ufo 4.4.0 → 4.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/docs/_docs/{ecs-network-mode.md → extras/ecs-network-mode.md} +0 -0
- data/docs/_docs/{load-balancer.md → extras/load-balancer.md} +1 -1
- data/docs/_docs/extras/minimal-deploy-iam.md +82 -0
- data/docs/_docs/{redirection-support.md → extras/redirection-support.md} +1 -1
- data/docs/_docs/{route53-support.md → extras/route53-support.md} +0 -0
- data/docs/_docs/{security-groups.md → extras/security-groups.md} +0 -0
- data/docs/_docs/{ssl-support.md → extras/ssl-support.md} +0 -0
- data/docs/_docs/faq.md +1 -1
- data/docs/_docs/{auto-completion.md → more/auto-completion.md} +0 -0
- data/docs/_docs/{automated-cleanup.md → more/automated-cleanup.md} +0 -0
- data/docs/_docs/{customize-cloudformation.md → more/customize-cloudformation.md} +0 -0
- data/docs/_docs/{migrations.md → more/migrations.md} +0 -0
- data/docs/_docs/{run-in-pieces.md → more/run-in-pieces.md} +0 -0
- data/docs/_docs/{single-task.md → more/single-task.md} +0 -0
- data/docs/_docs/{stuck-cloudformation.md → more/stuck-cloudformation.md} +0 -0
- data/docs/_docs/{why-cloudformation.md → more/why-cloudformation.md} +0 -0
- data/docs/_docs/next-steps.md +1 -1
- data/docs/_docs/upgrading/upgrade4.4.md +1 -1
- data/docs/_docs/upgrading/upgrade4.md +1 -1
- data/docs/_includes/subnav.html +18 -15
- data/docs/articles.md +1 -1
- data/lib/ufo/ship.rb +1 -0
- data/lib/ufo/version.rb +1 -1
- metadata +17 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9831eec0e5a8f8a604c5ea4b029dd649b058e97f
|
4
|
+
data.tar.gz: c0419936a5041b7b195ad4af5e81d1fb034ceca0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '08edd4ec8da658d61ee42f42101bdf1bff64328c014a8be77b9e8ded8cbb726bb38935210f37c59b2258426e793ab377986bd457c1c6c637d00279ceffe70e6d'
|
7
|
+
data.tar.gz: a23f2ace2f336622f4442092f6e83475bb47585e276943526ea1293419330713658b85995d54c44414b09dcabfd4c14411da191097ccc16a26c0b6c7a21f0db2
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,10 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [4.4.1]
|
7
|
+
- return correct exit code 1 when cloudformation deploy fails
|
8
|
+
- update docs: organize better into subfolders
|
9
|
+
|
6
10
|
## [4.4.0]
|
7
11
|
- #71 from gurpreetatwal/patch-1 remove extra slash from URL
|
8
12
|
- #73 organize docs better into subfolders
|
data/Gemfile.lock
CHANGED
File without changes
|
@@ -44,7 +44,7 @@ For non-web container the `--elb` option must be explicitly set to `--elb=true`
|
|
44
44
|
|
45
45
|
Ufo retains the ELB setting. So future `ufo ship` commands will not suddenly remove the load balancer. If you need to change the elb setting, then you need to explicitly set a new `--elb` value.
|
46
46
|
|
47
|
-
Important: Adding and removing load balancers will change the ELB DNS. Please take pre-caution using the elb options. This risk is mitigated if you have configured [Route53 support]({% link _docs/route53-support.md %}).
|
47
|
+
Important: Adding and removing load balancers will change the ELB DNS. Please take pre-caution using the elb options. This risk is mitigated if you have configured [Route53 support]({% link _docs/extras/route53-support.md %}).
|
48
48
|
|
49
49
|
## ELB Types: Application and Network
|
50
50
|
|
@@ -0,0 +1,82 @@
|
|
1
|
+
---
|
2
|
+
title: Minimal Deploy IAM Policy
|
3
|
+
nav_order: 28
|
4
|
+
---
|
5
|
+
|
6
|
+
The IAM user you use to run the `ufo ship` command needs a minimal set of IAM policies in order to deploy to ECS. Here is a table of the baseline services needed:
|
7
|
+
|
8
|
+
Service | Description
|
9
|
+
--- | ---
|
10
|
+
CloudFormation | To create the CloudFormation stack that then creates the most of the AWS resources that Ufo creates like ECS service and the ELB.
|
11
|
+
EC2 | To describe subnets associated with VPC. Used to configured subnets to use for ECS tasks and ELBs.
|
12
|
+
ECR | To pull and push to the ECR registry. If you're using DockerHub this permission is not required.
