v60.1.3

Patch Changes

• b488c2e: Update aws-cdk to 2.170.0, aws-cdk-lib to 2.170.0, constructs to 10.4.2

v60.1.2

Patch Changes

• b8f4bbe: Update codemaker from 1.104.0 to 1.105.0
• 0d7dd47: Update git-url-parse from 15.0.0 to 16.0.0

v60.1.1

Patch Changes

• d00fa34: Update aws-sdk from 2.1691.0 to 2.1692.0

v60.1.0

Minor Changes

• 6e67597: feat(riff-raff.yaml): Add minInstancesInServiceParameters when applicable

  To complement the changes in guardian/riff-raff#1383,
  add the minInstancesInServiceParameters property to the riff-raff.yaml file when applicable.

v60.0.0

Major Changes

• 1105831: Set CPU architecture of ECS tasks to ARM64

• 8e1c15f: ECS task now uses GuVpc.subnetsFromParameter rather than defaulting to CDK context

  Note that this is a breaking change, because the previous behaviour was this

  • which relied on a CDK context file with details of the different subnets.

Patch Changes

• 3d26489: Update aws-cdk to 2.166.0, aws-cdk-lib to 2.166.0, constructs to 10.4.2

v59.5.6

Patch Changes

• 55c7c09: Update aws-cdk to 2.162.1, aws-cdk-lib to 2.162.1, constructs to 10.4.2

v59.5.5

Patch Changes

• c6fed4d: Update aws-cdk to 2.161.1, aws-cdk-lib to 2.161.1, constructs to 10.3.0
• 81e6c5a: chore(deps): bump codemaker from 1.103.1 to 1.104.0

v59.5.4

Patch Changes

• 08e6833: Revert mistakenly published version v59.5.3

v59.5.3

@guardian/cdk

59.5.2

Patch Changes

• 1110a11: fix(experimental-ec2-pattern): Create Policy first

  When deploying Prism with the GuEc2AppExperimental for the first time, the deployment failed with the cloud-init-output logs stating:

  An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action
  

  This suggests the instance update was started before the policy was created.

  Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.

• 5add16c: feat(experimental-ec2-pattern): Tag launch template to improve observability

59.5.1

Patch Changes

• fed2598: fix(experimental-ec2-pattern): Add buffer to rolling update timeout

  If we consider the health check grace period to be the time it takes the "normal" user data to run,
  the rolling update should be configured to be a little longer to cover the additional time spent polling the target group.

  A buffer of 1 minute is somewhat arbitrarily chosen.
  Too high a value, then we increase the time it takes to automatically rollback from a failing healthcheck.
  Too low a value, then we risk flaky deploys.

59.5.0

Minor Changes

• f4e2a7c: feat(experimental-ec2-pattern): Pattern to deploy ASG updates w/CFN

  Included in this update is a new experimental pattern GuEc2AppExperimental, which can be used in place of a GuEc2App:

  import { GuEc2AppExperimental } from "@guardian/cdk/lib/experimental/patterns/ec2-app";

  This pattern will add an AutoScalingRollingUpdate policy
  to the autoscaling group.
  This allows application updates to be performed like a standard CloudFormation update,
  and using the custom logic provided by Riff-Raff's autoscaling deployment type is unnecessary.

  This experimental pattern has few requirements.

  Add the build number to the application artifact

  This change requires versioned artifacts.

  The easiest way to achieve this is by adding the build number to the filename of the artifact:

  import { UserData } from "aws-cdk-lib/aws-ec2";
  // Use a GitHub Actions provided environment variable
  const buildNumber = process.env.GITHUB_RUN_NUMBER ?? "DEV";
  
  const userData = UserData.forLinux();
  userData.addCommands(`aws s3 cp s3://dist-bucket/path/to/artifact-${buildNumber}.deb /tmp/artifact.deb`);
  userData.addCommands(`dpkg -i /tmp/artifact.dep`);

  riff-raff.yaml

  The riff-raff.yaml file should remove the deploy action of the autoscaling deployment type.
  Though including it shouldn't break anything, it would result in a longer deployment time as instance will be rotated by both CloudFormation and Riff-Raff's custom logic.

