Update Terraform terraform-aws-modules/iam/aws to v5

[renovate[bot]]

This PR contains the following updates:

Package	Type	Update	Change
terraform-aws-modules/iam/aws (source)	module	major	4.24.1 -> 5.52.0

---

Release Notes

terraform-aws-modules/terraform-aws-iam (terraform-aws-modules/iam/aws)

v5.52.0

Compare Source

Features

• Allow generic assume role conditions (#​543) (c3e54f2)

v5.51.0

Compare Source

Features

• Add BatchGet* to IAM read only policy (#​540) (d886f11)

v5.50.0

Compare Source

Features

• Add policies for AWS LBC v2.11.0 (#​539) (ca9f355)

v5.49.0

Compare Source

Features

• Update policie for External Secrets 0.12.1 (#​542) (b609236)

v5.48.0

Compare Source

Features

• Add ec2:GetSecurityGroupsForVpc for AWS LB Controller v2.10.0 (#​536) (9cfab4a)

v5.47.1

Compare Source

Bug Fixes

• Use dynamic partition value (#​532) (9986b50)

v5.47.0

Compare Source

Features

• Update AWS EBS CSI Driver IAM Policy (#​530) (1bc058c)

Bug Fixes

• Update CI workflow versions to latest (#​527) (15fd175)

v5.46.0

Compare Source

Features

• Update IAM policy for AWS Load Balancer Controller to support Listener Attributes (#​525) (966c4f8)

v5.45.0

Compare Source

Features

• Allow modifying the iam-github-oidc-role subject condition (#​523) (f2ade86)

v5.44.2

Compare Source

Bug Fixes

• Add required S3 PutObjectTagging permission to Velero IRSA policy (#​517) (f0e65a7)

v5.44.1

Compare Source

Bug Fixes

• Ensure IRSA for EKS FSX can Update File Systems (#​520) (b84b3c2)

v5.44.0

Compare Source

Features

• Add support for OIDC policy conditions (#​480) (02a5b7f)

v5.43.0

Compare Source

Features

• Allow changing iss for the github oidc role (#​507) (56e4364)

v5.42.0

Compare Source

Features

• Add cloudwatch logs policy to vpc-cni for networkpolicy logging (#​504) (88ee443)

v5.41.0

Compare Source

Features

• Adding sse-kms support for Mountpoint S3 CSI driver EKS IRSA (#​493) (5039e10)

v5.40.0

Compare Source

Features

• Add support for inline policy creation (#​479) (e13cb1e)

v5.39.1

Compare Source

Bug Fixes

• Fixed trust condition in modules/iam-github-oidc-role to be https (#​490) (ecaed18)

v5.39.0

Compare Source

Features

• Enable override policy name iam-group-with-assumable-roles-policy (#​468) (bf013d2)
• Update VPC CNI policy to 3/4/24 (#​476) (f9d5e28)

v5.38.0

Compare Source

Features

• EBS fast snapshot restores persmission for EKS IRSA (#​469) (9ea77ca)

v5.37.2

Compare Source

Bug Fixes

• Allow user to change own password when no MFA is present (#​470) (ef0056b)

v5.37.1

Compare Source

Bug Fixes

• Update CI workflow versions to remove deprecated runtime warnings (#​465) (82348df)

v5.37.0

Compare Source

Features

• Extend self-management policy to read account summary (iam-group-with-policies) (#​462) (0bedaf4)

v5.36.0

Compare Source

Features

• Add support for Mountpoint S3 CSI driver to EKS IRSA (#​459) (21fb8d9)

v5.35.0

Compare Source

Features

• Allow users to set and read own access keys description (iam-group-with-policies) (#​461) (c80cd10)

v5.34.0

Compare Source

Features

• Support new mTLS feature in awslb IAM policy (#​458) (452c37f)

5.33.1 (2024-01-18)

Bug Fixes

• Skip retrieving EKS cluster data when not creating the role (#​436) (bcdf554)

v5.33.1

Compare Source

v5.33.0

Compare Source

Features

• Add support for Amazon CloudWatch Observability IRSA role (#​446) (25e2bf9)

5.32.1 (2023-12-11)

Bug Fixes

• Remove unused TLS provider in iam-github-oidc-role (#​439) (2ce3885)

v5.32.1

Compare Source

v5.32.0

Compare Source

Features

• Add instance profile permissions to Karpenter IRSA policy (#​434) (50348dd), closes #​433

v5.31.0

Compare Source

Features

• Allow users to change own password in iam-group-with-policies module (#​435) (eb5b218)

