Skip to content

v21.0.7 — PreflightLogGroup orphan fix + VPC-scope reconciliation leak

Latest
Latest

Choose a tag to compare

View all tags
@hyunsies hyunsies released this 01 May 06:01
· 1 commit to main since this release
v21.0.7
5e5c1d2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Two correctness fixes:

  1. PreflightLogGroup orphan race — removed explicit PreflightLogGroup CFN resource. Prevents AlreadyExists error on StackSet cross-region redeploy after delete. Root cause of the MA8-use1 failure.

  2. VPC-scope reconciliation leak — added _VPC_BOUND service set to is_in_scope. VPC-bound services (EC2, RDS, ElastiCache, etc.) now fail closed when VPC ID is unresolvable, preventing reconciliation from converting VPC scope into account scope on the nightly sweep. Also restores tag_non_vpc_services toggle in standalone YAML.

Validation: Layer 1 CI 17/17, E2E 37/37, CT3 chaos test 123 TAGGED with 0 new regressions.

See CHANGELOG.md for full details.

Assets 2
Loading