Skip to content

Latest commit

 

History

History
810 lines (510 loc) · 67.9 KB

CHANGELOG.md

File metadata and controls

810 lines (510 loc) · 67.9 KB

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.2.4 (2024-10-03)

End of Life Notice

Service Workbench (SWB) on AWS will reach the End of Life (EOL) on 2024-11-30. On November 30, 2024, the SWB on AWS solution repository will be archived (made read-only), and the listing on the AWS Solutions Library will be withdrawn.

Will there be any new feature releases for SWB on AWS?

No. SWB on AWS has been in maintenance mode since February 8, 2024. While in maintenance, new features are not added to this solution guidance. Security engagement should be directed to AWS Security at [email protected].

After the EOL date, SWB on AWS will no longer receive any new feature updates, bug fixes or security updates from AWS. After the EOL date, customers who continue to use the software are responsible for the maintenance of the software and its dependencies. Of note, SWB depends on a third party open-source library, Serverless Framework v3 from Serverless, Inc.. Inquiries about extended support for Serverless Framework v3 should be directed to Serverless, Inc.

Where should I migrate to?

We recommend that you explore using Research and Engineering Studio on AWS (RES) (https://aws.amazon.com/hpc/res/). RES is an AWS supported, open-source product that enables IT administrators to provide a web portal for scientists and engineers to run technical computing workloads on AWS. You can get started by following instructions in the Research and Engineering Studio User Guide (https://docs.aws.amazon.com/res/latest/ug/overview.html). You can also explore additional solutions for research on the AWS Solutions Library (https://aws.amazon.com/solutions/education/research-in-the-cloud/) or by contacting your AWS Account team.

What support is available?

Customers should begin working with their AWS Account Managers to discuss the support needed for their individual circumstances as soon as possible. If you prefer not to migrate to RES on AWS or are not supported by RES on AWS in your region, please contact your AWS account team for alternatives.

6.2.3 (2024-07-10)

Bug Fixes

  • fix dependabot alerts (f942e60)
  • remove global flag for serverless package (3ae0474)
  • pin serverless version (9521d4d)

6.2.2 (2024-03-13)

Bug Fixes

  • fix for EC2 windows connection logic (a5b1c033)

6.2.1 (2024-02-08)

Maintenance Notice

Service Workbench on AWS has been moved to maintenance mode. While in maintenance, we will not add new features to this solution guidance. Security engagement should be directed to AWS Security at [email protected]. If you are new to Service Workbench on AWS, we recommend that you explore using Research and Engineering Studio on AWS (https://aws.amazon.com/hpc/res/). You can get started by following instructions in the Research and Engineering Studio User Guide (https://docs.aws.amazon.com/res/latest/ug/overview.html). If you are an existing customer of Service Workbench on AWS and have additional questions or need immediate help, please contact your AWS Account team.

6.2.0 (2023-11-10)

In this release, we have addressed GitHub dependabot alerts, upgraded NodeJS to v18, and added IMDSv2 support on AMI creation

Bug Fixes

  • add missing dependency (ffb437a)
  • backend lambda sdk package (e08dab3)
  • minimum patched version of go (36e7714)
  • upgrade to node18 (fb39c08)
  • remove nodeExternals webpack (c31d7a9)
  • semver package version (d51d2bc)
  • unit tests for nodeJS16 onwards (c8b3709)
  • update node max space (8839635)
  • upgrades + modifications for pnpm upgrade (bbc8933)
  • use principal.username (e21163f)
  • use system context (bee9675)

6.1.1 (2023-10-16)

For TRE deployments, please Update the Permissions on any hosting accounts on the Accounts page, AWS Accounts tab to ensure all hosting accounts are "Up to Date".

Bug Fixes

6.1.0 (2023-09-30)

Version 6.1.0 of Service Workbench on AWS brings a security enhancement to improve SWB management of the VPC endpoint policy. The enhancement only applies to customers who enabled AppStream within their environments.

Backwards compatibility:

As part of this release, a new script is included to ensure the new policies are applied to existing accounts and their respective environments. The script can be found in the GitHub Repo and should get executed as follows once all hosting accounts are updated to the latest release:

npm install
npm run update-vpce-with-existing-byob -- <stage-regionAbbreviation-solutionName> <region>
# Example: npm run update-vpce-with-existing-byob -- dev-va-sw us-east-1

Features

  • Harden VPCe Policies for AppStream environments (#1223) (d87e468)
  • add IMDSv2 support on AMI creation (#1215) (3432768)

6.0.0 (2023-06-12)

Going forward, a BYOB study will now have to be assigned to a SWB project ID. This is to enforce access to the BYOB study's S3 prefix only from its project's linked VPC endpoint.

