Release v2.0.0 · cloudposse-terraform-components/aws-inspector2

feat: Update Inspector2 component with account verification and auth improvements @aknysh (#44)

## what

Added account verification safety check (account-verification.tf) with local.enabled guard to prevent verification from running on disabled components
Added flexible account map support with both remote-state lookups and static account_map variable (default)
Simplified providers.tf to use static account map by default
Bumped Terraform required_version from >= 1.0.0 to >= 1.4.0 (required for terraform_data resource used by account verification)
Updated README.yaml and regenerated all READMEs with:
- Account verification documentation
- Static vs remote-state account map modes
- 2-step deployment model (root → security)

why

Account verification prevents accidental deployment to wrong AWS accounts — the local.enabled guard ensures it doesn't trigger false failures on disabled components
Terraform 1.4.0+ is required for the terraform_data resource used by account verification
Static account map default simplifies initial setup and aligns with the pattern used across other security components (aws-audit-manager, aws-access-analyzer, aws-security-hub, aws-config, aws-guardduty)
These changes have been validated in a live AWS Organization deployment

references

Summary by CodeRabbit

Release Notes

New Features
- Added account verification capability to validate AWS account configuration against expected values.
- Introduced flexible account map configuration with support for remote-state or static mapping.
Documentation
- Expanded component features documentation detailing delegated administrator model, multi-region deployment, auto-enablement of scans, member management, and account verification.
- Updated deployment examples and module references to reflect current architecture.
Changes
- Updated Terraform version requirement to >= 1.4.0 and AWS provider to >= 5.0.0.
- Changed default delegated administrator account name from "security" to "core-security".

🤖 Automatic Updates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.46.0 @[renovate[bot]](https://github.com/apps/renovate) (#43)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.45.0` → `0.46.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.46.0`

Compare Source

What's Changed

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #1028
rds: accept sqlserver-dev-ee engine by @Nullh in #1045
Update AWS provider/module and generated content by @github-actions[bot] in #1038
Update AWS provider/module and generated content by @github-actions[bot] in #1053

Chores

Fix maintenance script failure by @wata727 in #1027
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1029
Bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #1030
Bump golang.org/x/net from 0.48.0 to 0.49.0 by @dependabot[bot] in #1032
Bump the aws-sdk group with 3 updates by @dependabot[bot] in #1031
Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by @dependabot[bot] in #1033
Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.279.2 to 1.281.0 in the aws-sdk group by @dependabot[bot] in #1035
Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #1034
Bump actions/attest-build-provenance from 3.1.0 to 3.2.0 by @dependabot[bot] in #1036
Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.281.0 to 1.285.0 in the aws-sdk group by @dependabot[bot] in #1037
Bump the aws-sdk group with 2 updates by @dependabot[bot] in #1039
Bump golang.org/x/net from 0.49.0 to 0.50.0 by @dependabot[bot] in #1040
Remove aws_s3_bucket_invalid_region from docs by @kakakakakku in #1041
Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by @dependabot[bot] in #1042
Bump github.com/aws/smithy-go from 1.24.0 to 1.24.1 by @dependabot[bot] in #1044
Bump the aws-sdk group with 3 updates by @dependabot[bot] in #1043
Bump hashicorp/setup-terraform from 3.1.2 to 4.0.0 by @dependabot[bot] in #1046
Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by @dependabot[bot] in #1048
Bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in #1047
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1049
Bump github.com/zclconf/go-cty from 1.17.0 to 1.18.0 by @dependabot[bot] in #1052
Bump golang.org/x/net from 0.50.0 to 0.51.0 by @dependabot[bot] in #1051
Bump github.com/aws/smithy-go from 1.24.1 to 1.24.2 by @dependabot[bot] in #1050
deps: Bump Go version to 1.26 by @wata727 in #1054

New Contributors

@kakakakakku made their first contribution in #1041
@Nullh made their first contribution in #1045