  The uploadArtifacts step of the autoscaling deployment type should still be included, with the cloud-formation deployment type depending on it.
  This step uploads the versioned artifact to S3.

  [!TIP]
  An auto-generated riff-raff.yaml file meets this requirement.

59.4.0

Minor Changes

• 43dc653: feat(asg) Collect all ASG level metrics

  This change should have no cost impact:

  Group metrics are available at one-minute granularity at no additional charge, but you must enable them.
  – https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-metrics.html.

  If it does, or if you only want a subset, the escape hatch mechanism can be used:

  declare const asg: AutoScalingGroup;
  
  const cfnAsg = asg.node.defaultChild as CfnAutoScalingGroup;
  
  cfnAsg.metricsCollection = [
    {
      granularity: "1Minute",
      metrics: [
        // A subset of metrics
      ],
    },
  ];

59.3.5

Patch Changes

• 9ff96cd: Update aws-cdk to 2.157.0, aws-cdk-lib to 2.157.0, constructs to 10.3.0

59.3.4

Patch Changes

• 7d214d6: Update git-url-parse from 14.1.0 to 15.0.0
• 19d41d3: Update aws-sdk from 2.1687.0 to 2.1691.0

59.3.3

Patch Changes

• c57b024: Allow inputs in GuScheduledLambda

59.3.2

Patch Changes

• 8e8a20f: Fix bug preventing creation of multiple VPCs in single stack

59.3.1

Patch Changes

• 89dee99: Update aws-cdk to 2.155.0, aws-cdk-lib to 2.155.0, constructs to 10.3.0
• 9412236: Update aws-sdk from 2.1674.0 to 2.1687.0
• 481e40d: Update codemaker from 1.102.0 to 1.103.1

59.3.0

Minor Changes

• 18daa5d: enable InstanceMetadataTags on EC2 patterns

59.2.4

Patch Changes

• 72c6eec: Update aws-cdk to 2.153.0, aws-cdk-lib to 2.153.0, constructs to 10.3.0
• bef9b1d: Update aws-sdk from 2.1670.0 to 2.1674.0

59.2.3

Patch Changes

• 3b90072: Update codemaker from 1.101.0 to 1.102.0
• 82016de: Update aws-sdk from 2.1665.0 to 2.1670.0

59.2.2

Patch Changes

• c7426d3: Only set an SSL policy on HTTPS application listeners
• 754c919: Update aws-sdk from 2.1664.0 to 2.1665.0

59.2.1

Patch Changes

• 7ed3595: Update aws-sdk from 2.1649.0 to 2.1664.0.
• 006e3a4: Update git-url-parse from 14.0.0 to 14.1.0.

59.2.0

Minor Changes

• 8700b29: feat(asg): Allow setting the defaultInstanceWarmup option on auto scaling groups provisioned by our EC2 pattern

59.1.0

Minor Changes

• 0a0bce1: : feat(asg): Allow setting the detailedMonitoring option on launch templates provisioned by our EC2 patterns

59.0.0

Major Changes

• e15d900: GuCDK EC2 patterns now require an explicit UserData or GuUserDataProps input, instead of a string.

  The UserData class comes with helpers that allow us to mutate the user data in our patterns which will be helpful with some of our upcoming work.
  Unfortunately whenever a string is passed to our patterns we have to wrap it in a special CustomUserData class which disables most of these helpers.