For upgrade installations

Before upgrade:

  • Terminate all environments that are accessing BYOB studies. This is optional but recommended by the service team.
  • Make sure your hosting accounts are in the Up-to-Date status. You can check by visiting the Accounts tab on SWB UI and clicking on the AWS Accounts tab. If they’re not, please re-onboard the accounts that need updating.

After upgrade:

  • Once the new version of SWB has been installed, navigate to the Data Sources tab in SWB UI.
  • On each of the Data Source bucket that has been registered, click on the “CloudFormation” tab, click the Update Stack button, while being logged into the Data Source account console. This will navigate you to the CloudFormation stack for that bucket. Continue with the stack update.

Note: To continue using existing BYOB studies that were not assigned to a SWB project ID please add a key projectId to that study’s entry in the <stage>-<regionShortName>-<solutionName>-Studies DynamoDB table in the SWB main account with its value equal to the SWB project ID you would like to associate it with. Please work with your AWS partner if you need help.

Bug Fixes

5.2.11 (2023-05-05)

Bug Fixes

  • add S3 VPC Endpoints to restrict bucket access (#1189) (60c3439)

5.2.10 (2023-04-28)

Bug Fixes

5.2.9 (2023-04-25)

  • add Ec2InstanceSourceVPC and ec2InstanceSourcePrivateIPv4 conditional checks to IAM roles for Linux and Windows EC2 templates (#1181) (9295efb)

5.2.8 (2023-04-18)

Features

Bug Fixes

5.2.7 (2022-12-30)

Bug Fixes

  • Sagemaker compatibility fix with AL2. Fix issue in which Sagemaker instances running on AL2 could not mount dataset. (#1089) (bdf978b)

5.2.6 (2022-12-19)

Bug Fixes

  • add permissions for stgEnvname and stgNamespace to IAM roles (#1074) (62d35f4)
  • projects test was using the wrong role (#1087) (9c283b6)
  • UI properly sorts Projects with Detail button (#1085) (a267305)

5.2.5 (2022-12-09)

Bug Fixes

  • Sagemaker compatability fix with AL2. Fix issue in which Sagemaker instances running on AL2 could not mount dataset and autostop (#1079) (dea1c89)

5.2.4 (2022-12-07)

Features

  • Add integration tests for users and user-roles controllers (#1057) (5e9e813)

Bug Fixes

5.2.3 (2022-10-12)

Bug Fixes

  • upgrade lambda nodejs to 16x and Serverless Framework to v3(#1047)(a0c7eee)
  • tre egress store data updated S3 return (#1054) (a80aa7e)
  • use "" as default profile if no awsProfile (#1050) (863cb06)

5.2.2 (2022-09-02)

Bug Fixes

5.2.1 (2022-09-01)

Bug Fixes

5.2.0 (2022-05-17)

Features

  • TRE Enhancements (#993) (a843926):

    • Support for Centralized AMI: Allows customers to use a centralized DevOps account for building and hosting AMIs so that these AMIs can be made available to multiple SWB installations.
      • enableAmiSharing and devopsProfile configuration settings have been added, disabled by default. These can be overriden in your main/config/settings/<stage>.yml file.
    • Restrict access to data for Admin Role: The admin will be allowed to view another researchers' workspaces in the Service Workbench portal, but will not be able connect to them. This ensures the admins do not get indirect access to data sources of other users. Admins can also be restricted to being BYOB data source owners without being a BYOB study admins.
      • restrictAdminWorkspaceConnection and disableAdminBYOBSelfAssignment configuration settings have been added, disabled by default. These can be overriden in your main/config/settings/<stage>.yml file.
    • Restricted data upload capabilities for Researcher Profile: Users with a researcher role will not have the ability to create a study or upload files to any study, allowing organization to have more control over the study creation and data ingestion.
      • disableStudyUploadByResearcher configuration setting has been added, disabled by default. This can be overriden in your main/config/settings/<stage>.yml file.

    For more information about these flags, please take a look at our User Guide document.

