v5.1.0

5.1.0 (2022-03-22)

Features

• OAuth flow: Switch to Authorization Code grant (#947) (9edbc12)

Bug Fixes

• -raas-master-artifacts versioning (#930) (1465431)
• Allow users to go back and fix configuration errors (#934) (4f6a66d)
• config integ test (#950) (2b285b7)
• email TLD can be longer than 3 chars (#928) (eab8ec9)
• Exit early if jq is not installed. Fix ssm delete error (#953) (5c9c571)
• Handle workflow-trigger-service StepFunction execution failure (#903) (52b24c3)
• no cidr form field in TRE env (#940) (dd2ccfd)
• Remove non admin option for onboarding a hosting account (#933) (4b26589)
• remove unnecessary file (4d20541)
• Return badRequest if trying to terminate an environment that has already been terminated (#946) (15eb4d3)
• select cidr field only in non-TRE env (#941) (897670b)
• termination failure to show fewer details (#931) (6700c29)
• Throw HTTP Status 429 error when there are too many get Sagemaker Presigned URL requests (#942) (3dea763)
• wide cidr warning and env config dep (#935) (95c5d95)

v5.0.0

5.0.0 (2022-02-11)

Internal Auth deprecation

• Starting with this release, internal authentication provider in Service Workbench will remain deprecated. Logging into Service Workbench using the legacy internal authentication route will not work.
• Resources owned by internal users need to be deactivated or their ownership needs to be transferred to native Cognito user pool/external IdP users. Users marked with an internal auth provider will need to be deactivated. Please follow the detailed instructions here for a smooth upgrade experience.

Features

• Internal auth deprecation (#913) (b334136)

Bug Fixes

• add attributes for better logging (#897) (0a3ea5c)
• Allow CICD pipeline to have cognito permission for creating root user (#914) (93618cb)
• integ tests for auth change (#915) (86c6e19)
• Reduce scope of list users API for non admin users (#898) (1999b26)
• throw less descriptive errors (#895) (85ae1e2)
• user names update (#899) (89b9936)

v4.3.1

4.3.1 (2022-02-01)

Bug Fixes

• Apply correct SWB version number by using properly formatted commit message (6b26e0a)

v4.3.0

4.3.0 (2022-01-26)

Features

• enable flow logs for network monitoring (#883) (a36702b)

Bug Fixes

• notify api returns internal error on malformed id (#885) (fa2550c)
• strengthen CSP headers for style (#880) (7e64ba4)
• fix servicecatalog permissions (#877) (fbff7c0)
• fix servicecatalog permissions (#878) (e6804bf)

v4.2.0

4.2.0 (2022-01-19)

Enhanced default authentication method

Starting with the Service Workbench 4.2.0 release, the native Amazon Cognito user pool is the default authentication method, and is reflected accordingly on the application's login page (alongside your external SAML IdP integrations, if any).

Note: As a security enhancement, the internal authentication method used by Service Workbench (the legacy default authentication method) will soon be deprecated.
For more information, read Using native Amazon Cognito user pool for authentication

Customer Impact:

• You will find the default (user-customizable) configurations determining the native Amazon Cognito user pool behavior in the main/solution/post-deployment/config/settings/.defaults.yml file.
• If using native Amazon Cognito user pool, users can sign up for a user account, but can not access Service Workbench until they are approved by the application admin. The user addition experience on Service Workbench for native Amazon Cognito user pool is similar to that of an external IdP.
• A new admin user would be created in Service Workbench using the rootUserEmail value as provided by your stage configuration. A temporary password will be available in the installation summary necessary for logging the native admin user in for the first time.
• You can still log in using the internal authentication method by adding the text /?internal to your Service Workbench URL (for eg. https://<random_string>.cloudfront.net/?internal).

Important

• We suggest creating new users in native Amazon Cognito user pool (or an external IdP, if you use one) corresponding to their internal auth counterparts, and migrating resource permissions over to these new users.

