v3.2.0

Our biggest release to date; with 20 new features, 62 improvements, and 61 bug fixes!

Please note: this update refactored the account creation and pipeline generation to use Step Functions.
Thereby, the process to track how the update progresses and how you could validate its operation changed.
Please read the docs on updating ADF.

We are thankful to the community that helped enhance ADF.
With this release, we decided to list the contributions per author (listed in alphabetical order) within each section.
Highlighting the great contributions and enhancements that were made by them.

Features 🏗

apogorielov:

• Add ability to override the default branch for all source code providers #370.

benbridts:

• Allow top-level keys starting with x- or x_ in deployment maps to add support for YAML anchors #347.

dsudduth:

• Fix AWS partition reference, adding support for AWS Gov Cloud #381, closes #332.

ivan-aws:

• Add ability to use CodeStar sources in deployment map #312.
• Add support to configure object ACL with S3 put object calls #412.

pozeus:

• Add support for CodeBuild to pull from docker hub #349, requested in #196.

srabidoux:

• Add support for account-specific SCP deployments #395.

stemons:

• Add support for Terraform deployments #397, closes #259, implements #114.

StewartW:

• Add ChatBot support for notifications, lifting the limit on pipelines that notify through Slack #367, closes 257, closes 297.
• Add support for pipeline triggers #392, closes #372.
• Add ability to define CodeCommit artifact format #389, closes #387.
• Add deployment waves for targets, removing the manual effort to spread 50 accounts per stage #358, closes #290, implements #128, closes #296, closes #250, closes #427.
• Add support to exclude specific account ids from a target group #358, closes #145.

sbkok:

• Add ability to disable trigger on changes for S3/CC/GH source providers #357:
  • Allows starting the pipeline only upon a completion_trigger event, closes #308.
  • Allows you to disable reacting to the Github webhook, closes #337.
• Add support to change the default branch on ADF bootstrap and pipelines repositories #508.
• Add support for CodeBuild to run inside a VPC #517.
• Refactor generate_params.py helper, adding support for per parameter/tag resolution from specific to least specific params file #559, closes #452, closes #294.
• Add support for CodeStar CodeBuild clone ref, allowing to work on git commits in CodeBuild in pipelines #563.
• Allow CloudFormation parameter file name configuration per target #565.

Fixes 🐞

benbridts:

• Remove unacceptable characters from CloudFormation Stack names #346.

dependabot:

• Bumb ejs from 2.6.1 to 3.1.7 in Fargate node sample application #480.
• Bump express from 4.16.4 to 4.17.3 in Fargate node sample application #555.

javydekoning:

• Fix resource reference in Step Function state machine policy #461, closes #460.
• Fix string should be array reference in Event Bridge Rule #456, closes #455.
• Bumb Jinja2 and Boto3 versions to 3.1.1 and 1.21.31 respectively #457, closes #454.
• Ensure account alias is configured or fail #465, closes #242.
• Fix account file processing and add debug logging #459, closes #458.

mhdaehnert:

• Separate artifact storage bucket for CodePipeline and CodeBuild to improve parallel execution #271, closes #270.

Nr18:

• Fix S3 object ownership controls #448, closes #447.
• Fix param overrides functionality to support using the same source #446, closes #445.

rickardl:

• Support paginator for parameters and empty descriptions in moved to root lambda #273, fixes #272.

tylergohl:

• Add retry for InvalidTemplateError and GenericAccountConfigureError #384, closes #383.

StewartW:

• Fix deployment account Step Function time outs #401, closes #400.
• Fix incorrect step name in step function #406.
• Update get account region function to use opted-in regions to #423, closes #420.
• Reduce adf-codepipeline-role policy size when ADF deploys to many regions #475, closes #474.

sbkok:

• Add missing requirements file for shared python helpers, fixes use of retrieve_organization_accounts.py helper #352.
• Fix duplicate notification endpoint setup in pipeline generation #362.
• Fix specifying the tag on CodeBuild repository image to use #377, closes #374.
• Fix permission to set Support Subscription upon account creation #402, closes #379.
• Fix duplicated steps in Account Bootstrap Step Function #414.
• Fix global-iam example comment explaining where it is deployed #421.
• Fix use of correct region for AWS Organizations API depending on the partition it runs in #485.
• Fix correct use of build/deploy parameters for CodeBuild provider #489, closes #488.
• Fix account processing to be part of our SAR distribution #487.
• Fix Makefile use of find command on macOS #497, closes #473.
• Fix update process to only flag helpers as executable #499.
• Fix correct use of partitions #502.
• Fix use of NodeJS 14 with Standard 5.0 CodeBuild containers #500, closes #385.
• Fix MarkupSafe to v2.0.1 as v2.1 breaks compatibility with Jinja2<3.0.0 #498, closes #467, closes #441.
• Fix use of separate container image per target #501, closes #382.
• Fix wrapt version dependency #504.
• Fix syncing deployment map files to S3 when needed #506.
• Fix missing permission on cross-account org read-only role #509.
• Fix permission to update termination protection on pipeline stacks #511.
• Fix ADF state machines #514, closes #513.
• Fix updating account alias when needed #515.
• Fix tenacity version dependency #520.
• Fix Step Function input file syncing to upload only when content changed #530, part of #518.
• Fix pipeline generation policies #533.
• Fix repository creation permission in pipeline management #536.
• Fix stale pipeline deletion #535.
• Fix account creation wait for bootstrap to complete #537, closes #518.
• Fix initial commit implementation #534.
• Fix account bootstrap on organization unit move #539.
• Fix IAM Tag permissions #545.
• Fix initial commit on new/fresh install #544.
• Fix ADF Config storage, needs to be stored before used the first time #548.
• Fix pipeline regeneration upon account move #550, closes #549.
• Fix syncing to S3 in the root of the bucket #558.
• Fix CodePipeline source account id lookup to support missing account id for providers like CodeStar #561.
• Fix CreateRolePolicy permissions on global.yml bootstrap stacks #564.
• Fix clean-up of stale deployment map files in the pipeline bucket #562.
• Fix CodePipeline references to a specific config per stage over a default provider config #565.
• Fix executable flags of helper scripts #573.
• Fix CloudFormation permissions to update the pipeline notification SNS topic subscriptions #572.
• Fix permissions to enable CodeBuild as a deployment provider #571.
• Fix typos in pipeline management logical id #567.
• Fix generate_params.py pipeline regions lookup #584.
• Fix bootstrapping in non-protected OUs only #590.

