Skip to content


1.2 (unreleased)

general - Add mach init command - Skip non-MACH configuration files when processing all yaml files in a directory.
This allows you to run things like mach apply or mach update without having to specify the -f main.yml option if you only have one valid MACH configuration file in your directory. Fixes #150 - Ignore missing variables when running mach sites and mach components - Add --destroy flag to the plan and apply commands - Add variables_file option to the mach_composer configuration block to define a variable file - Show commit author in mach update output

AWS - Add support for default tags on provider level

  account_id: 123456789
  region: eu-central-1
    environment: test
    owner: john

1.1 (2021-11-25)


  • Variable support:
  • ${var.} to be used with the --var-file command line option
  • ${component.} to use component output values
  • ${env.} to include environment variables in the configuration file

AWS - Upgraded Terraform AWS provider to 3.66.0 - Add AWS specific endpoint options; - enable_cdn creates a CDN in front of an endpoint - throttling_burst_limit and throttling_rate_limit controls throttling on the API gateway


  • Upgraded Terraform Azure provider to 2.86.0
  • Add extra Frontdoor frontend_endpoint options:
  • session affinity
  • waf policy support
  • Add extra Frontdoor routing options to components such as:
  • Custom routing paths
  • Health probe settings
  • Custom host address and ports
  • Caching options
  • Include frontend_endpoint in ignore list when suppress_changes is used
  • Add Frontdoor ssl_key_vault option to supply your own SSL certificate for your endpoints
  • Add Azure specific endpoint options:
  • internal_name Overwrites the frontend endpoint name
  • waf_policy_id Defines the Web Application Firewall policy ID for the endpoint
  • session_affinity_enabled Whether to allow session affinity
  • session_affinity_ttl_seconds The TTL to use in seconds for session affinity
  • Add new service_plans option per_site_scaling
  • Fix: set correct root-level DNS record (@) when endpoint URL is the same as the zone


  • Upgraded Terraform commercetools provider to 0.25.3
  • Add tax_categories to allow more complex tax setups. Does not work in conjunction with taxes

Upgrade notes

For Azure

  • Each component that has an endpoint defined needs to have an Terraform output defined for that endpoint. For example:
    output "azure_endpoint_main" {
      value = {
        address = azurerm_function_app.main.default_hostname
    Read more about the configuration options.
  • Remove endpoints restrictions: Azure components can now use multiple endpoints.
  • Changes have been made in the Frontdoor configuration in the underlying Terraform Azure provider.
    If you are using endpoints with a custom domain, you'll need to import the new azurerm_frontdoor_custom_https_configuration into your Terraform state.
    More on how to work with the Terraform state in our troubleshooting guide.

1.0 (2021-05-10)

New platforms

  • Add Amplience support
  • Add Apollo Federation support
  • Add Sentry DSN management options


  • Add mach_composer configuration block to configure required MACH composer version
  • SOPS support: SOPS-encrypted configuration files will get decrypted before being parsed further
  • Add --ignore-version to disable the MACH composer version check
  • Improved development workflow:
  • Improved git log parsing
  • Add mach bootstrap commands:
    • mach bootstrap config for creating a new MACH configuration
    • mach bootstrap component for creating a new MACH component
  • Add --site option to the generate, plan and apply commands
  • Add --component option to the plan and apply commands
  • Add --reuse flag to the plan and apply commands to suppress a terraform init call
  • Add support for relative paths to components
  • Add extra component definition settings artifacts to facilitate local deployments
  • Improved dependencies between components and MACH-managed commercetools configurations
  • Add option to override Terraform provider versions
  • Add support for multiple API endpoints:
    • base_url replaced with endpoints
    • has_public_api replaced with endpoints
    • Supports a default endpoint that doesn't require custom domain settings
  • Add support for including yaml files using the ${include(...)}
    components: ${include(components.yml)}
    components: ${include(git::}


  • Move currencies, languages, countries, messages_enabled to project_settings configuration block
  • Add support for commercetools Store-specific variables and secrets on components included in new variable: ct_stores
  • Add managed setting to commercetools store. Set to false it will indicate the store should not be managed by MACH composer
  • Add support for commercetools shipping zones
  • Make commercetools frontend API client scopes configurable with new frontend configuration block


  • AWS: Set auto-deploy on API gateway stage
  • AWS: Add new component variable tags


  • Add configuration options for Azure service plans
  • Upgraded Terraform to 0.14.5
  • Upgraded Terraform commercetools provider to 0.25.3
  • Upgraded Terraform AWS provider to 3.28.0
  • Upgraded Terraform Azure provider to 2.47.0
  • Azure: Remove project_key from var.tags and add Environment and Site
  • Azure: Add --with-sp-login option to mach plan command
  • Azure: Remove function app sync bash command: this is now the responsibility of the component

Breaking changes


  • config: Rename general_config to global
  • config: base_url has been replaced by the endpoints settings:
    - identifier: mach-site-eu
    - identifier: mach-site-eu
    When you name the endpoint that replaces base_url "main", it will have the least effect on your existing Terraform state.

