ufo 5.0.7 → 6.0.0

data/.circleci/bin/commit_docs.sh

@@ -1,26 +0,0 @@
-#!/bin/bash -eux
-
-# Even though specs also generate docs, lets run again to ensure clean slate
-rake docs
-
-out=$(git status docs)
-if [[ "$out" = *"nothing to commit"* ]]; then
-  exit
-fi
-
-COMMIT_MESSAGE="docs updated by circleci"
-
-# If the last commit already updated the docs, then exit.
-# Preventable measure to avoid infinite loop.
-if git log -1 --pretty=oneline | grep "$COMMIT_MESSAGE" ; then
-  exit
-fi
-
-# If reach here, we have some changes on docs that we should commit.
-# Even though s
-git add docs
-git commit -m "$COMMIT_MESSAGE"
-
-# https://makandracards.com/makandra/12107-git-show-current-branch-name-only
-current_branch=$(git rev-parse --abbrev-ref HEAD)
-git push origin "$current_branch"

data/.circleci/config.yml

@@ -1,78 +0,0 @@
-# Ruby CircleCI 2.0 configuration file
-#
-# Check https://circleci.com/docs/2.0/language-ruby/ for more details
-#
-version: 2
-jobs:
-  build:
-    docker:
-      # specify the version you desire here
-      - image: circleci/ruby:2.5.0-node-browsers
-
-      # Specify service dependencies here if necessary
-      # CircleCI maintains a library of pre-built images
-      # documented at https://circleci.com/docs/2.0/circleci-images/
-      # - image: circleci/postgres:9.4
-
-    working_directory: ~/repo
-
-    steps:
-      - checkout
-
-      - run:
-          name: submodule sync
-          command: |
-            git submodule sync
-            git submodule update --init
-
-      # Download and cache dependencies
-      - restore_cache:
-          keys:
-          - v1-dependencies-{{ checksum "Gemfile" }}
-          # fallback to using the latest cache if no exact match is found
-          - v1-dependencies-
-
-      # Thanks: https://discuss.circleci.com/t/using-bundler-2-0-during-ci-fails/27411/3
-      - run:
-          name: configure bundler
-          command: |
-            echo 'export BUNDLER_VERSION=$(cat Gemfile.lock | tail -1 | tr -d " ")' >> $BASH_ENV
-            source $BASH_ENV
-            gem install bundler
-
-      - run:
-          name: install dependencies
-          command: |
-            bundle install --jobs=4 --retry=3 --path vendor/bundle
-
-      - save_cache:
-          paths:
-            - ./vendor/bundle
-          key: v1-dependencies-{{ checksum "Gemfile" }}
-
-      # specs need git configured ad commit_docs.sh required it also
-      - run:
-          name: configure git
-          command: |
-            git config --global user.email "tongueroo@gmail.com"
-            git config --global user.name "Tung Nguyen"
-
-      # run tests!
-      - run:
-          name: run tests
-          command: |
-            mkdir /tmp/test-results
-            bundle exec rspec
-
-      - run:
-          name: commit cli reference docs
-          command: |
-            chmod a+x -R .circleci/bin
-            .circleci/bin/commit_docs.sh
-
-      # collect reports
-      - store_test_results:
-          path: /tmp/test-results
-      - store_artifacts:
-          path: /tmp/test-results
-          destination: test-results

data/docs/.gitignore

@@ -1,5 +0,0 @@
-_site
-.sass-cache
-.jekyll-metadata
-Gemfile.lock
-_config-dev.yml

data/docs/CNAME

@@ -1 +0,0 @@
-ufoships.com

data/docs/Gemfile

@@ -1,4 +0,0 @@
-source "https://rubygems.org"
-
-gem "jekyll"
-gem "webrick"

data/docs/LICENSE

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2017 BoltOps
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

data/docs/README.md

@@ -1,20 +0,0 @@
-# Ufo Documentation
-
-This project powers the ufo documementation website: [ufoships.com](http://ufoships.com).  It is a static website generated by [Jekyll](https://jekyllrb.com/).
-
-## Contributing
-
-For minor changes like typos, you can click **Suggest an edit to this page**, located at the bottom of each article. This will take you to the source file on GitHub, where you can submit a pull request for your change through the UI.
-
-## Local Setup
-
-For larger fixes, you can run the site locally with the following:
-
-```
-git clone https://github.com/tongueroo/ufo.git
-cd ufo/docs
-bundle
-bin/web # runs jekyll clean and jekyll serve
-```
-
-You'll be able to view the site on [http://localhost:4000](http://localhost:4000).

