v0.5.0
ECS Exec Access Provider

This release introduces the ECS Exec Access Provider. This Access Provider provisions just-in-time IAM permissions which allow users to access an audited shell session on a container in an ECS cluster.
In addition to this we're introducing granted-flask, a library that replaces flask shell with a console that captures audit logs of Python commands executed. This library works with the ECS Exec Access Provider to provide audited Python shell access on ECS containers.
This Access Provider is in alpha status. Over coming releases we plan on adding improved support for terminating ECS Exec access sessions by closing the underlying SSM session automatically.
Fixes
For users of AWS-SSO, we have included an update to the IAM role policy to include some additional required permissions statements.
iam:AttachRolePolicy
iam:CreateRole
You can add these statements to the CloudFormation template that you used to deploy the access role and then update the stack deployment.
Alternatively, start a new setup workflow for AWS-SSO and check out the updated instructions there.
We've also made fixes to the Okta groups provider to handle cases where email addresses aren't used as usernames in an Okta directory (#257).
What's Changed
- Minor UI fixes 0.04.2 by @Eddie023 in #259
- okta: handle cases where usernames don't match email by @chrnorm in #257
- Add Remove & Update subcommand for providers by @Eddie023 in #258
- add interface for loading deployment config by @chrnorm in #261
- Add user management features to web UI by @JoshuaWilkes in #260
- ECS Exec provider by @meyerjrr in #206
Full Changelog: v0.4.3...v0.5.0
