1.17.0

• Updated metrics for improved account tracking
• Improved deployment reliability by removing build artifacts before packaging

1.16.1

• Remove minimum version constraint for setuptools dependency

1.16.0

• Improved Step Functions payload size limit by implementing S3 storage for large payloads to support customers with larger organizations and large number of custom fields (#298, #556)
• Updated Python runtime to version 3.12
• Updated urllib3 dependency to version 2.5.0

1.15.1

• Bug fix: Fix an issue where enabling optional CMK encryption for CloudWatch log groups could fail due to KMS policy propagation delays
• Improved terraform plan output clarity by removing unnecessary configuration differences for DynamoDB global secondary indexes

1.15.0

• Add optional KMS encryption for CloudWatch log groups and SNS topics using the AFT-created customer managed key (CMK). This encryption can be enabled at the time of deployment using the cloudwatch_log_group_enable_cmk_encryption and sns_topic_enable_cmk_encryption variables. Learn more about using CMK encryption for Cloudwatch log groups and SNS topics here. (#396)
  • When first enabling CMK encryption for CloudWatch log groups, an AssociateKmsKey error may occur due to eventual consistency in an updated policy. If this occurs, re-run terraform apply.
• Enable changing CodeBuild compute type, using variable aft_codebuild_compute_type (#474, #560)
• Add new Terraform outputs for DynamoDB table, IAM role, S3 bucket name, KMS Key, Step Function, and SNS Topic ARNs (#81, #84)
• Require SSL for connections to S3 buckets (#300)
• Change DynamoDB tables to on-demand capacity mode, for more efficient utilization (#359, #497)
• Fix error preventing deployment in regions where the SSM global infrastructure parameter is not supported (#501)
• Improved error handling for missing Jinja2 templates in account request and customizations pipelines (#349)
• Update Lambda function dependencies
  • requests 2.32.4
  • boto3/botocore 1.39.3

1.14.1

• Fix bug, impacting environments with variable aft_enable_vpc=false and no VPCs present, which caused Terraform plan and apply actions to fail.

1.14.0

• Add support for customer provided VPCs at the time of deployment. Learn more about deploying AFT in your own VPC here. (#192)
• Update VPC endpoints to support AWS Organizations when deploying in the us-east-1 AWS Region. (#452)
• Add support for providing a project name to deploy AFT workspaces into. This functionality is applicable to Terraform Enterprise and HCP Terraform (formerly Terraform Cloud) customers. (#519, #447, #342)
• Add support for providing customer-defined tags to AFT resources. (#466)

1.13.5

• Update the check for service dependencies to support deployment in opt-in regions without SSM public parameter support. (#501)
• Increase timeout for aft-account-request-action-trigger Lambda to 10 minutes. (#494)

1.13.4

• Change AWS CodeStar Connections to AWS CodeConnections for connecting to third party VCS providers. Customers with an existing external VCS connection will need to:
  • Re-authorize the connection through AWS Developer Tools console. Learn more on updating your connection here.
  • Run aft-invoke-customizations for all accounts to update the source for account pipelines.

1.13.3

• Update log message input validation for enhanced logging security
• Shorten CodeConnection name to fit within 32 character limit when using GitLab self-managed VCS (#508)
• Upgrade to using V2 of AWS CodePipelines which allows additional parameters for release safety and trigger configuration (#438)
• Update Terraform configurations to remove deprecation warnings (#430)