  For applications that were already using GuUserDataProps no change is required, however applications that used strings will have to make a small change.

  new GuEc2App({
    userData: `#!/usr/bin/bash echo "hello world"`,
    ...
  })

  becomes

  const userData = UserData.forLinux();
  userData.addCommands(`echo "hello world"`);
  
  new GuEc2App({
    userData,
    ...
  })

  Note that you no longer need to specify a shebang, by default UserData adds one for you. If you need to customize this behaviour you can look at the props accepted by forLinux.
  You may also want to look at some of the other methods that UserData has to understand if it may be able to help you in other ways, for example addS3DownloadCommand the method helps you write commands to download from S3.

58.2.0

Minor Changes

• 59ffa9d: feat(asg): Allow setting the UpdatePolicy on ASGs provisioned by our EC2 patterns
• 689b59a: Bump @guardian/tsconfig to 1.0.0 and specifically set moduleResolution to "node"

58.1.4

Patch Changes

• c015419: Update aws-cdk to 2.148.0, aws-cdk-lib to 2.148.0, constructs to 10.3.0
• 7051a7c: fix(ec2-app): Use clientSecretValue prop over deprecated clientSecret
• 9cfabc6: fix(lambda): Use loggingFormat prop over deprecated logFormat

58.1.3

Patch Changes

• 16c7086: Limit the length of the cognito user pool domainPrefix generated by the Ec2App googleAuth functionality to 63 characters
• 816f3a2: bump codemaker from 1.100.0 to 1.101.0
• 94640e9: bump typedoc from 0.26.2 to 0.26.3
• 4eee825: bump @changesets/cli from 2.27.5 to 2.27.7

58.1.2

Patch Changes

• 87242ca: Update aws-cdk to 2.145.0, aws-cdk-lib to 2.145.0, constructs to 10.3.0

58.1.1

Patch Changes

• 1da0da9: Update aws-cdk to 2.141.0, aws-cdk-lib to 2.141.0, constructs to 10.3.0
• c8400c9: Add useful ASG group metrics (TOTAL_INSTANCES, etc) by default

58.1.0

Minor Changes

• 96cb7dc: Use the recommended ELB security policy ELBSecurityPolicy-TLS13-1-2-2021-06 which includes TLS 1.3, and is backwards compatible with TLS 1.2.

58.0.0

Major Changes

• fa0719b: BREAKING CHANGE: DevX Backups can no longer be enabled via the withBackup prop, which has been removed.

  Users should now opt-in/out of DevX Backups at the construct level (i.e. when defining an RDS instance, cluster or
  DynamoDB table).

  We recommend using the GuDatabaseInstance or GuDynamoTable to help with this. If these constructs cannot be used,
  resources can also be tagged like this: Tags.of(myDatabase).add("devx-backup-enabled", "true").

57.1.0

Minor Changes

• 8bde0ca: Add Dynamodb construct with default deletion protection and mandatory opt-in/opt-out setting for DevX-backup.

57.0.0

Major Changes

• 7cc8591: BREAKING CHANGE:

  Users of the GuDatabaseInstance class now need to explicitly opt-in/out of
  DevX Backups via the devXBackups prop.

Minor Changes

• 197228b: GuLambdaFunction uses JSON logging by default, for compatibility with ApplicationLogLevel

56.0.3

Patch Changes

• 89a22f1: Update aws-cdk to 2.136.1, aws-cdk-lib to 2.136.1, constructs to 10.3.0

56.0.2

Patch Changes

• a98acf3: Update aws-cdk to 2.134.0, aws-cdk-lib to 2.134.0, constructs to 10.3.0

56.0.1

Patch Changes

• 44788e5: Update aws-cdk to 2.132.0, aws-cdk-lib to 2.132.0, constructs to 10.3.0

56.0.0

Major Changes

• 5fead41: - Load balancers now ad...

v59.5.2

Patch Changes

• 1110a11: fix(experimental-ec2-pattern): Create Policy first

  When deploying Prism with the GuEc2AppExperimental for the first time, the deployment failed with the cloud-init-output logs stating:

  An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action
  

  This suggests the instance update was started before the policy was created.

  Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.

• 5add16c: feat(experimental-ec2-pattern): Tag launch template to improve observability