v0.24.1

New CRDs!

In v0.24.1, there are 3 new CRDs! See https://doc.crds.dev/github.com/crossplane/provider-aws@v0.24.1 for the full list.

• ResolverRuleAssociation in route53resolver
• CacheParameterGroup in elasticache
• DBCluster in neptune

Deprecated Versions

Several resources are bumped to v1beta1 in this release but none of those bumps were breaking changes. The following is the list of CRDs that will be converted to v1beta1 automatically by Kubernetes API server.

• VPCLink in apigatewayv2
• Secret in secretsmanager
• Function in lambda

The only action you need to take is to update your YAML files and base templates in your Composition objects before v1alpha1 is removed from the supported versions, which will be done in v0.27.0.

In addition, the whole notification group is now duplicated as sns group with new kind names. The deprecated CRDs of notification will be kept in the provider and their controllers will continue to run but it's highly advised to move to the new sns group as soon as possible. They will be removed from the provider in v0.27.0. See this guide (section titled as Upgrade from v0.32.x to v0.33.x since that's where it's necessary to migrate) for more details about how to migrate. Keep in mind that you can opt not to migrate now and still have all SNS resources reconciled.

• SNSTopic of notification -> Topic of sns
• SNSSubscription of notification -> Subscription of sns

What's Changed

• Add support for external ID when assume role by @hanlins in #1013
• fix(eks-addon): Replace ListTagsForResource with DescribeAddon to save one API call by @MisterMX in #1068
• Restore RDS instance from a MySQL backup by @danports in #770
• fix(ec2-instance): make some blockDevicMapping fields in CRD optional by @mariobris in #1091
• read endpoint info from dbinstance status rather than aws out values by @clive-jevons in #1092
• feat(ack-bump): bump ack-version by @haarchri in #1027
• feat(database): resolvers by @haarchri in #1086
• doc(assumeRoleARN): #1065 added documentation for assumeRoleARN by @haarchri in #1082
• Update Go version from 1.16 to 1.17 by @ulucinar in #1103
• Move versioned generator configs to API group folders by @ulucinar in #1096
• Add support for keeping previous generated versions by @ulucinar in #1105
• fix(secretsmanager): Ignore isUpToDate if resource was deleted by @MisterMX in #1095
• feat(route53resolver): added ResolverRuleAssociation by @haarchri in #968
• fix(ec2-instance): changed SpotMarketOptions for Spot Instances by @haarchri in #1083
• fix(transfer/user): fix WithInitializers and removed postCreate by @haarchri in #1106
• Add eks to generated services by @MisterMX in #1110
• Add docdb to generated services by @MisterMX in #1111
• fix(generated-services) added route53resolver to makefile by @haarchri in #1003
• chore: dynamically generate GENERATED_SERVICES var by @dwerder in #1008
• fix(Makefile) adjust command 'find' to be zshell compatible by @dwerder in #1120
• fix(lables): eks-nodegroup - both or either addOrUpdateLabels or removeLabels must not be empty by @haarchri in #1119
• Restore RDS instances from database snapshots by @danports in #1087
• elasticache.cacheparametergroup: Add resource by @chlunde in #834
• rds.rdsinstance: Add storage autoscaling (MaxAllocatedStorage) by @chlunde in #794
• Secretsmanager: Implement LateInitialize of a K8s secret when AWS secret already exists by @MisterMX in #669
• Add Neptune DBCluster Resource by @ezgidemirel in #1099
• secretsmanager.secret: make late init work only if the input secret does not exist by @muvaf in #1127
• fix(ec2): vpcpeeringconnection fixed fields for resolvers, change tagger by @haarchri in #1035
• elasticache: Scale replicationgroup shards by @chlunde in #860
• fix(resolvers-transfer): panic in provider for missing check for nil by @haarchri in #1134
• Bump SNS Topic and Subscription versions to v1beta1 by @ezgidemirel in #1123
• Bump VPCLink, Secret and Function to v1beta1 by @muvaf in #1107
• apis: register missing api groups by @muvaf in #1145

New Contributors

• @hanlins made their first contribution in #1013
• @danports made their first contribution in #770
• @mariobris made their first contribution in #1091
• @clive-jevons made their first contribution in #1092
• @dwerder made their first contribution in #1008
• @ezgidemirel made their first contribution in #1099

Full Changelog: v0.23.0...v0.24.1

v0.23.0

New CRDs!

