Skip to content


All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, adheres to Semantic Versioning, and is generated by Changie.

v2.17.4 - 2024-05-17


  • Added additional logging around $LATEST when using mach-composer update with cloud


  • chore(deps): bump the go group across 1 directory with 14 updates
  • chore(deps): bump from 0.22.0 to 0.23.0

v2.17.3 (2024-04-22)


  • Escape backslashes in module source path for Windows

v2.17.2 (2024-04-22)


  • Fixed state file locations
  • Added sops file to hash

v2.17.1 (2024-04-09)


  • Use cloud endpoint to fetch commits during update

v2.17.0 (2024-04-05)


  • Moved hash storage out of terraform
  • Added option to quiet log outputs

v2.16.5 (2024-03-19)


  • Improved source handling so we can use multiple types of sources


  • Changed --force naming to the more descriptive --ignore-change-detection

v2.16.4 (2024-03-12)


  • Re-added chocolaty for beta building
  • Deprecated warning for missing commits in diff to info
  • Made terraform init parallelization configurable, and run in same order as other batches

v2.16.3 (2024-03-05)


  • Added depends_on to hash outputs

v2.16.2 (2024-03-04)


  • Skip directory hash generation on terraform code when git source

v2.16.1 (2024-02-29)


  • Removed lock file usage
  • Added check on terraform files to detect changes

v2.16.0 (2024-02-27)


  • Added option to force run commands that would normally be skipped if change detection is not triggered


  • Made hash check more permissive for site components

v2.15.1 (2024-02-08)


  • Set correct backend for aws remote state


  • Made module outputs sensitive

v2.15.0 (2024-01-09)


  • Added support for v2 version of SDK


  • Upgraded dependencies to latest minor versions

v2.14.1 (2023-12-27)


  • Moved commands to internal to enable code generation
  • Updated docs to latest state

v2.14.0 (2023-12-19)


  • Added command to output graph in dot language
  • Reworked state handling to allow for separate state per component
  • Added parallelism to runners
  • Added change detection when processing nodes

v2.13.0 (2023-12-12)


  • Added option to run mach-composer plan without lock on state file

v2.12.4 (2023-11-14)


  • Updated release pipelines

v2.12.3 (2023-10-25)


  • Updated dependencies and added support for go 1.21.x


  • Fix resolving plugin executables on Windows

v2.12.2 (2023-09-29)


  • Fixed usage of root directory when loading referenced files
  • Fix for variables_file containing a directory

v2.12.1 (2023-09-28)


  • Added gcp docker container
  • Fixed iterating until beginning if commit not found in paths.

v2.12.0 (2023-09-28)


  • Added git tags to update output


  • Fixed lockfile interpolation of $LATEST
  • Fixed tag interpolation during update check
  • reworked ref resolution to also deal with include

v2.11.0 (2023-09-07)


  • Add state generation directly into CLI


  • Fixed handling of mach-composer update

v2.10.1 (2023-08-25)


  • Fixed issue with unknown paths field

v2.10.0 (2023-08-25)


  • Added filtering on file paths to determine updates in update functionality


  • Removed built in plugins


  • Fixed race condition in git repo downloads

v2.9.8 (2023-08-24)


  • Added deprecation warning for endpoints

v2.9.7 (2023-08-24)


  • Fixed slice interpolation in variable processing
  • Fixed goreleaser config to point to correct domains

v2.9.6 (2023-07-17)


  • Allow running mach-composer update with referenced components file

v2.9.5 (2023-06-27)


  • updated version of commercetools plugin

v2.9.4 (2023-04-26)


  • Don't render empty depends_on or providers block in modules

v2.9.3 (2023-03-17)


  • Refactor matching if commits are relevant for path filter

v2.9.2 (2023-03-17)


  • Improve the component version registration flow

v2.9.1 (2023-03-16)


  • Don't error when a previous version is not found in the git repository

v2.9.0 (2023-03-15)


  • Add --dry-run and --git-filter-paths to cloud register-component-version command. The --git-filter-paths argument can be used to limit the scope of the changes when working within monorepo's


  • Update commercetools plugin to latest version
  • Updated dependencies

v2.8.0 (2023-03-08)


  • Improve the auto-completion with support for the config files, sites and components (#139)
  • Add support for resolving a component version $LATEST. When the version is defined as $LATEST resolve the version by querying mach composer cloud. This is only enabled when the config file has cloud support enabled by defining the organization/project

2.7.2 (2023-03-03)

  • Remove the -lockfile=readonly argument to terraform apply. This was introduced in 2.7.0 but didn't work correctly.
  • Add fallback to check in git when using mach-composer update --cloud when a component isn't found.

