Releases: guardian/cdk
v59.5.5
v59.5.4
v59.5.3
@guardian/cdk
59.5.2
Patch Changes
-
1110a11: fix(experimental-ec2-pattern): Create Policy first
When deploying Prism with the
GuEc2AppExperimental
for the first time, the deployment failed with the cloud-init-output logs stating:An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action
This suggests the instance update was started before the policy was created.
Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.
-
5add16c: feat(experimental-ec2-pattern): Tag launch template to improve observability
59.5.1
Patch Changes
-
fed2598: fix(experimental-ec2-pattern): Add buffer to rolling update timeout
If we consider the health check grace period to be the time it takes the "normal" user data to run,
the rolling update should be configured to be a little longer to cover the additional time spent polling the target group.A buffer of 1 minute is somewhat arbitrarily chosen.
Too high a value, then we increase the time it takes to automatically rollback from a failing healthcheck.
Too low a value, then we risk flaky deploys.
59.5.0
Minor Changes
-
f4e2a7c: feat(experimental-ec2-pattern): Pattern to deploy ASG updates w/CFN
Included in this update is a new experimental pattern
GuEc2AppExperimental
, which can be used in place of aGuEc2App
:import { GuEc2AppExperimental } from "@guardian/cdk/lib/experimental/patterns/ec2-app";
This pattern will add an
AutoScalingRollingUpdate
policy
to the autoscaling group.
This allows application updates to be performed like a standard CloudFormation update,
and using the custom logic provided by Riff-Raff'sautoscaling
deployment type is unnecessary.This experimental pattern has few requirements.
Add the build number to the application artifact
This change requires versioned artifacts.
The easiest way to achieve this is by adding the build number to the filename of the artifact:
import { UserData } from "aws-cdk-lib/aws-ec2"; // Use a GitHub Actions provided environment variable const buildNumber = process.env.GITHUB_RUN_NUMBER ?? "DEV"; const userData = UserData.forLinux(); userData.addCommands(`aws s3 cp s3://dist-bucket/path/to/artifact-${buildNumber}.deb /tmp/artifact.deb`); userData.addCommands(`dpkg -i /tmp/artifact.dep`);
riff-raff.yaml
The
riff-raff.yaml
file should remove thedeploy
action of theautoscaling
deployment type.
Though including it shouldn't break anything, it would result in a longer deployment time as instance will be rotated by both CloudFormation and Riff-Raff's custom logic.The
uploadArtifacts
step of theautoscaling
deployment type should still be included, with thecloud-formation
deployment type depending on it.
This step uploads the versioned artifact to S3.[!TIP]
An auto-generatedriff-raff.yaml
file meets this requirement.
59.4.0
Minor Changes
-
43dc653: feat(asg) Collect all ASG level metrics
This change should have no cost impact:
Group metrics are available at one-minute granularity at no additional charge, but you must enable them.
– https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-metrics.html.If it does, or if you only want a subset, the escape hatch mechanism can be used:
declare const asg: AutoScalingGroup; const cfnAsg = asg.node.defaultChild as CfnAutoScalingGroup; cfnAsg.metricsCollection = [ { granularity: "1Minute", metrics: [ // A subset of metrics ], }, ];
59.3.5
Patch Changes
- 9ff96cd: Update aws-cdk to 2.157.0, aws-cdk-lib to 2.157.0, constructs to 10.3.0
59.3.4
Patch Changes
- 7d214d6: Update
git-url-parse
from 14.1.0 to 15.0.0 - 19d41d3: Update
aws-sdk
from 2.1687.0 to 2.1691.0
59.3.3
Patch Changes
- c57b024: Allow inputs in GuScheduledLambda
59.3.2
Patch Changes
- 8e8a20f: Fix bug preventing creation of multiple VPCs in single stack
59.3.1
Patch Changes
- 89dee99: Update aws-cdk to 2.155.0, aws-cdk-lib to 2.155.0, constructs to 10.3.0
- 9412236: Update
aws-sdk
from 2.1674.0 to 2.1687.0 - 481e40d: Update
codemaker
from 1.102.0 to 1.103.1
59.3.0
Minor Changes
- 18daa5d: enable InstanceMetadataTags on EC2 patterns
59.2.4
Patch Changes
- 72c6eec: Update aws-cdk to 2.153.0, aws-cdk-lib to 2.153.0, constructs to 10.3.0
- bef9b1d: Update
aws-sdk
from 2.1670.0 to 2.1674.0
59.2.3
Patch Changes
59.2.2
Patch Changes
- c7426d3: Only set an SSL policy on HTTPS application listeners
- 754c919: Update
aws-sdk
from 2.1664.0 to 2.1665.0
59.2.1
Patch Changes
- 7ed3595: Update
aws-sdk
from 2.1649.0 to 2.1664.0. - 006e3a4: Update
git-url-parse
from 14.0.0 to 14.1.0.
