version: 1.0.14

• fix: when changeset is not found during execute-change-set the cli command returns an error

version: 1.0.13

• fix: cdk tasks use --force when deleting stacks
• chore: usage of AWS SDK v3 (upgrade from V2)
• fix: deleting stacks without explicit concurrency settings will default to settings passed to the CLI (instead of 1)

• feat: support MaxConcurrentTasks > 0 on update-cdk tasks
• feat: support IgnoreFileChanges on update-cdk, update-serverless.com and apply-tf tasks (allows the task to be skipped if certain files got changed)
• fix: stacks in UPDATE_ROLLBACK_FAILED wont get deleted when attempting to recover from a failed update
• feat: Control Tower (or any other account factory solution) support using the annotate-organization task

version 1.0.9

• feat: support --match and --dev on print & validate commands
• feat: support serverless.com V3, by setting the SLSVersion attribute to 3 in the task file
• fix: allow sub-expression to be a !ReadFile, !Cmd or other expression

• feat: added Terraform support task support (task type: apply-tf)

• feat: allow a development role to be configured on the OrganizationRoot (DefaultDevelopmentBuildAccessRoleName) which will be used when running using --dev
• fix: STS defaults to regional STS which allows deployments to non-default aws regions.
• fix: support cloudformation language extensions: Fn::ToJsonString and Fn::Length
• fix: fail the build if a task gets deleted that has TerminationProtection set to true.

version v1.0.6

• fix: only prevent printing/ validating stacks if an account is added to organization.yml (not prevent printing if an OU got added)
• chore: better perf on update-organization task
• fix: explicitly retry on type registrations that return DEPLOY_STAGE of status FAILED
• feat: allow nunjucks templating context to be passed to cli commands perform-tasks, print-tasks, validate-tasks, update & print-org
• feat: support disableRollback on update-stacks tasks
• feat: allow accounts to be excluded when performing any command (--exclude-accounts '112223344555,112223344555' )
• feat: specify bucket to be used for large template uploads (on validate-tasks, perform-tasks, validate-stacks and update-stacks)
• feat: support closing removed accounts form the organization specifying "CloseAccountsOnRemoval: true" on the OrganizationRoot in organization.yml
• fix: better defaults for the deploy-cdk task: added --all --require-approval=never to default deploy and destroy commands
• fix: allow matching a single task using --match taking a globPattern (e.g. --match '**/MyTask') or the exact name of a task.

• feat: allow Fn::EnumTargetAccounts to be used in combination with ${AccountId}, ${AccountName}, ${LogicalId}, ${RootEmail}, ${Alias}, ${Tags.TAGNAME}
• feat: dependsOnAccount support for govcloud
• feat: support for ExcludeOrganizationalUnit in organization binding
• fix: EMAIL_ALREADY_EXISTS when importing account using root email for govcloud
• feat: Nunjucks templating support on LocalFile contents of copy-to-s3 tasks
• feat: allow organization binding to be declared as a task-file parameter (Type: 'OrganizationBinding')
• feat: support comma-delimited CloudFormation parameter values

version 1.0.3

• fix: creating a new account doesnt properly display the new account id in the logs (displays [object Object] instead)

• feat: support top-level rules in template
• fix: honour taskRoleName when printing tasks

• fix: ExcludeOrganizationalUnit throws a validation error.
• fix: No targetId when attaching scp to root
• chore: update runtime deps

version 1.0.0 🎉

• feat: AWS GovCloud (US) support (using --partition flags). AWS organizations from the commercial partition will be mirrored to a non-commercial partition e.g. AWS GovCloud (US).
• fix: invalid CRC checksum on zipfile when running init-pipeline
• feat: support for up to 4000 AWS Accounts within an organization
• fix: caching of exported values, therefore improving performance and avoiding rate limiting errors
• fix: template support for --print-tasks

BREAKING CHANGES:

• v1.0.0: execution role under which org-formation is ran requires the ec2:describeRegions permission