5.30.2 (2023-11-10)

Bug Fixes

• Update AllowManageOwnAccessKeys statement (#​432) (741afc9)

5.30.1 (2023-11-04)

Bug Fixes

• Direct policy attachment of iam-policy-created resources (#​428) (543f101)

v5.30.2

Compare Source

v5.30.1

Compare Source

v5.30.0

Compare Source

Features

• Add create_custom_role_trust_policy to control when a custom_role_trust_policy should be used (#​321) (481095e)

5.29.2 (2023-08-30)

Bug Fixes

• Expand Permissions for external-secrets IRSA Policy towards AWS Secrets Manager (#​416) (fa74a18)

5.29.1 (2023-08-30)

Bug Fixes

• Add missing condition role_session_name when assuming a role (#​418) (89d011e)

v5.29.2

Compare Source

v5.29.1

Compare Source

v5.29.0

Compare Source

Features

• Add variable for adding statement for secretsmanager:CreateSecret (#​414) (24996cd)

v5.28.0

Compare Source

Features

• Added direct policy attachment in iam-user module (#​387) (9fa481f)

v5.27.0

Compare Source

Features

• Correct enable_mfa_enforcement spelling (#​404) (54b7165)

v5.26.0

Compare Source

Features

• Github OIDC add extra thumbprints as needed (#​403) (56511f3)

v5.25.0

Compare Source

Features

• Added variable load_balancer_controller_targetgroup_arns in iam-role-for-service-accounts-eks module (#​402) (61a5dbe)

v5.24.0

Compare Source

Features

• Add path variable to IAM group module (#​390) (e5c42c3)

5.23.1 (2023-06-29)

Bug Fixes

• Ensure role_name_condition is set correctly (#​389) (0024928)

v5.23.1

Compare Source

v5.23.0

Compare Source

Features

• Added variable trusted_role_actions to sub modules as a "Action of STS" (#​393) (5702679)

v5.22.0

Compare Source

Features

• Add wrapper modules (#​396) (9284b3e)

v5.21.0

Compare Source

Features

• Added permissions to list zone tags in iam-role-for-service-accounts-eks module (#​394) (740945f)

v5.20.0

Compare Source

Features

• Add support for AWS Gateway controller (VPC Lattice) to IRSA module (#​378) (fdee003)

v5.19.0

Compare Source

Features

• Add support for condition role_session_name when assuming a role (#​379) (5aabe67)

v5.18.0

Compare Source

Features

• iam-eks-role: Add variable to allow change of IAM assume role condition test operator (#​367) (542fc5a)

5.17.1 (2023-05-05)

Bug Fixes

• Remove "autoscaling:UpdateAutoScalingGroup" permission from cluster-autoscaler IRSA (#​357) (aeb5d7f)

v5.17.1

Compare Source

v5.17.0

Compare Source

Features

• Add name_prefix to iam-policy and iam-read-only-policy modules (#​369) (5bf5f6f)

v5.16.0

Compare Source

Features

• Add elasticloadbalancing:AddTags permissions to AWS Load Balancer Controller policy required for version 2.4.7+ (#​358) (e1403c1)

v5.15.0

Compare Source

Features

• Add permissions for instance requirements support for cluster autoscaler IRSA policy (#​356) (fac0cdc)

5.14.4 (2023-03-24)

Bug Fixes

• Add kms:decrypt policy for External Secret (#​349) (2359a03)

5.14.3 (2023-03-23)

Bug Fixes

• Do not attach force MFA statement for iam-groups-with-policies by default (#​333) (b9f3409)

5.14.2 (2023-03-21)

Bug Fixes

• Add ssm:DescribeParameters permission to external-secrets IAM role for service account (IRSA) (#​348) (fe8d73b)

5.14.1 (2023-03-21)

Bug Fixes

• Update self manage policy to support users with path (#​335) (9a8d5cb)

v5.14.4

Compare Source

v5.14.3

Compare Source

v5.14.2

Compare Source

v5.14.1

Compare Source

v5.14.0

Compare Source

Features

• Update efs_csi policy to support resource tagging (#​352) (47cb7a2)

v5.13.0

Compare Source

Features

• Add support for path in iam-group-with-assumable-roles-policy (#​345) (761368e)

v5.12.0

Compare Source

Features

• Add eks:DescribeCluster for Karpenter cluster endpoint auto discovery (#​343) (3f2cdc8)