data/docs/_config.yml

@@ -1,75 +0,0 @@
-# Site settings
-title: UFO ECS Deploy Tool
-email: tongueroo@gmail.com
-url: http://ufoships.com
-description: "AWS ECS Deploy Tool"
-keywords: "AWS EC2 Container Service, AWS ECS, UFO, Deploy to ECS, ufo ship"
-skills: ""
-meta_author: Tung Nguyen
-
-# Google webmaster tools
-google_verify:
-google_analytics: UA-98684555-4
-
-# https://ssl.bing.com/webmaster/configure/verify/ownership Option 2 content= goes here
-bing_verify:
-
-# Contact form:
-# - static : pass through formspree.io to validate email sending
-# - disqus : replace contact form by disqus thread
-# - comment the line below if you want to stick with the default PHP contact form
-contact: static
-
-# If you use disqus you need disqus shortname
-# https://help.disqus.com/customer/portal/articles/466208
-disqus_shortname:
-
-# Color settings (hex-codes without the leading hash-tag)
-color:
-  primary: FFF
-  primary-rgb: "24,288,156" #"128,179,255"
-  secondary: 2c3e50 #FD6E8A
-  secondary-dark: 233140 #A2122F
-  links: 0275d8
-
-# Footer settings
-footer:
-  copyright: BoltOps, LLC
-  location: San Francisco, CA
-  social: BoltOps
-  credits:
-  contact: contact@boltops.com
-  phone:
-
-# Social networks usernames (many more available: google-plus, flickr, dribbble, pinterest, instagram, tumblr, linkedin, etc.)
-social:
-  - title: twitter
-    url: http://twitter.com/boltopslabs
-  - title: github
-    url: http://github.com/boltopslabs
-
-# Credits content
-credits: 'BoltOps, LLC'
-
-# Build settings
-markdown: kramdown
-permalink: pretty
-
-gh_url: "https://github.com/tongueroo/ufo"
-
-collections:
-  docs:
-    name: "Documentation"
-    output: true
-  reference:
-    name: "Reference"
-    output: true
-
-defaults:
-  - values:
-      layout: default
-
-plugins_dir:
- - jekyll-coffeescript
-
-ads_url: "https://ads.boltops.com"

data/docs/_docs/aws-ecs-task-execution-role.md

@@ -1,28 +0,0 @@
----
-title: Create ecsTaskExecutionRole with AWS CLI
----
-
-Here are commands you can copy and paste to create the `ecsTaskExecutionRole` IAM role:
-
-    cat > /tmp/task-execution-assume-role.json <<EOL
-    {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Sid": "",
-          "Effect": "Allow",
-          "Principal": {
-            "Service": "ecs-tasks.amazonaws.com"
-          },
-          "Action": "sts:AssumeRole"
-        }
-      ]
-    }
-    EOL
-    aws iam create-role --role-name ecsTaskExecutionRole --assume-role-policy-document file:///tmp/task-execution-assume-role.json
-    aws iam attach-role-policy --role-name ecsTaskExecutionRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
-
-This is based from [Tutorial: Creating a Cluster with a Fargate Task Using the Amazon ECS CLI](https://docs.amazonaws.cn/en_us/AmazonECS/latest/userguide/ecs-cli-tutorial-fargate.html).
-
-Also for a tutorial on how to create this `ecsTaskExecutionRole` via the AWS IAM Console: [Amazon ECS Task Execution IAM Role
-](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html).

