to 1.17 by @ulucinar in #1103
• Move versioned generator configs to API group folders by @ulucinar in #1096
• Add support for keeping previous generated versions by @ulucinar in #1105
• fix(secretsmanager): Ignore isUpToDate if resource was deleted by @MisterMX in #1095
• feat(route53resolver): added ResolverRuleAssociation by @haarchri in #968
• fix(ec2-instance): changed SpotMarketOptions for Spot Instances by @haarchri in #1083
• fix(transfer/user): fix WithInitializers and removed postCreate by @haarchri in #1106
• Add eks to generated services by @MisterMX in #1110
• Add docdb to generated services by @MisterMX in #1111
• fix(generated-services) added route53resolver to makefile by @haarchri in #1003
• chore: dynamically generate GENERATED_SERVICES var by @dwerder in #1008
• fix(Makefile) adjust command 'find' to be zshell compatible by @dwerder in #1120
• fix(lables): eks-nodegroup - both or either addOrUpdateLabels or removeLabels must not be empty by @haarchri in #1119
• Restore RDS instances from database snapshots by @danports in #1087
• elasticache.cacheparametergroup: Add resource by @chlunde in #834
• rds.rdsinstance: Add storage autoscaling (MaxAllocatedStorage) by @chlunde in #794
• Secretsmanager: Implement LateInitialize of a K8s secret when AWS secret already exists by @MisterMX in #669
• Add Neptune DBCluster Resource by @ezgidemirel in #1099
• secretsmanager.secret: make late init work only if the input secret does not exist by @muvaf in #1127
• fix(ec2): vpcpeeringconnection fixed fields for resolvers, change tagger by @haarchri in #1035
• elasticache: Scale replicationgroup shards by @chlunde in #860
• fix(resolvers-transfer): panic in provider for missing check for nil by @haarchri in #1134
• Bump SNS Topic and Subscription versions to v1beta1 by @ezgidemirel in #1123
• Bump VPCLink, Secret and Function to v1beta1 by @muvaf in #1107
• apis: register missing api groups by @muvaf in #1145

New Contributors

• @hanlins made their first contribution in #1013
• @danports made their first contribution in #770
• @mariobris made their first contribution in #1091
• @clive-jevons made their first contribution in #1092
• @dwerder made their first contribution in #1008
• @ezgidemirel made their first contribution in #1099

Full Changelog: v0.23.0...v0.24.1

v0.23.0

New CRDs!

In v0.23.0, there are a couple of new CRDs that are ready to use:
https://doc.crds.dev/github.com/crossplane/[email protected]

• ec2.VPCEndpoint by @darryl-sw
• ec2.VPCEndpointServiceConfiguration by @haarchri
• ec2.TransitGatewayRouteTable by @haarchri
• ec2.TransitGatewayRoute by @haarchri
• ec2.Route by @Dkaykay and @haarchri
• ec2.LaunchTemplateVersion by @tanujd11
• ec2.LaunchTemplate by @tanujd11
• elbv2.TargetGroup by @EdgeJ
• elbv2.LoadBalancer by @EdgeJ
• elbv2.Listener by @EdgeJ
• athena.WorkGroup by @haarchri
• ram.ResourceShare by @haarchri
• kinesis.Stream by @haarchri
• kafka.Configuration by @haarchri
• iot.Thing by @sergenyalcin
• iot.Policy by @sergenyalcin

What's Changed

• Update documentation links to crossplane.io by @stevendborrelli in #1005
• Add IOT/Thing & IOT/Policy managed resource by @sergenyalcin in #940
• Add instructions to use kube2iam authentication by @yogeek in #1015
• EC2 Route by @Dkaykay in #859
• Implement athena workgroup by @haarchri in #694
• Implements Resource Access Manager (RAM) by @haarchri in #838
• Remove inaccurate deprecation warning from v1beta1 type by @hasheddan in #1031
• Role - add iamrole shortname by @smcavallo in #1024
• Add default tags to iam.Role by @cebernardi in #1000
• Implements kafka configurations & kafka server refs,selectors by @haarchri in #762
• Add Ipv6CIDRBlock support in VPC by @vaspahomov in #881
• Implement VPC Endpoint for AWS Provider by @darryl-sw in #817
• Implement Loadbalancer, Listener, and TargetGroup from elasticloadbalancingv2 by @EdgeJ in #865
• fix(docs): fix docs to current aws-go-sdk 1.37.10 for code-gen by @haarchri in #1028
• Launch Template and Launch Template Version resources added by @tanujd11 in #1041
• feat(transitgatewayroutes): added TransitGateway Routes/RouteTable by @haarchri in #1032
• fix(e2e-test) changed pkg.crossplane.io to v1 by @haarchri in #1052
• feat(glue): followup cleanup cr.name to external.name by @haarchri in #1019
• fix(name): fix transfer/user &cr.name and use annotation by @haarchri in #1053
• fix(init): #1049 fix problem that kms-key ref picks wrong metadata.name by @haarchri in #1050
• feat(vpcendpointserviceconfiguration) added new ressource by @haarchri in #1009
• cleanup glue securityconfig &cr.name to annotation by @haarchri in #1055
• add support for all s3 canned-acls by @rpoluri in #891
• Implements Kinesis Stream by @haarchri in #857
• fix(tagger): tagger fixed for tgw/tgwvpcattachment by @haarchri in #1029
• added s3 resolvers for queueArn, replicaKmsKeyId, kmsMasterKeyId, crossplane:generate:reference by @haarchri in #1022

