github crossplane-contrib/provider-upjet-aws v2.0.0
on GitHub

24 days ago

Release v2.0.0

Caution

This release introduces breaking changes and significant internal upgrades. Please review the release notes thoroughly, make the necessary changes to your manifests, and test thoroughly before upgrading.

Before using any Crossplane v2 capabilities in the provider, we encourage you to familiarize yourself with the changes in v2.

This release introduces:

  • Compatibility with Crossplane v2
  • Support for Crossplane v2 namespace-scoped Managed Resources (MRs) alongside existing cluster-scoped MRs.
  • Upgrade to crossplane-runtime v2.0.0.
  • Upgrade to Upjet v2.0.0.
  • Upgrade of the underlying Terraform AWS provider to v6.3.0, introducing resource-level API changes.
  • Removal of External Secret Store support.

Please review the breaking changes carefully before upgrading.

Breaking API Changes

Warning

Make adjustments to any impacted resources in your Control Plane when upgrading to this provider version.

The following resources have changed due to the underlying Terraform provider upgrade to version v6.3.0:

Deprecated Resources

  • Pipeline.elastictranscoder.aws.upbound.io/v1beta1
  • Pipeline.elastictranscoder.aws.upbound.io/v1beta2
  • Preset.elastictranscoder.aws.upbound.io/v1beta1
  • Preset.elastictranscoder.aws.upbound.io/v1beta2
  • Feature.evidently.aws.upbound.io/v1beta1
  • Feature.evidently.aws.upbound.io/v1beta2
  • Project.evidently.aws.upbound.io/v1beta1
  • Project.evidently.aws.upbound.io/v1beta2
  • Segment.evidently.aws.upbound.io/v1beta1

Removed Providers & Resources

  • The opsworks and simpledb providers were removed in this release, along with all resources belonging to these providers.