data/docs/_docs/conventions.md

@@ -1,47 +0,0 @@
----
-title: Conventions
-nav_order: 22
----
-
-Ufo uses a set of naming conventions.  This helps enforce some best practices and also allows the ufo commands to be concise.  You can override or bypass the conventions easily.
-
-## UFO_ENV to ECS Cluster Convention
-
-By default, the ECS cluster value is the same as UFO_ENV's value.  So if `UFO_ENV=production` then the ECS Cluster is `production` and if `UFO_ENV=development` then the ECS Cluster is `development`.  You can override this convention by specifying the `--cluster` CLI option.  You can also override this behavior with [settings.yml]({% link _docs/settings.md %}) to spare you from having to type `--cluster` repeatedly.
-
-## Service and Task Names Convention
-
-Ufo assumes a convention that service\_name and the task\_name are the same. If you would like to override this convention, then you can specify the task name.
-
-```
-ufo ship demo-web --task my-task
-```
-
-This means that in the task_definition.rb you will also define it with `my-task`.  For example:
-
-```ruby
-task_definition "my-task" do
-  source "web" # this corresponds to the file in "ufo/templates/web.json.erb"
-  variables(
-    family: "my-task",
-    ....
-  )
-end
-
-```
-
-## Web Service Load Balancer Convention
-
-By convention, if the service has a container named "web", ufo will automatically create an ELB.  If you would like to name a service with the word "web" without an ELB, specify `--elb false`.  Example:
-
-```sh
-ufo ship demo-web --elb false
-```
-
-You can also use an existing ELB by specifying the target group arn as the value of the `--elb` option. Example:
-
-```bash
-ufo ship demo-web --elb arn:aws:elasticloadbalancing:us-east-1:12345689:targetgroup/demo-web/12345
-```
-
-{% include prev_next.md %}

data/docs/_docs/extras/codebuild-iam-role.md

@@ -1,46 +0,0 @@
----
-title: CodeBuild IAM Role
-nav_order: 35
----
-
-Note, the `/tmp/ecs-deploy-policy.json` policy is available at [Minimal Deploy IAM]({% link _docs/extras/minimal-deploy-iam.md %}).
-
-## Existing IAM Role
-
-If you're using CodeBuild with `ufo ship` to handle deployments, you can use the same policy for the role that you assign to the the CodeBuild project and attach it to the the CodeBuild service IAM role that is usually created with the CodeBuild Console wizard.  For example, of the IAM role was called `codebuild-myapp-service-role`:
-
-    aws iam put-role-policy --role-name codebuild-myapp-service-role --policy-name EcsDeployPolicy --policy-document file:///tmp/ecs-deploy-policy.json
-    aws iam get-role-policy --role-name codebuild-myapp-service-role --policy-name EcsDeployPolicy
-
-The `put-role-policy` command adds a *inline* policy to the existing IAM role.
-
-## New IAM Role
-
-If you are creating the IAM role for CodeBuild yourself from scratch these commands will be helpful:
-
-Create the policy document:
-
-    cat << 'EOF' > /tmp/role-trust-policy.json
-    {
-      "Version": "2012-10-17",
-      "Statement": [{
-        "Action": "sts:AssumeRole",
-        "Principal": {
-          "Service": "codebuild.amazonaws.com"
-        },
-        "Effect": "Allow",
-        "Sid": ""
-      }]
-    }
-    EOF
-
-Create the IAM resources:
-
-    aws iam create-role --role-name EcsDeployRole --assume-role-policy-document file:///tmp/role-trust-policy.json
-    aws iam create-policy --policy-name EcsDeployPolicy --policy-document file:///tmp/ecs-deploy-policy.json
-    ACCOUNT=$(aws sts get-caller-identity | jq -r '.Account')
-    aws iam attach-role-policy --policy-arn arn:aws:iam::$ACCOUNT:policy/EcsDeployPolicy --role-name EcsDeployRole
-
-The `attach-role-policy` command attaches a Customer Managed IAM policy to the IAM role. This is a little more reusable than using an inline policy.
-
-{% include prev_next.md %}

