The Utoolity team is pleased to present Tasks for AWS 2.11 – this release adds new actions for AWS CloudFormation change sets to enable Continuous Delivery approval workflows, and adds support for using IAM roles with Amazon EC2 Container Service (ECS) tasks. You can now create/execute/delete change sets for AWS CloudFormation Stacks, and specify IAM roles when registering Amazon ECS Task Definitions and running/starting Amazon ECS Tasks.
New AWS CloudFormation Stack task actions for change sets
You can now view change sets before updating your stacks in AWS CloudFormation. This helps you understand the resource-level changes (e.g. adding, deleting, or modifying instances) which CloudFormation will apply to your live stack when you are updating your AWS infrastructure. Previously, you could not see the specific changes that CloudFormation would apply to your stack before submitting changes.
You can create one or multiple change sets for your existing stack by submitting a modified template, new parameter values (e.g. the instance type for your EC2 instances), or both. The change set will display a list of proposed changes, such as which resources CloudFormation will add, modify, or delete. You can then instruct CloudFormation to implement the changes to your stack.
Continuous Delivery approval workflows
The introductory blog post also emphasizes the main use case for Continuous Delivery with Bamboo and Tasks for AWS:
In addition to additional insight into potential changes, this new model also opens the door to additional control over updates. You can use IAM to control access to specific CloudFormation functions such as UpdateStack, CreateChangeSet, DescribeChangeSet, and ExecuteChangeSet. You could allow a large group developers to create and preview change sets, and restrict execution to a smaller and more experienced group. With some additional automation, you could raise alerts or seek additional approvals for changes to key resources such as database servers or networks.
Support for IAM Roles in Amazon EC2 Container (ECS) tasks
You can now use the recently introduced IAM Roles for ECS Tasks when registering a task definition with the Amazon ECS Task Definition task, and when running or starting a task with the Amazon ECS Task task:
Now, you can specify an IAM role for each ECS task. The applications in the task’s containers can then use the AWS SDK or CLI to make API requests to authorized AWS services. This allows the EC2 instance to have a minimal role, respecting the ‘Least Privilege’ access policy and allowing you to manage the instance role and the task role separately. You will also gain visibility as to which task is using which role, tracked in the CloudTrail logs.
Support for Docker 1.11, Go 1.5, and Node.js 5/6 in AWS Elastic Beanstalk tasks
The available solution stacks have been updated to include the latest versions, see the resp. announcement:
Updated solution stacks are always usable manually as soon as they are made available by AWS - this simply updates the user interface to include those for convenient selection.
For more details about this release, please refer to the Tasks for AWS 2.11 Release Notes.