Breaking Changes
IAM Resources
All IAM resources used to reside in identity
group and they had prefixed names like IAMRole
. In this release, all of them moved to a new group called iam
and renamed to drop the prefix, i.e. IAMRole -> Role
. In addition, all of them are now v1beta1
resources.
This change won't affect your existing resources immediately but no controllers will be watching the old custom resources. Please follow this migration guide to migrate to the new APIs: https://github.com/crossplane/provider-aws/blob/master/cluster/UPGRADE.md#upgrade-from-v021x-to-v022x
Affected resources:
identity.IAMRole
identity.IAMUser
identity.IAMPolicy
identity.IAMAccessKey
identity.IAMGroup
identity.IAMUserPolicyAttachment
identity.IAMGroupPolicyAttachment
identity.IAMRolePolicyAttachment
identity.IAMGroupUserMembership
identity.OpenIDConnectProvider
Several Resources to v1beta1
These resources have been upgraded to v1beta1
version but the conversion will happen automatically. The only schema change is that we have removed spec.forProvider.renewCertificate
field of Certificate
since it wasn't working properly and is hard to get right in a declarative manner that we can support in v1beta1
.
It's strongly suggested to use /v1beta1
version suffix for apiVersion
field of your YAML files, including base templates in your Composition
s, as soon as possible.
The full list:
acm.Certificate
acmpca.CertificateAuthority
acmpca.CertificateAuthorityPermission
ec2.VPCCIDRBlock
ecr.Repository
ecr.RepositoryPolicy
eks.FargateProfile
iam.User
iam.Policy
iam.AccessKey
iam.Group
iam.UserPolicyAttachment
iam.GroupPolicyAttachment
iam.GroupUserMembership
iam.OpenIDConnectProvider
New CRDs!
In v0.22.0
, there are a couple of new CRDs that are ready to use:
ec2.TransitGateway
by @haarchriec2.TransitGatewayAttachment
by @haarchriec2.Volume
by @haarchricloudfront.CloudFrontOriginAccessIdentity
by @stevendborrelli
New Authentication Method
Now you can specify a IAM Role ARN in ProviderConfig
that the AWS client can assume by using the provided credentials and act on behalf of that given IAMRole! See https://doc.crds.dev/github.com/crossplane/provider-aws/aws.crossplane.io/ProviderConfig/v1beta1@v0.22.0#spec-assumeRoleARN
What's Changed
- Key alias fix by @muvaf in #950
- github: add release issue by @muvaf in #949
- iam.rolepolicyattachment: clean up old code that duplicates functionality from runtime by @muvaf in #954
- Implements private nat-gateway by @haarchri in #884
- Manually late-init CloudFront Distributions by @negz in #952
- fix s3 nil paymentConfiguration preventing bucket from being ready by @smcavallo in #916
- fix s3 notificationConfiguration by @smcavallo in #917
- S3 test nitpicks by @negz in #963
- support for s3 replicationConfiguration with delete marker enabled (and fixes) by @smcavallo in #911
- ec2.securitygroup: fix add, implement revoke/update ingress and egress rules by @chlunde in #631
- Accomodate DynamoDB API's implied defaults by @negz in #973
- feat(route53resolver): added postObserve status by @haarchri in #967
- Added tags for iam policy by @ra-grover in #931
- observe iampolicy which already exists by @smcavallo in #930
- identity.iampolicy: Disable gocyclo after two merges broke CI by @chlunde in #978
- rdsinstance: Use ResourceLateInitialized from crossplane-runtime by @chlunde in #833
- fix(nat): make tagSpecification optional to fits nat-gateway without tags by @haarchri in #899
- feat(bottlerocket): added informations for eks-bottlerocket-nodegroup by @haarchri in #898
- Actually cache the go build cache between CI runs by @hasheddan in #986
- feat(rds): #984 added ref and selector for *parameterGroup by @haarchri in #987
- Servicediscovery delete fix by @stevendborrelli in #988
- add basic install command by @nicgrayson in #983
- fix(fmt): #988 fix gofmt-servicediscovery by @haarchri in #990
- Fixing constantly update requests problem of replicationgroup by @sergenyalcin in #981
- Ignore fields in
glue.Crawler
andlambda.Function
that block code-generator bump by @muvaf in #992 - upgrade to aws-sdk-go-v2 - 2021-11-06 by @smcavallo in #921
- Bump
ec2.vpccidrblock
,ecr.repository
,ecr.repositorypolicy
andeks.fargateprofile
to v1beta1 by @muvaf in #994 - Upgrading to latest code-generator commit by @AaronME in #920
- fix(cleanup): rerun generator after #920 merge by @haarchri in #998
- feat(rds): added rds-apply-immediately field by @haarchri in #888
- Bump
Certificate
,CertificateAuthority
andCertificateAuthorityPermission
to v1beta1 by @muvaf in #995 - Move all IAM resources to
iam
group and bump all of them to v1beta1 by @muvaf in #996 - assumeRoleARN for ProviderConfig by @haarchri in #912
- Implement Cloudfront Origin Access Identity by @stevendborrelli in #929
- Implements EC2 Volume by @haarchri in #771
- feat(tgw): added ec2 tgw & tgw-vpc-attachment by @haarchri in #831
New Contributors
- @ra-grover made their first contribution in #931
- @nicgrayson made their first contribution in #983
- @sergenyalcin made their first contribution in #981
Full Changelog: v0.21.2...v0.22.0