Skip to content

v1.0.0
Compare
Choose a tag to compare
@smone77 smone77 released this 20 Oct 04:23
· 90 commits to main since this release
v1.0.0
82c0da2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

[1.0.0] - 2023-10-19

BREAKING CHANGES:

  • Zscaler Cloud Connector AMI version > ZS6.1.25.0 support for default interface swap of both autoscaling and non-autoscaling deployments. Service interface is now ENA0 and Management interface is now ENA1.

FEATURES:

  • Auto Scaling Group official release
    • add: terraform-zscc-asg-aws module
    • add: terraform-zscc-asg-labda-aws module
    • change: IAM policies for ASG lifecycle and Cloudwatch metrics
    • add: deployment types base_cc_gwlb_asg/base_cc_gwlb_asg_zpa (greenfield/pov/test) and cc_gwlb_asg (brownfield/prod)
  • Medium and Large Cloud Connector instance official release
  • EC2 instance type changes:
    • new default/recommend EC2 type for small CCs: m6i.large; medium/large: m6i.4xlarge
    • add: m5n, m6i, and c6i family support
    • remove: m5 family support
  • Module Changes:
    • AWS Provider version bump to 5.17.x default. Support from 4.59.x to 5.17.x
    • terraform-zscc-ccvm-aws:
      • rename: service_eni_1 output to management_eni
      • rename: private_ip output to forwarding_ip
      • rename: cc_service_private_ip to management_ip
      • add: forwarding_eni
    • module terraform-zscc-gwlb-aws:
      • add: variable asg_enabled for target group conditional instance rather than ip
      • rename: resource aws_lb_target_group_attachment.gwlb_target_group_attachment_small to aws_lb_target_group_attachment.gwlb_target_group_attachment
      • rename: variable cc_small_service_ips to cc_service_ips
      • remove: dedicated CC Medium/Large additional service IP dependencies from target group attachment
    • module terraform-zscc-ccvm-aws:
      • remove: secondary IP address from network interface index #1
      • add: interface device index #5 for "large" CC.
      • add: aws_network_interface.cc_vm_nic_index_0 for interface swap support
    • module terraform-zscc-gwlbendpoint-aws:
      • add: outputs vpce_service_id
      • add: outputs vpce_service_arn
    • module terraform-zscc-sg-aws:
      • refactor: management and service security group with more granular/required rules
      • add: variable mgmt_ssh_enabled if customer wants to restrict management access to only SSM
      • add: variable http_probe_port
      • add: gwlb_enabled default to true
      • add: all_ports_egress_enabled default to true
    • module terraform-zscc-iam-aws:
      • add: cc_metrics_policy_document permissions to CC IAM Role
      • add: cc_autoscale_lifecycle_policy_document permissions to CC IAM Role
      • remove: cc_callhome_policy_document as no longer required
  • ZSEC support for AWS region ap-south-2 (Hyderabad)

ENHANCEMENTS:

  • ZSEC bash script inputs for ASG deployments
  • ZSEC bash script inputs for brownfield/byo network environments
  • CC VM EBS changes: Volume type default now gp3 and AWS KMS encryption support enabled by default
Assets 2
Loading