data/docs/_docs/extras/dockerfile-erb.md

@@ -1,60 +0,0 @@
----
-title: Dynamic Dockerfile.erb
-nav_order: 36
----
-
-Sometimes you may need a little more dynamic control of your Dockerfile. For these cases, ufo supports dynamically creating a Dockerfile from a Dockerfile.erb.  If Dockerfile.erb exists, ufo uses it to generate a Dockerfile as a part of the build process.  These means that you should update the source Dockerfile.erb instead, as the Dockerfile will be overwritten.  If Dockerfile.erb does not exist, then ufo will use the Dockerfile instead.
-
-## Example
-
-The Dockerfile.erb has access to variables defined in `dockerfile_variables.yml`. The variables should be defined underneath a `UFO_ENV` key. Examples:
-
-.ufo/settings/dockerfile_variables.yml:
-
-```yaml
----
-development:
-  base_image: 112233445566.dkr.ecr.us-west-1.amazonaws.com/demo/sinatr:base-2019-06-10T03-22-34-f91cdd350
-production:
-  base_image: 778899001122.dkr.ecr.us-west-1.amazonaws.com/demo/sinatr:base-2019-06-10T03-23-34-abccddxzy
-```
-
-Note, the `base_image` key is automatically updated by [ufo docker base](http://ufoships.com/reference/ufo-docker-base/) when Dockerfile.erb exists.
-
-Here's what the `Dockerfile.erb` looks like:
-
-```Dockerfile
-FROM <%= @base_image %>
-# ...
-CMD ["bin/web"]
-```
-
-When `UFO_ENV=production`, it'll produce the following.
-
-Dockerfile:
-
-```Dockerfile
-FROM 778899001122.dkr.ecr.us-west-1.amazonaws.com/demo/sinatr:base-2019-06-10T03-23-34-abccddxzy
-# ...
-CMD ["bin/web"]
-```
-
-The above example demonstrates a good use-case. You may want a different FROM statement in your Dockerfile on a per-environment basis.  In this case, we're using different ECR repositories from different AWS accounts for development vs. production. The FROM statement changes based on which AWS account you're using.
-
-## General Steps
-
-The general steps are:
-
-1. Create a Dockerfile.erb with `<%= @base_image %>`
-2. Run: `ufo docker base` to generate `dockerfile_variables.yml`
-3. Run: `ufo docker build` to build a Dockerfile. Note, the `ufo ship` command also builds the Dockerfile.
-
-Remember when using the Dockerfile.erb, the Dockerfile is generated and overwritten. So you should update the Dockerfile.erb.
-
-## Build Args
-
-Why not use [build args](https://www.jeffgeerling.com/blog/2017/use-arg-dockerfile-dynamic-image-specification)?
-
-Ufo uses a YAML file so users will not have to remember to provide the build arg. It is also easy to update the `dockerfile_variables.yml` with the `ufo docker base` command.
-
-{% include prev_next.md %}

data/docs/_docs/extras/ecs-network-mode.md

@@ -1,37 +0,0 @@
----
-title: ECS Network Mode
-nav_order: 30
----
-
-## Pros and Cons: bridge network mode
-
-With network bridge mode, the Docker containers of multiple services share the EC2 container instance's security group. So you have less granular control over opening ports for specific services only. For example, let’s say service A and B both are configured use bridge network mode. If you open up port 3000 for service A, it will also open up port 3000 for service B because they use the same security group at the EC2 instance level.
-
-One advantage of bridge mode is you can use dynamic port mapping and do not have to worry about network card limits.
-
-## Pros and Cons: awsvpc mode
-
-With awsvpc network mode, you must consider the limit of ethernet cards for the instance type. If the instance supports ENI Trunking, then this is limit is decently large. However, if the instance does not support ENI Trunking, then the ENI limit is rather small.
-
-For ENI Trunking Task limits per instance: [Elastic Network Interface Trunking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html)
-
-For example, a m5.large instance has a limit of 10 tasks per instance.
-For EC2 instances that do not support ENI Trunking,
-the table that lists the limits are under section the aws EC2 docs under [IP Addresses Per Network Interface Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html)
-
-For example, a t3.small instance has a limit of 3 ethernet cards. This means, at most, you can run 2 ECS tasks on that instance in awsvpc network mode, since one network card is already used by the host.
-
-In awsvpc mode, each ECS task gets its own network card. The advantage is there’s more granular control of the permissions per ECS service. For example, when service A and B are using awsvpc mode, they can have different security groups associated with them. In this mode, ufo creates a security group and sets up the permissions so the load balancer can talk to the containers.  You can also add additional security groups to the `.ufo/settings/network/default.yml` config.
-
-The following table summarizes the pros and cons:
-
-Network mode | Pros | Cons
---- | ---
-bridge | The numbers of containers you can run will not be limited due to EC2 instance network cards limits. | Less fine grain security control over security group permissions with multiple ECS services.
-awsvpc | Fine grain security group permissions for each ECS service. | The number of containers can be limited by the number of network cards the EC2 instance type supports.
-
-## Recommendation
-
-It is generally recommended to use awsvpc mode with ENI trunking supported instances. You get the best of both worlds in this situation: a strong security posture as well as container density.
-
-{% include prev_next.md %}

