github aws/copilot-cli v1.32.0
copilot-cli: Release v1.32.0

latest releases: v1.34.0, v1.33.4, v1.33.3...
12 months ago

⚡️ Features and Enhancements

  • run local --proxy: Proxy outbound requests from your local containers to the environment VPC using --proxy! (#5412)

    We are enhancing the run local feature released in v1.30.0: the --proxy flag proxies outbound requests to your environment VPC. This feature gives you higher fidelity for your local testing using run local – the containers on your local machine can now talk to the other services in the VPC and talk to your RDS database through the cluster or instance endpoints.

  • run local --watch: Listen to changes to your workspace and automatically restart the containers (#5413)

    Another enhancement to the run local feature! Test your services using run local while making changes to your code, and Copilot will automatically restart the local containers. You can test your service with the new changes without having to kill the original process and run run local again.
    The flag --watch is great by itself, but extremely useful if you use --proxy: it saves you quite a bit of the overhead time to set up the proxy.

  • Import an application load balancer: Place an existing ALB in front of your service (#5438)

    Bring your own application load balancer if you don't like the default shared application load balancer of your environment! Just specify the name or the ARN of the application load balancer in the http.alb field, and Copilot will figure out whether it has an HTTP listener, an HTTPS listener, or both. Copilot will then create listener rules on the listeners it finds, and optionally upserts A records for your alias to the respective hosted zones if any are specified!

    http:
      alb: myALB # Or arn:aws:elasticloadbalancing:us-west-2:1234567890:loadbalancer/app/myALB/12345abcde
      path: '/'
      alias:
         - name: example.com
           hosted_zone: Z08230443CW11KE6JBNUA
      allowed_source_ips: ["192.0.2.0/24", "198.51.100.10/32", "67.170.82.49/32"]
  • Support addons for Static Site (#5384): you can now use addons to add additional resources to your Static Site workload, the same way as you would for any other services!

  • Support docker build args in task run --build-args (#5377)

    Pass additional build args to build the image using --build-args!

    $ copilot task run --build-args GO_VERSION=1.19
    
  • Enforce KMS encryption on the pipeline artifact buckets (#5329): Any new applications will start using the KMS key managed by Copilot as the default encryption key – instead of the S3-managed key – for your pipeline artifact buckets. It also rejects any s3:PutObject actions that disable server-side encryption. This change should not affect any existing applications, and can be optionally applied to your existing application by running copilot app upgrade to meet compliance requirements.

  • Enforce HTTPS on the pipeline artifact buckets (#5393): Reject any access to pipeline artifact buckets that are not secure. Any new applications will come with this configuration. For existing applications, run copilot app upgrade to get the extra protection.

🐛 Bug Fixes

  • Remove sts:AssumeRole permission for the ECS task roles or the App Runner instance roles (#5423): Previously, there was a bug where the ECS tasks roles were given permission to assume roles that are tagged with the application name and the environment name. We are removing this permission for better security posture. We recommend that you redeploy your Load-Balanced Web Services, Backend Services, Worker Services, Request-Driven Web Service, and Scheduled Job to apply this fix.

❤️ Contributions

Thank you, contributors 🥰!

Don't miss a new copilot-cli release

NewReleases is sending notifications on new releases.