WARNING: The internal docker registry has been fully disabled in this release. Applications that have not been deployed in several months should be redeployed before updating to this release.
New Regions
- us-east-2
- us-west-1
IAM Lockdown
With security always top of mind, we set out to secure and lock down the various AWS permissions a Rack would need to manage itself. As with security in general, this is an on going process. We’ll from time to time update these permissions accordingly while trying to be specific and limit the number of permissions required.
Some examples in this release includes:
- Limited access to DynamoDB tables that only begin with the name of the Rack as a prefix
- Limited access to RDS instances that only begin with the name of the Rack as a prefix
- Limited access to IAM resources (roles, users, policies, etc) that belong to the
/convox/path
To see the technical details and exactly what kind of permissions Rack needs to manage itself, there’s no better place than the source itself.
- #1063 Add KernelUser managed policy [@MiguelMoll]
API Deprecation
A new /resources API endpoint has been added to continue the naming transition.
- #1518 Rename /services API endpoint to /resources [@soulshake]
General Enhancements
- #1550 Add a test to check for CONVOX_WAIT in ‘convox apps create’, [@soulshake]
-
#1551 Support for python in
convox init[@soulshake] - #1556 Allow running a subset of tests [@soulshake]