|
13
|
+
ECS | To create ECS service, task definitions, etc.
|
14
|
+
ElasticloadBalancing | To create the ELB and related load balancing resoures like Listeners and Target Groups.
|
15
|
+
ElasticloadBalancingV2 | To create the ELB and related load balancing resoures like Listeners and Target Groups.
|
16
|
+
Logs | To write to CloudWatch Logs.
|
17
|
+
Route53 | To create vanity DNS endpoint when using [Route53 setting]({% link _docs/extras/route53-support.md %}).
|
18
|
+
|
19
|
+
## Instructions
|
20
|
+
|
21
|
+
It is recommended that you create an IAM group and associate it with the IAM users that need access to use `jets deploy`. Here are starter instructions and a policy that you can tailor for your needs:
|
22
|
+
|
23
|
+
### Commands Summary
|
24
|
+
|
25
|
+
Here's a summary of the commands:
|
26
|
+
|
27
|
+
aws iam create-group --group-name Ufo
|
28
|
+
cat << 'EOF' > /tmp/ecs-deploy-policy.json
|
29
|
+
{
|
30
|
+
"Version": "2012-10-17",
|
31
|
+
"Statement": [
|
32
|
+
{
|
33
|
+
"Action": [
|
34
|
+
"cloudformation:*",
|
35
|
+
"ec2:*",
|
36
|
+
"ecr:*",
|
37
|
+
"ecs:*",
|
38
|
+
"elasticloadbalancing:*",
|
39
|
+
"elasticloadbalancingv2:*",
|
40
|
+
"logs:*",
|
41
|
+
"route53:*"
|
42
|
+
],
|
43
|
+
"Resource": "*",
|
44
|
+
"Effect": "Allow"
|
45
|
+
},
|
46
|
+
{
|
47
|
+
"Action": [
|
48
|
+
"iam:PassRole"
|
49
|
+
],
|
50
|
+
"Effect": "Allow",
|
51
|
+
"Resource": "*",
|
52
|
+
"Condition": {
|
53
|
+
"StringLike": {
|
54
|
+
"iam:PassedToService": [
|
55
|
+
"ecs-tasks.amazonaws.com"
|
56
|
+
]
|
57
|
+
}
|
58
|
+
}
|
59
|
+
}
|
60
|
+
]
|
61
|
+
}
|
62
|
+
EOF
|
63
|
+
aws iam put-group-policy --group-name Ufo --policy-name UfoPolicy --policy-document file:///tmp/ecs-deploy-policy.json
|
64
|
+
|
65
|
+
Then create a user and add the user to IAM group. Here's an example:
|
66
|
+
|
67
|
+
aws iam create-user --user-name tung
|
68
|
+
aws iam add-user-to-group --user-name tung --group-name Ufo
|
69
|
+
|
70
|
+
## CodeBuild
|
71
|
+
|
72
|
+
If you're using CodeBuild with `ufo ship` to handle deployments, you can use the same policy for the role that you assign to the the CodeBuild project and attach it to the the CodeBuild service IAM role that is usually created with the CodeBuild Console wizard. For example, of the IAM role was called `codebuild-myapp-service-role`:
|
73
|
+
|
74
|
+
aws iam put-role-policy --role-name codebuild-myapp-service-role --policy-name EcsDeployPolicy --policy-document file:///tmp/ecs-deploy-policy.json
|
75
|
+
aws iam get-role-policy --role-name codebuild-myapp-service-role --policy-name EcsDeployPolicy
|
76
|
+
|
77
|
+
## ECS Task IAM Policy vs User Deploy IAM Policy
|
78
|
+
|
79
|
+
This page refers to your **user** IAM policy used when running `ufo ship`. These are different from the IAM Policies associated with ECS Task. For those iam policies refer to [IAM Roles for Tasks
|
80
|
+
](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
|
81
|
+
|
82
|
+
{% include prev_next.md %}
|
@@ -5,7 +5,7 @@ nav_order: 27
|
|
5
5
|
|
6
6
|
## Application Load Balancers
|
7
7
|
|
8
|
-
If you are using an Application Load Balancer you can configure redirection by editing the default actions of the regular listener that is set up by ufo. This assumes you have set up [SSL Support]({% link _docs/ssl-support.md %}). Here's an example that redirects http to https with a 302 http status code:
|
8
|
+
If you are using an Application Load Balancer you can configure redirection by editing the default actions of the regular listener that is set up by ufo. This assumes you have set up [SSL Support]({% link _docs/extras/ssl-support.md %}). Here's an example that redirects http to https with a 302 http status code:
|
9
9
|
|
10
10
|
```
|
11
11
|
listener:
|
File without changes
|
File without changes
|
File without changes
|
data/docs/_docs/faq.md
CHANGED
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
data/docs/_docs/next-steps.md
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
---
|
2
2
|
title: Upgrading to Version 4.4
|
3
3
|
short_title: Version 4.4
|
4
|
-
nav_order: 30
|
5
4
|