In v0.23.0, there are a couple of new CRDs that are ready to use:
https://doc.crds.dev/github.com/crossplane/provider-aws@v0.23.0

• ec2.VPCEndpoint by @darryl-sw
• ec2.VPCEndpointServiceConfiguration by @haarchri
• ec2.TransitGatewayRouteTable by @haarchri
• ec2.TransitGatewayRoute by @haarchri
• ec2.Route by @Dkaykay and @haarchri
• ec2.LaunchTemplateVersion by @tanujd11
• ec2.LaunchTemplate by @tanujd11
• elbv2.TargetGroup by @EdgeJ
• elbv2.LoadBalancer by @EdgeJ
• elbv2.Listener by @EdgeJ
• athena.WorkGroup by @haarchri
• ram.ResourceShare by @haarchri
• kinesis.Stream by @haarchri
• kafka.Configuration by @haarchri
• iot.Thing by @sergenyalcin
• iot.Policy by @sergenyalcin

What's Changed

• Update documentation links to crossplane.io by @stevendborrelli in #1005
• Add IOT/Thing & IOT/Policy managed resource by @sergenyalcin in #940
• Add instructions to use kube2iam authentication by @yogeek in #1015
• EC2 Route by @Dkaykay in #859
• Implement athena workgroup by @haarchri in #694
• Implements Resource Access Manager (RAM) by @haarchri in #838
• Remove inaccurate deprecation warning from v1beta1 type by @hasheddan in #1031
• Role - add iamrole shortname by @smcavallo in #1024
• Add default tags to iam.Role by @cebernardi in #1000
• Implements kafka configurations & kafka server refs,selectors by @haarchri in #762
• Add Ipv6CIDRBlock support in VPC by @vaspahomov in #881
• Implement VPC Endpoint for AWS Provider by @darryl-sw in #817
• Implement Loadbalancer, Listener, and TargetGroup from elasticloadbalancingv2 by @EdgeJ in #865
• fix(docs): fix docs to current aws-go-sdk 1.37.10 for code-gen by @haarchri in #1028
• Launch Template and Launch Template Version resources added by @tanujd11 in #1041
• feat(transitgatewayroutes): added TransitGateway Routes/RouteTable by @haarchri in #1032
• fix(e2e-test) changed pkg.crossplane.io to v1 by @haarchri in #1052
• feat(glue): followup cleanup cr.name to external.name by @haarchri in #1019
• fix(name): fix transfer/user &cr.name and use annotation by @haarchri in #1053
• fix(init): #1049 fix problem that kms-key ref picks wrong metadata.name by @haarchri in #1050
• feat(vpcendpointserviceconfiguration) added new ressource by @haarchri in #1009
• cleanup glue securityconfig &cr.name to annotation by @haarchri in #1055
• add support for all s3 canned-acls by @rpoluri in #891
• Implements Kinesis Stream by @haarchri in #857
• fix(tagger): tagger fixed for tgw/tgwvpcattachment by @haarchri in #1029
• added s3 resolvers for queueArn, replicaKmsKeyId, kmsMasterKeyId, crossplane:generate:reference by @haarchri in #1022

New Contributors

• @yogeek made their first contribution in #1015
• @cebernardi made their first contribution in #1000
• @darryl-sw made their first contribution in #817
• @EdgeJ made their first contribution in #865
• @tanujd11 made their first contribution in #1041
• @rpoluri made their first contribution in #891

Full Changelog: v0.22.0...v0.23.0

v0.22.0

Breaking Changes

IAM Resources

All IAM resources used to reside in identity group and they had prefixed names like IAMRole. In this release, all of them moved to a new group called iam and renamed to drop the prefix, i.e. IAMRole -> Role. In addition, all of them are now v1beta1 resources.

