All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
3.1.0 (2021-05-10)
- Allow uploading a folder to My Studies (#475) (cb17d4b)
- Run coverage for merge commit (#458) (03afe0e)
- Test coverage (#456) (252b504)
- Fix BYOB app role to only modify FS roles (#454) (35f6cce)
- free-form strings for workspace configs (#479) (fca73f4)
- properly handle SC products with no active versions (#468) (3c561f4)
- Update workspace name reg exp and workspace config tags reg exp (#452) (f9b7d62)
- refactor: restricting AppDeployer permissions
- refactor: Remove permission boundary condition on launch constraint role
- refactor: restrict sc roles
Permissions boundaries are being added to the several important IAM roles used by Service Workbench as a security best practice.
Customer Impact: Below outlines the actions required for you to successfully adopt this security enhancement. The first two items are applicable to all customers. If you have created custom workspace types, then all three items below are applicable.
-
After running the update, onboard all hosting accounts once again to benefit from the enhanced security, and test the application. Note: The attached pdf contains steps for onboarding hosting accounts, contact your Service Workbench Administrator if you have not performed these steps before.
-
After running the update, import and use the newly available Service Catalog product versions for workspace types (latest version numbers) to benefit from the enhanced security.
-
ONLY Customers that have created custom workspace types: It is possible that the permissions boundaries would prevent actions that were formerly allowed. You should plan to validate your custom workspace types after the update. Issues should be addressed by modifying the custom workspaces to work within the permissions granted, or modify the permissions boundary for your installation (this would require a change to Service Workbench code (specifically the IAM policies that are attached as the permissions boundary) for your install). Note: Any existing custom or non-custom workspaces types (for example, EC2 Linux/Windows, EMR, SageMaker, R Studio) are not impacted by this upgrade.
- feat: Display SWB Version in UI's Top Bar
- fix: Fix cost dashboard bugs
- fix: Ensure sdk retry logic is enabled in prod
- docs: Readme updated
- fix: assume role on added member account
- fix: managing pnpm version for nodejs compatibility
- fix: adding required AppDeployer permissions
- chore: package dependency updates
- fix: added X-ray support and fix CWL IAM permissions
If you have been using CI/CD pipeline, please redeploy the pipeline stack to incorporate this fix by following the steps listed on the main/cicd/README.md file.
- fix: managing AppDeployer role permission boundary
- fix: CW log resources corrected in backend CFN template
- refactor: restrict ApiHandler role permissions
- refactor: restrict WorkflowLoopRunner role permissions
- refactor: restrict CrossAcctExec role permissions
- chore: team email removed from feedback section in readme
- chore: updates to npm dependencies
If you have been using CI/CD pipeline, please redeploy the pipeline stack to incorporate this fix by following the steps listed on the main/cicd/README.md file.
- chore: Enable SSE-S3 when registering buckets in BYOB
- refactor: restrict data source reachability Lambda role
- fix: Add 'reachable' and 'error' status to reachability check schema
- fix: added region parameter reference to elasticmapreduce bucket references
- fix: Upgraded react-dev-utils yarn dependency version
- feat: Added Bring Your Own Bucket(BYOB) functionality
- feat: Added integration testing for all APIs
- feat: Added OpenAPI documentation
- feat: Removed unused APIs- listWorkflowInstancesByStatus and createAuthenticationProviderConfig
- chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4
- test: fix flaky integ tests
- fix: emr workspace image. Lock jupyterlab to version 2.2.6
- test: Implemented integration tests for service catalog workspaces
- feat: verbose integ test log
- fix: SageMaker environment status update
- fix: Validate Open Data ARNs
- test: Integration test components and framework
- chore: Dependency version bump
- fix: Added usernameInIdp property to update user schema
- fix: Made external researcher used UserOnboarding template less permissive
- fix: labeler yml syntax
- chore: add PR size labeler
We recommend to apply this patch as soon as possible
- feat: Adding ability to manage CIDR blocks of workspace's configured security group
Note:
- This feature has added permissions to the onboard-account template and requires re-onboarding existing member accounts. Please contact your system administrator for the same.
- For RStudio instances, please allow 2-5 minutes for CIDR changes to take effect.
- For SageMaker instances, currently application admins and workspace owners have ability to access the SageMaker platform directly, irrespective of CIDR inclusion.
- feat: Remove APIs for built-in workspaces
- fix: Fix a bug on the update user API
We recommend to apply this patch as soon as possible
- fix: Add tables back to cloudformation and don't authorize API Keys
We recommend to apply this patch as soon as possible
- fix: remove API Keys functionality
We recommend to apply this patch as soon as possible
- fix: open data scraper bugfix
- docs: improvements to deployment documentation
- fix: Upload Files button disappears for R/W users
- feat: install R3.6 and system packages required for dev
- fix: file not found error in download-env-config script
- test: Add github workflow for e2etest run
- feat: modify filter criteria for Open Data
- docs: delete dead links
- fix: changed RStudio server CSP headers to allow uploads from same-origin
- feat: Support Read/Write Study mounts for EC2 Windows
- fix: Fix a bug on the update study API
We recommend to apply this patch as soon as possible
- fix: Handling policy names for windows envs
- fix: Fix a bug on the create study API
We recommend to apply this patch as soon as possible
- feat: Study Read/Write and Permission propagation (Goofys)
- feat: Read/Only study mounts on AWS Service Catalog based EC2 Windows workspaces
- fix: Adding dependencies for Dynamo table creation to prevent install crash
- fix: Query string parameters were getting duplicated in the url
- feat: Pre-install git on RStudio workspaces
- chore: Create better env delete logs
- fix: Apply version name to products out of the box
- fix: changing rstudio check-idle logic
- fix: Cognito user pool domain name clashing issue
- fix(End to End test): When creating a workspace, select project by class item
- fix: Sagemaker instances respect CIDR blocks that are provided to the instance
- For existing service workbench deployments you will need to import Sagemaker as a workspace type again to mitigate the risk of exposing workspaces to all IPs
- Existing Sagemaker workspaces will continue to have this issue
- feat: manual stop and start functionality for EC2 Linux, EC2 Windows, RStudio and Sagemaker workspaces
- feat: auto stop functionality for SageMaker and RStudio workspaces
- bugfix: outdated lock file
- doc: update deployment and post-deployment documentation
- feat: user id change. We will be using a uid going forward as a user identity
- feat(backend): Also allow UPLOAD access for users with write access
- bugfix: rethrow unknown exceptions
- bugfix: rstudio connection fix, removing appsteam
- bugfix: metaconnection check for rstudio
- Add budget integration - Admin users can set up budget and alert notifications for AWS member accounts on-boarded with Service Workbench
- Adding RStudio Service Catalog product - Users can now use RStudio in Service Catalog
- Bug fix for Service Catalog product artifact creation (occurs when CfN template is edited in-place)
- Initial launch! 🚀