data/docs/_docs/extras/load-balancer.md

@@ -1,83 +0,0 @@
----
-title: Load Balancer Support
-nav_order: 28
----
-
-Ufo can automatically create a load balancer and associate it with an ECS service.  The options:
-
-1. Create an ELB.
-2. Use existing ELB by providing a target group arn.
-3. Do not create an ELB.
-
-## Examples
-
-Here are examples of each of them:
-
-    # Create an ELB
-    ufo ship demo-web --elb=true
-
-    # Use existing target group from pre-created ELB
-    ufo ship demo-web --elb=arn:aws:elasticloadbalancing:us-east-1:123456789:targetgroup/target-name/2378947392743
-
-    # Disable creating ELB
-    ufo ship demo-web --elb=false
-
-## Web Service Convention
-
-By convention, if the container name is 'web' in the task definition. Deployments of new services will automatically create a load balancer.  So if the task definition looks something like the following then a load balancer will automatically be created:
-
-```json
-{
-    "containerDefinitions": [
-        {
-            "name": "web",
-...
-```
-
-The behavior can be disabled with `--elb=false` for web containers.
-
-    ufo ship demo-web --elb=false
-
-For non-web container the `--elb` option must be explicitly set to `--elb=true` if you want a load balancer to be created.
-
-## ELB Retained
-
-Ufo retains the ELB setting.  So future `ufo ship` commands will not suddenly remove the load balancer.  If you need to change the elb setting, then you need to explicitly set a new `--elb` value.
-
-Important: Adding and removing load balancers will change the ELB DNS.  Please take pre-caution using the elb options.  This risk is mitigated if you have configured [Route53 support]({% link _docs/extras/route53-support.md %}).
-
-## ELB Types: Application and Network
-
-Ufo supports application and network load balancer types.  To specify the type use `--elb-type`.  Examples:
-
-    ufo ship demo-web --elb-type network
-    ufo ship demo-web --elb-type application # default
-
-## ELB Static IP addresses for Network Load Balancers
-
-Network load balancers support static EIP address. You can create a network load balancer using pre-allocated EIP addresses with the the `--elb-eip-ids` option. Example:
-
-    ufo deploy demo-web --elb-eip-ids eipalloc-a8de9ca1 eipalloc-a8de9ca2
-
-If you use the `--elb-eip-ids` option, ufo assumes you want an `--elb-type=network` since only network load balancers support EIPs.
-
-When specifying the `--elb-eip-ids` option, the list length must be the same as the number of subnets configured in your `.ufo/settings/network/default.yml` profile.  The `--elb-eip-ids` setting is optional. If you do not specify it, a network load balancer will still be created.
-
-If you need to change the EIPs for existing services, you might get a "TargetGroup cannot be associated with more than one load balancer" error. To work around this you can set the env variable `UFO_FORCE_TARGET_GROUP=1` which will force a re-creation of the target group.
-
-    UFO_FORCE_TARGET_GROUP=1 ufo deploy demo-web --elb-eip-ids eipalloc-ac226fa4 eipalloc-b5206dbd
-
-To remove the EIPs but still keep the network load balancer, you can specify either:
-
-    UFO_FORCE_TARGET_GROUP=1 ufo deploy demo-web --elb-eip-ids ' ' --elb-type network
-    UFO_FORCE_TARGET_GROUP=1 ufo deploy demo-web --elb-eip-ids 'empty' --elb-type network
-
-Note be careful using the UFO_FORCE_TARGET_GROUP option. If the deploy fails, then the CloudFormation stack rolls back and can leave the target group with healthy targets resulting in downtime. If it's an production service and you are changing the load balancer type or eip IPs, it is recommended to instead create a temporary additional ECS service, do a DNS switch, and then remove the old ECS.
-
-## Load Balancer Implementation
-
-Under the hood, ufo implements load balancer support with CloudFormation. You can see these resources by visiting the CloudFormation console and clicking on the corresponding stack.  Here's an example:
-
-<img src="/img/docs/cloudformation-resources.png" class="doc-photo" />
-
-{% include prev_next.md %}