New Contributors

• @yogeek made their first contribution in #1015
• @cebernardi made their first contribution in #1000
• @darryl-sw made their first contribution in #817
• @EdgeJ made their first contribution in #865
• @tanujd11 made their first contribution in #1041
• @rpoluri made their first contribution in #891

Full Changelog: v0.22.0...v0.23.0

v0.22.0

Breaking Changes

IAM Resources

All IAM resources used to reside in identity group and they had prefixed names like IAMRole. In this release, all of them moved to a new group called iam and renamed to drop the prefix, i.e. IAMRole -> Role. In addition, all of them are now v1beta1 resources.

This change won't affect your existing resources immediately but no controllers will be watching the old custom resources. Please follow this migration guide to migrate to the new APIs: https://github.com/crossplane/provider-aws/blob/master/cluster/UPGRADE.md#upgrade-from-v021x-to-v022x

Affected resources:

• identity.IAMRole
• identity.IAMUser
• identity.IAMPolicy
• identity.IAMAccessKey
• identity.IAMGroup
• identity.IAMUserPolicyAttachment
• identity.IAMGroupPolicyAttachment
• identity.IAMRolePolicyAttachment
• identity.IAMGroupUserMembership
• identity.OpenIDConnectProvider

Several Resources to v1beta1

These resources have been upgraded to v1beta1 version but the conversion will happen automatically. The only schema change is that we have removed spec.forProvider.renewCertificate field of Certificate since it wasn't working properly and is hard to get right in a declarative manner that we can support in v1beta1.

It's strongly suggested to use /v1beta1 version suffix for apiVersion field of your YAML files, including base templates in your Compositions, as soon as possible.

The full list:

• acm.Certificate
• acmpca.CertificateAuthority
• acmpca.CertificateAuthorityPermission
• ec2.VPCCIDRBlock
• ecr.Repository
• ecr.RepositoryPolicy
• eks.FargateProfile
• iam.User
• iam.Policy
• iam.AccessKey
• iam.Group
• iam.UserPolicyAttachment
• iam.GroupPolicyAttachment
• iam.GroupUserMembership
• iam.OpenIDConnectProvider

New CRDs!

In v0.22.0, there are a couple of new CRDs that are ready to use:

• ec2.TransitGateway by @haarchri
• ec2.TransitGatewayAttachment by @haarchri
• ec2.Volume by @haarchri
• cloudfront.CloudFrontOriginAccessIdentity by @stevendborrelli

New Authentication Method

Now you can specify a IAM Role ARN in ProviderConfig that the AWS client can assume by using the provided credentials and act on behalf of that given IAMRole! See https://doc.crds.dev/github.com/crossplane/provider-aws/aws.crossplane.io/ProviderConfig/[email protected]#spec-assumeRoleARN

