New: Become a sponsor via GitHub Sponsors!
Migrate from v8 to v9
WARNING: Follow this guideline to avoid data loss!
state/s3
WARNING: Ensure that your current v8 version is >= 8.1.1. If you run on version 8.0.0-8.1.0 update to the latest v8 before! Otherwise, you will lose data!
WARNING: Test the migration in a non-production setup (don't forget to validate your data) before you update production!
- Update all existing
security/kms-key-legacy
stacks to v9. - For each
state/s3
stack withEncryption
parameter set totrue
:- Fetch the KMS key id from the existing stack (open the Resources tab of the stack. In the Logical ID column search for
Key
. In the same row, the column Physical ID shows the KMS key id) - Create an additional stack in the same region based on the
security/kms-key-legacy.yaml
template (ensure you use v9!). Use the existing KMS key id as theKeyId
parameter. - Update the existing
state/s3
stack to v9 and set the newParentKmsKeyStack
parameter to the stack name of the stack you created in step 2.2.
- Fetch the KMS key id from the existing stack (open the Resources tab of the stack. In the Logical ID column search for
state/rds-mysql, state/rds-postgres
WARNING: Ensure that your current v8 version is >= 8.1.1. If you run on version 8.0.0-8.1.0 update to the latest v8 before! Otherwise, you will lose data!
WARNING: Test the migration in a non-production setup (don't forget to validate your data) before you update production!
- Update all existing
security/kms-key-legacy
stacks to v9. 2.For eachstate/rds-mysql
orstate/rds-postgres
stack withEncryption
parameter set totrue
:- Fetch the KMS key id from the existing stack (open the Resources tab of the stack. In the Logical ID column search for
Key
. In the same row, the column Physical ID shows the KMS key id) - Stop all write requests to the cluster
- Take a manual RDS snapshot
- Create an additional stack in the same region based on the
security/kms-key-legacy.yaml
template (ensure you use v9!). Use the existing KMS key id as theKeyId
parameter. - Update the existing
state/rds-mysql
orstate/rds-postgres
stack to v9 and a. Set the newParentKmsKeyStack
parameter to the stack name of the stack you created in step 2.4. b. Set theDBSnapshotIdentifier
parameter to the ARN of the snapshot you created in step 2.3.
- Fetch the KMS key id from the existing stack (open the Resources tab of the stack. In the Logical ID column search for
state/rds-aurora
WARNING: Ensure that your current v8 version is >= 8.1.1. If you run on version 8.0.0-8.1.0 update to the latest v8 before! Otherwise, you will lose data!
WARNING: Test the migration in a non-production setup (don't forget to validate your data) before you update production!
- Update all existing
security/kms-key-legacy
stacks to v9. 2.For eachstate/rds-aurora
stack withEncryption
parameter set totrue
:- Fetch the KMS key id from the existing stack (open the Resources tab of the stack. In the Logical ID column search for
Key
. In the same row, the column Physical ID shows the KMS key id) - Stop all write requests to the cluster
- Take a manual RDS snapshot
- Create an additional stack in the same region based on the
security/kms-key-legacy.yaml
template (ensure you use v9!). Use the existing KMS key id as theKeyId
parameter. - Update the existing
state/rds-aurora
stack to v9 and a. Set the newParentKmsKeyStack
parameter to the stack name of the stack you created in step 2.4. b. Set theDBSnapshotIdentifier
parameter to the ARN of the snapshot you created in step 2.3.
- Fetch the KMS key id from the existing stack (open the Resources tab of the stack. In the Logical ID column search for
state/elasticsearch
WARNING: Ensure that your current v8 version is >= 8.1.1. If you run on version 8.0.0-8.1.0 update to the latest v8 before! Otherwise, you will lose data!
WARNING: Test the migration in a non-production setup (don't forget to validate your data) before you update production!
- Update all existing
security/kms-key-legacy
stacks to v9. - For each
state/elasticsearch
stack withEncryption
parameter set totrue
:- Fetch the KMS key id from the existing stack (open the Resources tab of the stack. In the Logical ID column search for
Key
. In the same row, the column Physical ID shows the KMS key id) - Stop all write requests to the cluster
- Take a manual snapshot
- Create an additional stack in the same region based on the
security/kms-key-legacy.yaml
template (ensure you use v9!). Use the existing KMS key id as theKeyId
parameter. - Update the existing
state/elasticsearch
stack to v9 and set the newParentKmsKeyStack
parameter to the stack name of the stack you created in step 2.4. - Restore the snapshot created in step 2.3.
- Fetch the KMS key id from the existing stack (open the Resources tab of the stack. In the Logical ID column search for
Deprecation warnings
ecs/cluser
: ParameterDesiredCapacity
will be removed in v11, useMinSize
insteadjenkins/jenkins2-ha-agents
: ParameterAgentDesiredCapacity
will be removed in v11, useAgentMinSize
instead