AWS Copilot v1.21: CloudFront is here!
Posted On: Aug 17, 2022
The AWS Copilot core team is announcing the Copilot v1.21 release.
Special thanks to @dave-moser, @dclark, and @apopa57 who contributed to this release.
Our public сommunity сhat is growing and has over 300 people online and over 2.4k stars on GitHub.
Thanks to every one of you who shows love and support for AWS Copilot.
Copilot v1.21 brings several new features and improvements:
- Integrate CloudFront with Application Load Balancer: You can now deploy CloudFront in front of your Load Balanced Web Services! See detailed section to learn more.
- Configure environment security group: Configure your environment security group rules through environment manifest. See detailed section.
- ELB access log support: Enable elastic load balancing access logs for your Load Balanced Web Service. See detailed section.
job logs
improvements: You can now follow logs and view state machine execution logs for your jobs. See detailed Section- Package addon CloudFormation templates before deployments: Copilot will now package addon templates on
copilot svc deploy
. This means Copilot can now deploy AWS Lambda functions alongside your containerized services! Read more about how to get started in Copilot's documentation.
What’s AWS Copilot?
The AWS Copilot CLI is a tool for developers to build, release, and operate production ready containerized applications on AWS. From getting started, pushing to staging, and releasing to production, Copilot can help manage the entire lifecycle of your application development. At the foundation of Copilot is AWS CloudFormation, which enables you to provision infrastructure as code. Copilot provides pre-defined CloudFormation templates and user-friendly workflows for different types of micro service architectures, enabling you to focus on developing your application, instead of writing deployment scripts.
See the section Overview for a more detailed introduction to AWS Copilot.
CloudFront Integration
One of our first major additions to the Copilot environment manifest! CloudFront is an AWS Content Delivery Network (CDN) which helps people deploy their applications across the globe, and now you can enable a distribution by simply setting cdn: true
in your environment manifest and running copilot env deploy
.
Currently supported features
- A distribution deployed in front of your public Application Load Balancer (ALB)
- ALB ingress restricted to the CloudFront distribution to protect from DDoS attack
- HTTPS traffic through an imported certificate, or a Copilot-managed certificate
CloudFront with HTTPS
Copilot makes this process easy! If you have an application initialized with a --domain
specified during app init
, the required certificate will be created for you and no additional actions are required.
If you import your own certificates for your hosted zone, we'll walk you through importing the correct certificate for CloudFront.
Info
CloudFront requires certificates to be in the us-east-1
region. When importing a certificate, make sure to create your certificate in this region.
First, create a certificate in the us-east-1
region for your application with AWS Certificate Manager. You must add each domain associated with your application to this certificate. Once you've validated the certificate, you can add a field to your environment manifest to import the certificate for CloudFront:
cdn:
certificate: arn:aws:acm:us-east-1:${AWS_ACCOUNT_ID}:certificate/13245665-h74x-4ore-jdnz-avs87dl11jd
copilot env deploy
, then you can create an A-record in Route 53 which points to the CloudFront distribution created by Copilot. Just select to point the record to an Alias
in the console, then select to route traffic to a CloudFront distribution resource type, and enter the CloudFront DNS from the deployed distribution.
Restricting traffic to CloudFront
To restrict public traffic to come through the CloudFront distribution, there's a new field in http
for your public load balancer:
http:
public:
security_groups:
ingress:
restrict_to:
cdn: true
Configure Environment Security Group
You can now configure your environment security group rules through environment manifest.
Sample security group rules template inside environment manifest is given below.
network:
vpc:
security_group:
ingress:
- ip_protocol: tcp
ports: 80
cidr: 0.0.0.0/0
egress:
- ip_protocol: tcp
ports: 0-65535
cidr: 0.0.0.0/0
ELB Access Logs Support
You can now enable Elastic Load Balancing access logs that capture detailed information about requests sent to your load balancer. There are a few ways to enable access logs:
-
You can specify
access_logs: true
in your environment manifest as shown below and Copilot will create an S3 bucket where the Public Load Balancer will store access logs.You can also view the bucket name withname: qa type: Environment http: public: access_logs: true
copilot env show --resources
command. -
You can also bring in your own bucket and prefix. Copilot will use those bucket details to enable access logs. You can do that by specifying the following configuration in your environment manifest.
When importing your own bucket, you need to make sure that the bucket exists and has the required bucket policy for the load balancer to write access logs to it.name: qa type: Environment http: public: access_logs: bucket_name: my-bucket prefix: my-prefix
job logs
At long last, you can now view and follow logs for executions of your scheduled jobs. You can choose how many invocations of the job to view, filter logs by specific task IDs, and choose whether to view state machine execution logs. For example, you can view logs from the last invocation of the job and all the state machine execution data:
$ copilot job logs --include-state-machine
Which application does your job belong to? [Use arrows to move, type to filter, ? for more help]
> app1
app2
Which job's logs would you like to show? [Use arrows to move, type to filter, ? for more help]
> emailer (test)
emailer (prod)
Application: app1
Job: emailer
states/app1-test-emailer {"id":"1","type":"ExecutionStarted","details": ...
states/app1-test-emailer {"id":"2","type":"TaskStateEntered","details": ...
states/app1-test-emailer {"id":"3","type":"TaskScheduled","details": ...
states/app1-test-emailer {"id":"4","type":"TaskStarted","details": ...
states/app1-test-emailer {"id":"5","type":"TaskSubmitted","details": ...
copilot/emailer/d476069 Gathered recipients
copilot/emailer/d476069 Prepared email body
copilot/emailer/d476069 Attached headers
copilot/emailer/d476069 Sent all emails
states/app1-test-emailer {"id":"6","type":"TaskSucceeded","details": ...
states/app1-test-emailer {"id":"7","type":"TaskStateExited","details": ...
states/app1-test-emailer {"id":"8","type":"ExecutionSucceeded","details": ...
copilot job run
:
$ copilot job run -n emailer && copilot job logs -n emailer --follow
What’s next?
Download the new Copilot CLI version by following the link below and leave your feedback on GitHub or our Community Chat:
- Download the latest CLI version
- Try our Getting Started Guide
- Read full release notes on GitHub