59.2.0
Minor Changes
- 8700b29: feat(asg): Allow setting the defaultInstanceWarmup option on auto scaling groups provisioned by our EC2 pattern
59.1.0
Minor Changes
- 0a0bce1: : feat(asg): Allow setting the detailedMonitoring option on launch templates provisioned by our EC2 patterns
59.0.0
Major Changes
-
e15d900: GuCDK EC2 patterns now require an explicit
UserData
orGuUserDataProps
input, instead of a string.The UserData class comes with helpers that allow us to mutate the user data in our patterns which will be helpful with some of our upcoming work.
Unfortunately whenever astring
is passed to our patterns we have to wrap it in a specialCustomUserData
class which disables most of these helpers.For applications that were already using
GuUserDataProps
no change is required, however applications that used strings will have to make a small change.new GuEc2App({ userData: `#!/usr/bin/bash echo "hello world"`, ... })
becomes
const userData = UserData.forLinux(); userData.addCommands(`echo "hello world"`); new GuEc2App({ userData, ... })
Note that you no longer need to specify a shebang, by default
UserData
adds one for you. If you need to customize this behaviour you can look at the props accepted byforLinux
.
You may also want to look at some of the other methods that UserData has to understand if it may be able to help you in other ways, for exampleaddS3DownloadCommand
the method helps you write commands to download from S3.
58.2.0
Minor Changes
- 59ffa9d: feat(asg): Allow setting the UpdatePolicy on ASGs provisioned by our EC2 patterns
- 689b59a: Bump @guardian/tsconfig to 1.0.0 and specifically set moduleResolution to "node"
58.1.4
Patch Changes
- c015419: Update aws-cdk to 2.148.0, aws-cdk-lib to 2.148.0, constructs to 10.3.0
- 7051a7c: fix(ec2-app): Use
clientSecretValue
prop over deprecatedclientSecret
- 9cfabc6: fix(lambda): Use
loggingFormat
prop over deprecatedlogFormat
58.1.3
Patch Changes
- 16c7086: Limit the length of the cognito user pool domainPrefix generated by the Ec2App googleAuth functionality to 63 characters
- 816f3a2: bump codemaker from 1.100.0 to 1.101.0
- 94640e9: bump typedoc from 0.26.2 to 0.26.3
- 4eee825: bump @changesets/cli from 2.27.5 to 2.27.7
58.1.2
Patch Changes
- 87242ca: Update aws-cdk to 2.145.0, aws-cdk-lib to 2.145.0, constructs to 10.3.0
58.1.1
Patch Changes
- 1da0da9: Update aws-cdk to 2.141.0, aws-cdk-lib to 2.141.0, constructs to 10.3.0
- c8400c9: Add useful ASG group metrics (TOTAL_INSTANCES, etc) by default
58.1.0
Minor Changes
- 96cb7dc: Use the recommended ELB security policy
ELBSecurityPolicy-TLS13-1-2-2021-06
which includes TLS 1.3, and is backwards compatible with TLS 1.2.
58.0.0
Major Changes
-
fa0719b: BREAKING CHANGE: DevX Backups can no longer be enabled via the
withBackup
prop, which has been removed.Users should now opt-in/out of DevX Backups at the construct level (i.e. when defining an RDS instance, cluster or
DynamoDB table).We recommend using the
GuDatabaseInstance
orGuDynamoTable
to help with this. If these constructs cannot be used,
resources can also be tagged like this:Tags.of(myDatabase).add("devx-backup-enabled", "true")
.
