Open
Conversation
github-actions
bot
changed the title
github-actions
bot
force-pushed
the
release-please--branches--master
branch
from
f3e40a0 to
ff0527c
Compare
github-actions
bot
changed the title
github-actions
bot
force-pushed
the
release-please--branches--master
branch
2 times, most recently
from
cf03548 to
717edf7
Compare
github-actions
bot
force-pushed
the
release-please--branches--master
branch
from
717edf7 to
763660a
Compare
binbashdevops
pushed a commit
that referenced
this pull request
Nov 30, 2025
* feat: add AWS Backup region settings support Implement aws_backup_region_settings resource to manage region-level backup configurations for AWS services. Features: - Configure resource type opt-in preferences per region - Optional resource type management preferences - Comprehensive validation for supported AWS services - Detailed outputs with service enablement summary - Complete example demonstrating common configuration patterns Files Changed: - variables.tf: Added enable_region_settings and region_settings variables - region_settings.tf: New resource for region-level backup configuration - outputs.tf: Added region_settings outputs and summary - examples/region_settings/: New comprehensive example with documentation Supported Services: Aurora, CloudFormation, DocumentDB, DSQL, DynamoDB, EBS, EC2, EFS, FSx, Neptune, Redshift, RDS, S3, SAP HANA on Amazon EC2, Storage Gateway, VirtualMachine Closes lgallard#302, lgallard#296, lgallard#286, lgallard#270, lgallard#237 * fix: add missing Redshift Serverless to region_settings validation Add "Redshift Serverless" to the list of valid AWS service types for region settings configuration. This brings the total supported services to 17, matching the AWS provider documentation. Changes: - Updated variable validation for resource_type_opt_in_preference - Updated variable validation for resource_type_management_preference - Added Redshift Serverless to example configuration - Updated documentation to include all 17 supported services * fix: address security, performance, and reliability issues in region settings Implements comprehensive fixes for issues identified in bug hunt analysis. **Security Improvements (Issue #1):** - Restructure region_settings_summary output to remove sensitive data - Remove configured_preferences from non-sensitive output - Keep only aggregate, non-sensitive information - Add region_settings_details output marked as sensitive - Contains full configuration for debugging - Only visible with `terraform output -json` - Add region_settings_hash output for secure change tracking - SHA256 hash of configuration - Enables integrity verification without exposing details **Performance Optimizations (Issue #2):** - Implement single-pass data processing with locals - Add region_settings_analysis local that processes data once - Pre-compute enabled/disabled/managed service lists - Pre-compute all service counts - Refactor all outputs to use pre-computed locals - Eliminates 3+ redundant iterations per terraform plan - Reduces from 51+ evaluations to 4 evaluations (87% reduction) **Reliability Enhancements (Issue lgallard#3):** - Add data "aws_region" "current" for region awareness - Add optional strict region validation (opt-in, non-breaking) - New variable: enable_strict_region_validation (default: false) - New variable: expected_region (default: null) - Lifecycle precondition enforces validation when enabled - Add configuration_health_check output - Shows provider_region vs expected_region - Provides validation status and recommendations - Helps prevent applying settings to wrong region **Additional Changes:** - Update example outputs to include new outputs - Fix deprecation warnings (use data.aws_region.id instead of .name) - Add comprehensive variable validation for expected_region - Auto-update README.md via terraform-docs **Backward Compatibility:** - 100% backward compatible - all changes are additive - Existing configurations continue to work unchanged - New features are opt-in **Implementation Details:** Implements solutions from Gemini Pro 3 brainstorming: - Idea #1: Tiered Sensitivity Outputs (Feasibility: 5, Impact: 4) - Idea lgallard#6: Single-Pass Computed Local (Feasibility: 5, Impact: 5) - Idea lgallard#3: Opt-In Strict Region Validation (Feasibility: 5, Impact: 4) - Idea lgallard#4: Configuration Health Check Output (Feasibility: 4, Impact: 4) - Idea lgallard#7: Configuration Hashing for Integrity (Feasibility: 5, Impact: 3) Addresses: lgallard#310 (comment) * fix: correct null handling in region_settings validation Fix validation error where Terraform attempts to access attributes on null value when var.region_settings is null. **Problem:** The validation condition used || operator which doesn't properly short-circuit in Terraform, causing it to evaluate resource_type_management_preference even when region_settings is null: condition = var.region_settings == null || var.region_settings.resource_type_management_preference == null ? ... This caused 'Attempt to get attribute from null value' errors in all examples that don't use region_settings. **Solution:** Restructure condition to use nested ternary operators that properly handle null: condition = var.region_settings == null ? true : ( var.region_settings.resource_type_management_preference == null ? true : alltrue([...]) ) This ensures we only access the attribute when we know the parent object is not null. **Impact:** - Fixes all failing example validation checks - No functional change to validation logic - Maintains all security, performance, and reliability improvements Fixes: CI validation failures in all examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 I have created a release beep boop
1.5.0 (2025-11-23)
Features
This PR was generated with Release Please. See documentation.