This change won't affect your existing resources immediately but no controllers will be watching the old custom resources. Please follow this migration guide to migrate to the new APIs: https://github.com/crossplane/provider-aws/blob/master/cluster/UPGRADE.md#upgrade-from-v021x-to-v022x

Affected resources:

• identity.IAMRole
• identity.IAMUser
• identity.IAMPolicy
• identity.IAMAccessKey
• identity.IAMGroup
• identity.IAMUserPolicyAttachment
• identity.IAMGroupPolicyAttachment
• identity.IAMRolePolicyAttachment
• identity.IAMGroupUserMembership
• identity.OpenIDConnectProvider

Several Resources to v1beta1

These resources have been upgraded to v1beta1 version but the conversion will happen automatically. The only schema change is that we have removed spec.forProvider.renewCertificate field of Certificate since it wasn't working properly and is hard to get right in a declarative manner that we can support in v1beta1.

It's strongly suggested to use /v1beta1 version suffix for apiVersion field of your YAML files, including base templates in your Compositions, as soon as possible.

The full list:

• acm.Certificate
• acmpca.CertificateAuthority
• acmpca.CertificateAuthorityPermission
• ec2.VPCCIDRBlock
• ecr.Repository
• ecr.RepositoryPolicy
• eks.FargateProfile
• iam.User
• iam.Policy
• iam.AccessKey
• iam.Group
• iam.UserPolicyAttachment
• iam.GroupPolicyAttachment
• iam.GroupUserMembership
• iam.OpenIDConnectProvider

New CRDs!

In v0.22.0, there are a couple of new CRDs that are ready to use:

• ec2.TransitGateway by @haarchri
• ec2.TransitGatewayAttachment by @haarchri
• ec2.Volume by @haarchri
• cloudfront.CloudFrontOriginAccessIdentity by @stevendborrelli

New Authentication Method

Now you can specify a IAM Role ARN in ProviderConfig that the AWS client can assume by using the provided credentials and act on behalf of that given IAMRole! See https://doc.crds.dev/github.com/crossplane/provider-aws/aws.crossplane.io/ProviderConfig/v1beta1@v0.22.0#spec-assumeRoleARN

What's Changed

• Key alias fix by @muvaf in #950
• github: add release issue by @muvaf in #949
• iam.rolepolicyattachment: clean up old code that duplicates functionality from runtime by @muvaf in #954
• Implements private nat-gateway by @haarchri in #884
• Manually late-init CloudFront Distributions by @negz in #952
• fix s3 nil paymentConfiguration preventing bucket from being ready by @smcavallo in #916
• fix s3 notificationConfiguration by @smcavallo in #917
• S3 test nitpicks by @negz in #963
• support for s3 replicationConfiguration with delete marker enabled (and fixes) by @smcavallo in #911
• ec2.securitygroup: fix add, implement revoke/update ingress and egress rules by @chlunde in #631
• Accomodate DynamoDB API's implied defaults by @negz in #973
• feat(route53resolver): added postObserve status by @haarchri in #967
• Added tags for iam policy by @ra-grover in #931
• observe iampolicy which already exists by @smcavallo in #930
• identity.iampolicy: Disable gocyclo after two merges broke CI by @chlunde in #978
• rdsinstance: Use ResourceLateInitialized from crossplane-runtime by @chlunde in #833
• fix(nat): make tagSpecification optional to fits nat-gateway without tags by @haarchri in #899
• feat(bottlerocket): added informations for eks-bottlerocket-nodegroup by @haarchri in #898
• Actually cache the go build cache between CI runs by @hasheddan in #986
• feat(rds): #984 added ref and selector for *parameterGroup by @haarchri in #987
• Servicediscovery delete fix by @stevendborrelli in #988
• add basic install command by @nicgrayson in #983
• fix(fmt): #988 fix gofmt-servicediscovery by @haarchri in #990
• Fixing constantly update requests problem of replicationgroup by @sergenyalcin in #981
• Ignore fields in glue.Crawler and lambda.Function that block code-generator bump by @muvaf in #992
• upgrade to aws-sdk-go-v2 - 2021-11-06 by @smcavallo in #921
• Bump ec2.vpccidrblock, ecr.repository, ecr.repositorypolicy and eks.fargateprofile to v1beta1 by @muvaf in #994
• Upgrading to latest code-generator commit by @AaronME in #920
• fix(cleanup): rerun generator after #920 merge by @haarchri in #998
• feat(rds): added rds-apply-immediately field by @haarchri in #888
• Bump Certificate, CertificateAuthority and CertificateAuthorityPermission to v1beta1 by @muvaf in #995
• Move all IAM resources to iam group and bump all of them to v1beta1 by @muvaf in #996
• assumeRoleARN for ProviderConfig by @haarchri in #912
• Implement Cloudfront Origin Access Identity by @stevendborrelli in #929
• Implements EC2 Volume by @haarchri in #771
• feat(tgw): added ec2 tgw & tgw-vpc-attachment by @haarchri in #831