2.7.1 (2023-03-01)

  • Default to branch main when no branch is defined for a component when retrieving the last version.

2.7.0 (2023-03-01)

  • Add --cloud argument to the mach-composer update command to fetch the latest version registered instead of retrieving the latest commit from the Git repository.
  • Add mach-composer cloud update-component to update an existing component to for example rename the key.
  • Update built-in plugins to the following versions: mach-composer-plugin-commercetools v0.1.7 mach-composer-plugin-sentry v0.1.3

2.6.6 (2023-02-14)

  • Revert the depends_on change since it causes data sources to be read too late resulting in unexpected changes. See

2.6.5 (2023-02-14)

  • Set depends_on on components (modules) when output variables are used. This turned out to be neccessary when the variables were used in data sources.

2.6.4 (2023-02-01)

  • Update both built-in plugins to the following versions: mach-composer-plugin-aws v0.1.0 mach-composer-plugin-azure v0.1.0 mach-composer-plugin-commercetools v0.1.5 mach-composer-plugin-contentful v0.1.0 mach-composer-plugin-sdk v0.0.6 mach-composer-plugin-sentry v0.1.2

2.6.2 (2023-01-31)

  • Update the commercetools built-in plugin to v0.1.1.
  • Fix invalid rendering of store variables in the generated terraform files.
  • Fix explicitly disabling the creation of frontend credentials.
  • Fix setting store_secrets and store_variablds in the commercetools block

2.6.1 (2023-01-25)

  • Fix authentication flow with Mach Composer Cloud and store the refreshed tokens correctly.

2.6.0 (2023-01-20)

  • Add optional support to automatically download MACH composer plugins when defined in the config file. For example::

      version: 1
          source: mach-composer/aws
          version: 0.1.0
          source: mach-composer/sentry
          version: 0.1.2

Will download the plugins to your local plugin directory if these are not found.

2.5.7 (2023-01-18)

  • Update the Commercetools plugin to version 0.1.0. This version is compatible with more recent commercetools terraform providers.

2.5.6 (2023-01-17)

  • Update the Sentry plugin to version 0.1.1. This allows using encrypted secrets for the auth token

2.5.5 (2023-01-17)

  • Update the Sentry plugin to version 0.1.0
  • Properly close plugins when mach-composer is terminated (e.g. via ctrl-c)
  • Only load built-in plugins when they are not found on the $PATH

2.5.4 (2023-01-12)

  • Add --no-color flag to mach-composer show-plan to use in GitHub actions

2.5.3 (2023-01-12)

  • Print a deprecation warning when using mach-composer init. This command is replaced by mach-composer terraform init.
  • Generate a mach-composer lock file in the output directory to optimize rebuilds and prevent unnecessary terraform actions.
  • Add a new command mach-composer show-plan which shows the generated plans by terraform.

2.5.2 (2022-12-20)

Disable automatic distribution to chocolatey, it seems to not work together properly with automated releases.

2.5.1 (2022-12-19)

Patch release to fix windows distribution via chocolatey

2.5.0 (2022-12-19)

This release introduces support for plugins in mach-composer. All previous supported plugins (also called integrations) are still bundled with the exectutable but will in the future be distributed separately.

With this release it is also possible to use build custom plugins. A plugin should be created with the mach-composer-plugin-sdk and the resulting executable should be available on your $PATH as mach-composer-plugin-<plugin>

Other changes include: - New schema subcommand which outputs a json schema based on the given config file (to know which plugins to use). - Improved error and warning output (inspired by Terraform) - Improved variable handling, only allow SOPS for encrypted variables when the variables are used. - Fix issue with parsing aws_account_id by required it to be a string, fixes invalid yaml guessing when the account_id starts with a zero.

2.4.6 (2022-12-02)

  • Interpolate variable references in the global config block

2.4.5 (2022-12-02)

  • Fix an encoding bug when passing sops encrypted variables to the generated terraform file.