Improvements ✨

benbridts:

• Clean up of protected organization unit error message #353.
• Improvements to the Serverless Application Repository template #343, closes #342.

javydekoning:

• Add CloudFormation linting using cfn-lint #466, closes #464.
• Replace Travis with GitHub Actions #481.
• Add YAML linting using yamllint #470, closes #463.
• Fix yamllint findings #482.
• Upgrade to CDK v1.168, pylint v2.13 and others #486.
• Add MegaLint to organize execution of all linters configured #492, part of #491.
• Fix linting issues in RDK sample #495.
• Fix editor config linting #516, part of #491.
• Improve docs, add markdown linting, and change master account to management account in docs #521, part of #491.
• Improve code and docs by adding CSpell checks to enforce correct spelling #574.
• Improve CSpell linter output #578.

Nr18:

• Encrypt SNS topic using ADF's CMK KMS Key #429, closes #422.
• Define CodeCommit description in deployment maps #469, closes #468.

ntwobike:

• Add RDK sample to deploy custom Config rules #451.

skycolangelom:

• Fix retry logic for DescribeRegions while creating new accounts #238, rebased + improved in #348.
• Fix deleting default VPC when it is non-empty #238, rebased + improved in #348.

StewartW:

• Add pipeline type parameters to enable support for other pipelines in the future #285, closes #185.
• Add Bootstrap Repository Pipeline high-level overview documentation from a tech perspective #393, closes #211.
• Refactor Account management to use a Step Function #394.
• Reduce number of IAM API calls during cross-account access setup process #408.
• Refactor Pipeline management to use a Step Function, added tech diagrams #424, closes #211.
• Add in role paths for new account management roles #523.
• Fix Megalint style error #531.
• Add deployment map source to SSM Params to identify out-of-date pipelines #525.
• Add retry logic on pipeline generation RunCDK stage when CodeBuild is throttled #580.

sbkok:

• Upgrade urlize from v2.11.2 to v2.11.3 #341.
• Lock down buckets created by ADF, block public access #350.
• Improve ADF version references in the main template #351.
• Upgrade dependencies (CDK to v1.105, Pylint to v2.8.2, SAM CLI to v1.23.0, and others) #364.
• Upgrade dependencies (CDK to v1.114, Pylint to v2.9.3, SAM CLI to v1.26.0, and others) #376, closes #388.
• Improved error message with accounts yaml read failures #403, closes #213.
• Enable setting the log level when deploying from the SAR + adding a troubleshoot ADF guide #409.
• Update docs to state the default branch used as the source #418.
• Change example email domains and account ids #416.
• Update to CDK v1.137, pylint v2.12, and others to latest available #417.
• Upgrade to Python 3.9 #415.
• Add editorconfig to repository #483.
• Refactor line lengths and code style #490.
• Update CDK, use of NodeJS 16 where possible, and CodeBuild Standard 5.0 images #496, closes #291.
• Only invoke pipeline deletion when needed #510.
• Add reference to Step Function Pipeline Management state machine from pipelines CodeBuild execution #512.
• Add retry logic to Step Function Lambda invocations and improved log messages #513, closes #371.
• Make consistent use of Id in pipeline management implementation #532.
• Add account creation in-progress retry logic, fixes SubscriptionRequiredException #540, closes #519, fixes #366.
• Add retries to account bootstrap process #543, closes #366.
• Update to CDK v1.181.1 and others #553.
• Improve readability of pipeline generation executions in the newly introduced pipeline generation state machine #557.
• Improve parameter validation on install/update of ADF, improving install/update experience #554.
• Update to CDK v1.182.0 #560.
• Improve adf-pipelines CodeBuild permissions to start state machines + optimized CodeBuild machine type #569.
• Add CodeBuild VPC permissions to default permissions to easy provisioning pipelines inside VPCs #570.
• Improve policy names in adf-bootstrap example global-iam.yml files to be unique #568.
• Improve code readability of CodeBuild class through refactoring #566.
• Update ADF update process and troubleshooting documentation #576.
• Improve CloudFormation error reporting in the aws-deployment-framework-bootstrap pipeline #582.
• Reduce number of cross-account access IAM API calls #581.
• Add exponential back-off retries on Enable Cross-Account Access state machine #581.
• Refactor and tighten roles used by Enable Cross-Account Access state machine #581.
• Do not retry pipeline generation if an account is not found or the deployment map is invalid #583.
• Refactor pipeline management pipeline input generation and execution #584.

---

Many thanks to our community for driving this release. And special thanks to apogorielov, benbridts, dsudduth, ivan-aws, javydekoning, mhdaehnert, Nr18, ntwobike, pozeus, rickardl, skycolangelom, srabidoux, stemons, StewartW, and tylergohl for contributing new features and improvements to ADF!