New Contributors

• @ra-grover made their first contribution in #931
• @nicgrayson made their first contribution in #983
• @sergenyalcin made their first contribution in #981

Full Changelog: v0.21.2...v0.22.0

v0.21.2

What's Changed

• [Backport release-0.21] ec2.securitygroup: fix add, implement revoke/update ingress and egress rules by @github-actions in #969
• [Backport release-0.21] Accomodate DynamoDB API's implied defaults by @github-actions in #974

Full Changelog: v0.21.1...v0.21.2

v0.21.1

What's Changed

• [Backport release-0.21] Manually late-init CloudFront Distributions by @github-actions in #958
• [Backport release-0.21] fix s3 notificationConfiguration by @github-actions in #962
• [Backport release-0.21] fix s3 nil paymentConfiguration preventing bucket from being ready by @github-actions in #961
• [Backport release-0.21] S3 test nitpicks by @github-actions in #964
• [Backport release-0.21] support for s3 replicationConfiguration with delete marker enabled (and fixes) by @github-actions in #965

Full Changelog: v0.21.0...v0.21.1

v0.21.0

Notable Updates

Along with bug fixes and improvements, we have quite a few new APIs in this release as well, making provider-aws to have 99 CRDs. Take a look at all the supported resources here!

What's Changed

• fix(eks-kubeconfig): eks-presignGetCallerIdentity by @haarchri in #901
• Add haarchri as a maintainer by @negz in #904
• Add support for associating an OIDC provider with an EKS cluster by @goober in #883
• Add EKS Addon resource by @MisterMX in #872
• Add unit tests for providerConfig endpointConfig feature and update SigningRegion based on PartitionID by @smcavallo in #897
• Fix CloudFront Distribution OriginSSL support by @stevendborrelli in #922
• fix(dynamodb-table): dynamodb-table sync & reconcile by @haarchri in #839
• Implement Amazon MQ service by @praveenghuge in #734
• Tweak DynamoDb table update logic and connection secret keys by @negz in #924
• fix multi-region with injected identity - after v2 migration v0.20.0 by @haarchri in #913
• dynamodb.table: implement update for global secondary indexes by @muvaf in #937
• secretsmanager: Add resource policy support by @MisterMX in #907
• readme: add release policy by @muvaf in #936
• feat(cw): added cloudwatch loggroup by @haarchri in #939
• Make ec2 Instance IAMInstanceProfileSpecification fields optional by @vaspahomov in #882
• Implements kms(cmk) alias by @haarchri in #779
• s3: resolve bucket ARN in replication config references by @chlunde in #763
• [Backport release-0.21] Key alias fix by @github-actions in #951

Full Changelog: v0.20.3...v0.21.0

v0.20.3

What's Changed

• [Backport release-0.20] fix multi-region with injected identity - after v2 migration v0.20.0 by @github-actions in #933

Full Changelog: v0.20.2...v0.20.3

v0.20.2

What's Changed

• [Backport release-0.20] Fix CloudFront Distribution OriginSSL support by @github-actions in #923
• [Backport release-0.20] fix(dynamodb-table): dynamodb-table sync & reconcile by @github-actions in #925
• [Backport release-0.20] Tweak DynamoDb table update logic and connection secret keys by @github-actions in #926

Full Changelog: v0.20.1...v0.20.2

v0.20.1

What's Changed

This is a patch release that fixes a problem in EKS Cluster resource connection details where users wouldn't be able to use it to connect to the cluster.

v0.20.0

Breaking Changes

The annotations aws.alpha.crossplane.io/endpointServiceID and aws.alpha.crossplane.io/endpointURL on the managed resources are not effective anymore. Once you upgrade, the SDK will start hitting the default AWS endpoints. In order to configure the SDK to use another endpoint, use the new spec.endpoint in ProviderConfig object that's referenced by the managed resource. See examples here.