2.4.4 (2022-11-29)

  • Fix another config inheritance issue in the sentry plugin

2.4.3 (2022-11-29)

  • Fix serialization issue for variables when the key was not a string. We now force keys of maps to be strings.
  • Fix config inheritance issue in the sentry plugin (global -> component)

2.4.2 (2022-11-29)

  • Validate the AWS Account ID as a string, fixes an issue if the account starts with 0.
  • Set default sentry terraform provider version

2.4.1 (2022-11-29)

  • Update build process to include arm docker images

2.4.0 (2022-11-29)

  • Major rewrite to move to a plugin based system. The plugins are for now all built-in and part of the mach composer release but will in the future be moved to external plugins.
  • Use go-git to retrieve the git log instead of executing git directly. This fixes (#188)
  • Remove panic() calls in the codebase and handle errors properly by printing them to stdout and setting correct exit code
  • Re-implement the $(include()) syntax for include a separate components file for the 2.0 versione (#115)
  • Fix rendering of variables in the generated terraform output (#194)
  • Fix a yaml parsing bug which resulted in not being able to disable management of commercetools stores. (#193)
  • Escape backslashes for strings in HCL (#133)

2.3.0 (2022-10-01)

  • Fix windows version due to wrong handling of the path separator (#182)
  • Restore the sites subcommand to output the sites in the config (#178)
  • Restore the components subcommand to output the components in the config (#179)
  • Support only passing one config file and use main.yml as default for now (#177)

2.2.1 (2022-06-10)

  • Fixed inconsistencies between 1.2 and 2.x:
  • Add branch option to component definitions to be able to perform a mach-composer update and stay within a certain branch (during development)
  • Fixed commercetools stores definitions
  • Fixed bug where custom AWS and Azure provider version definitions weren't picked up

2.2 (2022-06-10)

  • Fixed inconsistencies between 1.2 and 2.x:
  • Upgrade Terraform providers in golang version of the MACH composer to match the 1.2 release:
    • Upgraded commercetools provider to 0.30.0
    • Upgraded Amplience provider to 0.3.7
    • Upgraded Azure provider to 2.99.0
  • Add variables_file option to the mach_composer configuration block to define a variable file
  • Fix auto add cloud integration (aws or azure) when integration list is left empty
  • Add ability to define a custom provider version including the version operator
  • Deprecate commercetools.frontend block, will be removed in a later release.

2.1.1 (2022-04-22)

  • Don't crash when running mach-composer apply without --auto-approve

2.1.0 (2022-04-22)

  • Add back support to update sops encrypted config files
  • Properly implement the --check flag on update command

2.0.2 (2022-04-05)

  • Pass environment variables to terraform command

2.0.1 (2022-04-05)

  • Add aws-cli to the Docker container

2.0.0 (2022-04-05)

Rewrite of the Python codebase to Go. Goal is to make it easier to distribute mach-composer in a cross-platform way.

A number of features which were minimal used are removed. - The mach bootstrap command is no longer present. It was a simple wrapper around Python cookiecutter. This can still be used separately - The mach sites and mach components commands since they were unused. - The --with-sp-login is removed. This flags used to run az login. If this is needed it needs to be run before mach-composer is run. - The --ignore-version flag is removed. The version in the config file now indicates a schema version. Only version 1 is supported and updates within this schema version should always be backwards compatible.

1.2 (2022-04-11)

general - Add mach init command - Skip non-MACH configuration files when processing all yaml files in a directory.
This allows you to run things like mach apply or mach update without having to specify the -f main.yml option if you only have one valid MACH configuration file in your directory. Fixes #150 - Ignore missing variables when running mach sites and mach components - Add --destroy flag to the plan and apply commands - Add variables_file option to the mach_composer configuration block to define a variable file - Show commit author in mach update output - Upgraded commercetools provider to 0.30.0 - Upgraded Amplience provider to 0.3.7 - Upgraded Azure provider to 2.99.0

AWS - Upgraded Terraform AWS provider to 3.74.1 - Add support for default tags on provider level

  account_id: 123456789
  region: eu-central-1
    environment: test
    owner: john

1.1 (2021-11-25)


  • Variable support:
  • ${var.} to be used with the --var-file command line option
  • ${component.} to use component output values
  • ${env.} to include environment variables in the configuration file

AWS - Upgraded Terraform AWS provider to 3.66.0 - Add AWS specific endpoint options; - enable_cdn creates a CDN in front of an endpoint - throttling_burst_limit and throttling_rate_limit controls throttling on the API gateway


  • Upgraded Terraform Azure provider to 2.86.0
  • Add extra Frontdoor frontend_endpoint options:
  • session affinity
  • waf policy support
  • Add extra Frontdoor routing options to components such as:
  • Custom routing paths
  • Health probe settings
  • Custom host address and ports
  • Caching options
  • Include frontend_endpoint in ignore list when suppress_changes is used
  • Add Frontdoor ssl_key_vault option to supply your own SSL certificate for your endpoints
  • Add Azure specific endpoint options:
  • internal_name Overwrites the frontend endpoint name
  • waf_policy_id Defines the Web Application Firewall policy ID for the endpoint
  • session_affinity_enabled Whether to allow session affinity
  • session_affinity_ttl_seconds The TTL to use in seconds for session affinity
  • Add new service_plans option per_site_scaling
  • Fix: set correct root-level DNS record (@) when endpoint URL is the same as the zone