Resource base changes

  • AlternateContact.account.aws.upbound.io/v1beta1:
    • spec.forProvider.region has been removed.
  • Regions.account.aws.upbound.io/v1beta1:
    • spec.forProvider.region has been removed.
  • Account.apigateway.aws.upbound.io/v1beta1:
    • spec.forProvider.resetOnDelete has been removed.
    • spec.initProvider.resetOnDelete has been removed.
    • spec.atProvider.resetOnDelete has been removed.
  • Deployment.apigateway.aws.upbound.io/v1beta1:
    • spec.forProvider.canarySettings has been removed.
    • spec.forProvider.stageDescription has been removed.
    • spec.forProvider.stageName has been removed.
    • spec.initProvider.canarySettings has been removed.
    • spec.initProvider.stageDescription has been removed.
    • spec.initProvider.stageName has been removed.
    • spec.atProvider.canarySettings has been removed.
    • spec.atProvider.executionArn has been removed.
    • spec.atProvider.invokeUrl has been removed.
    • spec.atProvider.stageDescription has been removed.
    • spec.atProvider.stageName has been removed.
  • GlobalSettings.backup.aws.upbound.io/v1beta1:
    • spec.forProvider.region has been removed.
  • JobQueues.batch.aws.upbound.io/v1beta1:
    • spec.forProvider.computeEnvironments has been removed.
    • spec.initProvider.computeEnvironments has been removed.
    • spec.atProvider.computeEnvironments has been removed.
  • BudgetActions.budgets.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.region has been removed.
  • Budgets.budgets.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.region has been removed.
  • AnomalyMonitor.ce.aws.upbound.io/v1beta1:
    • spec.forProvider.region has been removed.
  • For all cloudfront.aws.upbound.io resources:
    • spec.forProvider.region has been removed.
  • ResponseHeadersPolicy.cloudfront.aws.upbound.io/v1beta1:
    • spec.forProvider.etag has been removed.
    • spec.initProvider.region has been removed.
  • DomainPermissionsPolicy.codeartifact.aws.upbound.io/v1beta1:
    • spec.forProvider.policyDocument is not required anymore.
  • User.connect.aws.upbound.io/v1beta1:
    • spec.forProvider.securityProfileIds is not required anymore.
  • ReportDefinition.cur.aws.upbound.io/v1beta1:
    • spec.forProvider.region has been removed.
    • spec.forProvider.s3Prefix is required now.
  • GatewayAssociation.directconnect.aws.upbound.io/v1beta1:
    • spec.forProvider.vpnGatewayId has been removed.
    • spec.initProvider.vpnGatewayId has been removed.
    • spec.atProvider.vpnGatewayId has been removed.
  • Gateway.directconnect.aws.upbound.io/v1beta1:
    • spec.forProvider.region has been removed.
  • Endpoint.dms.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.s3Settings has been removed.
    • spec.initProvider.s3Settings has been removed.
    • spec.atProvider.s3Settings has been removed.
  • EIP.ec2.aws.upbound.io/v1beta1:
    • spec.forProvider.vpc has been removed.
    • spec.initProvider.vpc has been removed.
    • spec.atProvider.vpc has been removed.
  • FlowLog.ec2.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.logGroupName has been removed.
    • spec.initProvider.logGroupName has been removed.
    • spec.atProvider.logGroupName has been removed.
  • Instance.ec2.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.cpuCoreCount has been removed.
    • spec.forProvider.cpuThreadsPerCore has been removed.
    • spec.initProvider.cpuCoreCount has been removed.
    • spec.initProvider.cpuThreadsPerCore has been removed.
    • spec.atProvider.cpuCoreCount has been removed.
    • spec.atProvider.cpuThreadsPerCore has been removed.
  • LaunchTemplate.ec2.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.elasticGpuSpecifications has been removed.
    • spec.forProvider.elasticInferenceAccelerator has been removed.
    • spec.initProvider.elasticGpuSpecifications has been removed.
    • spec.initProvider.elasticInferenceAccelerator has been removed.
    • spec.atProvider.elasticGpuSpecifications has been removed.
    • spec.atProvider.elasticInferenceAccelerator has been removed.
  • SerialConsoleAccess.ec2.aws.upbound.io/v1beta1:
    • spec.forProvider.region has been removed.
  • SpotInstanceRequest.ec2.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.blockDurationMinutes has been removed.
    • spec.forProvider.cpuCoreCount has been removed.
    • spec.forProvider.cpuThreadsPerCore has been removed.
    • spec.initProvider.blockDurationMinutes has been removed.
    • spec.initProvider.cpuCoreCount has been removed.
    • spec.initProvider.cpuThreadsPerCore has been removed.
    • spec.atProvider.blockDurationMinutes has been removed.
    • spec.atProvider.cpuCoreCount has been removed.
    • spec.atProvider.cpuThreadsPerCore has been removed.
  • Service.ecs.aws.upbound.io/v1beta1:
    • spec.forProvider.managedEbsVolume has been removed.
    • spec.forProvider.name has been removed.
    • spec.forProvider.volumeConfiguration object type changed to list.
    • spec.initProvider.managedEbsVolume has been removed.
    • spec.initProvider.name has been removed.
    • spec.initProvider.volumeConfiguration object type changed to list.
    • spec.atProvider.managedEbsVolume has been removed.
    • spec.atProvider.name has been removed.
    • spec.atProvider.volumeConfiguration object type changed to list.
  • TaskDefinition.ecs.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.inferenceAccelerator has been removed.
    • spec.initProvider.inferenceAccelerator has been removed.
    • spec.atProvider.inferenceAccelerator has been removed.
  • Addon.eks.aws.upbound.io/v1beta1:
    • spec.forProvider.resolveConflicts has been removed.
    • spec.initProvider.resolveConflicts has been removed.
    • spec.atProvider.resolveConflicts has been removed.
  • LustreFileSystem.fsx.aws.upbound.io/v1beta1:
    • spec.forProvider.iops has been removed.
    • spec.forProvider.mode has been removed.
    • spec.forProvider.metadataConfiguration object type changed to list.
    • spec.initProvider.iops has been removed.
    • spec.initProvider.mode has been removed.
    • spec.initProvider.metadataConfiguration object type changed to list.
    • spec.atProvider.iops has been removed.
    • spec.atProvider.mode has been removed.
