AWS Copilot v1.31: NLB enhancements, better task failure logs,
copilot deploy enhancements
Posted On: October 5, 2023
The AWS Copilot core team is announcing the Copilot v1.31 release.
Copilot v1.31 brings big enhancements to help you develop more flexibly and efficiently:
- NLB enhancements: You can now add security groups to Copilot-managed network load balancers. NLBs also support the UDP protocol. See detailed section
- Better task failure logs: Copilot will show more descriptive information during deployments when tasks fail, allowing better troubleshooting.
copilot deployenhancements: You can now deploy multiple workloads at once, or deploy all local workloads with
- Importing an ACM certificate for your Static Site: You can now bring your own ACM certificate for the Static Site service. See detailed section
What’s AWS Copilot?
The AWS Copilot CLI is a tool for developers to build, release, and operate production-ready applications on AWS. From getting started, pushing to staging, and releasing to production, Copilot can help manage the entire lifecycle of your application development. At the foundation of Copilot is AWS CloudFormation, which enables you to provision Infrastructure as Code. Copilot provides pre-defined CloudFormation templates and user-friendly workflows for different types of microservice architectures, enabling you to focus on developing your application, instead of writing deployment scripts.
See the section Overview for a more detailed introduction to AWS Copilot.
Copilot brings UDP traffic support with an update to your Network Load Balancer! The protocol your NLB uses is specified by the nlb.port field.
NLB Security Group is a new AWS feature that lets you filter public traffic to your NLB, enhancing the security of your application. For more information, read this AWS blogpost. For Copilot to use this feature, your
TargetGroup resources need to be recreated. With v1.31 this will only happen if you specify
udp protocol. With v1.33 however, Copilot will make this change for all users. This means that if you don't use DNS aliases, then the NLB's domain name will change, and if you do use DNS alias, then the alias will start pointing to the new NLB that is enhanced with a security group.
copilot deploy enhancements
copilot deploy now supports deploying multiple workloads with one command. You can specify multiple workloads with the
--name flag, use the new
--all flag in conjunction with
--init-wkld to initialize and deploy all local workloads,
and you can now provide a "deployment order" tag when specifying service names.
For example, if you have cloned a new repository which includes multiple workloads, you can initialize the environment and all services with one command.
copilot deploy --init-env --deploy-env -e dev --all --init-wkld
If you have a service which must be deployed before another--for example, there is worker service which subscribes to a topic exposed
by a different service in the workspace--you can specify names and orders with
copilot deploy --all -n fe/1 -n worker/2
worker, then the remaining services or jobs in the workspace.
Better task failure logs
Before Copilot v1.31, if you wanted to find out why your ECS tasks stopped, you'd have to navigate to AWS Console -> ECS -> Service -> Stopped Tasks -> Stopped Reason.
With this enhancement,
copilot [noun] deploy will now display the ECS task stopped reasons within your CloudFormation deployment progress tracker. Copilot will show the two most recent task failures during deployments of your Load Balanced Web Service, Backend Service and Worker Services.
- An ECS service to run and maintain your tasks in the environment cluster
Revision Rollout Desired Running Failed Pending
PRIMARY 11 [in progress] 1 0 1 0
ACTIVE 8 [completed] 1 1 0 0
Latest 2 stopped tasks
TaskId CurrentStatus DesiredStatus
6b1d6e32 DEPROVISIONING STOPPED
9802d212 STOPPED STOPPED
✘ Latest 2 tasks stopped reason
- [6b1d6e32,9802d212]: Essential container in task exited
Troubleshoot task stopped reason
1. You can run `copilot svc logs --previous` to see the logs of the last stopped task.
2. You can visit this article: https://repost.aws/knowledge-center/ecs-task-stopped.
Importing an ACM certificate for your Static Site
Copilot now introduces a new field
http.certificate in the Static Site manifest. You can specify with the ARN of any validated ACM certificate in
us-east-1 as below:
example.com must be the domain name or any subject alternative name of the certificate you are bringing in, and we'll use the imported certificate for your HTTPS traffic instead of creating a Copilot-managed one.