Fugue Release Notes for 2017.10.16-1

Bug Fixes

  • Fixed a bug in fugue support report where log entries would be recorded out of order.

Fugue Release Notes for 2017.10.16

New Platform Features

  • Fugue enforcement can now be turned off on a per-process level.
  • Ludwig Validations (Policy-as-Code) can now be loaded onto the Conductor. These validations will be applied against all run and update operations.
  • The new ops command will show individual API operations that the Conductor has taken against AWS for a given Fugue process.
  • Role-Based Access Control (RBAC) policy can now be scoped to individual Fugue processes.
  • (Preview) A RESTful HTTP API is now included with the Fugue command line interface. This makes it even easier to programmatically interact with Fugue.
  • The Conductor is now supported in us-east-1, us-east-2, us-west-2, eu-west-1, and govcloud. Note that a Conductor in a commercial region can manage infrastructure in any other commercial region(s) but NOT in govcloud, and vice versa.

New AWS Service Coverage

  • ALB
  • ECS
  • VPC S3 Endpoints

New CLI Features and Improvements

  • Dry-run and status output is now yaml-formatted, with many fields removed. This should make it much easier for humans to read and understand the state of their infrastructure. For full output, use the --json flag.
  • New fugue policy rbac-status command shows whether a policy is currently attached.
  • The uncompiled RBAC policy can now be fetched as a gzip'd tarball from the Conductor using the fugue policy rbac-get command.
  • Improved the output of fugue support reset-secret when resetting the root users credentials.

General Updates to Fugue Libraries

  • NAT Gateways have been added to the Fugue.AWS.Pattern.Network library.
  • The fugue-bits and fugue-netaddr libraries have been rewritten for better performance.
  • Added additional EC2 Instance Types to Fugue.Core.AWS.EC2.

Ludwig Improvements

  • lwserver now shows full error messages.
  • New Nodestream library makes it possible to write validations across multiple resources declared in Ludwig.
  • The Nodestream library makes it possible to whitelist or blacklist specific services or resources.
  • There is a new ?| operator provided as an alias for Optional.unpack.
  • Improved lwserver support for compositions that span multiple files.