order: 1
|
6
5
|
categories: upgrading
|
6
|
+
nav_order: 30
|
7
7
|
---
|
8
8
|
|
9
9
|
In ufo version 4.4, the environment name gets appends to the end of the CloudFormation stack name. Previous versions prepended the environment name to the stack name. This means a new stack gets created if you're going from version 4.3 to 4.4. For example:
|
@@ -1,9 +1,9 @@
|
|
1
1
|
---
|
2
2
|
title: Upgrading to Version 4.0
|
3
3
|
short_title: Version 4.0
|
4
|
-
nav_order: 31
|
5
4
|
order: 2
|
6
5
|
categories: upgrading
|
6
|
+
nav_order: 31
|
7
7
|
---
|
8
8
|
|
9
9
|
A major change in ufo from version 3 to 4 is that the ECS service is now created by CloudFormation. If you have an existing ECS service deployed by ufo version 3, when you deploy your app again with ufo version 4, there will be a new additional ECS service created. Here is the recommended upgrade path.
|
data/docs/_includes/subnav.html
CHANGED
@@ -25,13 +25,15 @@
|
|
25
25
|
<li><a href="{% link _docs/ufo-env.md %}">Ufo Env</a></li>
|
26
26
|
<li><a href="{% link _docs/ufo-env-extra.md %}">Ufo Env Extra</a></li>
|
27
27
|
<li><a href="{% link _docs/ufo-current.md %}">Ufo Current</a></li>
|
28
|
-
|
29
|
-
|
30
|
-
<li><a href="{% link _docs/
|
31
|
-
<li><a href="{% link _docs/
|
32
|
-
<li><a href="{% link _docs/
|
33
|
-
<li><a href="{% link _docs/
|
34
|
-
<li><a href="{% link _docs/
|
28
|
+
<li>Extras
|
29
|
+
<ul>
|
30
|
+
<li><a href="{% link _docs/extras/load-balancer.md %}">Load Balancer</a></li>
|
31
|
+
<li><a href="{% link _docs/extras/security-groups.md %}">Security Groups</a></li>
|
32
|
+
<li><a href="{% link _docs/extras/ecs-network-mode.md %}">ECS Network Mode</a></li>
|
33
|
+
<li><a href="{% link _docs/extras/ssl-support.md %}">SSL Support</a></li>
|
34
|
+
<li><a href="{% link _docs/extras/route53-support.md %}">Route53 Support</a></li>
|
35
|
+
<li><a href="{% link _docs/extras/redirection-support.md %}">Redirection Support</a></li>
|
36
|
+
<li><a href="{% link _docs/extras/minimal-deploy-iam.md %}">Minimal Deploy IAM</a></li>
|
35
37
|
</ul>
|
36
38
|
<li><a href="{% link _docs/upgrading.md %}">Upgrading</a>
|
37
39
|
<ul>
|
@@ -43,14 +45,15 @@
|
|
43
45
|
</li>
|
44
46
|
<li>More
|
45
47
|
<ul>
|
46
|
-
<li><a href="{% link _docs/why-cloudformation.md %}">Why CloudFormation</a></li>
|
47
|
-
<li><a href="{% link _docs/customize-cloudformation.md %}">Customize CloudFormation</a></li>
|
48
|
-
<li><a href="{% link _docs/stuck-cloudformation.md %}">Stuck CloudFormation</a></li>
|
49
|
-
<li><a href="{% link _docs/run-in-pieces.md %}">Run In Pieces</a></li>
|
50
|
-
<li><a href="{% link _docs/single-task.md %}">Run Single Task</a></li>
|
51
|
-
<li><a href="{% link _docs/migrations.md %}">Database Migrations</a></li>
|
52
|
-
<li><a href="{% link _docs/automated-cleanup.md %}">Automated Cleanup</a></li>
|
53
|
-
<li><a href="{% link _docs/auto-completion.md %}">Auto-Completion</a></li>
|
48
|
+
<li><a href="{% link _docs/more/why-cloudformation.md %}">Why CloudFormation</a></li>
|
49
|
+
<li><a href="{% link _docs/more/customize-cloudformation.md %}">Customize CloudFormation</a></li>
|
50
|
+
<li><a href="{% link _docs/more/stuck-cloudformation.md %}">Stuck CloudFormation</a></li>
|
51
|
+
<li><a href="{% link _docs/more/run-in-pieces.md %}">Run In Pieces</a></li>
|
52
|
+
<li><a href="{% link _docs/more/single-task.md %}">Run Single Task</a></li>
|
53
|
+
<li><a href="{% link _docs/more/migrations.md %}">Database Migrations</a></li>
|
54
|
+
<li><a href="{% link _docs/more/automated-cleanup.md %}">Automated Cleanup</a></li>
|
55
|
+
<li><a href="{% link _docs/more/auto-completion.md %}">Auto-Completion</a></li>
|
56
|
+
<li><a href="{% link _docs/faq.md %}">FAQ</a></li>
|
54
57
|
<li><a href="{% link articles.md %}">Articles</a></li>
|
55
58
|
<li><a href="{% link _docs/next-steps.md %}">Next Steps</a></li>
|
56
59
|
<li><a href="{% link reference.md %}">CLI Reference</a></li>
|
data/docs/articles.md
CHANGED
data/lib/ufo/ship.rb
CHANGED
data/lib/ufo/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ufo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.4.