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.45.0...v0.46.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#41)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.45.0 @[renovate[bot]](https://github.com/apps/renovate) (#40)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.44.0` -> `0.45.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.45.0`

Compare Source

What's Changed

Breaking Changes

Remove aws_route53_record_invalid_zone_id rule by @wata727 in #979

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #981
Update AWS provider/module and generated content by @github-actions[bot] in #990
Update AWS provider/module and generated content by @github-actions[bot] in #999
Update AWS provider/module and generated content by @github-actions[bot] in #1000
Update AWS provider/module and generated content by @github-actions[bot] in #1004
Update AWS provider/module and generated content by @github-actions[bot] in #1005
Update AWS provider/module and generated content by @github-actions[bot] in #1011
Update AWS provider/module and generated content by @github-actions[bot] in #1021

Bug Fixes

dms_s3_endpoint: fix enum validations by @bendrucker in #991
resource_missing_tags: handle explicit refs to default provider by @bendrucker in #1003

Chores

Bump the aws-sdk group with 7 updates by @dependabot[bot] in #980
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #982
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.67 to 2.0.0-beta.68 by @dependabot[bot] in #983
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #987
Bump golang.org/x/net from 0.46.0 to 0.47.0 by @dependabot[bot] in #988
Replace Ruby SDK models with official Smithy repository by @bendrucker in #901
generator: add tests and improve error handling by @bendrucker in #992
Bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #996
Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #995
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #997
Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 by @dependabot[bot] in #994
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1001
Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #1006
Bump github.com/aws/smithy-go from 1.23.2 to 1.24.0 by @dependabot[bot] in #1009
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1008
Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 by @dependabot[bot] in #1007
Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 by @dependabot[bot] in #1012
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.68 to 2.0.0-beta.69 by @dependabot[bot] in #1014
Bump golang.org/x/net from 0.47.0 to 0.48.0 by @dependabot[bot] in #1015
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #1013
Bump actions/attest-build-provenance from 3.0.0 to 3.1.0 by @dependabot[bot] in #1022
Bump the aws-sdk group with 2 updates by @dependabot[bot] in #1023
Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.278.0 to 1.279.0 in the aws-sdk group by @dependabot[bot] in #1024
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.69 to 2.0.0-beta.70 by @dependabot[bot] in #1025

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.44.0...v0.45.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.44.0 @[renovate[bot]](https://github.com/apps/renovate) (#39)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.43.0` -> `0.44.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

Support for Cosign signatures has been removed from this release. The checksums.txt.keyless.sig and checksums.txt.pem will not be included in the release.
These files are not used in normal use cases, so in most cases this will not affect you, but if you are affected, you can use Artifact Attestations instead.

Breaking Changes

Bump github.com/terraform-linters/tflint-plugin-sdk from 0.22.0 to 0.23.1 by @dependabot[bot] in #966
- Requires TFLint v0.46+

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #954
Update AWS provider/module and generated content by @github-actions[bot] in #959
Update Lambda runtime deprecation dates by @Copilot in #969
Add missing ElastiCache node type: cache.r6gd.large by @Copilot in #971
Fix typos in AWS RDS DB instance types by @Copilot in #972
Add missing AWS S3 bucket naming restrictions by @Copilot in #976

Chores

Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.251.2 to 1.253.0 in the aws-sdk group by @dependabot[bot] in #952
Bump github.com/hashicorp/terraform-json from 0.26.0 to 0.27.2 by @dependabot[bot] in #953
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #956
Bump the aws-sdk group with 2 updates by @dependabot[bot] in #957
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.66 to 2.0.0-beta.67 by @dependabot[bot] in #958
Bump github.com/aws/aws-sdk-go-v2/service/rds from 1.108.0 to 1.108.2 in the aws-sdk group by @dependabot[bot] in #960
Bump golang.org/x/net from 0.44.0 to 0.46.0 by @dependabot[bot] in #961
Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @dependabot[bot] in #962
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #963
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #965
Drop support for Cosign signatures by @wata727 in #968
Add documentation to AWS MQ engine type validation rules by @Copilot in #974
Reorder S3 bucket ACL enum values for consistency by @Copilot in #975

