Skip to content

Releases: silinternational/idp-in-a-box

Change RDS CA Cert Identifier

10 Jul 13:33
@briskt briskt
12.6.2
8ca4236
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Change RDS CA Cert Identifier

Changed

  • Changed default CA Cert Identifier for RDS. This is not a breaking change because all RDS connections are not using HTTPS (all connections are internal to the VPC).
Loading

fix id-broker cron task not running when AppConfig is enabled

31 May 01:13
@briskt briskt
12.6.1
5dca0e9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fix id-broker cron task not running when AppConfig is enabled

Fixed

  • Fixed id-broker cron task failing to get AppConfig data. Added the task role to the cron task definition.
Loading

expanded use of AWS AppConfig

09 Apr 22:43
@briskt briskt
12.6.0
5bc2108
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
expanded use of AWS AppConfig

Added

  • Added AppConfig to pw-manager, ssp, and id-sync
  • New module ecs-role for creating an ECS Assume Role, used by each ECS service or task

Changed

  • Deprecated app_id and env_id variables on id-broker, replaced by appconfig_app_id and appconfig_env_id
Loading

Fix database module

18 Mar 19:45
@briskt briskt
12.5.1
8ffdae3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix database module

Fixed

  • Added back the db-users.sql file that was accidentally deleted in 12.4.0
Loading

Add heartbeat monitoring config

12 Mar 17:02
@briskt briskt
12.5.0
4dd5e12
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Add heartbeat monitoring config

Added

  • Added HEARTBEAT_URL and HEARTBEAT_METHOD variables to id-sync module. These can be used to notify a monitoring service on each successful sync run.
Loading

add AppConfig configuration to id-broker module

11 Mar 22:54
@briskt briskt
12.4.0
45b1188
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
add AppConfig configuration to id-broker module

Added

  • Added optional management of AppConfig application and environment in 000-core
  • Added optional management of AppConfig configuration profile and ECS assume role in 040-id-broker
Loading

Option to use Transit Gateway

27 Feb 15:52
@briskt briskt
12.3.0
ee8c2f6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Option to use Transit Gateway

Added

  • Added an option to use a Transit Gateway

Removed

  • Removed aws_region as a required variable
Loading

New variable alerts_email_enabled in 050-pw-manager

04 Jan 17:35
@briskt briskt
12.2.0
8af802d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
New variable alerts_email_enabled in 050-pw-manager

Added

  • Added new variable alerts_email_enabled to 050-pw-manager module

Changed

  • Changed docker-compose db-ssp image from silintl/mariadb:latest to mariadb:10
Loading

add support for provided.al2 Lambda runtime

04 Dec 19:42
@briskt briskt
12.1.0
128b925
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
add support for provided.al2 Lambda runtime

Added

  • Added variable lambda_runtime to add support for provided.al2 runtime
Loading

id-sync scheduled task, email by SES, remove 2 ECR repos

22 Nov 15:34
@briskt briskt
12.0.0
a25aaba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
id-sync scheduled task, email by SES, remove 2 ECR repos

Changelog

Added

  • Added id-sync scheduled ECS task
  • Added an ECS task role to the email-service module for sending email using SES
  • Added SENTRY_MONITOR_SLUG environment variable to id-sync task definition

Changed

  • Made email-service SMTP variables optional

Removed

  • Removed id-sync ECS service
  • Removed id-sync load balancer target group and listener rule
  • Removed email-service and db-backup ECR repositories. We never add any layers to the public Docker image in these modules. They can always use the public images (silintl/email-service and silintl/mysql-backup-restore).

Note: idp-id-sync version 5.0.0 is required

Upgrade procedure

Terraform configuration

Required

  1. Manually remove all images from the email-service and db-backup ECR repositories. Terraform will not destroy repositories containing images.
  2. In each instance of the 031-email-service module, provide a Docker image to the docker_image input. Example: "silintl/email-service:${var.image_tag}". If you use this example, create a new variable image_tag.
  3. In each instance of the 032-db-backup module, provide a Docker image to the docker_image input. Example: "silintl/mysql-backup-restore:${var.image_tag}". If you use this example, create a new variable image_tag.
  4. In each instance of the 070-id-sync module, remove these inputs: alb_https_listener_arn, subdomain, cloudflare_domain, ecsServiceRole_arn, and alb_dns_name` and any variables or resources that may be used to feed these inputs.
  5. Remove any reference to the idsync_url and access_token_external outputs of 070-id-sync.

Recommended

  1. In each instance of the 031-email-service module, remove the mailer_host, mailer_password, and mailer_username inputs to begin using AWS SES rather than SMTP. Ensure the from_email variable is set to an email address that has been verified in SES.
  2. In each instance of the 040-id-broker module, provide a Docker image to the docker_image input. Example: "silintl/idp-id-broker:${var.image_tag}". If you use this example, create a new variable image_tag. This may not be possible if a custom image is needed, such as to include Google credentials.
  3. In each instance of the 050-pw-manager module, provide a Docker image to the docker_image input. Example: "silintl/idp-pw-api:${var.image_tag}". If you use this example, create a new variable image_tag. This may not be possible if a custom image is needed, such as to include a custom password store configuration.
  4. In each instance of the 070-id-sync module, provide a Docker image to the docker_image input. Example: "silintl/idp-id-sync:${var.image_tag}". If you use this example, create a new variable image_tag. This may not be possible if a custom image is needed, such as to include Google credentials.
  5. In each instance of the 070-id-sync module, add a new input, event_schedule, containing the desired CloudWatch event schedule, e.g. "cron(*/5 * * * ? *)"

Service upgrade

Ensure that your id-sync service is running version 5 of silinternational/idp-id-sync, which will not work properly with previous versions of idp-in-a-box. To coordinate the Terraform configuration changes with the service change, it is recommended to set enable_sync to false in the Terraform configuration before beginning the upgrade. After Terraform has finished updating infrastructure and version 5 of idp-id-sync has been deployed, enable_sync can be set back to true.

Loading