Bug Fixes

5.1.1 (2022-04-08)

Bug Fixes

  • replace aws-ee package name prefix with amzn (#960) (9e224ff)

5.1.0 (2022-03-22)

Features

  • OAuth flow: Switch to Authorization Code grant (#947) (9edbc12)

Bug Fixes

  • -raas-master-artifacts versioning (#930) (1465431)
  • Allow users to go back and fix configuration errors (#934) (4f6a66d)
  • config integ test (#950) (2b285b7)
  • email TLD can be longer than 3 chars (#928) (eab8ec9)
  • Exit early if jq is not installed. Fix ssm delete error (#953) (5c9c571)
  • Handle workflow-trigger-service StepFunction execution failure (#903) (52b24c3)
  • no cidr form field in TRE env (#940) (dd2ccfd)
  • Remove non admin option for onboarding a hosting account (#933) (4b26589)
  • remove unnecessary file (4d20541)
  • Return badRequest if trying to terminate an environment that has already been terminated (#946) (15eb4d3)
  • select cidr field only in non-TRE env (#941) (897670b)
  • termination failure to show fewer details (#931) (6700c29)
  • Throw HTTP Status 429 error when there are too many get Sagemaker Presigned URL requests (#942) (3dea763)
  • wide cidr warning and env config dep (#935) (95c5d95)

5.0.0 (2022-02-11)

Internal Auth deprecation

  • Starting with this release, internal authentication provider in Service Workbench will remain deprecated. Logging into Service Workbench using the legacy internal authentication route will not work.
  • Resources owned by internal users need to be deactivated or their ownership needs to be transferred to native Cognito user pool/external IdP users. Users marked with an internal auth provider will need to be deactivated. Please follow the detailed instructions here for a smooth upgrade experience.

Features

Bug Fixes

  • add attributes for better logging (#897) (0a3ea5c)
  • Allow CICD pipeline to have cognito permission for creating root user (#914) (93618cb)
  • integ tests for auth change (#915) (86c6e19)
  • Reduce scope of list users API for non admin users (#898) (1999b26)
  • throw less descriptive errors (#895) (85ae1e2)
  • user names update (#899) (89b9936)

4.3.1 (2022-02-01)

Bug Fixes

  • Apply correct SWB version number by using properly formatted commit message (6b26e0a)

4.3.0 (2022-01-26)

Features

  • enable flow logs for network monitoring (#883) (a36702b)

Bug Fixes

4.2.0 (2022-01-19)

Enhanced default authentication method

Starting with the Service Workbench 4.2.0 release, the native Amazon Cognito user pool is the default authentication method, and is reflected accordingly on the application's login page (alongside your external SAML IdP integrations, if any).

Note: As a security enhancement, the internal authentication method used by Service Workbench (the legacy default authentication method) will soon be deprecated. For more information, read Using native Amazon Cognito user pool for authentication

Customer Impact:

  • You will find the default (user-customizable) configurations determining the native Amazon Cognito user pool behavior in the main/solution/post-deployment/config/settings/.defaults.yml file.
  • If using native Amazon Cognito user pool, users can sign up for a user account, but can not access Service Workbench until they are approved by the application admin. The user addition experience on Service Workbench for native Amazon Cognito user pool is similar to that of an external IdP.
  • A new admin user would be created in Service Workbench using the rootUserEmail value as provided by your stage configuration. A temporary password will be available in the installation summary necessary for logging the native admin user in for the first time.
  • You can still log in using the internal authentication method by adding the text /?internal to your Service Workbench URL (for eg. https://<random_string>.cloudfront.net/?internal).

Important

  • We suggest creating new users in native Amazon Cognito user pool (or an external IdP, if you use one) corresponding to their internal auth counterparts, and migrating resource permissions over to these new users.

Features

  • Implementation for Cognito Native Pool feature (#858) (44dd9a6).