New Contributors

@Copilot made their first contribution in #969

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.43.0...v0.44.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#38)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.43.0 @[renovate[bot]](https://github.com/apps/renovate) (#37)

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.42.0` -> `0.43.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.43.0`

Compare Source

What's Changed

Breaking Changes

Remove aws_ecs_account_setting_default_invalid_name rule by @wata727 in #949

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #921
Update AWS provider/module and generated content by @github-actions[bot] in #948

Chores

Bump golang.org/x/net from 0.42.0 to 0.43.0 by @dependabot[bot] in #927
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #928
Bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by @dependabot[bot] in #931
Bump github.com/hashicorp/terraform-json from 0.25.0 to 0.26.0 by @dependabot[bot] in #930
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #929
Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #932
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #933
Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #934
Bump github.com/zclconf/go-cty from 1.16.3 to 1.16.4 by @dependabot[bot] in #935
dependabot: allow actions writes by @wata727 in #936
Fix E2E tests to take into account the newly added JSON fields by @wata727 in #944
Bump actions/attest-build-provenance from 2.4.0 to 3.0.0 by @dependabot[bot] in #937
Bump github.com/aws/smithy-go from 1.22.5 to 1.23.0 by @dependabot[bot] in #938
Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #940
Bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 by @dependabot[bot] in #942
Bump github.com/hashicorp/aws-sdk-go-base/v2 from 2.0.0-beta.65 to 2.0.0-beta.66 by @dependabot[bot] in #943
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #939
Bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #941
Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @dependabot[bot] in #945
Bump golang.org/x/net from 0.43.0 to 0.44.0 by @dependabot[bot] in #946
deps: Bump Go version to 1.25 by @wata727 in #950

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.42.0...v0.43.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#36)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Migrate README generation to atmos @goruha (#35)

## what - Update README.yaml

why

Use atmos to generate readme

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#34)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.42.0 @[renovate[bot]](https://github.com/apps/renovate) (#33)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.41.0` -> `0.42.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.42.0`

Compare Source

What's Changed

Breaking Changes

Remove aws_guardduty_member_invalid_email rule by @wata727 in https://github.com/terraform-linters/tflint-ruleset-aws/pull/925
- This auto-generated rule had invalid regexp.

Chores

Bump the aws-sdk group with 7 updates by @dependabot[bot] inhttps://github.com/terraform-linters/tflint-ruleset-aws/pull/9244

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.41.0...v0.42.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.41.0 @[renovate[bot]](https://github.com/apps/renovate) (#32)

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.40.0` -> `0.41.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.41.0`

Compare Source

What's Changed

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Uh oh!

v2.0.0

why

references

Summary by CodeRabbit

Release Notes

🤖 Automatic Updates

Release Notes

v0.46.0

What's Changed

Enhancements

Chores

New Contributors

Configuration

why

Release Notes

v0.45.0

What's Changed

Breaking Changes

Enhancements

Bug Fixes

Chores

Configuration

Release Notes

v0.44.0

What's Changed

Breaking Changes

Enhancements

Chores

New Contributors

Configuration

why

Release Notes

v0.43.0

What's Changed

Breaking Changes

Enhancements

Chores

Configuration

why

why

why

Release Notes

v0.42.0

What's Changed

Breaking Changes

Chores

Configuration

Release Notes

v0.41.0

What's Changed

Breaking Changes

Enhancements

Chores

New Contributors

Configuration

Contributors

Uh oh!

`v0.46.0`

`v0.45.0`

`v0.44.0`

`v0.43.0`

`v0.42.0`

`v0.41.0`