Tasks for AWS 2.21 Release Notes

25 November 2020

The Utoolity team is pleased to present Tasks for AWS 2.21 – this release adds an IAM role for EC2/ECS credentials provider and introduces namespace and scope handling for generated Bamboo variables.

You can now provide AWS security credentials via an IAM role for EC2/ECS when you run your Atlassian products on Amazon EC2, Amazon ECS, or AWS Fargate, and you can adjust the namespace and scope of generated Bamboo variables.

If you are using Bamboo remote agents, please review the Tasks for AWS 2.21 Upgrade Notes for important information on this release.

Learn more and try it for free in:

• Bamboo

On this page:

• 1 Highlights
  • 1.1 Provide AWS security credentials via an IAM role for EC2/ECS
  • 1.2 Adjust generated Bamboo variable namespace and scope
• 2 Resolved issues
  • 2.1 Release 2.21.3
  • 2.2 Release 2.21.2
  • 2.3 Release 2.21.1
  • 2.4 Release 2.21.0

Highlights

Provide AWS security credentials via an IAM role for EC2/ECS

You can now enable the IAM role for EC2/ECS credentials provider via a feature flag. If you have provisioned Bamboo on Amazon EC2, Amazon ECS, or AWS Fargate, you can now benefit from the convenience and flexibility of providing AWS security credentials via IAM roles for Amazon EC2 instances and IAM roles for Amazon ECS tasks.

 This feature is provided by Identity Federation for AWS (Bamboo), which is bundled and free for Tasks for AWS licensees, see the resp. FAQ for details.

Security assessment

The convenience of IAM roles for Amazon EC2 instances has the downside of a less explicit security posture and more indirect regression potential, as further outlined in UAA-49 - Getting issue details... STATUS . The feature currently requires an opt-in via a feature flag accordingly, and we also recommend the principal type 'Assume Role' rather than 'Provided' to gain the actual permissions via another role instead of the one directly attached to the EC2 instance. Either way, please make sure you have thoroughly assessed the security configuration of your underlying EC2 instance(s) and the attached or assumed IAM roles.

Feature flag status

LABS FEATURE

We are committed to fully support this feature going forward, which is the first exploratory step in our journey to offer more choices and flexibility in providing AWS security credentials via a dedicated SPI. However, due to requiring architectural changes, we are releasing an opt-in early version as a labs feature so that we can provide it sooner and gather feedback around usability and security questions before bringing it front and center to all customers. Please provide feedback via the built-in Jira integration, or contact us directly.

Adjust generated Bamboo variable namespace and scope

Similar to the Inject Bamboo variables task that has been included with Bamboo as of release 6.7, you can now specify the namespace and scope for Bamboo variables generated by all applicable AWS tasks. You can now pass a variable between stages, pass a variable from a plan to a deployment project, and you can use multiple tasks within the same job without overriding variables from preceding tasks by adjusting the namespace. The tasks default to the preceding behavior with local scope and a custom.aws namespace so that this remains an opt-in choice for advanced use cases.

Resolved issues

Release 2.21.3

2021-05-18

This release addresses the following issues:

• Improvements

  • TAWS-2129 – Update Identity Federation for AWS dependency to 2.14.2

• Bugs

  • TAWS-2117 – Fix erroneous script tag usage in Bamboo tasks

Release 2.21.2

2021-05-18

This release addresses the following issues:

• Improvements

  • TAWS-2085 – Update available Elastic Beanstalk solution stacks (as per 2021-02-26 - Linux)

  • TAWS-2086 – Update available Elastic Beanstalk solution stacks (as per 2021-03-01 - Linux)

  • TAWS-2087 – Surface new AWS region Asia Pacific (Osaka) / ap-northeast-3

  • TAWS-2090 – Deprecate support for Lambda Node.js 10.x runtime

  • TAWS-2096 – Update available Elastic Beanstalk solution stacks (as per 2021-03-31 - Linux)

  • TAWS-2098 – Update available Elastic Beanstalk solution stacks (as per 2021-04-19 - Python)

  • TAWS-2099 – Update available Elastic Beanstalk solution stacks (as per 2021-04-21 - Linux)

  • TAWS-2100 – Update available Elastic Beanstalk solution stacks (as per 2021-04-22 - Windows)

  • TAWS-2101 – Update available Elastic Beanstalk solution stacks (as per 2021-05-03 - Linux)

  • TAWS-2103 – Update Identity Federation for AWS dependency to 2.14.1

• Bugs

  • TAWS-2089 – Update available Elastic Beanstalk solution stacks (as per 2021-03-19 - Windows)

  • TAWS-2094 – Update available Elastic Beanstalk solution stacks (as per 2021-03-30 - Linux)

Release 2.21.1

2021-02-16

This release addresses the following issues:

• Improvements

  • TAWS-2070 – Integrate support for S3 bucket owner condition

  • TAWS-2074 – Integrate ECS support of FSx volumes for Windows containers

  • TAWS-2081 – Add support for Lambda Node.js 14.x runtime

• Bugs

  • TAWS-2051 – Update available Elastic Beanstalk solution stacks (as per 2020-12-07 - Docker)

  • TAWS-2052 – Update available Elastic Beanstalk solution stacks (as per 2020-12-29 - Linux)

  • TAWS-2053 – Update available Elastic Beanstalk solution stacks (as per 2020-12-30 - Linux)

  • TAWS-2054 – Update available Elastic Beanstalk solution stacks (as per 2021-01-07 - Windows)

  • TAWS-2055 – Update available Elastic Beanstalk solution stacks (as per 2021-01-22 - Windows)

  • TAWS-2056 – Update available Elastic Beanstalk solution stacks (as per 2021-01-28 - Linux)

  • TAWS-2083 – Update available Elastic Beanstalk solution stacks (as per 2021-01-29 - Linux)

Release 2.21.0

2020-11-25

This release addresses the following issues:

• Stories

  • TAWS-1596 – As a user, I want to be in control of variable namespace and scope so that I gain simplified plan composition

• Improvements

  • TAWS-2042 – Update available Elastic Beanstalk solution stacks (as per 2020-10-06 - Linux)

  • TAWS-2043 – Update available Elastic Beanstalk solution stacks (as per 2020-10-07 - Windows)

  • TAWS-2044 – Update available Elastic Beanstalk solution stacks (as per 2020-10-07 - Linux)

  • TAWS-2048 – Update available Elastic Beanstalk solution stacks (as per 2020-11-20 - .NET 5)

• Bugs

  • TAWS-2024 – Update available Elastic Beanstalk solution stacks (as per 2020-09-03 - Linux)

  • TAWS-2025 – Update available Elastic Beanstalk solution stacks (as per 2020-09-04 - Windows)

  • TAWS-2026 – Update available Elastic Beanstalk solution stacks (as per 2020-09-10 - Linux / 2020-09-10 - Linux)

  • TAWS-2045 – Update available Elastic Beanstalk solution stacks (as per 2020-11-05 - Windows)

  • TAWS-2046 – Update available Elastic Beanstalk solution stacks (as per 2020-11-10 - Linux)

  • TAWS-2047 – Update available Elastic Beanstalk solution stacks (as per 2020-11-11 - Linux)

• Tasks

  • TAWS-1947 – Drop support for Bamboo 6.5

  • TAWS-1991 – Drop support for Bamboo 6.6