Notable System Improvements and Bug Fixes

  • When adding an account or running a process, the system will now inform the user if the Conductor needs to be replaced with a larger instance to handle the additional accounts or processes. This makes it easy to know when to vertically scale the Conductor.
  • Accounts can now be referred to by their ID or alias when authoring RBAC policy.
  • The Ludwig JSON library is now easier to use.
  • The number of CW metrics emitted by the Conductor has been substantially reduced.
  • The Conductor's Vars DynamoDB table and the userspace Vars DynamoDB table are now scaled independently.
  • Fixed an SSL error during fugue init.
  • Fixed a case where fugue uninstall -y (without -f flag) works while there are running processes.
  • Fixed a case where there is inconsistent output when an RBAC user is not allowed to do something.
  • Improved consistency of fugue status output.
  • Fixed a case where fugue account remove --json results in an error, but works.
  • Fixed a case where the CLI errors on large process results.
  • Fixed a case where fugue account add with the --json flag can't be run.
  • Fixed a case where load balancer tags are not getting transcribed.
  • Fixed a case where fugue status command fails for empty responses.
  • Fixed a case where uninstalling the Fugue Client Tools leaves files behind.
  • Fixed a case where using -k and -p flags simultaneously in Transcriber yields a stack trace.
  • Fixed a case where Vars snapshots are written to the composition bucket, but read from large value bucket.
  • Fixed a case where the event notification service sends out notifications at the WARNING level instead of at the DEBUG level.
  • Fixed a case where fugue update --dry-run could not handle empty results.
  • Fixed a case where fugue --version doesn't show the client version on Windows.
  • Improved log collection time in fugue support report.
  • Fixed a case where fugue support report failed with Remote end closed error.
  • Fixed a case where transcribing an ASG with T2_micro instance in a launch configuration ends up with T2_small in AWS.
  • Fixed a case where some system jobs fail with a RouteAlreadyExists error.
  • Fixed a case where a user would encounter a resultswriteerror when removing the description from a Network Interface.
  • Fixed a case where EC2 Tags are not being created.
  • Fixed a case where a fugue update would result in a Planner Error.
  • Fixed a case where a user would encounter an invalidconfigurationrequest when enabling ProxyProtocol policy on an ELB Listener.
  • Additional validations have been added to ensure that Lambda.VpcConfig has valid subnets and security groups.
  • Additional validations have been added to ensure Ludwig.Function specifies a Region or a VpcConfig.
  • Fixed a case where a user would encounter an error attempting to create DHCP Options.
  • Fixed a case where a security group default egress rule is not created.
  • Fixed a case where S3 compositions hitting a temporary "resource exists error" eventually halt with a 500.
  • Fixed a case where a user cannot create NetworkAclEntry for ICMP type traffic without using core types.
  • Fixed a case where govcloud lambda permissions generate an incorrect ARN, which makes notification configurations fail.
  • Fixed a case where compositions using elasticache face errors on system jobs after updating mutable parameters.
  • Fixed a case where updating ELB compositions results in errors.
  • Fixed a case where Fugue doesn't update monitoring for EC2 instances.
  • Fixed a case where instance protection is not disabled during ASG deletes.
  • Fixed a case where users would be unable to re-assign EIPs when re-launching EC2 instances.
  • Added lambda support in ca-central-1.
  • Fixed a case where updating an S3 bucket to remove its notification configuration creates an error.
  • Fixed a case where an S3 composition attempting to create a bucket name that already exists would succeed anyway.
  • Fixed a case where an AutoScalingGroup with an external LaunchConfiguration would cause an LWC error.
  • Fixed a case where attempting to use Lambda in a composition in a region where Lambda isn't supported would result in a halted process.
  • Fixed a case where users would encounter a dependencyviolation error when deleting composition.
  • Fixed a case where users would encounter an error updating the Dead Letter Target for an SQS Queue.
  • Added a missing external constructor for Fugue.AWS.SQS.Queue.
  • Fixed a case where updating VPNConnection staticRoute between True and False repeatedly fails.
  • Added additional validations for listener policies.
  • Fixed a case where Transcriber transcribes ASG EC2 instances when it shouldn't.
  • Fixed a case where Transcriber throws an unclear error message on a route table using unsupported VpnGateway.
  • Fixed a case where Transcriber internal identifiers are not unique.
  • Fixed a case where transcribing AutoScaling Groups would cause stack traces.
  • Fixed a case where Transcriber references launch configuration instance profiles as externals even when instance profiles are transcribed.
  • Fixed a case where Transcriber doesn't handle network interfaces correctly for EC2 Instances.
  • Fixed a case where Transcriber is missing 2 fields in EC2 instances.
  • Fixed a case where Transcriber doesn't transcribe the description of IAM Managed Policies.
  • Fixed a case where Transcriber creates IAM instance profiles that reference roles as External.
  • Fixed a case where Transcriber errors on govcloud when the region is not specified.
  • Fixed a case where Transcriber incorrectly transcribes a connection-draining attribute in an ELB.
  • Fixed a case where Transcriber incorrectly transcribes dns_support for VPC.
  • Fixed a case where using Transcriber with the -k/-p flags includes resources that don't have tags.
  • Fixed a case where Transcriber doesn't filter by S3 tags.
  • Fixed a case where Transcriber does not include the ACL parameter when transcribing S3.
  • Fixed a case where DHCP options netbios node type are incorrectly transcribed.
  • Fixed a case where users transcribing Cloudformation stacks would encounter a "constructor not in scope: Cloudformation.None" error.
  • Fixed a case where Transcriber returns all S3 buckets independent of the region flag.
  • Fixed a case where Transcriber uses an external IAM role for lambda functions, even if the role is being transcribed.
  • Fixed a case where Transcriber incorrectly transcribes the DHCP Options field ntpservers.
  • Fixed a case where transcribed lambda external references don't compile in LWC.
  • Fixed a case where Transcriber doesn't get onFailure and resourceTypes parameters for Cloudformation.
  • Fixed a case where lambda SNS Subscriptions are referenced using external values with Transcriber.
  • Fixed a case where Transcriber does not create a security group name tag.
  • Fixed a case where Transcriber doesn't transcribe all the subscriptions in a region.
  • Fixed a case where Transcriber doesn't transcribe SQS Redrive Policy correctly.
  • Fixed a case where Transcriber encounters an error on global secondary indexes or local secondary indexes on DDB tables.
  • Fixed a case where Transcriber only transcribes managed policies if they're attached to IAM Roles.
  • Fixed a case where Transcriber doesn't correctly transcribe internet gateways.
  • Fixed a case where Windows installs of fugue-client are unable to locate the Ludwig Stadard Library.
  • Fixed a case where Transcriber does not transcribe user data for EC2 instances.
  • Fixed a case where load balancer access log configuration is not getting transcribed.
  • Fixed a case where Transcriber does not create certificate entry for load balancer listener policies.
  • Fixed a case where Transcriber encounters an error when transcribing ELB listener policies with app stickiness set.
  • Fixed a case where modifying network interfaces results in an error.
  • Added support for RDS in Transcriber.
  • Fixed a case where users encounter an UnauthorizedOperation error when using compositions that create DhcpOptions.
  • Fixed a case where Fugue encounters an error when enforcing Route Tables.
  • Fixed a case where instances behind an ELB are not be able to be modified.
  • Added additional validations on ELBs, ASGs, and LCs.
  • Fixed cases where instructions for aws.ec2.replace_network_acl, aws.s3.put_bucket_cors, aws.s3.put_bucket_policy, and aws.sqs.set_queue_attributes are repeated for every system job.

