Skip to content

Comments

Upgrade aws-control gha-admin to v3.6.1 (990466748045)#80

Merged
akuzminsky merged 2 commits intomainfrom
upgrade-aws-control-gha-admin-v3.6.1
Feb 19, 2026
Merged

Upgrade aws-control gha-admin to v3.6.1 (990466748045)#80
akuzminsky merged 2 commits intomainfrom
upgrade-aws-control-gha-admin-v3.6.1

Conversation

@akuzminsky
Copy link
Member

@akuzminsky akuzminsky commented Feb 19, 2026

Summary

  • Upgrade gha-admin from v1.0.1 to v3.6.1 for aws-control's own CI/CD roles in 990466748045
  • Replace temporary cross-account policy with native allowed_arns support
  • Add state-bucket module, per-repo DynamoDB lock table, and SSM parameters for backend discovery
  • Switch backend to new DynamoDB table (infrahouse-aws-control-990466748045-active-polecat)

Test plan

  • terraform state mv for existing roles/policies to new module name
  • terraform import for S3 bucket and state-manager role from 289256138624
  • make plan — 13 add, 5 change, 4 destroy (all expected)
  • make apply succeeded
  • terraform init -reconfigure with new DynamoDB table works
  • terraform plan shows no changes after backend migration
  • CI/CD plan succeeds on this PR

🤖 Generated with Claude Code

@akuzminsky @claude
Upgrade aws-control's own gha-admin to v3.6.1 (990466748045)
c2e24f5 
Replace gha-admin v1.0.1 with v3.6.1, bringing three-role architecture
(github/admin/state-manager), per-repo DynamoDB lock table, and SSM
parameters for backend discovery. The temporary cross-account policy is
replaced by native allowed_arns support.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions
Copy link

github-actions bot commented Feb 19, 2026

State s3://infrahouse-aws-control-990466748045/terraform.tfstate

Affected resources counts

Success Add Change Destroy
0 0 0

Affected resources by action

STDOUT 
Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.
metadata 
eyJzMzovL2luZnJhaG91c2UtYXdzLWNvbnRyb2wtOTkwNDY2NzQ4MDQ1L3RlcnJhZm9ybS50ZnN0YXRlIjogeyJzdWNjZXNzIjogdHJ1ZSwgImFkZCI6IDAsICJjaGFuZ2UiOiAwLCAiZGVzdHJveSI6IDB9fQ==

@akuzminsky akuzminsky merged commit 217de62 into main Feb 19, 2026
2 checks passed
@akuzminsky akuzminsky deleted the upgrade-aws-control-gha-admin-v3.6.1 branch February 19, 2026 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@infrahouse8 infrahouse8 infrahouse8 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@akuzminsky @infrahouse8