57.1.0
Minor Changes
- 8bde0ca: Add Dynamodb construct with default deletion protection and mandatory opt-in/opt-out setting for DevX-backup.
57.0.0
Major Changes
-
7cc8591: BREAKING CHANGE:
Users of the GuDatabaseInstance class now need to explicitly opt-in/out of
DevX Backups via the devXBackups prop.
Minor Changes
- 197228b: GuLambdaFunction uses JSON logging by default, for compatibility with ApplicationLogLevel
56.0.3
Patch Changes
- 89a22f1: Update aws-cdk to 2.136.1, aws-cdk-lib to 2.136.1, constructs to 10.3.0
56.0.2
Patch Changes
- a98acf3: Update aws-cdk to 2.134.0, aws-cdk-lib to 2.134.0, constructs to 10.3.0
56.0.1
Patch Changes
- 44788e5: Update aws-cdk to 2.132.0, aws-cdk-lib to 2.132.0, constructs to 10.3.0
56.0.0
Major Changes
- 5fead41: - Load balancers now ad...
v59.5.2
Patch Changes
-
1110a11: fix(experimental-ec2-pattern): Create Policy first
When deploying Prism with the
GuEc2AppExperimental
for the first time, the deployment failed with the cloud-init-output logs stating:An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action
This suggests the instance update was started before the policy was created.
Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.
-
5add16c: feat(experimental-ec2-pattern): Tag launch template to improve observability
v59.5.1
Patch Changes
-
fed2598: fix(experimental-ec2-pattern): Add buffer to rolling update timeout
If we consider the health check grace period to be the time it takes the "normal" user data to run,
the rolling update should be configured to be a little longer to cover the additional time spent polling the target group.A buffer of 1 minute is somewhat arbitrarily chosen.
Too high a value, then we increase the time it takes to automatically rollback from a failing healthcheck.
Too low a value, then we risk flaky deploys.
v59.5.0
Minor Changes
feat(experimental-ec2-pattern): Pattern to deploy ASG updates w/CFN (#2417)
Included in this update is a new experimental pattern GuEc2AppExperimental
, which can be used in place of a GuEc2App
:
import { GuEc2AppExperimental } from "@guardian/cdk/lib/experimental/patterns/ec2-app";
This pattern will add an AutoScalingRollingUpdate
policy to the autoscaling group.This allows application updates to be performed like a standard CloudFormation update, and using the custom logic provided by Riff-Raff's autoscaling
deployment type is unnecessary.
This experimental pattern has few requirements.
Add the build number to the application artifact
This change requires versioned artifacts.
The easiest way to achieve this is by adding the build number to the filename of the artifact:
import { UserData } from "aws-cdk-lib/aws-ec2";
// Use a GitHub Actions provided environment variable
const buildNumber = process.env.GITHUB_RUN_NUMBER ?? "DEV";
const userData = UserData.forLinux();
userData.addCommands(`aws s3 cp s3://dist-bucket/path/to/artifact-${buildNumber}.deb /tmp/artifact.deb`);
userData.addCommands(`dpkg -i /tmp/artifact.dep`);
riff-raff.yaml
The riff-raff.yaml
file should remove the deploy
action of the autoscaling
deployment type.
Though including it shouldn't break anything, it would result in a longer deployment time as instance will be rotated by both CloudFormation and Riff-Raff's custom logic.
The uploadArtifacts
step of the autoscaling
deployment type should still be included, with the cloud-formation
deployment type depending on it. This step uploads the versioned artifact to S3.
Tip
An auto-generated riff-raff.yaml
file meets this requirement.
v59.4.0
Minor Changes
-
43dc653: feat(asg) Collect all ASG level metrics
This change should have no cost impact:
Group metrics are available at one-minute granularity at no additional charge, but you must enable them.
– https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-metrics.html.If it does, or if you only want a subset, the escape hatch mechanism can be used:
declare const asg: AutoScalingGroup; const cfnAsg = asg.node.defaultChild as CfnAutoScalingGroup; cfnAsg.metricsCollection = [ { granularity: "1Minute", metrics: [ // A subset of metrics ], }, ];