- Fixed a bug in
fugue support reportwhere log entries would be recorded out of order.
Fugue Release Notes for 2017.10.16
New Platform Features
- Fugue enforcement can now be turned off on a per-process level.
- Ludwig Validations (Policy-as-Code) can now be loaded onto the Conductor. These validations will be applied against all
- The new
opscommand will show individual API operations that the Conductor has taken against AWS for a given Fugue process.
- Role-Based Access Control (RBAC) policy can now be scoped to individual Fugue processes.
- (Preview) A RESTful HTTP API is now included with the Fugue command line interface. This makes it even easier to programmatically interact with Fugue.
- The Conductor is now supported in us-east-1, us-east-2, us-west-2, eu-west-1, and govcloud. Note that a Conductor in a commercial region can manage infrastructure in any other commercial region(s) but NOT in govcloud, and vice versa.
New AWS Service Coverage
- VPC S3 Endpoints
New CLI Features and Improvements
- Dry-run and
statusoutput is now yaml-formatted, with many fields removed. This should make it much easier for humans to read and understand the state of their infrastructure. For full output, use the
fugue policy rbac-statuscommand shows whether a policy is currently attached.
- The uncompiled RBAC policy can now be fetched as a gzip'd tarball from the Conductor using the
fugue policy rbac-getcommand.
- Improved the output of
fugue support reset-secretwhen resetting the root users credentials.
General Updates to Fugue Libraries
- NAT Gateways have been added to the Fugue.AWS.Pattern.Network library.
- The fugue-bits and fugue-netaddr libraries have been rewritten for better performance.
- Added additional EC2 Instance Types to Fugue.Core.AWS.EC2.
- lwserver now shows full error messages.
Nodestreamlibrary makes it possible to write validations across multiple resources declared in Ludwig.
- The Nodestream library makes it possible to whitelist or blacklist specific services or resources.
- There is a new
?|operator provided as an alias for
- Improved lwserver support for compositions that span multiple files.
Notable System Improvements and Bug Fixes
- When adding an account or running a process, the system will now inform the user if the Conductor needs to be replaced with a larger instance to handle the additional accounts or processes. This makes it easy to know when to vertically scale the Conductor.
- Accounts can now be referred to by their ID or alias when authoring RBAC policy.
- The Ludwig JSON library is now easier to use.
- The number of CW metrics emitted by the Conductor has been substantially reduced.
- The Conductor's Vars DynamoDB table and the userspace Vars DynamoDB table are now scaled independently.
- Fixed an SSL error during
- Fixed a case where
fugue uninstall -y(without
-fflag) works while there are running processes.
- Fixed a case where there is inconsistent output when an RBAC user is not allowed to do something.
- Improved consistency of
- Fixed a case where
fugue account remove --jsonresults in an error, but works.
- Fixed a case where the CLI errors on large process results.
- Fixed a case where
fugue account addwith the
--jsonflag can't be run.
- Fixed a case where load balancer tags are not getting transcribed.
- Fixed a case where
fugue statuscommand fails for empty responses.
- Fixed a case where uninstalling the Fugue Client Tools leaves files behind.
- Fixed a case where using
-pflags simultaneously in Transcriber yields a stack trace.
- Fixed a case where Vars snapshots are written to the composition bucket, but read from large value bucket.
- Fixed a case where the event notification service sends out notifications at the WARNING level instead of at the DEBUG level.
- Fixed a case where
fugue update --dry-runcould not handle empty results.
- Fixed a case where
fugue --versiondoesn't show the client version on Windows.
- Improved log collection time in
fugue support report.
- Fixed a case where
fugue support reportfailed with Remote end closed error.
- Fixed a case where transcribing an ASG with T2_micro instance in a launch configuration ends up with T2_small in AWS.
- Fixed a case where some system jobs fail with a RouteAlreadyExists error.
- Fixed a case where a user would encounter a resultswriteerror when removing the description from a Network Interface.