• feat: support ExcludeOrganizationalUnit in binding
• feat: support ServerSideEncryption in copy-to-s3 task
• fix: ensure password policy and alias don't get cleared on init/build
• fix: ensure concurrency settings are re-used when deleting tasks
• fix: add retry and backoff when reading the organization (e.g. using init)
• fix: strip dashes from account names when generating the logical names during init

• fix: allow templates without version attribute
• feat: support !Ref AWS::Partition in tasks file
• feat: allow yaml anchors to be declared in top level Definitions attribute
• feat: reduce 'not in update create completed' failures when creating new account (due to rate limiting)
• feat: TextTemplating support for organization.yml and task files
• feat: possibility to mix TextTemplating and bindings/expressions
• feat: stack tags
• fix: org-formation init to honor --cross-account-role-name

version 0.9.16

• fix: missing role in build account when running init-pipeline

• BREAKING CHANGE: when using OrgFormationBuild role, this role will be used and must be present in all accounts (also in the build account), more info here
• feat: support for << (merge operator) in the organization.yml file. this allows for large organization.yml files to be split out (using <<: Include ./dev-accounts.yml)
• feat: better profile support added support for credential process and SSO
• feat: perform tasks will create a state bucket if bucket doesn't exist
• feat: added !Cmd function to execute and capture the output of any shell command
• feat: ofn alias to binary
• feat: support for nunjucks templating on cloudformation templates
• feat: init & init-pipeline commands use default region from profiles file.
• fix: allow !Ref CurrentAccount and !FindInMap to be used together in a tasks file.
• fix: have init-pipeline create a pipeline that works with the main branch (as opposed to master)
• fix: allow for SAM templates with a globals section to deploy
• fix: set the default buildAccessRoleName for cdk and sls tasks
• fix: race condition deploying/validating/printing templates if update-organization task is placed in an include

version 0.9.14

• Support for moving the org-formation build process out of the master/management account in AWS
• Support for splitting up the CI/CD process (perform-tasks) into multiple
• Organization.yml file gets published to S3 and EventBridge after change (and successful perform-tasks).
• Support for centrally stored parameters using !Include.
• Optimized buildtime on organization.yml file changes.
• Added CAPABILITY_AUTO_EXPAND to support deploying SAM.
• Templates with CloudFormation resolve expressions will get redeployed (as the outcome will be evaluated by Cfn).
• Numerous bugfixes and small improvements.

• Added a new command: print-tasks, which will generate all cloudformation templates and write to disk.
• Added zip-before-put support to copy-to-s3 task.
• Added support for !ReadFile and !JsonString inside CloudFormation templates.
• Added functions !MD5Dir and !MD5File, which can be used in both task files and cloudformation.
• Added psuedo parameter ORG::StateBucketName.
• Optimized build time by locally skipping resource providers if task did not change.
• Updated codebuild image used to create new pipelines with to standard:4.0.
  Note: If you are running a pipeline generated by org-formation, you might want to update the build image for faster provisioning time!

• Allow failure tolerance to be set to 0 on validate-tasks command (allows CI/CD processes to fail on validation)
• Added support for Mappings section and !FindInMap / !Select functions for task files.
• Added functions !MD5 / !ReadFile that can be used in task files.
• Added function !JsonString that can be used in task files.
• Added support for !Ref OrganizationRoot (and other types) in task files.
• Fixed bug on org-formation init where tags on the MasterAccount where not added to generated template.
• Updating stacks that have state ROLLBACK_FAILED will be retried.
• Support for large (> 512000 byte) templates

• Added pseudo parameter ORG::PrincipalOrgID (in tasks file).
• Improved parsing of attributes in task files.
• AWSAccount can be used as alias for CurrentAccount in task file expressions.
• Added support for cross account references on VPCEndpoint.DnsEntries.
• Fixed bug where register-type tasks did not properly register execution role.