v9.0.5
Release v9.0.5
Important information
This release is only compatible with Cumulus v18.x.x and up.
- Full Change Comparison: v9.0.4...v9.0.5
Migration Notes
If you are deploying ORCA for the first time or migrating from v6, no changes are needed.
If you are currently on v8 or v9, this means you already have load balancer deployed and you need to delete the load balancer target group before deploying this version. This is because terraform cannot delete existing load balancer target groups having a listener attached. Adding a HTTPS to the target group requires replacing the target group. Once the target group is deleted, you should be able to deploy ORCA.
- From AWS EC2 console, go to your load balancer named
<prefix-gql-a>and select theListeners and rulestab. Delete the rule. - Delete your target group
<random_name>-gql-a. The target group name has been randomized to avoid terraform resource error. - Deploy ORCA.
If deployed correctly, the target group health checks should show as healthy.
For the DR buckets modify the bucket policy and remove the line that contains "s3:x-amz-acl": "bucket-owner-full-control" as well as the comma that is before/after it.
Added
- ORCA-450 - Removed Access Control List (ACL) requirement and added BucketOwnerEnforced to ORCA bucket objects.
- ORCA-452 - Added Deny non SSL policy to S3 buckets in
modules/dr_buckets/dr_buckets.tfandmodules/dr_buckets_cloudformation/ dr-buckets.yaml
Changed
- ORCA-441 - Updated policies for ORCA buckets and copy_to_archive to give them only the permissions needed to restrict unwanted/unintended actions.
- ORCA-746 - Enabled HTTPS listener in application load balancer for GraphQL server using AWS Certificate Manager.
- ORCA-828 - Added prefix to ORCA SNS topic names to avoid
object already existserrors.
Security
- ORCA-821 - Fixed snyk vulnerabilities from snyk report showing high issues and upgraded docusaurus to v3.1.0.