chore(deps): update terraform cloudposse/amplify-app/aws to v1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/amplify-app/aws (source)	module	major	0.3.0 -> 1.2.0

---

Release Notes

cloudposse/terraform-aws-amplify-app (cloudposse/amplify-app/aws)

v1.2.0

Compare Source

fix: adjust default value for custom headers variable @​RoseSecurity (#​47)

what

• The default custom header is currently an empty string which fails the following provider validation:

	"custom_headers": {
		Type:         schema.TypeString,
		Optional:     true,
		Computed:     true,
		ValidateFunc: validation.StringLenBetween(1, 25000),
	},

Which produces the following error:

│ Error: expected length of custom_headers to be in the range (1 - 25000), got
│
│   with module.amplify_app.aws_amplify_app.default[0],
│   on .terraform/e98d/modules/amplify_app/main.tf line 28, in resource "aws_amplify_app" "default":
│   28:   custom_headers                = var.custom_headers
│

• This changes the default value to null for the custom_headers variable

why

Fixes the following error:

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: expected length of custom_headers to be in the range (1 - 25000), got
│
│   with module.amplify_app.aws_amplify_app.default[0],
│   on .terraform/infra/modules/amplify_app/main.tf line 28, in resource "aws_amplify_app" "default":
│   28:   custom_headers                = var.custom_headers
│
╵

references

• Provider Code

v1.1.1

Compare Source

feat: amplify custom headers configuration @​oycyc (#​46)

what

Allow setting custom headers in Amplify

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_app#custom-headers
From Terraform docs:

why

As said in the AWS Amplify docs:
"Custom HTTP headers enable you to specify headers for every HTTP response. Response headers can be used for debugging, security, and informational purposes. You can specify headers in the Amplify console, or by downloading and editing an app's customHttp.yml file and saving it in the project's root directory."

https://docs.aws.amazon.com/amplify/latest/userguide/custom-headers.html

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_app#custom-headers

🤖 Automatic Updates

Migrate new test account @​osterman (#​42)

what

• Update .github/settings.yml
• Update .github/chatops.yml files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @​osterman (#​41)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v1.1.0

Compare Source

fix: Basic authentication configuration at the branch level @​sestrella (#​15)

what

Module consumers cannot pass a custom basic_auth_credentials per branch using the existing variables. At the branch level, there is also a typo on enable_basic_auth.

why

The changes made in this PR allow consumers to configure different basic authentication credentials for each branch.

🤖 Automatic Updates

chore(deps): bump the go_modules group in /test/src with 5 updates @​dependabot (#​40)

Bumps the go_modules group in /test/src with 5 updates:

Package	From	To
github.com/hashicorp/go-getter	1.7.1	1.7.5
golang.org/x/crypto	0.1.0	0.17.0
golang.org/x/net	0.8.0	0.10.0
google.golang.org/grpc	1.51.0	1.56.3
google.golang.org/protobuf	1.31.0	1.33.0

Updates github.com/hashicorp/go-getter from 1.7.1 to 1.7.5

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.4...v1.7.5

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​​jbardin in hashicorp/go-getter#459

New Contributors

• @​​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​​nl-brett-stime hashicorp/go-getter#300

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2

Commits

• 5a63fd9 Merge pull request #​497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• 268c11c escape user provide string to git (#​483)
• 975961f Merge pull request #​433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #​459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #​458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #​454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.1.0 to 0.17.0

Commits

• 9d2ee97 ssh: implement strict KEX protocol changes
• 4e5a261 ssh: close net.Conn on all NewServerConn errors
• 152cdb1 x509roots/fallback: update bundle
• fdfe1f8 ssh: defer channel window adjustment
• b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
• 7e6fbd8 ssh: wrap errors from client handshake
• bda2f3f argon2: avoid clobbering BP
• 325b735 ssh/test: skip TestSSHCLIAuth on Windows
• 1eadac5 go.mod: update golang.org/x dependencies
• b2d7c26 ssh: add (*Client).DialContext method
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.8.0 to 0.10.0

Commits

• daac0ce go.mod: update golang.org/x dependencies
• 82780d6 http2: don't reuse connections that are experiencing errors
• 0bfab66 ipv4, ipv6: drop redundant skip checks based on GOOS
• 938ff15 ipv4, ipv6, nettest: skip unsupported tests on wasip1
• eb1572c html: another shot at security doc
• 9001ca7 nettest: re-enable unixpacket tests on netbsd/386
• 3d5a8ee internal/socks: permit authenticating with an empty password
• 694cff8 go.mod: update golang.org/x dependencies
• 6960703 http2: log the correct error when retrying in (*Transport).RoundTripOpt
• 9f24bb4 http2: properly discard data received after request/response body is closed
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.51.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#​6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#​6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#​6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#​6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#​6314) (#​6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#​6311)
• xds: Add support for String Matcher Header Matcher in RDS (#​6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#​6145)
  • Special Thanks: @​​s-matyukevich
• xds: enable RLS in xDS by default (#​6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#​6241)
• authz: add conversion of json to RBAC Audit Logging config (#​6192)
• authz: add support for stdout logger (#​6230 and #​6298)
• authz: support customizable audit functionality for authorization policy (#​6192 #​6230 #​6298 #​6158 #​6304 and #​6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#​6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#​6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#​6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#​6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#​6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#​6151)
• status: status.Code and status.FromError handle wrapped errors (#​6031 and #​6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#​6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#​6434)
• faab873 Update version.go to v1.56.2 (#​6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#​6374) ...
• ed56401 [PSM interop] Don't fail target if sub-target already failed (#​6390) (#​6405)
• cd6a794 Update version.go to v1.56.2-dev (#​6387)
• 5b67e5e Update version.go to v1.56.1 (#​6386)
• d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#​6354) ...
• 997c1ea Change version to 1.56.1-dev (#​6345)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Update release workflow to allow pull-requests: write @​osterman (#​38)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @​osterman (#​36)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @​osterman (#​35)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @​osterman (#​34)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @​osterman (#​25)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @​osterman (#​22)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @​osterman (#​20)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v1.0.1

Compare Source

🚀 Enhancements

default `var.domains` to `{}` @​kevcube (#​17)

what

• if not specified, terraform errors trying to iterate over null

why

• iterating with this module and wanted to use blank config, terraform errored.

references

v1.0.0

Compare Source

Update Amplify domain config @​aknysh (#​12)

what

• Update Amplify domain config
• Update tests
• Update module versions

why

• Allow associating multiple domains to an Amplify app

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_domain_association

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[mergify]

/terratest

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟠 Require terratest

Waiting checks: test/terratest.

This rule require terratest status

• check-success = test/terratest

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[mergify]

Heads up! This pull request looks stale. It will be closed soon, if there are no new commits. ⏳

[goruha]

/terratest

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[goruha]

/terratest

[goruha]

/terratest

[goruha]

/terratest

[github-actions]

These changes were released in v1.536.0.