Bug Fixes

  • cypress login page for Cognito enabled (#859) (726b957)

4.1.3 (2022-01-06)

Bug Fixes

  • Allow onboarding member account in non AppStream supported regions (#844) (93dc465)
  • force securetransport traffic only for buckets with dynamic bucket policies (#832) (33a4346)
  • unhandled workflow error (#852) (be127d7)
  • update dependabot suggested libraries (#848) (7b4e7c6)
  • use format instead of regex for email validN (#849) (640bef1)

4.1.2 (2021-12-27)

Bug Fixes

  • Terminate preexistin Rstudio instances in launch-rstudio test (#830) (e44e77c)
  • add key rotation (#834) (46bfa83)
  • add kms permission to work with cicd pipeline (#836) (9ecd9ee)
  • elb logging on (#843) (163b411)
  • Update EMR release label for log4j vulnerability (#845) (8b93e11)

4.1.1 (2021-12-13)

Bug Fixes

  • Add wait time for terminated RStudio instances in launch-rstudio-workspace test (#826) (ea93a8c)
  • allow RStudio EC2 to initialize (#821) (5a3590a)
  • Change build-image CLI argument to files (#825) (7506895)
  • cidr port range check (#829) (dbfa431)
  • delete verify linux tests from common folder (#822) (aff1d5c)
  • EMR launch failure because of bucket policy (#824) (99bb319)
  • terminate workspaces after e2e tests in non tre environment (#820) (bb9e457)
  • Updates to RStudio Integration tests (#818) (eb879fe)

Documentation

4.1.0 (2021-11-19)

Features

  • Implementation for RstudioV2 (backed by ALB) feature (#807) (ed2e7dc). In this release, RStudio ALB workspace type is provided with the following new features:

    • Compatibility with TRE (AppStream and Egress) features. See Prepare your account for AppStream.
    • New input parameter ACMSSLCertARN has been introduced in the RStudio workspace type template. The template is created by the scripts provided in AWS partner’s repository. ACMSSLCertARN corresponds to the certificates of the custom domain present in the hosting account.
    • The AmiID parameter value can be retrieved by creating a new AMI using the scripts provided in AWS partner’s repository.
    • A common Application Load Balancer (ALB) has been provided in the hosting account. See Application load balancing for RStudio ALB workspace.
    • Allows you to leverage the automatic certificate refresh feature from AWS Certificate Manager (ACM). As a result, you need not manually import the certificates into your main account ACM or hosting account ACM.
    • Note: With this release, the support for legacy RStudio workspace type has been deprecated. Please terminate legacy RStudio environment instances, if you have any.
  • Add pending filter tab under AWS Accounts page (#786) (831da13)

  • Add user's email to JSON response of egress request (#771) (e3c6c22)

Bug Fixes

4.0.2 (2021-10-19)

Bug Fixes

  • add coverage for undef config case (#761) (a3f3f09)
  • AppDeployer needs perms to create new env (#762) (fe75f8b)
  • display unavailable after config deletion (#760) (9c1daa4)

4.0.1 (2021-10-15)

Notes: We recommend to apply this patch as soon as possible if you use CICD component

Bug Fixes

  • remove test target from infrastructure tests as it is reserved for unit tests (#756) (4adb965)

4.0.0 (2021-10-14)

Features

  • Egress, Secured Workspaces (AppStream) and Account update wizard (#750) (b990924)

Service Workbench is incrementing a major release version to bring attention to three new features.

1. Member account onboarding improvement

The Service Workbench member account onboarding process is changed to be more in line with the Bring Your Own Bucket (BYOB) process. The general intent is that the process to onboard an account in support of hosting data should be the same as onboarding an account in support of hosting researcher workspace compute. Twelve points of context switching and manual data entry have been eliminated with the new process.

This change applies to all updated installations, and can be applied to those installations that have already onboarded member accounts.

To learn more about the new process, refer to the updated instructions in the Service Workbench Post Deployment guide.

Important Notes:

  • If you have already onboarded a member account for your Service Workbench installation, and this account has active or stopped workspaces, the safest course would be to terminate all workspaces prior to the update. We did test a scenario with active and stopped workspaces and observed no impact during testing, but because this update is a major release, we recommend the safest course.
  • After updating the member account, delete the old workspace types and import the new workspace types. This is needed because the old workspace types may not work correctly with Service Workbench 4.0.0.
  • Any member accounts that were onboarded prior to this update will need to be updated through the Service Workbench user interface, and you will be prompted to do so when visiting the new “Accounts” page in Service Workbench. This update is necessary because there is a new capability that will check to see if the member and main account code versions are in sync, and provide a visual indicator if not, allowing you a clear indication of update.