  • Upgraded Terraform commercetools provider to 0.25.3
  • Add tax_categories to allow more complex tax setups. Does not work in conjunction with taxes

Upgrade notes

For Azure

  • Each component that has an endpoint defined needs to have an Terraform output defined for that endpoint. For example:
    output "azure_endpoint_main" {
      value = {
        address = azurerm_function_app.main.default_hostname
    Read more about the configuration options.
  • Remove endpoints restrictions: Azure components can now use multiple endpoints.
  • Changes have been made in the Frontdoor configuration in the underlying Terraform Azure provider.
    If you are using endpoints with a custom domain, you'll need to import the new azurerm_frontdoor_custom_https_configuration into your Terraform state.
    More on how to work with the Terraform state in our troubleshooting guide.

1.0 (2021-05-10)

New platforms

  • Add Amplience support
  • Add Apollo Federation support
  • Add Sentry DSN management options


  • Add mach_composer configuration block to configure required MACH composer version
  • SOPS support: SOPS-encrypted configuration files will get decrypted before being parsed further
  • Add --ignore-version to disable the MACH composer version check
  • Improved development workflow:
  • Improved git log parsing
  • Add mach bootstrap commands:
    • mach bootstrap config for creating a new MACH configuration
    • mach bootstrap component for creating a new MACH component
  • Add --site option to the generate, plan and apply commands
  • Add --component option to the plan and apply commands
  • Add --reuse flag to the plan and apply commands to suppress a terraform init call
  • Add support for relative paths to components
  • Add extra component definition settings artifacts to facilitate local deployments
  • Improved dependencies between components and MACH-managed commercetools configurations
  • Add option to override Terraform provider versions
  • Add support for multiple API endpoints:
    • base_url replaced with endpoints
    • has_public_api replaced with endpoints
    • Supports a default endpoint that doesn't require custom domain settings
  • Add support for including yaml files using the ${include(...)}
    components: ${include(components.yml)}
    components: ${include(git::}


  • Move currencies, languages, countries, messages_enabled to project_settings configuration block
  • Add support for commercetools Store-specific variables and secrets on components included in new variable: ct_stores
  • Add managed setting to commercetools store. Set to false it will indicate the store should not be managed by MACH composer
  • Add support for commercetools shipping zones
  • Make commercetools frontend API client scopes configurable with new frontend configuration block


  • AWS: Set auto-deploy on API gateway stage
  • AWS: Add new component variable tags


  • Add configuration options for Azure service plans
  • Upgraded Terraform to 0.14.5
  • Upgraded Terraform commercetools provider to 0.25.3
  • Upgraded Terraform AWS provider to 3.28.0
  • Upgraded Terraform Azure provider to 2.47.0
  • Azure: Remove project_key from var.tags and add Environment and Site
  • Azure: Add --with-sp-login option to mach plan command
  • Azure: Remove function app sync bash command: this is now the responsibility of the component

Breaking changes


  • config: Rename general_config to global
  • config: base_url has been replaced by the endpoints settings:
    - identifier: mach-site-eu
    - identifier: mach-site-eu
    When you name the endpoint that replaces base_url "main", it will have the least effect on your existing Terraform state.

    When endpoints are defined on a component, the component needs to define endpoint Terraform variables (AWS and Azure)
  • config: commercetools create_frontend_credentials is replaced with new frontend block:
        create_credentials: false
    default is still true
  • config Default scopes for commercetools frontend API client changed:
    • If you want to maintain previous scope set, define the following in the frontend block:
          permission_scopes: [manage_my_profile, manage_my_orders, view_states, manage_my_shopping_lists, view_products, manage_my_payments, create_anonymous_token, view_project_settings]
    • Old scope set didn't include store-specific manage_my_profile:project:store scope. If you're using the old set as described above, MACH will need to re-create the store-specific API clients in order to add the extra scope. For migration options, see next point
    • In case the scope needs to be updated but (production) frontend implementations are already using the current API client credentials, a way to migrate is to;
    • Remove the old API client resource with terraform state rm commercetools_api_client.frontend_credentials
    • Repeat step for the store-specific API clients in your Terraform state
    • Perform mach apply to create the new API clients with updated scope
    • Your commercetools project will now contain API clients with the same name. Once the frontend implementation is migrated, the older one can safely be removed.
  • component: Components with a commercetools integration require a new variable ct_stores:
    variable "ct_stores" {
      type = map(object({
        key       = string
        variables = any
        secrets   = any
      default = {}
  • component: The folowing deprecated values in the var.variables are removed:
    See 0.5.0 release notes
  • component: The var.environment_variables won't be set by MACH anymore. Use var.variables for this


