- As part of preparing for connection pooling, the hive manager included steps to initialize multiple database roles. These are not yet in use so have been removed.
- Parameter groups created in GovCloud do not support newer parameters, unless a new parameter group is created (Note: AWS Commerical accounts were not affected by this). This blocks some existing customers from upgrading their TED stack. Because parameter group changes require a reboot (downtime), and most customers do not require this change, we've made it an optional parameter in the stack to force the change as required.
- Default storage allocation for new installs is now 1TB (up from 100GB).
- v1.9.0 introduced a mix of names between
preinstallationwhich felt messy. This patch release brought to you by our clean up crew.
- TED now automatically checks the required TEF version is installed. If not, the TED stack will automatically rollback allowing you to upgrade TEF first.
- The default for
TrackFunctionsin v1.7.0 was
pl. Consider changing this to
none(the new, more common, default in v1.8.0) if you don't require that tracking.
- Process log data collected by Turbot is being moved into TED level management. This better aligns with our model of data separation and encryption. This version adds S3 buckets with encryption and lifecycle rules to start accepting that (and other future) data.
- If the master password is an empty string then Turbot will reset it automatically when required. The default was previously blank, requiring the parameter to be set (even if to empty string). This was difficult to understand and implement for those automating TED configuration. We now default to the empty string.
- Added new DB instance size option of
- Resource names related to metric collection, alarms and dashboards have been updated to use the ResourceName prefix. This aligns them with all other TED resources and makes it easier to track or target them with local rules.
- Parameters to set
- Add CloudWatch alarms for DB connections, CPU utilization and free storage alerts.
- Added t2.medium and t2.large instance class options, useful in test or dev environments.
- The SNS topic name for CPU alarms was not consistent with our other resources. Now it is.
- Alarm levels defined in the dashboard for CPU utilization and free storage, making problem levels clearer.
- Dashboard charts are now zero based, as any statistician will tell you they should be.
- SNS topic publishing CPU alarms, making it easy to subscribe for alerts.
- Requires TEF v1.7.0 or later.
- Parameter to set the maintenance window.
- Parameter to set a Customer Managed Key for encryption.
- Parameter to set the turbot master password. If blank, the master password is automatically reset.
- Auto scaling of storage for the read replicas outside the primary region.
- Auto scaling of storage for the primary read replica.
- Support customization of parameters for
Instance Type for Replica DBwill now default to
Same as Primary DB, which is a lot easier than having to set and maintain it manually when most of the time they are the same anyway.
- Choose a custom master username during install.
- Requires TEF v1.2.0 or later.
- The parameter
Instance Type for Replica DBis new and must be set during upgrade. (Note: Fixed in v1.3.0 to use
Same as Primary DBby default.)
- The Turbot Audit Trail is stored in a CloudWatch Log group managed in TED. It will now be retained if the TED stack is deleted, avoiding loss of audit trail data in that rare scenario.
- Easily configure auto-scaling of the database storage up to a maximum value.
- Read replicas can now have a different instance class to the primary. Typically they have a lower load level, so we've added flexibility to optimize costs.
- Default to using the alpha region (as defined in TEF) for primary DB install.
- Expanded the list of database instance classes available during install to include older generations (e.g. m3) which are required for AWS us-gov-west-1.
- Added the AWS RDS 2017 certificate as an option, since it's uniquely used and required in Gov Cloud installs.
- The AWS RDS certificate change requires a database reboot. This may cause a brief impact on availability. Please schedule this change for a suitable window.
- SSL is now required by default for all connections to the database. We used SSL anyway, but now we enforce it at the DB level as an extra precaution.
- Upgrade database instances to the AWS RDS 2019 root certificate (their 2015 certificate is expiring soon).
- Initial version.
- CloudFormation design for deployment via Service Catalog.
- CloudFormation stack per hive (physical shard).
- Postgres design with primary, failover and regional read replicas.
- Encryption at rest for all data.
- Custom Resource for automatic database hive configuration.