What's Changed

• Key alias fix by @muvaf in #950
• github: add release issue by @muvaf in #949
• iam.rolepolicyattachment: clean up old code that duplicates functionality from runtime by @muvaf in #954
• Implements private nat-gateway by @haarchri in #884
• Manually late-init CloudFront Distributions by @negz in #952
• fix s3 nil paymentConfiguration preventing bucket from being ready by @smcavallo in #916
• fix s3 notificationConfiguration by @smcavallo in #917
• S3 test nitpicks by @negz in #963
• support for s3 replicationConfiguration with delete marker enabled (and fixes) by @smcavallo in #911
• ec2.securitygroup: fix add, implement revoke/update ingress and egress rules by @chlunde in #631
• Accomodate DynamoDB API's implied defaults by @negz in #973
• feat(route53resolver): added postObserve status by @haarchri in #967
• Added tags for iam policy by @ra-grover in #931
• observe iampolicy which already exists by @smcavallo in #930
• identity.iampolicy: Disable gocyclo after two merges broke CI by @chlunde in #978
• rdsinstance: Use ResourceLateInitialized from crossplane-runtime by @chlunde in #833
• fix(nat): make tagSpecification optional to fits nat-gateway without tags by @haarchri in #899
• feat(bottlerocket): added informations for eks-bottlerocket-nodegroup by @haarchri in #898
• Actually cache the go build cache between CI runs by @hasheddan in #986
• feat(rds): #984 added ref and selector for *parameterGroup by @haarchri in #987
• Servicediscovery delete fix by @stevendborrelli in #988
• add basic install command by @nicgrayson in #983
• fix(fmt): #988 fix gofmt-servicediscovery by @haarchri in #990
• Fixing constantly update requests problem of replicationgroup by @sergenyalcin in #981
• Ignore fields in glue.Crawler and lambda.Function that block code-generator bump by @muvaf in #992
• upgrade to aws-sdk-go-v2 - 2021-11-06 by @smcavallo in #921
• Bump ec2.vpccidrblock, ecr.repository, ecr.repositorypolicy and eks.fargateprofile to v1beta1 by @muvaf in #994
• Upgrading to latest code-generator commit by @AaronME in #920
• fix(cleanup): rerun generator after #920 merge by @haarchri in #998
• feat(rds): added rds-apply-immediately field by @haarchri in #888
• Bump Certificate, CertificateAuthority and CertificateAuthorityPermission to v1beta1 by @muvaf in #995
• Move all IAM resources to iam group and bump all of them to v1beta1 by @muvaf in #996
• assumeRoleARN for ProviderConfig by @haarchri in #912
• Implement Cloudfront Origin Access Identity by @stevendborrelli in #929
• Implements EC2 Volume by @haarchri in #771
• feat(tgw): added ec2 tgw & tgw-vpc-attachment by @haarchri in #831

New Contributors

• @ra-grover made their first contribution in #931
• @nicgrayson made their first contribution in #983
• @sergenyalcin made their first contribution in #981

Full Changelog: v0.21.2...v0.22.0

v0.21.2

What's Changed

• [Backport release-0.21] ec2.securitygroup: fix add, implement revoke/update ingress and egress rules by @github-actions in #969
• [Backport release-0.21] Accomodate DynamoDB API's implied defaults by @github-actions in #974

Full Changelog: v0.21.1...v0.21.2

v0.21.1

What's Changed

• [Backport release-0.21] Manually late-init CloudFront Distributions by @github-actions in #958
• [Backport release-0.21] fix s3 notificationConfiguration by @github-actions in #962
• [Backport release-0.21] fix s3 nil paymentConfiguration preventing bucket from being ready by @github-actions in #961
• [Backport release-0.21] S3 test nitpicks by @github-actions in #964
• [Backport release-0.21] support for s3 replicationConfiguration with delete marker enabled (and fixes) by @github-actions in #965

Full Changelog: v0.21.0...v0.21.1

v0.21.0

Notable Updates

Along with bug fixes and improvements, we have quite a few new APIs in this release as well, making provider-aws to have 99 CRDs. Take a look at all the supported resources here!

What's Changed

• fix(eks-kubeconfig): eks-presignGetCallerIdentity by @haarchri in #901
• Add haarchri as a maintainer by @negz in #904
• Add support for associating an OIDC provider with an EKS cluster by @goober in #883
• Add EKS Addon resource by @MisterMX in #872
• Add unit tests for providerConfig endpointConfig feature and update SigningRegion based on PartitionID by @smcavallo in #897
• Fix CloudFront Distribution OriginSSL support by @stevendborrelli in #922
• fix(dynamodb-table): dynamodb-table sync & reconcile by @haarchri in #839
• Implement Amazon MQ service by @praveenghuge in #734
• Tweak DynamoDb table update logic and connection secret keys by @negz in #924
• fix multi-region with injected identity - after v2 migration v0.20.0 by @haarchri in #913
• dynamodb.table: implement update for global secondary indexes by @muvaf in #937
• secretsmanager: Add resource policy support by @MisterMX in #907
• readme: add release policy by @muvaf in #936
• feat(cw): added cloudwatch loggroup by @haarchri in #939
• Make ec2 Instance IAMInstanceProfileSpecification fields optional by @vaspahomov in #882
• Implements kms(cmk) alias by @haarchri in #779
• s3: resolve bucket ARN in replication config references by @chlunde in #763
• [Backport release-0.21] Key alias fix by @github-actions in #951

Full Changelog: v0.20.3...v0.21.0