  • config: The AWS route53_zone_name setting has been removed in favour of multiple endpoint support
  • config: The deploy_role setting has been renamed to deploy_role_name
  • component: Introduced new variable tags:
    variable "tags" {
      type        = map(string)
      description = "Tags to be used on resources."
  • component: Add aws_endpoint_* variable when the endpoints configuration option is used. More information on defining and using endpoints in AWS.


  • config: The front_door configuration block has been renamed to frontdoor
  • config: The Azure frontdoor settings dns_zone and ssl_key_* settings have been removed;
    Certificates are now managed by Frontdoor and dns_zone is auto-detected.
  • config: The Azure frontdoor settings resource_group has been renamed to dns_resource_group
  • config: Moved component short_name to new azure configuration block
  • state: The Terraform azurerm_dns_cname_record resources have been renamed; they now take the name of the associated endpoint key. For the smoothest transition, rename them in your Terraform state:
    terraform state mv azurerm_dns_cname_record.<project-key> azurerm_dns_cname_record.<endpoint-key>
  • component: Prefixed all Azure-specific variables with azure_
  • component: The FRONTDOOR_ID value is removed from the var.variables of a component. Replaced with var.azure_endpoint_*. More information on defining and using endpoints in Azure.
  • component: app_service_plan_id has been replaced with azure_app_service_plan containing both an id and name so the azurerm_app_service_plan data source can be used in a component.

It will only be set when service_plan is configured in the component definition or site configuration

variable "azure_app_service_plan" {
  type = object({
    id                  = string
    name                = string
    resource_group_name = string
- component: Replaced resource_group_name and resource_group_location with azure_resource_group:
variable "azure_resource_group" {
  type = object({
    name     = string
    location = string

0.5.1 (2020-11-10)

  • Removed aws block in general_config
  • Add branch option to component definitions to be able to perform a mach update and stay within a certain branch (during development)

0.5.0 (2020-11-09)

  • Add new CLI options:
    • mach-composer components to list all components
    • mach-composer sites to list all sites
  • Improved update command:
    • Supports updating (or checking for updates) on all components based on their git history
    • This can now also be used to manually update a single component; mach-composer update my-component v1.0.4
    • Add --commit argument to automatically create a git commit message
  • Add new AWS configuration option route53_zone_name
  • Remove unused api_gateway attribute on AWS config
  • Remove restriction from environment value; can now be any. Fixes #9

Breaking changes

  • Require ct_api_url and ct_auth_url for components with commercetools integration


In a component, the use of the following variables have been deprecated;


Instead you should use:


0.4.3 (2020-11-04)

  • Make AWS role definitions optional so MACH can run without an 'assume role' context

0.4.2 (2020-11-02)

  • Add 'encrypt' option to AWS state backend
  • Correctly depend component modules to the commercetools project settings resource
  • Extend Azure regions mapping

0.4.1 (2020-10-27)

  • Fixed TypeError when using resource_group on site Azure configuration

0.4.0 (2020-10-27)

  • Add Contentful support

Breaking changes

  • is_software_component has been replaced by the integrations settings
  - name: my-product-types
    source: git::ssh://
    version: 81cd828
    is_software_component: false


  - name: my-product-types
    source: git::ssh://
    version: 81cd828
    integrations: ["commercetools"]

or integrations: [] if no integrations are needed at all.

0.3.0 (2020-10-21)

  • Add option to specify custom resource group per site

Breaking changes

  • All resource_group_name attributes is renamed to resource_group
  • The storage_account_name attribute is renamed to storage_account

0.2.2 (2020-10-15)

  • Fixed Azure config merge: not all generic settings where merged with site-specific ones
  • Only validate short_name length check for Azure implementations
  • Setup Frontdoor per 'public api' component regardless of global Frontdoor settings

0.2.1 (2020-10-06)

  • Fixed rendering of STORE environment variables in components
  • Updated Terraform version to 0.13.4
  • Fix --auto-approve option on mach apply command

0.2.0 (2020-10-06)

  • Add AWS support
  • Add new required attribute cloud in general config

0.1.0 (2020-10-01)

  • Initial release of rewrite to Python (previously Go)

0.0.1 (2018-08-20)

Initial version