If you want to make sure the provider doesn't hit the default AWS endpoints, you need to stop the provider pod by creating a ControllerConfig.

What's Changed

• fix sfn 404 for deletion by @haarchri in #730
• Route53resolver - ResolverEndpoint, ResolverRule by @AmnaIrfan in #665
• Fixes #735 acm - fixed synced false when using private ca by @haarchri in #746
• Implement Managed Streaming for Kafka (MSK) - Cluster by @haarchri in #733
• Add global poll interval flag by @hasheddan in #741
• doc(makefile): add more informations for makefile by @haarchri in #752
• Do not pass poll interval to ProviderConfig controller by @hasheddan in #756
• Fix Address descriptions by @dweebo in #757
• database.rdsinstance: show pending EngineVersion by @chlunde in #759
• s3: replication storage class STANDARD was missing by @chlunde in #764
• version: bump ec2/vpccidrblock package to manualv1alpha1 by @haarchri in #751
• Add DocumentDB support by @MisterMX in #588
• Add Observation Debug logs by @alecrajeev in #767
• Update crossplane-runtime to 0b469fcc77cd by @ulucinar in #782
• Fixes #738: servicediscovery (common)namespace READY=FALSE by @haarchri in #740
• github: add issue template for new resource request by @muvaf in #785
• owners: add new maintainers by @muvaf in #786
• Feature for creation of VPC Peering connections by @Dkaykay in #769
• Add DBInstance by @PocketMobsters in #680
• Remove superfluous Kubernetes client from RouteTable ExternalClient by @negz in #800
• ecr.repository: Add forceDelete to delete images by @chlunde in #743
• database.rdsinstance: Add more ready states (can receive requests) by @chlunde in #761
• Implement efs mounttarget by @haarchri in #744
• s3: replication configuration - allow user to drop Filter similar AWS documentation by @chlunde in #765
• Propose chlunde as a new maintainer by @negz in #810
• New resource DBClusterParameterGroup by @armsnyder in #787
• Use eksctl when creating the IAM role and trust relationship by @ruzickap in #818
• Remove ECR policyText observation by @benagricola in #781
• Implements ACM ResourceRecord for dns validation in status field by @haarchri in #807
• fix(hostedzone): fix DelegationSet.id can be nil panic by @haarchri in #829
• fixed missing securitygroup during preCreate by @haarchri in #837
• Add cross-resource references for docdb by @MisterMX in #835
• iam.iamrole: Use improved policy comparision function by @chlunde in #793
• Implements transfer server and user by @haarchri in #754
• Add CloudFront CachePolicy managed resource by @ulucinar in #783
• aws-sdk-go-v2 - v1.3.0 by @smcavallo in #602
• Complete AWS SDK v2 Migration by @muvaf in #855
• eks: add capacity type and taints fields by @muvaf in #858
• fix(rds): fix rds examples to make aurora cluster & instance possible by @haarchri in #852
• Add AWS EC2 instances by @tnthornton in #777
• Implement glue objects by @haarchri in #686
• code generation: update guide to use resolver generator by @muvaf in #866
• Give all EC2 managed resources a 3 minute creation grace period by @negz in #825
• #868 Fix broken handling of errors after aws-sdk-v2 migration by @larhauga in #871
• providerconfig: allow configuring endpoint by @muvaf in #869
• AWS SDK v2 Errors by @muvaf in #873

New Contributors

• @haarchri made their first contribution in #730
• @dweebo made their first contribution in #757
• @alecrajeev made their first contribution in #767
• @armsnyder made their first contribution in #787
• @ruzickap made their first contribution in #818
• @tnthornton made their first contribution in #777
• @larhauga made their first contribution in #871

Full Changelog: v0.20.0-rc.0...v0.20.0