Skip to content
This repository was archived by the owner on May 16, 2024. It is now read-only.

v0.5.0

Choose a tag to compare

@JoshuaWilkes JoshuaWilkes released this 09 Sep 13:26

ECS Exec Access Provider

ECS Exec Access Provider logo
This release introduces the ECS Exec Access Provider. This Access Provider provisions just-in-time IAM permissions which allow users to access an audited shell session on a container in an ECS cluster.

In addition to this we're introducing granted-flask, a library that replaces flask shell with a console that captures audit logs of Python commands executed. This library works with the ECS Exec Access Provider to provide audited Python shell access on ECS containers.

A screenshot of audit trails captured during a Python shell session with granted-flask

This Access Provider is in alpha status. Over coming releases we plan on adding improved support for terminating ECS Exec access sessions by closing the underlying SSM session automatically.

Fixes

For users of AWS-SSO, we have included an update to the IAM role policy to include some additional required permissions statements.

iam:AttachRolePolicy
iam:CreateRole

You can add these statements to the CloudFormation template that you used to deploy the access role and then update the stack deployment.

Alternatively, start a new setup workflow for AWS-SSO and check out the updated instructions there.

We've also made fixes to the Okta groups provider to handle cases where email addresses aren't used as usernames in an Okta directory (#257).

What's Changed

Full Changelog: v0.4.3...v0.5.0