Patch Changes

• f1fd01b: The new deployment mechanism (GuEc2AppExperimental) now suspends some additional ASG processes:

  AZRebalance
InstanceRefresh
ReplaceUnhealthy
ScheduledActions
HealthCheck

  https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html#process-types

  This follows a recommendation from AWS and should make deployments (and rollbacks) more reliable:
  https://repost.aws/knowledge-center/auto-scaling-group-rolling-updates

Patch Changes

• d0ad2ec: no-op

  This is a no-op release to test migration to NPM trusted publishing.

Patch Changes

• 810a08a: Update aws-cdk to ^2.1030.0, aws-cdk-lib to ^2.219.0, constructs to ^10.4.2

Major Changes

• 12be0e5: Access logging for Application Load Balancers (ALBs) is now enabled by default.

  Application Load Balancer (ALB) access logs describe, in detail, each request processed by a load balancer, including request paths and status codes.
  They are helpful during incident response and are now enabled by default.

  Previously users of the GuEc2App, GuNodeApp, GuPlayApp , GuPlayWorkerApp and GuEc2AppExperimental patterns could opt-in to this logging via the accessLogging property and configure the S3 prefix.

  This property is now removed and replaced with a new optional boolean property withAccessLogging which defaults to true.

  • When true the ALB will have access logs enabled, configured to write to the account's S3 bucket using a specific prefix for compatibility with the gucdk_access_logs database created in Athena via https://github.com/guardian/aws-account-setup.
  • When false the access_logs.s3.enabled attribute is now explicitly set to false.

  A withAccessLogging property is also added to the GuApplicationLoadBalancer construct, with the same behaviour.

  NOTE: This feature requires a region to be set at the GuStack level, else the following error will be thrown:

  ValidationError: Region is required to enable ELBv2 access logging

  Here's an example of how to set the region:

  class MyStack extends GuStack {
    constructor(scope: App, id: string, props: GuStackProps) {
      super(scope, id, props);
    }
  }
  
  const stackInstance = new MyStack(app, "MyStack", {
    env: {
      region: "eu-west-1",
    },
  });

  There are three cost areas to this feature:

  • Writing to S3.

    AWS absorbs these costs.

  • S3 data storage.

    This cost will vary depending on the volume of traffic received; more traffic, more logs. To somewhat mitigate this, the target S3 bucket has already been configured to retain logs for 14 days.

  • Reading from S3 using Athena.

    This cost will vary depending on the volume of logs queried.

Patch Changes

• ce55193: Update aws-cdk to ^2.1029.1, aws-cdk-lib to ^2.214.0, constructs to ^10.4.2

Minor Changes

• 44adc37: feat(experimental-ec2-pattern): Echo RiffRaffDeploymentId in user-data

  This change adds a new CloudFormation parameter, RiffRaffDeploymentId, to be set by Riff-Raff during deployment (see guardian/riff-raff#1469).
  This parameter is echoed out in the user-data. This means a redeployment of the same build creates a CloudFormation changeset with a new launch template.
  Consequently, the running EC2 instances are cycled. This means scheduled deployments are possible.

Patch Changes

• 838492c: Update aws-cdk to ^2.1018.0, aws-cdk-lib to ^2.200.1, constructs to ^10.4.2

• 1e87504: Remove lodash dependencies

• 848d54f: Remove unused RegexPattern.S3ARN.

  The regex isn't used (other than within tests of this repository), so we can safely remove it.

Patch Changes

• 0b264a3: Fix resource property of guard duty IAM role for ECS task pattern

Minor Changes

• 9db50ef: Add required permissions to GuEcsTask pattern for guard duty sidecar container

Patch Changes

• 6c611c8: Broaden CDK peer dependency ranges to allow any aws-cdk/construct version provided more recent than the specified version

Minor Changes

• 339c2e9: Improves the safety of the new deployment mechanism for services which scale horizontally.

  As part of this the default and maxValue properties of the MinInstancesInServiceFor<app> parameter (which is used by Riff-Raff) have been removed.

Patch Changes

• 888d5e2: Update aws-cdk to 2.1018.0, aws-cdk-lib to 2.200.1, constructs to 10.4.2

Patch Changes

• 1336b63: Update import path of ContainerInsights.