github aws/copilot-cli v1.23.0
copilot-cli: Release v1.23.0
on GitHub

latest releases: v1.34.0, v1.33.4, v1.33.3...
2 years ago

⚡️ Features and Enhancements

  • Restrict the ingress of a Request-Driven Web Service (RDWS) to environment only (#4137)

    Previously, a RDWS was always internet-facing. Now, you have the option of toggling the service to be private. Specify http.private: true in a RDWS manifest, and the service will accept traffic from within the environment only.

    See our blog post for more! Also, check out the http.private field in the manifest specification.

  • Support Aurora Serverless v2 in storage init (#4075)

    copilot storage init --storage-type Aurora will now generate an addon template for Aurora Serverless v2 by default.
    To generate a template for v1, you can run copilot storage init --storage-type Aurora --serverless-version v1

    Check out our blog post for more!

  • Restrict ingress to the public ALB using source IPs (#4103)

    It is now possible to limit the ingress to your public ALB to up to 50 source IPs. This can be configured in your environment manifest: 

    http:
 public:
   ingress:
     source_ips:
       - 10.0.0.0/24
       - 10.0.1.0/24

    Check out our blog post for more, as well as http.public.ingress.source_ips in the manifest specification !

  • Configure SSL policy for environment ALBs' HTTPS listener (#4099)

    You can now specify the security policy applied on the HTTPS listener for your environment ALB(s) to comply with your organization's security requirements. This can be configured in your environment manifest: 

    http:
 public: 
   ssl_policy: ELBSecurityPolicy-FS-1-2-Res-2019-08

 private: 
   ssl_policy: ELBSecurityPolicy-FS-1-2-Res-2019-08

    Check out the ssl_policy field in the manifest specification.

  • Restrict container access to root file system to read-only (#4062)

    You can now give your containers read-only access to its root file system to comply with Security Hub's recommendation of [ECS.5] ECS containers should be limited to read-only access to root filesystems. This can be configured in your service's manifest: 

    storage:
 readonly_fs: true

    See storage.readononly_fs in the manifest specification or read the blog post.

  • Enable VPC flow logs for environments (#4088)

    You can now capture information about the IP traffic going in and out of your environment VPC by enabling VPC flow logs in your environment manifest: 

    network:
 vpc:
   flow_logs: on

    See network.vpc.flow_logs in the manifest specification.

  • Show permissions boundary policy name in app show (#4071)

    In Copilot v1.22.0, we introduced permissions boundaries for all IAM roles in an application. Now you can see this configuration in copilot app show. 

    $ copilot app show --name myapp

About

 Name                  myapp
 Version               v1.1.0
 URI                   N/A
 Permissions Boundary  myPermissionsBoundaries

🐛 Bug Fixes

  • Fix misplaced http fields in environment manifest (#4068). See our blog post for more information on this manifest fix!
  • TLS termination does not require a certificate or domain for CDN (#4096)
  • Remove sh-unfriendly here string from the default buildspec (#4102)

❤️ Contributions

Thank you, contributors 🥰!

Check out latest releases or
releases around aws/copilot-cli v1.23.0

Don't miss a new copilot-cli release

NewReleases is sending notifications on new releases.

Get notifications