v2.4.0

What's Changed

⚠️ ⚠️ Important: Review the warnings in #1064 if you want to use environments in multiple-regions.

New features 🆕

• Allow multiple environments in the same account with cdk-pivot role by @dlpzx in #1064
• Add high throughput SSM on prod_sizing by @noah-paige in #1154
• Add share_reapply ECS task - ON DEMAND for data.all admins by @dlpzx in #1151
• Initialise RDS database data.all permissions once per deployment by @petrkalos in #1145 and small fix in #1170
• Run RDS database migrations in a custom resource by @petrkalos in #1177
• Ruff code auto-format by @SofiaSazonova in #1105, #1112 and in #1129 and by @petrkalos in #1159 and in #1160

Big Refactoring 💻

• Refactor core/groups by @SofiaSazonova in #1113
• Refactor core/permissions by @SofiaSazonova in #1114
• Refactor core/environment and core/stack by @SofiaSazonova in #1164, in #1169, in #1178 and in #1181

Enhancements 🥇

• Remove allowAll bucket policy statement by @dlpzx in #1106
• Adding check to remove any spaces in confidentiality names by @TejasRGitHub in #1126
• Worksheet UI improvements - fix Team and list Environments of Team by @dlpzx in #1111
• WAF rule parameters in cdk.json + Documentation by @SofiaSazonova in #1140
• Update cdkExecPolicy.yaml to cleanup overly excessive permissions by @mourya-33 in #1085
• Add grants to pivot role in verify tables functions by @dlpzx in #1149
• Implement guardrails and mechanisms to deal with deleted IAM roles in share requests by @SofiaSazonova in #1161
• Implement least privilege principle for cloudfront, lambda and db migration stacks by @mourya-33 in #1134
• Implement less restrictive trust policy for local development pivot roles by @dlpzx in #1176

Fixes 🪲

• Fix EnvUri to check GET_ENV permission for worksheet by @noah-paige in #1125
• Grant IAM permissions to read data to environment team IAM roles independently from CREATE_DATASET permissions by @SofiaSazonova in #1137
• Allow ListEnv to get associated organization information by @noah-paige in #1139
• Redirect the user to correct URL after login by @TejasRGitHub in #1094
• Fixes for email notifications not sending share link in the body by @TejasRGitHub in #1143
• Fix folder pagination missing page by @dlpzx in #1158
• Add "/ "to prefix in crawlers if it is not specified in input by @dlpzx in #1156
• Add Athena List permissions to use AWS SDK for Pandas in SageMaker by @dlpzx in #1155
• Add new data.all permissions REMOVE_ORGANIZATION_GROUP, INVITE_ORGANIZATION_GROUP to teams invited to an Organization by @SofiaSazonova in #1162
• Fix missing GET_FOLDER permissions by @dlpzx in #1163
• Fix input parameters for get credentials get environment group by @dlpzx in #1198
• Update CDK exec role Policy name with region in template by @dlpzx in #1197
• Remove creation of log-groups in Lambdas by @dlpzx in #1192
• Fix missing session in resolve_environment by @dlpzx in #1199
• Fix missing $ in CDK custom policy by @dlpzx in #1204
• Fix unnecessary permission check in resolve_stack functions (failure in list datasets when there are shared datasets) by @dlpzx in #1205
• Fix reference to locationUri by @dlpzx in #1209
• Fix sagemaker tagging permissions by @dlpzx in #1211

Documentation 📚

• Documentation in GitHub pages for release 2.4.0 by @dlpzx in #1191
• Documentation in Userguide for release 2.4 by @dlpzx in #1218

Dependencies 📦

• Upgrade follow-redirects and webpack-dev-middleware depedencies in frontend by @dlpzx in #1121
• Upgrade express in frontend by @dlpzx in #1152
• Bump idna from 3.4 to 3.7 in /deploy/custom_resources/custom_authorizer by @dependabot in #1166