2. Enabling secure desktop

Introduction of AppStream 2.0 as an access point for Service Workbench workspaces. With this enabled, researchers will not be able to egress the data from their Service Workbench workspaces to their client machine, and Service Workbench workspaces will not have access to the internet.

Core networking changes within the member account will move researcher workspaces to the private subnets, and the method of connecting to a researcher workspace changes. Restricting access by public IP is no longer available, and the layer of security per workspace that replaces IP restriction is outlined in connection instructions in the Service Workbench workspace UI.

This feature is disabled by default upon install. To enable this feature, change the feature flag isAppStreamEnabled in the configuration file to true.

Important Notes:

  • Once this feature is enabled for a Service Workbench installation, it cannot be disabled without deleting the installation and reinstalling. This is because there are core networking changes for workspaces that cannot be reverted.
  • If you have an existing installation without the feature flag enabled, and want to activate this feature flag, terminate all workspaces prior to activating the flag.
  • AppStream service use does incur additional cost and we recommend you review the cost impact prior to configuring your AppStream fleet: https://aws.amazon.com/appstream2/pricing/
  • Because the Service Workbench workspaces do not have internet connectivity, VPC endpoints are introduced for all AWS services that the workspaces use (such as S3, EC2, and AppStream).
  • Significant updates to the post deployment configuration instructions when this feature is enabled are outlined here

3. Enabling secure egress

As a compliment to the Secure Desktop functionality, this feature provides a mount point per workspace (that is only accessible from that workspace) for a researcher to stage data that they wish to take out of the Service Workbench installation. Once the data is put to this location (called the Egress Store), the researcher can choose the Submit Egress Request button and a message is generated to a SNS Topic (https://aws.amazon.com/sns/) containing the metadata for their egress request.

Like the Secure Desktop feature, this feature is also disabled by default upon install. To enable this feature, you must change the feature flag enableEgressStore in the configuration file to true. Note that this feature flag is independent from the Secure Desktop feature flag, but if it is activated by itself, there is nothing preventing the researcher from copying data to their local client (thus outside the egress store).

Important Notes:

  • Currently, the message goes to the SNS topic - but there is not subscriber added to the topic. It is your responsibility to subscribe to the topic, and to act on the Egress Store data source with elevated permissions through the AWS Management Console.
  • When this feature is enabled, the Bring Your Own Buckets (BYOB) data sources are only allowed to be read only. This is because a BYOB data source can live in a different AWS account (unlike MyStudy and Organizational Study that live in the main Service Workbench main account). Allowing write to a BYOB data source would be uncontrolled egress.

3.5.0 (2021-10-14)

Features

  • dynamic version number from CHANGELOG and automation of Beta versioning (#716) (5887170)

Bug Fixes

  • build ami version bug (#738) (a39b3b4)
  • bypass develop protection when adding beta (#725) (fe4c0ff)
  • downgrade node-ssh version to fix integ tests (#744) (f5ce251)
  • integ test setup flakiness fix (#727) (65ea43d)
  • namespace code works with configs with no namespace param (#717) (72c9fe3)
  • Update libcurl-devel package for RStudio to correct version (#726) (04bb82c)
  • version number before backend deployment (#724) (6d545dd)

3.4.0 (2021-09-16)

Features

  • display Configuration Name and Instance Type on Workspace details card (#669) (f0fa819)
  • Pre-populate variable values in input section of new workspace configuration (#680) (8ce51b2)

Bug Fixes

Documentation

3.3.1 (2021-07-26)

Bug Fixes

  • application version number (#573) (fada154)
  • Clear timer in ForceLogout.test.js to allow tests to end (#570) (4871e0f)
  • Remove delete user feature from UI and handle study permissions which have stale users (#595) (8be3f90)

Chore

Documentation

3.3.0 (2021-06-25)

Documentation

  • Service Workbench installation guide (#545) (2be27d1)

3.2.0 (2021-06-11)

Features

  • Add warning that internal authentication shouldn't be used in production (#506) (1586278)
  • Encrypt s3 buckets for EMR log bucket and CICD Artifact bucket (#508) (e86fd06)
  • study permissions only shown to Study Admin (#501) (f3eaae8)

