v62.3.2

Patch Changes

• c35e7db: Add the option to create a WAF parameter to GuEc2App.

  Various projects use WAF to protect their load balancer. This is implemented by an SSM Parameter which is picked up by WAF configuration.

  Rather than have multiple projects create the param, it is now possible to simply mark the GuEc2App as WAF enabled, and the param will be created with a standard format.

v62.3.1

Patch Changes

• 0bcd45c: Update aws-cdk to ^2.1100.3, aws-cdk-lib to ^2.234.1, constructs to ^10.4.4

v62.3.0

Minor Changes

• 9d4a1d6: Move discoverability of GuJanusAssumableRole from tag to path

Patch Changes

• 4ad1bc1: Adds an Owner tag for the auth-lambda, so that teams auditing their Lambda functions can more easily understand who is responsible for maintaining this Lambda.

  This Lambda is maintained by DevX as part of https://github.com/guardian/cognito-auth-lambdas.

  If your EC2 application uses the googleAuth feature then you will need to update your snapshots to accept this change.

v62.2.1

Patch Changes

• 438089b: Update aws-cdk to ^2.1033.0, aws-cdk-lib to ^2.232.1, constructs to ^10.4.3

v62.2.0

Minor Changes

• c49c7a0: Add GuJanusAssumableRole construct

v62.1.3

Patch Changes

• 7c25920: Downgrade @guardian/eslint-config to v12.0.0 to remove react transitive dependency.

v62.1.2

Patch Changes

• f1fd01b: The new deployment mechanism (GuEc2AppExperimental) now suspends some additional ASG processes:

  AZRebalance
InstanceRefresh
ReplaceUnhealthy
ScheduledActions
HealthCheck

  https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html#process-types

  This follows a recommendation from AWS and should make deployments (and rollbacks) more reliable:
  https://repost.aws/knowledge-center/auto-scaling-group-rolling-updates

v62.1.1

Patch Changes

• d0ad2ec: no-op

  This is a no-op release to test migration to NPM trusted publishing.

v62.0.1

Patch Changes

• 810a08a: Update aws-cdk to ^2.1030.0, aws-cdk-lib to ^2.219.0, constructs to ^10.4.2

v62.0.0

Major Changes

• 12be0e5: Access logging for Application Load Balancers (ALBs) is now enabled by default.

  Application Load Balancer (ALB) access logs describe, in detail, each request processed by a load balancer, including request paths and status codes.
  They are helpful during incident response and are now enabled by default.

  Previously users of the GuEc2App, GuNodeApp, GuPlayApp , GuPlayWorkerApp and GuEc2AppExperimental patterns could opt-in to this logging via the accessLogging property and configure the S3 prefix.

  This property is now removed and replaced with a new optional boolean property withAccessLogging which defaults to true.

  • When true the ALB will have access logs enabled, configured to write to the account's S3 bucket using a specific prefix for compatibility with the gucdk_access_logs database created in Athena via https://github.com/guardian/aws-account-setup.
  • When false the access_logs.s3.enabled attribute is now explicitly set to false.

  A withAccessLogging property is also added to the GuApplicationLoadBalancer construct, with the same behaviour.

  NOTE: This feature requires a region to be set at the GuStack level, else the following error will be thrown:

  ValidationError: Region is required to enable ELBv2 access logging

  Here's an example of how to set the region:

  class MyStack extends GuStack {
    constructor(scope: App, id: string, props: GuStackProps) {
      super(scope, id, props);
    }
  }
  
  const stackInstance = new MyStack(app, "MyStack", {
    env: {
      region: "eu-west-1",
    },
  });

  There are three cost areas to this feature:

  • Writing to S3.

    AWS absorbs these costs.

  • S3 data storage.

    This cost will vary depending on the volume of traffic received; more traffic, more logs. To somewhat mitigate this, the target S3 bucket has already been configured to retain logs for 14 days.

  • Reading from S3 using Athena.

    This cost will vary depending on the volume of logs queried.