Skip to content

Releases: caktus/aws-web-stacks

v2.2.0 (2024-08-01)

01 Aug 14:39
a1219b0
Compare
Choose a tag to compare
  • Add support for T4g instance types. (#114)
  • Add support for PostgreSQL 13 and 14 RDS parameter groups. (#114)
  • Drop support for RDS PostgreSQL 9.x. (#114)
  • Add support for EKS EncryptionConfig. Set with EnableEksEncryptionConfig=true. (#115)
  • Add EksClusterName parameter to control name of EKS cluster. If upgrading, set this to STACK_NAME-cluster to match existing name. (#115)
  • Upgrade to troposphere v4.2.0. (#116)
  • Add EksPublicAccessCidrs parameter to optionally restrict access to your public Kubernetes API endpoint using CIDR blocks. If defined, both public and private endpoint access enabled as detailed in API server endpoint access options. (#117)
  • Enable api, audit, and authenticator log types for EKS control plane logging. (#117)
  • Allow bastion access to Kubernetes API endpoint. (#117)
  • Add eks.LaunchTemplateSpecification to enforce HttpTokens-based metadata. (#117)

v2.1.2 (2021-03-10)

10 Mar 21:33
Compare
Choose a tag to compare
  • Automatically enable ECR image scanning in stacks with an ECR Repository
  • Automatically enable Redis MultiAZ if failover is enabled
  • Fix bug where EKS instances could not reach cache clusters

v2.1.1 (2021-02-17)

17 Feb 23:43
Compare
Choose a tag to compare
  • Fix an error in the format of Nodegroup tags

v2.1.0 (2021-02-17)

17 Feb 15:35
Compare
Choose a tag to compare
  • Optionally create RDS, Redis, memcached, elasticsearch services when creating
    an EKS cluster.
  • Include standard aws-web-stacks public and private asset buckets when using EKS.
  • Make AssetsCloudFrontCertArn empty by default so it's optional
  • Make SFTPUserRole and SFTPUserScopeDownPolicy key off use_sftp_condition
  • Add support for new EC2 and RDS instance types
  • Add support for RDS for PostgreSQL version 12
  • Add a missing PropagateAtLaunch property to ELB tags (#105)
  • Remove a broken reference in the Dokku stack (#98)
  • Other minor bug fixes

v2.0.0 (2020-03-04)

04 Mar 14:28
Compare
Choose a tag to compare

Backwards-incompatible changes:

  • Update RDS resource name of database to be DatabaseInstance rather than PostgreSQL. While other engines were previously supported, the title within the stack still referenced PostgreSQL. This change will force a recreation of your RDS instance.
  • Simplify the VPC layout to have 2 public and 2 private subnets. Due to this change, updating an existing stack is not supported. You'll need to create a new stack and re-deploy all services within it.
  • Add support to provision Memcached and Redis clusters in tandem. The resource names have been adjusted to make this change and will force creation of new instances, possibly requiring a new stack.

What's new in 2.0.0:

  • Add support for Elastic Kubernetes Service (EKS).
  • Re-purpose use_aes256_encryption flag to support encryption across S3, RDS, Elasticache (Redis only), and RDS (thanks @dsummersl)
  • Add support for Customer Managed CMKs with CustomerManagedCmkArn parameter (not applied to public buckets)
  • Add configurable ContainerVolumeSize to change root volume size of EC2 instances (thanks @dsummersl)
  • Change generated template output from JSON to YAML (thanks @cchurch)
  • The stack no longer prompts for a SECRET_KEY if it won't be used for the stack type in question.
  • Add required DBParameterGroup by default, which allows configuring database specific parameters. This avoids having to reboot a production database instance to add a DBParameterGroup in the future. (thanks @cchurch)
  • Add tags to all resources, including a common aws-web-stacks:stack-name tag with the stack's name
  • Add a aws-web-stacks:role tag to EC2 instances to identify as bastion vs. worker.
  • You now have the option of creating a bastion host or VPN server as part of the stack, when a
    stack with a NAT Gateway is used, to facilitate secure remote access to hosts within the VPC.
  • Add a parameter to specify the default canned ACL for the public assets bucket.
  • Block all public access for the private assets bucket.
  • Add parameters to customize VPC and subnet IPv4 CIDR blocks (It is generally not possible to change the CIDR blocks for an existing stack.).
  • Add RDS and ElastiCache endpoint outputs.
  • Add CustomAppCertificateArn parameter to allow association with an existing ACM certificate.
  • Add VPC Endpoint for S3.
  • Add DatabaseReplication parameter to add a database replica (** this will fail if DatabaseBackupRetentionDays is 0.**).
  • Add optional SFTP server, including S3 bucket, transfer server, and user role and scopedown policy to use when creating
    users in the transfer server.