Bug Fixes

  • add termination status for non-found workspaces (#502) (8c30378)
  • adds 'stopped' filter for workspaces (960b592)
  • Allow sagemaker to have the proper IAM permission to autostop itself (#515) (32007ed)
  • Corrected Spark defaults to fix read/write functionality from Spark (#526) (f96e1bd)
  • Do not allow users to change root password (#503) (a436f73)
  • moved notification boxes to avoid blocking the top ribbon. (#483) (5a226d7)
  • react compilation error (#500) (547f2ad)
  • Redirect non admin users to "/" if they try to access "/users" (#489) (ee3a58e)

3.1.0 (2021-05-10)

Features

Bug Fixes

  • Fix BYOB app role to only modify FS roles (#454) (35f6cce)
  • free-form strings for workspace configs (#479) (fca73f4)
  • properly handle SC products with no active versions (#468) (3c561f4)
  • Update workspace name reg exp and workspace config tags reg exp (#452) (f9b7d62)

[3.0.0] - 2021-04-19

Added

  • refactor: restricting AppDeployer permissions
  • refactor: Remove permission boundary condition on launch constraint role
  • refactor: restrict sc roles

Permissions boundaries are being added to the several important IAM roles used by Service Workbench as a security best practice.

Customer Impact: Below outlines the actions required for you to successfully adopt this security enhancement. The first two items are applicable to all customers. If you have created custom workspace types, then all three items below are applicable.

  1. After running the update, onboard all hosting accounts once again to benefit from the enhanced security, and test the application. Note: The attached pdf contains steps for onboarding hosting accounts, contact your Service Workbench Administrator if you have not performed these steps before.

  2. After running the update, import and use the newly available Service Catalog product versions for workspace types (latest version numbers) to benefit from the enhanced security.

  3. ONLY Customers that have created custom workspace types: It is possible that the permissions boundaries would prevent actions that were formerly allowed. You should plan to validate your custom workspace types after the update. Issues should be addressed by modifying the custom workspaces to work within the permissions granted, or modify the permissions boundary for your installation (this would require a change to Service Workbench code (specifically the IAM policies that are attached as the permissions boundary) for your install). Note: Any existing custom or non-custom workspaces types (for example, EC2 Linux/Windows, EMR, SageMaker, R Studio) are not impacted by this upgrade.

[2.2.0] - 2021-04-12

Added

  • feat: Display SWB Version in UI's Top Bar
  • fix: Fix cost dashboard bugs

[2.1.5] - 2021-04-08

Added

  • fix: Ensure sdk retry logic is enabled in prod
  • docs: Readme updated
  • fix: assume role on added member account

[2.1.4] - 2021-04-06

Added

  • fix: managing pnpm version for nodejs compatibility

[2.1.3] - 2021-04-06

Added

  • fix: adding required AppDeployer permissions
  • chore: package dependency updates
  • fix: added X-ray support and fix CWL IAM permissions

If you have been using CI/CD pipeline, please redeploy the pipeline stack to incorporate this fix by following the steps listed on the main/cicd/README.md file.

[2.1.2] - 2021-04-01

Added

  • fix: managing AppDeployer role permission boundary
  • fix: CW log resources corrected in backend CFN template
  • refactor: restrict ApiHandler role permissions
  • refactor: restrict WorkflowLoopRunner role permissions
  • refactor: restrict CrossAcctExec role permissions
  • chore: team email removed from feedback section in readme
  • chore: updates to npm dependencies

If you have been using CI/CD pipeline, please redeploy the pipeline stack to incorporate this fix by following the steps listed on the main/cicd/README.md file.

[2.1.1] - 2021-03-19

Added

  • chore: Enable SSE-S3 when registering buckets in BYOB
  • refactor: restrict data source reachability Lambda role
  • fix: Add 'reachable' and 'error' status to reachability check schema
  • fix: added region parameter reference to elasticmapreduce bucket references

[2.1.0] - 2021-03-12

Added

  • fix: Upgraded react-dev-utils yarn dependency version
  • feat: Added Bring Your Own Bucket(BYOB) functionality
  • feat: Added integration testing for all APIs
  • feat: Added OpenAPI documentation
  • feat: Removed unused APIs- listWorkflowInstancesByStatus and createAuthenticationProviderConfig

[2.0.3] - 2021-03-12

Added

  • chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4
  • test: fix flaky integ tests
  • fix: emr workspace image. Lock jupyterlab to version 2.2.6
  • test: Implemented integration tests for service catalog workspaces
  • feat: verbose integ test log