data/docs/_docs/extras/minimal-deploy-iam.md

@@ -1,79 +0,0 @@
----
-title: Minimal Deploy IAM Policy
-nav_order: 34
----
-
-The IAM user you use to run the `ufo ship` command needs a minimal set of IAM policies in order to deploy to ECS. Here is a table of the baseline services needed:
-
-Service | Description
---- | ---
-CloudFormation | To create the CloudFormation stack that then creates the most of the AWS resources that Ufo creates like ECS service and the ELB.
-EC2 | To describe subnets associated with VPC. Used to configured subnets to use for ECS tasks and ELBs.
-ECR | To pull and push to the ECR registry.  If you're using DockerHub this permission is not required.
-ECS | To create ECS service, task definitions, etc.
-ElasticloadBalancing | To create the ELB and related load balancing resoures like Listeners and Target Groups.
-ElasticloadBalancingV2 | To create the ELB and related load balancing resoures like Listeners and Target Groups.
-Logs | To write to CloudWatch Logs.
-Route53 | To create vanity DNS endpoint when using [Route53 setting]({% link _docs/extras/route53-support.md %}).
-
-## Instructions
-
-It is recommended that you create an IAM group and associate it with the IAM users that need access to use `ufo ship`.  Here are starter instructions and a policy that you can tailor for your needs:
-
-### Commands Summary
-
-Here's a summary of the commands:
-
-    aws iam create-group --group-name Ufo
-    cat << 'EOF' > /tmp/ecs-deploy-policy.json
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Action": [
-                    "cloudformation:*",
-                    "ec2:*",
-                    "ecr:*",
-                    "ecs:*",
-                    "elasticloadbalancing:*",
-                    "elasticloadbalancingv2:*",
-                    "logs:*",
-                    "route53:*"
-                ],
-                "Resource": "*",
-                "Effect": "Allow"
-            },
-            {
-                "Action": [
-                    "iam:PassRole"
-                ],
-                "Effect": "Allow",
-                "Resource": "*",
-                "Condition": {
-                    "StringLike": {
-                        "iam:PassedToService": [
-                            "ecs-tasks.amazonaws.com"
-                        ]
-                    }
-                }
-            }
-        ]
-    }
-    EOF
-    aws iam put-group-policy --group-name Ufo --policy-name UfoPolicy --policy-document file:///tmp/ecs-deploy-policy.json
-
-Then create a user and add the user to IAM group. Here's an example:
-
-    aws iam create-user --user-name tung
-    aws iam add-user-to-group --user-name tung --group-name Ufo
-
-## CodeBuild IAM Role
-
-If you are using CodeBuild to deploy, you'll probably be interested the IAM policy for the CodeBuild project: [CodeBuild IAM Role]({% link _docs/extras/codebuild-iam-role.md %})
-
-## ECS Task IAM Policy vs User Deploy IAM Policy
-
-This page refers to your **user** IAM policy used when running `ufo ship`. These are different from the IAM Policies associated with ECS Task.  For those iam policies refer to [IAM Roles for Tasks
-](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
-
-{% include prev_next.md %}

data/docs/_docs/extras/notification-arns.md

@@ -1,21 +0,0 @@
----
-title: Notification ARNs
-categories: extras
-nav_order: 37
----
-
-You can specific notification arns for CloudFormation stack related events with [configs/settings.yml]({% link _docs/settings.md %}). This may be useful for compliance purposes.
-
-## Example
-
-configs/settings.yml
-
-```yaml
-base:
-  notification_arns:
-  - arn:aws:sns:us-west-2:112233445566:my-sns-topic1
-```
-
-This will set the `notification_arns` option as the CloudFormation stack created by `ufo ship`.
-
-{% include prev_next.md %}