- Fixed a case where EC2 Tags are not being created.
- Fixed a case where a
fugue updatewould result in a Planner Error.
- Fixed a case where a user would encounter an invalidconfigurationrequest when enabling ProxyProtocol policy on an ELB Listener.
- Additional validations have been added to ensure that Lambda.VpcConfig has valid subnets and security groups.
- Additional validations have been added to ensure Ludwig.Function specifies a Region or a VpcConfig.
- Fixed a case where a user would encounter an error attempting to create DHCP Options.
- Fixed a case where a security group default egress rule is not created.
- Fixed a case where S3 compositions hitting a temporary "resource exists error" eventually halt with a 500.
- Fixed a case where a user cannot create NetworkAclEntry for ICMP type traffic without using core types.
- Fixed a case where govcloud lambda permissions generate an incorrect ARN, which makes notification configurations fail.
- Fixed a case where compositions using elasticache face errors on system jobs after updating mutable parameters.
- Fixed a case where updating ELB compositions results in errors.
- Fixed a case where Fugue doesn't update monitoring for EC2 instances.
- Fixed a case where instance protection is not disabled during ASG deletes.
- Fixed a case where users would be unable to re-assign EIPs when re-launching EC2 instances.
- Added lambda support in ca-central-1.
- Fixed a case where updating an S3 bucket to remove its notification configuration creates an error.
- Fixed a case where an S3 composition attempting to create a bucket name that already exists would succeed anyway.
- Fixed a case where an AutoScalingGroup with an external LaunchConfiguration would cause an LWC error.
- Fixed a case where attempting to use Lambda in a composition in a region where Lambda isn't supported would result in a halted process.
- Fixed a case where users would encounter a dependencyviolation error when deleting composition.
- Fixed a case where users would encounter an error updating the Dead Letter Target for an SQS Queue.
- Added a missing external constructor for Fugue.AWS.SQS.Queue.
- Fixed a case where updating VPNConnection staticRoute between True and False repeatedly fails.
- Added additional validations for listener policies.
- Fixed a case where Transcriber transcribes ASG EC2 instances when it shouldn't.
- Fixed a case where Transcriber throws an unclear error message on a route table using unsupported VpnGateway.
- Fixed a case where Transcriber internal identifiers are not unique.
- Fixed a case where transcribing AutoScaling Groups would cause stack traces.
- Fixed a case where Transcriber references launch configuration instance profiles as externals even when instance profiles are transcribed.
- Fixed a case where Transcriber doesn't handle network interfaces correctly for EC2 Instances.
- Fixed a case where Transcriber is missing 2 fields in EC2 instances.
- Fixed a case where Transcriber doesn't transcribe the description of IAM Managed Policies.
- Fixed a case where Transcriber creates IAM instance profiles that reference roles as External.
- Fixed a case where Transcriber errors on govcloud when the region is not specified.
- Fixed a case where Transcriber incorrectly transcribes a connection-draining attribute in an ELB.
- Fixed a case where Transcriber incorrectly transcribes dns_support for VPC.
- Fixed a case where using Transcriber with the
-pflags includes resources that don't have tags.
- Fixed a case where Transcriber doesn't filter by S3 tags.
- Fixed a case where Transcriber does not include the ACL parameter when transcribing S3.
- Fixed a case where DHCP options netbios node type are incorrectly transcribed.
- Fixed a case where users transcribing Cloudformation stacks would encounter a "constructor not in scope: Cloudformation.None" error.
- Fixed a case where Transcriber returns all S3 buckets independent of the region flag.
- Fixed a case where Transcriber uses an external IAM role for lambda functions, even if the role is being transcribed.
- Fixed a case where Transcriber incorrectly transcribes the DHCP Options field ntpservers.
- Fixed a case where transcribed lambda external references don't compile in LWC.
- Fixed a case where Transcriber doesn't get onFailure and resourceTypes parameters for Cloudformation.
