v7.0.0

v7.0.0 (2024-08-01)

Breaking

• feat(release)!: Improve stac integration tests, add optional web acl configuration for cloudfront, titiler-pgstac v1 upgrade (#405)

📣 Breaking

• feat!: titiler-pgstac v1 upgrade
  #398 introduces
  breaking endpoint changes; see titiler-pgstac v0.8 -> v1.0 migration
  docs

✨ Added

• feat: add optional web acl configuration for cloudfront
  #396

🪙 Changed/Updated

• chore: Improve stac integration tests
  #395
• chore: add gitignore entry for Jetbrains IDEs
  #409

🩹 Fixed

• fix: render fix for titiler-pgstac v1 upgrade
  #408 (cdb0370)

v1.1.0-rc.74

v1.1.0-rc.74 (2024-08-01)

Chore

• chore: add gitignore entry for Jetbrains IDEs (#409) (450c082)

v1.1.0-rc.73

v1.1.0-rc.73 (2024-07-31)

Fix

• fix: render fix for titiler-pgstac v1 upgrade (#408) (18a4d30)

v1.1.0-rc.72

v1.1.0-rc.72 (2024-07-25)

Feature

• feat: titiler-pgstac v1 upgrade (#398)

upgrade to titiler-pgstac 1.3.0 (f449325)

v1.1.0-rc.71

v1.1.0-rc.71 (2024-07-16)

Chore

• chore: Improve stac integration tests (#395) (f15740f)

v1.1.0-rc.70

v1.1.0-rc.70 (2024-07-15)

Feature

• feat: add optional web acl configuration for cloudfront (#396)

Issue

GSD-3535 Ensure CloudFront distributions have WAF enabled

What?

• Added env var and construct changes to incorporate optional web acl

Why?

• security requirement

Testing?

• tested using mcp-test and checked that setting
  VEDA_SHARED_WEB_ACL_ID works as expected and omitting
  VEDA_SHARED_WEB_ACL_ID does not enable firewall to cloudfront (13b229f)

• feat: add optional web acl configuration for cloudfront (ec1c567)

Fix

• fix: update to indicate arn is needed for web acl id (b36fc7c)

v6.0.0

v6.0.0 (2024-06-27)

Breaking

• feat(release)!: remove unused xarray, xstac, zarr requirements and configure cloudfront with OAC (#394)

Changed/Updated

• chore(ingest): remove unused xarray, xstac, and zarr requirements
  #393
• feat!: configure cloudfront with origin access control (proposal)
  #376 (19f308e)

v1.1.0-rc.69

v1.1.0-rc.69 (2024-06-20)

Chore

• chore(ingest): remove unused xarray, xstac, and zarr requirements (#393) (a98fe29)

• chore(ingest): remove unused zarr requirement (5b3997d)

• chore(ingest): remove unused xarray and xstac imports (a946478)

v1.1.0-rc.68

v1.1.0-rc.68 (2024-06-14)

Breaking

• feat!: configure cloudfront with origin access control (proposal) (#376)

Issue

No relevant github issue but in MCP, setting a default root object is
required which this work helps to address.

What?

• enable logging (this was added in another merged
  PR)
• configure cloudfront to use origin access control and delete the
  origin access identity that gets created
• set default root object to index.html
• use flag to enable/disable featureVEDA_CLOUDFRONT_OAC

Why?

• currently, our MCP deployments need to be manually updated in order
  for the cloudfront distribution to work properly with S3 buckets that
  block public access

Testing?

• deployed these changes to UAH dev and MCP test

Other

• I opted to not add policy configuration in this PR since there is no
  way to tell via CDK if a policy on a bucket already exists. In order for
  this to work, the S3 browser bucket must allow cloudfront to GetObject

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "AllowCloudFrontServicePrincipal",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudfront.amazonaws.com"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKET/*",
            "Condition": {
                "StringEquals": {
                    "AWS:SourceArn": "arn:aws:cloudfront::ACCOUNT:distribution/DISTRIBUTION_ID"
                }
            }
        }
    ]

Misc

In order to properly configure this for our UAH stacks, we will need to
update the buckets to block public access, not use static website
hosting, and to include the bucket policy like above. These changes are
required because our current UAH buckets do use static website hosting
and therefore don't have the above policy and allow read access. (3a20ef2)

Feature

• feat: add flag to enable cf oac (d5c8fb5)

Fix

• fix: lint (f4b89c7)

v5.2.0

v5.2.0 (2024-06-10)

Feature

• feat(release): downgrade and pin rio-tiler, fix ingestor role, allow extra fields in collection links (#390)

Added

None

Changed/Updated

• chore: Add rio-tiler version in raster API #
  385

Fixed

• fix: update stac and raster api title and description
  #379
• fix: backend monitoring changes
  #371
• fix: ingestor role to have s3 access
  #387
• fix(ingest): requester pays config in validation
  #388
• fix: allow extra fields in collection links to support extensions
  #389 (e6d8c51)