5.11.2 (2023-02-15)

Bug Fixes

• Allow Change Password when no MFA present (#​340) (0c1cfaa)

5.11.1 (2023-01-19)

Bug Fixes

• Reflect the changes in the ebs_csi driver (#​326) (cadfe47)

v5.11.2

Compare Source

v5.11.1

Compare Source

v5.11.0

Compare Source

Features

• Allow multiple MFA devices and users to manage MFA devices (#​313) (57a5d70)

v5.10.0

Compare Source

Features

• Added Extra STS actions param in assumable role with SAML (#​317) (a2ad4cd)

Bug Fixes

• Use a version for to avoid GitHub API rate limiting on CI workflows (#​323) (90349fa)

5.9.2 (2022-12-10)

Bug Fixes

• Update role_name default to null (#​319) (0baa2c1)

5.9.1 (2022-12-07)

Bug Fixes

• Add ssm:GetParameters permission to external-secrets policy (#​316) (0e77849)

v5.9.2

Compare Source

v5.9.1

Compare Source

v5.9.0

Compare Source

Features

• Support IAM access key status (#​315) (705040a)

v5.8.0

Compare Source

Features

• Add additional permissions to Karpenter EKS IRSA role for native node termination handling support (#​304) (d6865d2)

v5.7.0

Compare Source

Features

• Ensure that GitHub OIDC subject prefixes are normalied for repo: (#​310) (b9873a0)

v5.6.0

Compare Source

Features

• Add support for creating IAM GitHub OIDC provider and role(s) (#​308) (cc44693)

5.5.7 (2022-11-09)

Bug Fixes

• Add secretsmanager:ListSecrets to external-secrets policy (#​305) (d3fb017)

5.5.6 (2022-11-07)

Bug Fixes

• Update CI configuration files to use latest version (#​302) (4c1c958)

5.5.5 (2022-11-01)

Bug Fixes

• Add missing locals in iam-assumable-role module (#​290) (8af6d28)

5.5.4 (2022-10-26)

Bug Fixes

• Insufficient permissions for karpenter policy when not using karpenter discovery tags on security group (#​294) (5ad496b)

5.5.3 (2022-10-26)

Bug Fixes

• Correct tflint errors for latest version of tflint (#​296) (b40ade4)

5.5.2 (2022-10-13)

Bug Fixes

• Explicitly assume with condition matching role arn (#​283) (470b6ff)

5.5.1 (2022-10-12)

Bug Fixes

• Allow TagUser to SelfManagement policy (#​287) (87624b6)

v5.5.7

Compare Source

v5.5.6

Compare Source

v5.5.5

Compare Source

v5.5.4

Compare Source

v5.5.3

Compare Source

v5.5.2

Compare Source

v5.5.1

Compare Source

v5.5.0

Compare Source

Features

• Add support for roles created to explicitly assume their own role if desired (#​281) (3d29d26)

v5.4.0

Compare Source

Features

• Add support for spot request permissions with Karpenter IRSA role (#​277) (b3b99d9)

5.3.3 (2022-09-06)

Bug Fixes

• Fixed iam-user module when encrypted_ses_smtp_password_v4 is null (#​275) (936d0f1)

5.3.2 (2022-09-05)

Bug Fixes

• Correct encrypted ses_smtp_password_v4 output (#​259) (ff9d783)

5.3.1 (2022-08-25)

Bug Fixes

• Don't force users to reset passwords in modules/iam-user (#​271) (358f7d4)

v5.3.3

Compare Source

v5.3.2

Compare Source

v5.3.1

Compare Source

v5.3.0

Compare Source

Features

• Add additional permission for karpenter IAM policy added in v0.14.0 release (#​264) (bce17b2)

v5.2.0

Compare Source

Features

• Add additional Karpenter permissions for spot pricing improvements (#​258) (14cc1df)

v5.1.0

Compare Source

Features

• Update cluster autoscaler policy for recent permission changes upstream (#​255) (2f1b2bf)

v5.0.0

Compare Source

⚠ BREAKING CHANGES

• Replace use of toset() for policy attachment, bump min version of AWS provider to 4.0 and Terraform to 1.0 (#​250)

Features

• Replace use of toset() for policy attachment, bump min version of AWS provider to 4.0 and Terraform to 1.0 (#​250) (835135b)

4.24.1 (2022-05-10)

Bug Fixes

• Avoid restricting Karpenter RunInstances subnets by tag key (#​247) (bbbe0c0)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.