v2.3.1

AWS provider 6 support (aws_eip) @mmh (#79)

## what This PR makes it possible to use the module with the latest version of the AWS provider (version 6)

why

aws_eip no longer supports a vpc argument. It needs to be changed to domain

Causes this error when running terraform

│ Error: Unsupported argument
│ 
│   on .terraform/modules/sftp/main.tf line 105, in resource "aws_eip" "sftp":
│  105:   vpc = local.is_vpc
│ 
│ An argument named "vpc" is not expected here.

references

closes #78

🤖 Automatic Updates

Fix go version in tests @osterman (#76)

## what - Update go `1.24`

why

• Error loading shared library libresolv.so.2 in Go 1.20

References

• https://sweetops.slack.com/archives/G014YEKDH4K/p1746672149263629
• golang/go#59305 (comment)
• cloudposse/terraform-aws-cloudfront-s3-cdn#294

Replace Makefile with atmos.yaml @osterman (#75)

## what - Remove `Makefile` - Add `atmos.yaml`

why

• Replace build-harness with atmos for readme genration

References

• DEV-3229 Migrate from build-harness to atmos

v2.3.0

feat: update deprecated managed_policy_arns in place for aws_iam_role_policy_attachment @AyhanSetirekli (#73)

## what

• Update to remove the now deprecated managed_policy_arns (from the aws_iam_policy resource) and use the aws_iam_role_policy_attachment resource instead.

why

• The managed_policy_arns attribute was deprecated as part of the Terraform AWS Provider v5.72.0 Release (15th Oct 2024).
• When this code is currently used, Terraform throws the following warning:

│ Warning: Argument is deprecated
│ 
│   with module.transfer_sftp[0].aws_iam_role.s3_access_for_sftp_users["ayhan"],
│   on .terraform/modules/transfer_sftp/main.tf line 226, in resource "aws_iam_role" "s3_access_for_sftp_users":
│  226:   managed_policy_arns = [aws_iam_policy.s3_access_for_sftp_users[each.value.user_name].arn]
│ 
│ managed_policy_arns is deprecated. Use the aws_iam_role_policy_attachment resource instead. If Terraform should exclusively manage all managed policy attachments (the current behavior of this argument), use the aws_iam_role_policy_attachments_exclusive resource as well.
│ 
│ (and one more similar warning elsewhere)

references

• Deprecated in release: https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md#5720-october-15-2024

v2.2.0

Add additional outputs for the transfer service @adamcrews (#72)

## what

This adds additional outputs to expose the arn and host_key_fingerprint.

why

I need these outputs for my workflows.

references

This was previously opened under #40, but the bot killed that PR. This version has been rebased and should be ready to go.
This also has 2 minor nit-pick fixes:

• Use the one function instead of a join("", ...) to make the output match all other outputs in this module.
• reorders the value/description attributes in one resource to make the order match the others.

v2.1.0

Add output for endpoint_details @rutgoff (#54)

## what Added an output to be able to access the endpoint_details

why

In my use case I am managing my DNS elsewhere in my Terraform code and need to be able to access the VPC endpoint created for the transfer server so I can subsequently create DNS entries. This new output allows me to dynamically know the id of the VPC endpoint and thus lookup it's DNS names for use in creating CNAME's in my own DNS domain.

v2.0.0

feat: allow to set custom bucket permissions for user @xadereq (#69)

## what

• Allow to set custom bucket permissions for user (to be able to create readonly SFTP users)

why

• Lack of customization of user policy

Sync github @max-lobur (#34)

Rebuild github dir from the template

🚀 Enhancements

fix: Readme @milldr (#71)

## what - Rebuild the README with `make readme`

why

• The old README format is causing the CI checks to fail on main

references

• https://github.com/cloudposse/terraform-aws-transfer-sftp/actions/runs/13045757938/job/36395951180

🤖 Automatic Updates

Migrate new test account @osterman (#68)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#67)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#64)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#61)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#59)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#58)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#57)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#51)

## what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#46)

## what - Install a repository config (`.github/settings.yaml`)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#42)

## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v1.3.0

• No changes

v1.2.0

Add home directory inputs @nitrocode (#27)

what

• Add optional home_directory_mappings key to sftp_users
• Add optional s3_bucket_name key to sftp_users
• Tag everything
• Remove ${Transfer:*} vars

why

• Allow overriding user assigned home directory mappings and add additional
• Allow overriding user assigned s3 bucket
• Fix issue where user and s3 bucket are calculated from the ${Transfer:*} vars
  • e.g. ${Transfer:UserName} would be applied but then the API would result in bob instead of this value so terraform would then try to revert the change.

references

• Closes #20
• Closes #25

v1.1.0

Restricted and unrestricted users @Nuru (#26)

what

• Restore "restricted users" from #9
• Restore "unrestricted users" from #17
• Update tests and other framework

why

• Version 1.0.0 was released as the last point in master before adding the unsupported security group v0.3.0. In doing so, features added in #9 and #17 were removed. This restores those features.
• Pull in bug and security fixes, allow tests to run in parallel.

notes

• Custom security group rules, added in #8, are not included in this release. If the feature is desired, it should be re-implemented with security-group v2.x

v1.0.0 Initial release with production Semantic Versioning

This release is identical to version 0.3.1. It reverts changes made in v0.4.0 and later v0.x releases. Because those versions were never fully supported, we are not providing migration instructions from those version to this one.

This is the first release of this module with production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. This module will evolve with breaking changes as we convert it to use our security-group module. Expect those changes to be released in v2.0, soon.

This change did not reimplement PRs #17 and #9

v0.6.0

Unrestricted home role and settings @if-igor (#17)

what

• There are three changes here, all to support the use case where var.restricted_home is set to false
• Change 1: expose user role arns
• Change 2: set default home_directory to provided s3 bucket
• Change 3: Adjust policy to allow access to the root of the s3 bucket instead of the path with username

why

• Currently, setting var.restricted_home to false will drop the user into the root directory without any permissions
• Given that the module works with an s3 bucket, it makes sense to change the home_directory in this case to the root of the s3 bucket
• The policy did not grant access to the user to the root directory
• Adding role_arns to the output will help anyone who wants to add additional policies to the role