Skip to content

v1.6.0
Compare
Choose a tag to compare
@dlpzx dlpzx released this 19 Jul 13:27
· 516 commits to main since this release
v1.6.0
84c555e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

⚠️ Read the IMPORTANT section before upgrading ⚠️
⚠️ We strongly recommend you to upgrade to V1.6.2 directly ⚠️

What's Changed

New features

  • Add share reason in share requests by @noah-paige in #498
  • Import KMS key in imported datasets by @dlpzx in #515 and #572. Support for pre-existing imported datasets in #578

Security

  • Fine-grained NACLs for backend VPC creation by @noah-paige in #543 and in #573
  • Implement security response headers in Cloudfront distributions by @nikpodsh in #529
  • Sanitize the string to avoid a connection string injection by @nikpodsh in #532
  • Restrict KMS keys' policies by @noah-paige in #524
  • Limit dataset IAM role permissions by @dlpzx in #497
  • Limit environment IAM roles permissions by @dlpzx in #515
  • Limit pivot role (IAM role) permissions by @dlpzx in #535 --> it will only be automatically applied to dataallPivotRole-cdk . Migrate to auto-created dataallPivotRole-cdk released in V1.4.0 or manually update the dataallPivotRole roles in your environments.
  • Move parameters from Secrets Manager to SSM by @dlpzx in #455
  • Disable profiling results from "secret" and "official" datasets by @dlpzx in #482
  • CDK execution role policy template by @mourya-33 in #562

Bug-fixes

  • Fix deletion of imported Glue database by @dlpzx in #512
  • Removed unused resources and consolidate KMS keys in environment stack by @noah-paige in #524
  • Fix urllib3 dependencies for glue profiling job by @noah-paige in #513
  • Add cookiecutter config and environment variable for datapipelines stacks by @dbalintx in #582
  • v1.6.0 backwards compatibility changes by @dlpzx in #567
  • Add Glue Resource Policy Permissions for cross account share requests by @noah-paige in #579

⚠️ ⚠️ ⚠️ Important ⚠️ ⚠️ ⚠️

Breaking changes

  • ⚠️ IMPORTANT: It is necessary to upgrade to version >V1.5.0 before upgrading to V1.6 to avoid deletion of resources due to the removal of custom resources.
  • ⚠️ IMPORTANT: requires an update of environments and then datasets after upgrading. Either using cdk.json parameter enable_update_dataall_stacks_in_cicd_pipeline, waiting for overnight update stack task, or manually updating first environments and then datasets. If the environment stack is not updated Dataset creation and other functionalities will fail.
  • ⚠️ IMPORTANT: Because of the implementation of #529 the CloudFront distribution will be recreated. This means that the url used in the CloudFront distribution will be new. You can directly use the new url. In case you are using a custom domain with an SSL certificate, before upgrading to v1.6, you should remove the CNAME's (for both frontend and userguide ) from the old distributions as mentioned in #603
  • ⚠️ IMPORTANT: Additional EC2 permissions are needed in the CDK Synth CodeBuild because of the implementation of #543 --> this can be avoided by upgrading to v1.5.6 before upgrading to v1.6.0 or manually adding the necessary permissions and retrying the pipeline run. Check the PR for more details.
  • Developing locally requires using a role ending in -graphql-role, -awsworker-role or ecs-tasks-role to work with the more restrictive pivotRole trust policy implemented in #535.

New Contributors 🚀

Full Changelog: v1.5.6...v1.6.0

Contributors

noah-paige, dlpzx, and 3 other contributors
Assets 2
Loading