Known Issues

  • For this release, Transcriber will not transcribe EBS volumes that are not root volume attachments. EBS support is in the process of being improved for the next release of the Conductor and Transcriber.
  • If an instance is launched into one Availability Zone, and an EBS Volume is defined to be attached to that instance, but in a different Availability Zone, the composition will pass compilation, but the Volume will be created in the same Availability Zone as the Instance.
  • A small number of modify API calls are performed on every system tick, regardless of if resource modification needs to occur. This can add noise to the output of the fugue ops operation.

Notes

  • The Basic Conductor is now called the Free Fugue Conductor, and the Team Conductor is now called the Fugue Conductor. BASIC and TEAM can still be used to refer to these conductors as arguments to fugue init --conductor-type.

Composer v0.5.10 Update

Notes

The "Generate a Composition" feature (currently in preview) works best with accounts that have less than 40 resources in it. If you have trouble generating a composition with a larger amount of resources, contact [email protected]fugue.co.

New Features and Improvements

  • New: The code editor can be searched.
  • New: The code editor and the Inspector panel can be resized horizontally by dragging the border of the panel.
  • New: ALBs can be visualized.
  • New: ECS services can be visualized.
  • New: S3 notification configurations can be visualized as connections.
  • New: IAM policies that include a rds-db action can be visualized as connections.
  • New: Check for Updates is now available in the application menu.
  • Improved: A composition with warnings or validation errors can be visualized and includes a visual indication of the nodes where the problem originates.
  • Improved: The visualization handles nodes that do not connect to other nodes in a more visually appealing way.
  • Improved: On the Generate Composition screen, all AWS services are excluded by default.
  • Improved: Nodes in the visualization can be double-clicked to center them in view.
  • Improved: Error text is more legible.

Notable Bug Fixes

  • Fixed a case where Composer could crash when opening files larger than 10mb.
  • Fixed a case where syntax highlighting in the code editor for Ludwig could be incorrect on compositions that included IAM policies.
  • Fixed a case where empty values could appear as ... in the Inspector panel.
  • Fixed a case where the lock icon, which indicates a security group, would appear above all nodes in the visualization, including nodes without security groups.
  • Fixed a case where the text in the editor could be resized very small and subsequently couldn't be made larger.
  • Fixed a case where a directory would continue to appear in the list of recently accessed directories on the launch screen after the directory was deleted on the filesystem.
  • Fixed a case where compositions with parentheses in the file name could not be compiled.