v1.4.0

05 Aug 18:07
a43a7a2
Compare
Choose a tag to compare

Features:

  • Allow ACM certificate to be optional and/or be specified at a later date via a manual process. See
    Manual ACM Certificates in README for more information.
  • Adds AdministratorIPAddress parameter so SSH access can be configured (thanks @dsummersl).
  • Adds AssetsUseAES256Encryption parameter to enable AES256 encryption on asset buckets (thanks @dsummersl).
  • Adds IgnorePublicAcls setting to private access buckets.
  • Upgrade Circle CI to 2.0
  • Miscellaneous fixes for release (thanks @cchurch)

v1.3.0

17 Sep 13:39
10c789a
Compare
Choose a tag to compare

1.3.0 (2018-09-13)

Features:

  • Allow overriding parameter defaults at template creation time without having to change the
    Python code. See the README <https://github.com/caktus/aws-web-stacks/blob/master/README.rst#dokku>_.
  • Add a parameter to control whether certificates are validated by DNS or email, and default
    to DNS since GDPR has made email validation less likely to work.
  • The database type of the RDS instance can now be configured (previously, only Postgres could
    be used). Note that, for backwards-compatibility reasons, the resources in the CloudFormation
    stack is still named PostgreSQL (this avoids unnecessarily recreating the RDS instance
    on pre-existing stacks). See: PR #32
  • The RDS instance now supports all allowable special characters in the password field. See: PR #31
  • The CloudFront distribution linked to the S3 assets bucket can now be disabled / enabled at the
    time a stack is created or updated; the CloudFront distribution now supports a custom domain name
    and SSL certificate. See: PR #30

v1.2.0

27 Sep 16:01
Compare
Choose a tag to compare

Features:

  • The RDS instance, ElastiCache instance, and Elasticsearch instance can all now be optionally
    removed from the stack by setting the instance type to (none) in the relevant CloudFormation
    parameter.
  • Support for using a single Dokku instance as an application
    server was added. Dokku is installed automatically on an Ubuntu 16.04 LTS instance, configured
    with the options selected via CloudFormation parameters, and provided the environment variables
    needed to access the related resources (such as the database, cache, or Elasticsearch instance)
    created with this stack. For more information, please see the README.

v1.1.2

27 Sep 15:24
Compare
Choose a tag to compare

Features:

  • A comma-separted list of alternate domain names may now be provided to the stack as a
    CloudFormation Parameter. Additional domains, if any, will be supplied as Allowed Origins
    in the CORS rules associated with the S3 buckets and will be added to the Subject
    Alternative Name extension of the auto-generated SSL certificate. Wildcard domains are
    supported in both cases, e.g., "*.example.com".

Bug fixes:

  • The CloudFront distribution now passes through the Origin and related HTTP headers to
    the underlying S3 bucket. Prior to this fix, some resources (such as fonts) may have failed
    to load when accessed via the CloudFront distribution URL.

v1.1.1

27 Sep 15:20
Compare
Choose a tag to compare

Features:

  • The retention period for automated RDS backups can now be customized or even disabled via
    CloudFormation parameters in the create/update stack form. The default number of retention
    days was also changed from 7 to 30. This change should not require replacement of your
    RDS instances, but as always, be on the lookout for unintended resource replacement when
    updating existing stacks. See: PR #12. Thanks @copelco for the change.

Bug fixes:

  • Underscores are now allowed in database names. See: PR #13. Thanks @copelco for the change.
  • The CloudFront distribution now passes querystring parameters to the origin. This provides
    a safer default for sites that may use querystring parameters to force re-fetching updated
    static media. See: PR #16
  • Disabling Elasticsearch via parameters is not possible in EB and ECS environments, so this
    feature has been disabled for now. See: PR #15
  • Elasticsearch has been removed from the GovCloud template, as it's not supported in that
    region.