Updated CLI args, config attributes and blocks
remote_state[BACKWARD INCOMPATIBLE]
Description
-
Updated logic for handling
remote_stateto enforce what is defined in the block of config, the change affects default encryption settings, public access blocking, bucket policy (enforce SSL only), access logging, and versioning -
Fixed behavior for enforcing
EnforcedTLSto not overwrite already configuredRootAccesspolicy
Migration guide
If you do not want terragrunt to update the S3 bucket based on the configurations, you can define the config attribute disable_bucket_update = true in the remote_state block.
If you have an environment where it is difficult to update terragrunt and your configuration simultaneously, you can use v0.36.12 which supports the new disable_bucket_update configuration, but does not implement the bucket updating behavior.
To perform a safe upgrade:
- Upgrade your Terragrunt environment to
v0.36.12 - Add
disable_bucket_update = truein theremote_stateblockconfigmap. - Run
terragruntto confirm Terragrunt doesn't update the state buckets. - Upgrade your Terragrunt environment to
v0.37.0and confirm Terragrunt still does not update the state buckets.
Special thanks
Special thanks to the following users for their contribution!