|
4
|
+
version: 4.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-cloudformation
|
@@ -290,32 +290,34 @@ files:
|
|
290
290
|
- docs/LICENSE
|
291
291
|
- docs/README.md
|
292
292
|
- docs/_config.yml
|
293
|
-
- docs/_docs/auto-completion.md
|
294
|
-
- docs/_docs/automated-cleanup.md
|
295
293
|
- docs/_docs/aws-ecs-task-execution-role.md
|
296
294
|
- docs/_docs/conventions.md
|
297
|
-
- docs/_docs/
|
298
|
-
- docs/_docs/
|
295
|
+
- docs/_docs/extras/ecs-network-mode.md
|
296
|
+
- docs/_docs/extras/load-balancer.md
|
297
|
+
- docs/_docs/extras/minimal-deploy-iam.md
|
298
|
+
- docs/_docs/extras/redirection-support.md
|
299
|
+
- docs/_docs/extras/route53-support.md
|
300
|
+
- docs/_docs/extras/security-groups.md
|
301
|
+
- docs/_docs/extras/ssl-support.md
|
299
302
|
- docs/_docs/faq.md
|
300
303
|
- docs/_docs/fargate.md
|
301
304
|
- docs/_docs/helpers.md
|
302
305
|
- docs/_docs/install.md
|
303
|
-
- docs/_docs/
|
304
|
-
- docs/_docs/
|
306
|
+
- docs/_docs/more/auto-completion.md
|
307
|
+
- docs/_docs/more/automated-cleanup.md
|
308
|
+
- docs/_docs/more/customize-cloudformation.md
|
309
|
+
- docs/_docs/more/migrations.md
|
310
|
+
- docs/_docs/more/run-in-pieces.md
|
311
|
+
- docs/_docs/more/single-task.md
|
312
|
+
- docs/_docs/more/stuck-cloudformation.md
|
313
|
+
- docs/_docs/more/why-cloudformation.md
|
305
314
|
- docs/_docs/next-steps.md
|
306
315
|
- docs/_docs/params.md
|
307
316
|
- docs/_docs/quick-start-ec2.md
|
308
|
-
- docs/_docs/redirection-support.md
|
309
|
-
- docs/_docs/route53-support.md
|
310
|
-
- docs/_docs/run-in-pieces.md
|
311
|
-
- docs/_docs/security-groups.md
|
312
317
|
- docs/_docs/settings-cfn.md
|
313
318
|
- docs/_docs/settings-network.md
|
314
319
|
- docs/_docs/settings.md
|
315
|
-
- docs/_docs/single-task.md
|
316
|
-
- docs/_docs/ssl-support.md
|
317
320
|
- docs/_docs/structure.md
|
318
|
-
- docs/_docs/stuck-cloudformation.md
|
319
321
|
- docs/_docs/tutorial-ufo-docker-build.md
|
320
322
|
- docs/_docs/tutorial-ufo-init.md
|
321
323
|
- docs/_docs/tutorial-ufo-ship.md
|
@@ -330,7 +332,6 @@ files:
|
|
330
332
|
- docs/_docs/upgrading/upgrade4.4.md
|
331
333
|
- docs/_docs/upgrading/upgrade4.md
|
332
334
|
- docs/_docs/variables.md
|
333
|
-
- docs/_docs/why-cloudformation.md
|
334
335
|
- docs/_includes/about.html
|
335
336
|
- docs/_includes/cfn-customize.md
|
336
337
|
- docs/_includes/commands.html
|