[2.0.2] - 2021-03-03

Added

  • fix: SageMaker environment status update
  • fix: Validate Open Data ARNs
  • test: Integration test components and framework
  • chore: Dependency version bump

[2.0.1] - 2021-02-08

Added

  • fix: Added usernameInIdp property to update user schema
  • fix: Made external researcher used UserOnboarding template less permissive
  • fix: labeler yml syntax
  • chore: add PR size labeler

We recommend to apply this patch as soon as possible

[2.0.0] - 2021-01-29

Added

  • feat: Adding ability to manage CIDR blocks of workspace's configured security group

Note:

  1. This feature has added permissions to the onboard-account template and requires re-onboarding existing member accounts. Please contact your system administrator for the same.
  2. For RStudio instances, please allow 2-5 minutes for CIDR changes to take effect.
  3. For SageMaker instances, currently application admins and workspace owners have ability to access the SageMaker platform directly, irrespective of CIDR inclusion.
  • feat: Remove APIs for built-in workspaces

[1.4.7] - 2021-01-28

Added

  • fix: Fix a bug on the update user API

We recommend to apply this patch as soon as possible

[1.4.6] - 2021-01-15

Added

  • fix: Add tables back to cloudformation and don't authorize API Keys

We recommend to apply this patch as soon as possible

[1.4.5] - 2021-01-14

Added

  • fix: remove API Keys functionality

We recommend to apply this patch as soon as possible

[1.4.4] - 2021-01-13

Added

  • fix: open data scraper bugfix
  • docs: improvements to deployment documentation
  • fix: Upload Files button disappears for R/W users
  • feat: install R3.6 and system packages required for dev
  • fix: file not found error in download-env-config script
  • test: Add github workflow for e2etest run
  • feat: modify filter criteria for Open Data
  • docs: delete dead links
  • fix: changed RStudio server CSP headers to allow uploads from same-origin

[1.4.3] - 2020-11-24

Added

  • feat: Support Read/Write Study mounts for EC2 Windows

[1.4.2] - 2020-11-23

Added

  • fix: Fix a bug on the update study API

We recommend to apply this patch as soon as possible

[1.4.1] - 2020-11-18

Added

  • fix: Handling policy names for windows envs
  • fix: Fix a bug on the create study API

We recommend to apply this patch as soon as possible

[1.4.0] - 2020-11-13

Added

  • feat: Study Read/Write and Permission propagation (Goofys)
  • feat: Read/Only study mounts on AWS Service Catalog based EC2 Windows workspaces

[1.3.2] - 2020-10-23

Added

  • fix: Adding dependencies for Dynamo table creation to prevent install crash
  • fix: Query string parameters were getting duplicated in the url
  • feat: Pre-install git on RStudio workspaces

[1.3.1] - 2020-10-20

Added

  • chore: Create better env delete logs
  • fix: Apply version name to products out of the box
  • fix: changing rstudio check-idle logic
  • fix: Cognito user pool domain name clashing issue
  • fix(End to End test): When creating a workspace, select project by class item
  • fix: Sagemaker instances respect CIDR blocks that are provided to the instance
    • For existing service workbench deployments you will need to import Sagemaker as a workspace type again to mitigate the risk of exposing workspaces to all IPs
    • Existing Sagemaker workspaces will continue to have this issue

[1.3.0] - 2020-10-09

Added

  • feat: manual stop and start functionality for EC2 Linux, EC2 Windows, RStudio and Sagemaker workspaces
  • feat: auto stop functionality for SageMaker and RStudio workspaces
  • bugfix: outdated lock file
  • doc: update deployment and post-deployment documentation

[1.2.0] - 2020-09-29

Added

  • feat: user id change. We will be using a uid going forward as a user identity
  • feat(backend): Also allow UPLOAD access for users with write access
  • bugfix: rethrow unknown exceptions
  • bugfix: rstudio connection fix, removing appsteam
  • bugfix: metaconnection check for rstudio

[1.1.0] - 2020-09-11

Added

  • Add budget integration - Admin users can set up budget and alert notifications for AWS member accounts on-boarded with Service Workbench
  • Adding RStudio Service Catalog product - Users can now use RStudio in Service Catalog

[1.0.1] - 2020-08-31

Added

  • Bug fix for Service Catalog product artifact creation (occurs when CfN template is edited in-place)

[1.0.0] - 2020-08-28

Added

  • Initial launch! 🚀