- Fixed a case where lambda SNS Subscriptions are referenced using external values with Transcriber.
- Fixed a case where Transcriber does not create a security group name tag.
- Fixed a case where Transcriber doesn't transcribe all the subscriptions in a region.
- Fixed a case where Transcriber doesn't transcribe SQS Redrive Policy correctly.
- Fixed a case where Transcriber encounters an error on global secondary indexes or local secondary indexes on DDB tables.
- Fixed a case where Transcriber only transcribes managed policies if they're attached to IAM Roles.
- Fixed a case where Transcriber doesn't correctly transcribe internet gateways.
- Fixed a case where Windows installs of fugue-client are unable to locate the Ludwig Stadard Library.
- Fixed a case where Transcriber does not transcribe user data for EC2 instances.
- Fixed a case where load balancer access log configuration is not getting transcribed.
- Fixed a case where Transcriber does not create certificate entry for load balancer listener policies.
- Fixed a case where Transcriber encounters an error when transcribing ELB listener policies with app stickiness set.
- Fixed a case where modifying network interfaces results in an error.
- Added support for RDS in Transcriber.
- Fixed a case where users encounter an UnauthorizedOperation error when using compositions that create DhcpOptions.
- Fixed a case where Fugue encounters an error when enforcing Route Tables.
- Fixed a case where instances behind an ELB are not be able to be modified.
- Added additional validations on ELBs, ASGs, and LCs.
- Fixed cases where instructions for aws.ec2.replace_network_acl, aws.s3.put_bucket_cors, aws.s3.put_bucket_policy, and aws.sqs.set_queue_attributes are repeated for every system job.
- For this release, Transcriber will not transcribe EBS volumes that are not root volume attachments. EBS support is in the process of being improved for the next release of the Conductor and Transcriber.
- If an instance is launched into one Availability Zone, and an EBS Volume is defined to be attached to that instance, but in a different Availability Zone, the composition will pass compilation, but the Volume will be created in the same Availability Zone as the Instance.
- A small number of
modifyAPI calls are performed on every system tick, regardless of if resource modification needs to occur. This can add noise to the output of the
- The Basic Conductor is now called the Free Fugue Conductor, and the Team Conductor is now called the Fugue Conductor.
TEAMcan still be used to refer to these conductors as arguments to fugue init --conductor-type.
Composer v0.5.10 Update
The "Generate a Composition" feature (currently in preview) works best with accounts that have less than 40 resources in it. If you have trouble generating a composition with a larger amount of resources, contact [email protected]fugue.co.
New Features and Improvements
- New: The code editor can be searched.
- New: The code editor and the Inspector panel can be resized horizontally by dragging the border of the panel.
- New: ALBs can be visualized.
- New: ECS services can be visualized.
- New: S3 notification configurations can be visualized as connections.
- New: IAM policies that include a
rds-dbaction can be visualized as connections.
Check for Updatesis now available in the application menu.
- Improved: A composition with warnings or validation errors can be visualized and includes a visual indication of the nodes where the problem originates.
- Improved: The visualization handles nodes that do not connect to other nodes in a more visually appealing way.
- Improved: On the
Generate Compositionscreen, all AWS services are excluded by default.
- Improved: Nodes in the visualization can be double-clicked to center them in view.
- Improved: Error text is more legible.
Notable Bug Fixes
- Fixed a case where Composer could crash when opening files larger than 10mb.
- Fixed a case where syntax highlighting in the code editor for Ludwig could be incorrect on compositions that included IAM policies.
- Fixed a case where empty values could appear as
...in the Inspector panel.
- Fixed a case where the lock icon, which indicates a security group, would appear above all nodes in the visualization, including nodes without security groups.
- Fixed a case where the text in the editor could be resized very small and subsequently couldn't be made larger.
- Fixed a case where a directory would continue to appear in the list of recently accessed directories on the launch screen after the directory was deleted on the filesystem.
- Fixed a case where compositions with parentheses in the file name could not be compiled.