    • spec.atProvider.metadataConfiguration object type changed to list.
  • For all globalaccelerator.aws.upbound.io resources:
    • spec.forProvider.region has been removed.
  • LayerVersionPermission.lambda.aws.upbound.io/v1beta1:
    • spec.forProvider.layerName is not required anymore.
    • spec.forProvider.versionNumber is not required anymore.
  • For all networkmanager.aws.upbound.io resources:
    • spec.forProvider.region has been removed.
  • CoreNetwork.networkmanager.aws.upbound.io/v1beta1:
    • spec.forProvider.basePolicyRegion has been removed.
    • spec.initProvider.basePolicyRegion has been removed.
    • spec.atProvider.basePolicyRegion has been removed.
  • Domain.opensearch.aws.upbound/v1beta1 and v1beta2:
    • spec.atProvider.kibanaEndpoint has been removed.
  • SecurityConfig.opensearchserverless.aws.upbound/v1beta1:
    • spec.forProvider.samlOptions is not required anymore.
  • For all organizations.aws.upbound.io resources:
    • spec.forProvider.region has been removed.
  • Cluster.redshift.aws.upbound.io/v1beta1:
    • spec.forProvider.clusterPublicKey has been removed.
    • spec.forProvider.clusterRevisionNumber has been removed.
    • spec.forProvider.endpoint has been removed.
    • spec.forProvider.logging has been removed.
    • spec.forProvider.snapshotCopy has been removed.
    • spec.forProvider.encrypted bool type changed to string.
    • spec.initProvider.clusterPublicKey has been removed.
    • spec.initProvider.clusterRevisionNumber has been removed.
    • spec.initProvider.endpoint has been removed.
    • spec.initProvider.logging has been removed.
    • spec.initProvider.snapshotCopy has been removed.
    • spec.initProvider.encrypted bool type changed to string.
    • spec.atProvider.logging has been removed.
    • spec.atProvider.snapshotCopy has been removed.
    • spec.atProvider.encrypted bool type changed to string.
  • For all rolesanywhere.aws.upbound.io resources:
    • spec.forProvider.region has been removed.
  • For all route53.aws.upbound.io resources:
    • spec.forProvider.region has been removed.
  • AppMontior.rum.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.domain has been removed.
  • BucketLifecycleConfiguration.s3.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.rule is not required anymore.
    • spec.forProvider.rule.filter.objectSizeGreaterThan string type changed to number.
    • spec.forProvider.rule.filter.objectSizeLessThan string type changed to number.
    • spec.forProvider.rule.noncurrentVersionExpiration.newerNoncurrentVersions string type changed to number.
    • spec.forProvider.rule.noncurrentVersionTransition.newerNoncurrentVersions string type changed to number.
    • spec.initProvider.rule is not required anymore.
    • spec.initProvider.rule.filter.objectSizeGreaterThan string type changed to number.
    • spec.initProvider.rule.filter.objectSizeLessThan string type changed to number.
    • spec.initProvider.rule.noncurrentVersionExpiration.newerNoncurrentVersions string type changed to number.
    • spec.initProvider.rule.noncurrentVersionTransition.newerNoncurrentVersions string type changed to number.
    • spec.atProvider.rule is not required anymore.
    • spec.atProvider.rule.filter.objectSizeGreaterThan string type changed to number.
    • spec.atProvider.rule.filter.objectSizeLessThan string type changed to number.
    • spec.atProvider.rule.noncurrentVersionExpiration.newerNoncurrentVersions string type changed to number.
    • spec.atProvider.rule.noncurrentVersionTransition.newerNoncurrentVersions string type changed to number.
  • Domain.sagemaker.aws.upbound.io/v1beta1:
    • spec.forProvider.defaultUserSettings.canvasAppSettings.amazonBedrockRoleArn has been removed.
    • spec.forProvider.defaultUserSettings.canvasAppSettings.generativeAiSettings object type changed to list.
    • spec.initProvider.defaultUserSettings.canvasAppSettings.amazonBedrockRoleArn has been removed.
    • spec.initProvider.defaultUserSettings.canvasAppSettings.generativeAiSettings object type changed to list.
    • spec.atProvider.defaultUserSettings.canvasAppSettings.amazonBedrockRoleArn has been removed.
    • spec.atProvider.defaultUserSettings.canvasAppSettings.generativeAiSettings object type changed to list.
  • NotebookInstance.sagemaker.aws.upbound.io/v1beta1 and v1beta2:
    • spec.forProvider.acceleratorTypes has been removed.
    • spec.initProvider.acceleratorTypes has been removed.
    • spec.atProvider.acceleratorTypes has been removed.
  • UserProfile.sagemaker.aws.upbound.io/v1beta1:
    • spec.forProvider.userSettings.canvasAppSettings.amazonBedrockRoleArn has been removed.
    • spec.forProvider.defaultUserSettings.canvasAppSettings.generativeAiSettings object type changed to list.
    • spec.initProvider.userSettings.canvasAppSettings.amazonBedrockRoleArn has been removed.
    • spec.initProvider.defaultUserSettings.canvasAppSettings.generativeAiSettings object type changed to list.
    • spec.atProvider.userSettings.canvasAppSettings.amazonBedrockRoleArn has been removed.
    • spec.atProvider.defaultUserSettings.canvasAppSettings.generativeAiSettings object type changed to list.
  • WorkTeam.sagemaker.aws.upbound.io/v1beta1:
    • spec.forProvider.workerAccessConfiguration.s3Presign has been removed.
    • spec.forProvider.workerAccessConfiguration object type changed to list.
    • spec.initProvider.workerAccessConfiguration.s3Presign has been removed.
    • spec.initProvider.workerAccessConfiguration object type changed to list.
    • spec.atProvider.workerAccessConfiguration.s3Presign has been removed.
    • spec.atProvider.workerAccessConfiguration object type changed to list.
  • Association.ssm.aws.upbound.io_associations/v1beta1 and v1beta2:
    • spec.forProvider.instanceId has been removed.
    • spec.initProvider.instanceId has been removed.
    • spec.atProvider.instanceId has been removed.
  • For all waf.aws.upbound.io resources:
    • spec.forProvider.region has been removed.
  • IPSet.wafv2.aws.upbound.io resources:
    • spec.forProvider.name is not required anymore.
  • RegexPatternSet.wafv2.aws.upbound.io resources:
    • spec.forProvider.name is not required anymore.
  • WebACL.wafv2.aws.upbound.io resources:
    • spec.forProvider.name is not required anymore.

