v2.0.0

feat: allow to set custom bucket permissions for user @xadereq (#69)

## what

• Allow to set custom bucket permissions for user (to be able to create readonly SFTP users)

why

• Lack of customization of user policy

Sync github @max-lobur (#34)

Rebuild github dir from the template

🚀 Enhancements

fix: Readme @milldr (#71)

## what - Rebuild the README with `make readme`

why

• The old README format is causing the CI checks to fail on main

references

• https://github.com/cloudposse/terraform-aws-transfer-sftp/actions/runs/13045757938/job/36395951180

🤖 Automatic Updates

Migrate new test account @osterman (#68)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#67)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#64)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#61)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#59)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#58)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#57)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#51)

## what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#46)

## what - Install a repository config (`.github/settings.yaml`)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @osterman (#42)

## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v1.3.0

• No changes

v1.2.0

Add home directory inputs @nitrocode (#27)

what

• Add optional home_directory_mappings key to sftp_users
• Add optional s3_bucket_name key to sftp_users
• Tag everything
• Remove ${Transfer:*} vars

why

• Allow overriding user assigned home directory mappings and add additional
• Allow overriding user assigned s3 bucket
• Fix issue where user and s3 bucket are calculated from the ${Transfer:*} vars
  • e.g. ${Transfer:UserName} would be applied but then the API would result in bob instead of this value so terraform would then try to revert the change.

references

• Closes #20
• Closes #25

v1.1.0

Restricted and unrestricted users @Nuru (#26)

what

• Restore "restricted users" from #9
• Restore "unrestricted users" from #17
• Update tests and other framework

why

• Version 1.0.0 was released as the last point in master before adding the unsupported security group v0.3.0. In doing so, features added in #9 and #17 were removed. This restores those features.
• Pull in bug and security fixes, allow tests to run in parallel.

notes

• Custom security group rules, added in #8, are not included in this release. If the feature is desired, it should be re-implemented with security-group v2.x

v1.0.0 Initial release with production Semantic Versioning

This release is identical to version 0.3.1. It reverts changes made in v0.4.0 and later v0.x releases. Because those versions were never fully supported, we are not providing migration instructions from those version to this one.

This is the first release of this module with production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. This module will evolve with breaking changes as we convert it to use our security-group module. Expect those changes to be released in v2.0, soon.

This change did not reimplement PRs #17 and #9

v0.6.0

Unrestricted home role and settings @if-igor (#17)

what

• There are three changes here, all to support the use case where var.restricted_home is set to false
• Change 1: expose user role arns
• Change 2: set default home_directory to provided s3 bucket
• Change 3: Adjust policy to allow access to the root of the s3 bucket instead of the path with username

why

• Currently, setting var.restricted_home to false will drop the user into the root directory without any permissions
• Given that the module works with an s3 bucket, it makes sense to change the home_directory in this case to the root of the s3 bucket
• The policy did not grant access to the user to the root directory
• Adding role_arns to the output will help anyone who wants to add additional policies to the role

v0.5.2

🤖 Automatic Updates

Update context.tf @cloudpossebot (#10)

what

This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label

why

To support all the features of the context interface.

v0.5.1

🤖 Automatic Updates

Update Terraform cloudposse/label/null to v0.25.0 @renovate (#11)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/label/null (source)	module	minor	0.24.1 -> 0.25.0

---

Release Notes

cloudposse/terraform-null-label

v0.25.0

Compare Source

Add "tenant", "labels_as_tags", and "descriptors" @​Nuru (#​132)

##### what - Add additional label and `id` component: `tenant` - New input `labels_as_tags` controls which labels are exported as tags - New input `descriptor_formats` generates new output `descriptors` - Update README, remove link to obsolete `terraform-terraform-label` ##### why - Support users that host resources on behalf of and/or dedicated to single customers - Supersedes and closes #​131, giving people control over which tags the module generates - Simple mechanism for creating multiple identifiers from the same inputs, reducing the need to create multiple instances of `null-label` - Document `tenant`, `labels_as_tags`, `descriptor_formats`, add additional clarification, stop promoting obsolete module

Fix: Update README Snippets @​korenyoni (#​130)

##### what * Update README snippets to reflect use of Terraform Registry. ##### why * Including snippets that reflect use of the Terraform Registry make it easier for users to quickly instantiate a null_label module. * README is out of date and does not include snippets that reflect use of the Terraform Registry. ##### references * N/A

Bridgecrew compliance @​Nuru (#​125)

##### what - Resolve Bridgecrew compliance complaint about example Autoscaling Group (BC_AWS_GENERAL_31) - Fix typo in README - Include Terraform lock file in `.gitignore` ##### why - Get clean Bridgecrew badge - Correct confusing error - Ensure lock files are not checked into GitHub ##### note The PR can and should be merged into `master` to update README and Bridgecrew without triggering a new release/version. These changes have no effect on the actual module in use and a release will create unnecessary ripple effects. However, merging to `master` will update the README and badges, so is worthwhile, and the changes will move forward into the next release.

Properly output descriptors of chained modules @​Nuru (#​133)

##### what - Properly output descriptors of chained modules ##### why - Bug fix; implement intended behavior

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.5.0

Partition and restrict S3 paths across SFTP users @bradj (#9)

what

• SFTP users should have their own folder in S3 bucket
• SFTP users should not be able to move outside of their home directory
• Each SFTP user gets their own IAM role and policy which only gives access to their S3 home directory

why

• Easily distinguish who uploaded what
• More security; prevents users from peering into what others have uploaded

references

• Restricted Users

v0.4.0

Adds support for custom Security Group rules @bradj (#8)

what

• Module now handles creating a security group on the users behalf

why

• More flexible interface that allows the user to either create their own security group or simply supply a list of CIDR's

references