Features

• Implementation for Cognito Native Pool feature (#858) (44dd9a6).

Bug Fixes

• cypress login page for Cognito enabled (#859) (726b957)

v4.1.3

Bug Fixes

• Allow onboarding member account in non AppStream supported regions (#844) (93dc465)
• force securetransport traffic only for buckets with dynamic bucket policies (#832) (33a4346)
• unhandled workflow error (#852) (be127d7)
• update dependabot suggested libraries (#848) (7b4e7c6)
• use format instead of regex for email validN (#849) (640bef1)

v4.1.2

4.1.2 (2021-12-27)

Bug Fixes

• Terminate pre-existing Rstudio instances in launch-rstudio test (#830) (e44e77c)
• add key rotation (#834) (46bfa83)
• add kms permission to work with cicd pipeline (#836) (9ecd9ee)
• elb logging on (#843) (163b411)
• Update EMR release label for log4j vulnerability (#845) (8b93e11)

v4.1.1

4.1.1 (2021-12-13)

Bug Fixes

• Add wait time for terminated RStudio instances in launch-rstudio-workspace test (#826) (ea93a8c)
• allow RStudio EC2 to initialize (#821) (5a3590a)
• Change build-image CLI argument to files (#825) (7506895)
• cidr port range check (#829) (dbfa431)
• delete verify linux tests from common folder (#822) (aff1d5c)
• EMR launch failure because of bucket policy (#824) (99bb319)
• terminate workspaces after e2e tests in non tre environment (#820) (bb9e457)
• Updates to RStudio Integration tests (#818) (eb879fe)

Documentation

• rstudio doc updates (#827) (772617f)

v4.1.0

4.1.0 (2021-11-19)

Features

• Implementation for RstudioV2 (backed by ALB) feature (#807) (ed2e7dc). In this release, RStudio ALB workspace type is provided with the following new features:

  • Compatibility with TRE (AppStream and Egress) features. See Prepare your account for AppStream.
  • New input parameter ACMSSLCertARN has been introduced in the RStudio workspace type template. The template is created by the scripts provided in AWS partner’s repository. ACMSSLCertARN corresponds to the certificates of the custom domain present in the hosting account.
  • The AmiID parameter value can be retrieved by creating a new AMI using the scripts provided in AWS partner’s repository.
  • A common Application Load Balancer (ALB) has been provided in the hosting account. See Application load balancing for RStudio ALB workspace.
  • Allows you to leverage the automatic certificate refresh feature from AWS Certificate Manager (ACM). As a result, you need not manually import the certificates into your main account ACM or hosting account ACM.
  • Note: With this release, the support for legacy RStudio workspace type has been deprecated. Please terminate legacy RStudio environment instances, if you have any.

• Add pending filter tab under AWS Accounts page (#786) (831da13)

• Add user's email to JSON response of egress request (#771) (e3c6c22)

Bug Fixes

• Add WorkflowDraftId validation on backend (#777) (f240d81)
• default hosted zone in infra (#794) (0967129)
• default image builder update (#781) (6398830)
• enable versioning (#780) (380a938)
• hsts header (#790) (66f79f2)
• more secure traffic policy (#782) (9264b6a)
• moving advanced integ tests in non-TRE folder (#772) (b10f4b0)
• prevent duplicate hosted zone creation (#789) (ac72b90)
• remove custom domain condition infra cfn (#817) (33b53da)
• run TRE tests for develop merge (#802) (c6e04ca)
• sc portfolio deletion correction (#779) (6e4d67b)
• script permissions (#793) (5b404f0)
• update GH action to use custom domain (#791) (b2fdfcb)

v4.0.2

Bug Fixes

• add coverage for undef config case (#761) (a3f3f09)
• AppDeployer needs perms to create new env (#762) (fe75f8b)
• display unavailable after config deletion (#760) (9c1daa4)