Releases: caktus/aws-web-stacks
Releases · caktus/aws-web-stacks
v2.1.2 (2021-03-10)
- Automatically enable ECR image scanning in stacks with an ECR Repository
- Automatically enable Redis MultiAZ if failover is enabled
- Fix bug where EKS instances could not reach cache clusters
v2.1.1 (2021-02-17)
- Fix an error in the format of
Nodegrouptags
v2.1.0 (2021-02-17)
- Optionally create RDS, Redis, memcached, elasticsearch services when creating
an EKS cluster. - Include standard aws-web-stacks public and private asset buckets when using EKS.
- Make AssetsCloudFrontCertArn empty by default so it's optional
- Make SFTPUserRole and SFTPUserScopeDownPolicy key off use_sftp_condition
- Add support for new EC2 and RDS instance types
- Add support for RDS for PostgreSQL version 12
- Add a missing
PropagateAtLaunchproperty to ELB tags (#105) - Remove a broken reference in the Dokku stack (#98)
- Other minor bug fixes
v2.0.0 (2020-03-04)
Backwards-incompatible changes:
- Update RDS resource name of database to be
DatabaseInstancerather thanPostgreSQL. While other engines were previously supported, the title within the stack still referenced PostgreSQL. This change will force a recreation of your RDS instance. - Simplify the VPC layout to have 2 public and 2 private subnets. Due to this change, updating an existing stack is not supported. You'll need to create a new stack and re-deploy all services within it.
- Add support to provision Memcached and Redis clusters in tandem. The resource names have been adjusted to make this change and will force creation of new instances, possibly requiring a new stack.
What's new in 2.0.0:
- Add support for Elastic Kubernetes Service (EKS).
- Re-purpose use_aes256_encryption flag to support encryption across S3, RDS, Elasticache (Redis only), and RDS (thanks @dsummersl)
- Add support for Customer Managed CMKs with
CustomerManagedCmkArnparameter (not applied to public buckets) - Add configurable ContainerVolumeSize to change root volume size of EC2 instances (thanks @dsummersl)
- Change generated template output from JSON to YAML (thanks @cchurch)
- The stack no longer prompts for a
SECRET_KEYif it won't be used for the stack type in question. - Add required DBParameterGroup by default, which allows configuring database specific parameters. This avoids having to reboot a production database instance to add a DBParameterGroup in the future. (thanks @cchurch)
- Add tags to all resources, including a common
aws-web-stacks:stack-nametag with the stack's name - Add a
aws-web-stacks:roletag to EC2 instances to identify as bastion vs. worker. - You now have the option of creating a bastion host or VPN server as part of the stack, when a
stack with a NAT Gateway is used, to facilitate secure remote access to hosts within the VPC. - Add a parameter to specify the default canned ACL for the public assets bucket.
- Block all public access for the private assets bucket.
- Add parameters to customize VPC and subnet IPv4 CIDR blocks (It is generally not possible to change the CIDR blocks for an existing stack.).
- Add RDS and ElastiCache endpoint outputs.
- Add CustomAppCertificateArn parameter to allow association with an existing ACM certificate.
- Add VPC Endpoint for S3.
- Add DatabaseReplication parameter to add a database replica (** this will fail if DatabaseBackupRetentionDays is 0.**).
- Add optional SFTP server, including S3 bucket, transfer server, and user role and scopedown policy to use when creating
users in the transfer server.
v1.4.0
Features:
- Allow ACM certificate to be optional and/or be specified at a later date via a manual process. See
Manual ACM Certificates in README for more information. - Adds AdministratorIPAddress parameter so SSH access can be configured (thanks @dsummersl).
- Adds AssetsUseAES256Encryption parameter to enable AES256 encryption on asset buckets (thanks @dsummersl).
- Adds IgnorePublicAcls setting to private access buckets.
- Upgrade Circle CI to 2.0
- Miscellaneous fixes for release (thanks @cchurch)
v1.3.0
1.3.0 (2018-09-13)
Features:
- Allow overriding parameter defaults at template creation time without having to change the
Python code. Seethe README <https://github.com/caktus/aws-web-stacks/blob/master/README.rst#dokku>_. - Add a parameter to control whether certificates are validated by DNS or email, and default
to DNS since GDPR has made email validation less likely to work. - The database type of the RDS instance can now be configured (previously, only Postgres could
be used). Note that, for backwards-compatibility reasons, the resources in the CloudFormation
stack is still namedPostgreSQL(this avoids unnecessarily recreating the RDS instance
on pre-existing stacks). See: PR #32 - The RDS instance now supports all allowable special characters in the password field. See: PR #31
- The CloudFront distribution linked to the S3 assets bucket can now be disabled / enabled at the
time a stack is created or updated; the CloudFront distribution now supports a custom domain name
and SSL certificate. See: PR #30
v1.2.0
Features:
- The RDS instance, ElastiCache instance, and Elasticsearch instance can all now be optionally
removed from the stack by setting the instance type to(none)in the relevant CloudFormation
parameter. - Support for using a single Dokku instance as an application
server was added. Dokku is installed automatically on an Ubuntu 16.04 LTS instance, configured
with the options selected via CloudFormation parameters, and provided the environment variables
needed to access the related resources (such as the database, cache, or Elasticsearch instance)
created with this stack. For more information, please see the README.
v1.1.2
Features:
- A comma-separted list of alternate domain names may now be provided to the stack as a
CloudFormation Parameter. Additional domains, if any, will be supplied as Allowed Origins
in the CORS rules associated with the S3 buckets and will be added to the Subject
Alternative Name extension of the auto-generated SSL certificate. Wildcard domains are
supported in both cases, e.g., "*.example.com".
Bug fixes:
- The CloudFront distribution now passes through the
Originand related HTTP headers to
the underlying S3 bucket. Prior to this fix, some resources (such as fonts) may have failed
to load when accessed via the CloudFront distribution URL.
v1.1.1
Features:
- The retention period for automated RDS backups can now be customized or even disabled via
CloudFormation parameters in the create/update stack form. The default number of retention
days was also changed from 7 to 30. This change should not require replacement of your
RDS instances, but as always, be on the lookout for unintended resource replacement when
updating existing stacks. See: PR #12. Thanks @copelco for the change.
Bug fixes:
- Underscores are now allowed in database names. See: PR #13. Thanks @copelco for the change.
- The CloudFront distribution now passes querystring parameters to the origin. This provides
a safer default for sites that may use querystring parameters to force re-fetching updated
static media. See: PR #16 - Disabling Elasticsearch via parameters is not possible in EB and ECS environments, so this
feature has been disabled for now. See: PR #15 - Elasticsearch has been removed from the GovCloud template, as it's not supported in that
region.
1.1.0
Features:
- Support for Elasticsearch was added. See: PR #9
Bug fixes:
- While instance permissions were already limited for the EC2 and ECS configurations, Elastic
Beanstalk instances were previously allowed to execute API actions for all AWS resources other
than IAM. This release limits permissions granted to Elastic Beanstalk stalks considerably,
granting permissions only previously granted to the ECS configuration, plus permissions
included in theAWSElasticBeanstalkWebTierandAWSElasticBeanstalkMulticontainerDocker
AWS managed policies. Please look out for and report any permission-related issues with
Elastic Beanstalk stacks. See: PR #11