The Utoolity team is pleased to present Tasks for AWS 2.17 – this release adds support for using AWS CloudFormation Macros with nested stacks, adds support for tagging ECS resources and injecting sensitive data from the AWS Systems Manager Parameter Store or the AWS Secrets Manager into Amazon ECS containers, and adds support for the Python 3.7 runtime and 15 minutes execution time in AWS Lambda.
You can now forego change sets and use macros directly with the Create Stack and Update Stack actions in the AWS CloudFormation Stack task to enable usage with nested stacks, tag your ECS resources via all supported Amazon ECS tasks, inject parameters and secrets into Amazon ECS containers with the Amazon ECS Task Definition task, and use the Python 3.7 runtime and the extended 15 minutes execution time in the AWS Lambda Function task.
Highlights
Use AWS CloudFormation macros with nested stacks
You can now use AWS CloudFormation Macros directly in the Create Stack and Update Stack actions in the AWS CloudFormation Stack task to forego the previously required creation and execution of a change set and thereby enable macro usage with nested stacks. This is enabled by a new capability CAPABILITY_AUTO_EXPAND
– refer to the documentation of the CreateStack API action for details:
Some templates contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by AWS CloudFormation.
Change sets do not currently support nested stacks. If you want to create a stack from a stack template that contains macros and nested stacks, you must create the stack directly from the template using this capability.
Tag Amazon ECS resources
You can now tag your Amazon ECS resources via all supported Amazon ECS tasks:
Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type – you can quickly identify a specific resource based on the tags you've assigned to it. For example, you could define a set of tags for your account's Amazon ECS container instances which helps you track each container instance's owner and stack level.
Inject SSM parameters and secrets into Amazon ECS containers
You can now use the Amazon ECS Task Definition task to inject sensitive data into your containers by storing your sensitive data in AWS Systems Manager Parameter Store parameters and then referencing them in your container definition – refer to Specifying Sensitive Data for details:
As customers build applications, they need to reference sensitive information such as database credentials, tokens, configuration variables or SSH keys. Previously, customers had to directly reference this sensitive information in the task definition or manage your own run-time secrets with custom solutions to decouple secrets from core application logic stored in container images.
Now, you have new task definition conventions for exposing sensitive information stored in AWS Systems Manager Parameter Store to container instances. [...]
Use AWS Systems Manager Parameter Store with Bamboo
You can also use the AWS Systems Manager Parameter Store directly within Bamboo build plans and deployment projects via the dedicated AWS Systems Manager Parameter task.
Integration with AWS Secrets Manager
Besides natively supporting encrypted Secure String Parameters, the AWS Systems Manager Parameter Store is also integrated with the dedicated AWS Secrets Manager – refer to Referencing AWS Secrets Manager Secrets from Parameter Store Parameters for details.
Use the Python 3.7 runtime and 15 minutes execution time for AWS Lambda functions
You can now use the Python 3.7 runtime and the extended 15 minutes execution time in the AWS Lambda Function task – refer to the resp. introductory posts for details:
- Python 3.7 runtime now available in AWS Lambda
- AWS Lambda enables functions that can run up to 15 minutes
Release notes
For more details about this release, please refer to the Tasks for AWS 2.17 Release Notes.