    When endpoints are defined on a component, the component needs to define endpoint Terraform variables (AWS and Azure)
  • config: commercetools create_frontend_credentials is replaced with new frontend block:
        create_credentials: false
    default is still true
  • config Default scopes for commercetools frontend API client changed:
    • If you want to maintain previous scope set, define the following in the frontend block:
          permission_scopes: [manage_my_profile, manage_my_orders, view_states, manage_my_shopping_lists, view_products, manage_my_payments, create_anonymous_token, view_project_settings]
    • Old scope set didn't include store-specific manage_my_profile:project:store scope. If you're using the old set as described above, MACH will need to re-create the store-specific API clients in order to add the extra scope. For migration options, see next point
    • In case the scope needs to be updated but (production) frontend implementations are already using the current API client credentials, a way to migrate is to;
    • Remove the old API client resource with terraform state rm commercetools_api_client.frontend_credentials
    • Repeat step for the store-specific API clients in your Terraform state
    • Perform mach apply to create the new API clients with updated scope
    • Your commercetools project will now contain API clients with the same name. Once the frontend implementation is migrated, the older one can safely be removed.
  • component: Components with a commercetools integration require a new variable ct_stores:
    variable "ct_stores" {
      type = map(object({
        key       = string
        variables = any
        secrets   = any
      default = {}
  • component: The folowing deprecated values in the var.variables are removed:
    See 0.5.0 release notes
  • component: The var.environment_variables won't be set by MACH anymore. Use var.variables for this


  • config: The AWS route53_zone_name setting has been removed in favour of multiple endpoint support
  • config: The deploy_role setting has been renamed to deploy_role_name
  • component: Introduced new variable tags:
    variable "tags" {
      type        = map(string)
      description = "Tags to be used on resources."
  • component: Add aws_endpoint_* variable when the endpoints configuration option is used. More information on defining and using endpoints in AWS.


  • config: The front_door configuration block has been renamed to frontdoor
  • config: The Azure frontdoor settings dns_zone and ssl_key_* settings have been removed;
    Certificates are now managed by Frontdoor and dns_zone is auto-detected.
  • config: The Azure frontdoor settings resource_group has been renamed to dns_resource_group
  • config: Moved component short_name to new azure configuration block
  • state: The Terraform azurerm_dns_cname_record resources have been renamed; they now take the name of the associated endpoint key. For the smoothest transition, rename them in your Terraform state:
    terraform state mv azurerm_dns_cname_record.<project-key> azurerm_dns_cname_record.<endpoint-key>
  • component: Prefixed all Azure-specific variables with azure_
  • component: The FRONTDOOR_ID value is removed from the var.variables of a component. Replaced with var.azure_endpoint_*. More information on defining and using endpoints in Azure.
  • component: app_service_plan_id has been replaced with azure_app_service_plan containing both an id and name so the azurerm_app_service_plan data source can be used in a component.

It will only be set when service_plan is configured in the component definition or site configuration

variable "azure_app_service_plan" {
  type = object({
    id                  = string
    name                = string
    resource_group_name = string
- component: Replaced resource_group_name and resource_group_location with azure_resource_group:
variable "azure_resource_group" {
  type = object({
    name     = string
    location = string

0.5.1 (2020-11-10)

  • Removed aws block in general_config
  • Add branch option to component definitions to be able to perform a mach update and stay within a certain branch (during development)

0.5.0 (2020-11-09)

  • Add new CLI options:
    • mach components to list all components
    • mach sites to list all sites
  • Improved update command:
    • Supports updating (or checking for updates) on all components based on their git history
    • This can now also be used to manually update a single component; mach update my-component v1.0.4
    • Add --commit argument to automatically create a git commit message
  • Add new AWS configuration option route53_zone_name
  • Remove unused api_gateway attribute on AWS config
  • Remove restriction from environment value; can now be any. Fixes #9

Breaking changes

  • Require ct_api_url and ct_auth_url for components with commercetools integration


In a component, the use of the following variables have been deprecated;


Instead you should use:


0.4.3 (2020-11-04)

  • Make AWS role definitions optional so MACH can run without an 'assume role' context

0.4.2 (2020-11-02)

  • Add 'encrypt' option to AWS state backend
  • Correctly depend component modules to the commercetools project settings resource
  • Extend Azure regions mapping

0.4.1 (2020-10-27)

  • Fixed TypeError when using resource_group on site Azure configuration

0.4.0 (2020-10-27)

  • Add Contentful support

Breaking changes

  • is_software_component has been replaced by the integrations settings
  - name: my-product-types
    source: git::ssh://
    version: 81cd828
    is_software_component: false


  - name: my-product-types
    source: git::ssh://
    version: 81cd828
    integrations: ["commercetools"]

or integrations: [] if no integrations are needed at all.

0.3.0 (2020-10-21)

  • Add option to specify custom resource group per site

Breaking changes

  • All resource_group_name attributes is renamed to resource_group
  • The storage_account_name attribute is renamed to storage_account

0.2.2 (2020-10-15)

  • Fixed Azure config merge: not all generic settings where merged with site-specific ones
  • Only validate short_name length check for Azure implementations
  • Setup Frontdoor per 'public api' component regardless of global Frontdoor settings

0.2.1 (2020-10-06)

  • Fixed rendering of STORE environment variables in components
  • Updated Terraform version to 0.13.4
  • Fix --auto-approve option on mach apply command

0.2.0 (2020-10-06)

  • Add AWS support
  • Add new required attribute cloud in general config

0.1.0 (2020-10-01)

  • Initial release