Namespace-scope MR Support (Crossplane v2-only)

  • New namespace-scoped MR APIs are available under the aws.m.crossplane.io API group.
  • All new APIs are at version v1beta1.
  • ProviderConfig
    • ProviderConfig.aws.m.crossplane.io is now namespace-scoped.
    • A new cluster-scoped ClusterProviderConfig.aws.m.crossplane.io resource was added; new MRs can reference either ProviderConfig or ClusterProviderConfig via spec.providerConfigRef.kind.
    • spec.providerConfigRef defaults to ClusterProviderConfig with name default when omitted.
  • spec.writeConnectionSecretToRef and sensitive parameter refs (e.g., spec.forProvider.fooSecretRef) in namespace-scoped MRs are now local secret references (if no namespace is specified, it defaults to the MR's namespace).
  • Cross-resource references are now namespace-scoped by default, however, cross-namespace references are allowed.
  • This provider will serve both the new namespace-scoped and cluster-scoped APIs.

Note

Cluster-scoped MRs do NOT implement the above changes and continue operating as before.

Removed Features

  • External Secret Store support has been removed from all MRs (spec.publishConnectionDetailsTo is no longer available) as the feature has been removed in Crossplane v2.

Note

The removed feature is the External Secret Store, which allowed storing connection details outside the cluster (e.g., in Vault). Connection secrets for managed resources remain available for storing connection details in Kubernetes Secrets.

Other Notable Changes

  • SafeStart capability has been added (Crossplane v2-only): Controllers start once their CRD is installed.
  • Repository structure changes:
    • apis, controllers, and examples now have scoped subdirectories: cluster and namespaced.
    • Resource configurations are also scoped; updates must be applied to both where relevant.
    • Examples for namespace-scoped MRs are included.

Backward Compatibility Notes

  • This provider can be installed in Crossplane v1.x environments:
    • Both cluster-scoped and namespace-scoped CRDs will be installed; namespace-scoped CRDs cannot be composed in v1.x.
    • SafeStart will be disabled.
  • When upgrading from v1.x providers, review all breaking resource API changes noted above. The package itself is Crossplane v1.x compatible, but there can be resources that have API changes that need adjustment in your control plane.

Upgrade Guide

  1. Review all affected resources listed under Breaking API Changes.
  2. Update manifests to reflect renamed/removed properties.
  3. For Crossplane v2.x users:
    • Ensure secret and reference configurations align with the new namespace-scoped MR behavior.
    • Decide whether to use ProviderConfig or ClusterProviderConfig.
  4. Remove any spec.publishConnectionDetailsTo usage.
  5. Validate repository structure changes if maintaining custom resource configurations.

What's Changed

Full Changelog: v1.23.0...v2.0.0

Check out latest releases or
releases around crossplane-contrib/provider-upjet-aws v2.0.0

Don't miss a new provider-upjet-aws release

NewReleases is sending notifications on new releases.

Get notifications