Improved "Deploy Webiny Project" AWS CloudFormation Template (#2856external link)

In case you missed it, in our previous 5.33.2 release, we’ve revisited our DeployWebinyProject AWS CloudFormation template and updated the set of permissions it deploys through multiple Amazon IAM policies.

But, we didn’t stop there! With this release, we’ve taken it even further and ensured that the template and the list of permissions it includes fully follows the Principle of least privilegeexternal link, making it more secure and easier for organizations to adopt it.

To quickly check out the changes, you can visit our GitHub repositoryexternal link.

More Information

In case you missed it, in order to deploy your Webiny project in a more controlled and secure manner, you can utilize our DeployWebinyProject AWS CloudFormation template. The template deploys necessary (least-privilegeexternal link) set of permissions into your AWS account, which also automatically get linked with an Amazon IAM user of your choosing (the user you plan to use upon running deployments).

Introduced Prefixed Cloud Infrastructure (Pulumi) Resource Names (#2858external link)

In order to make it easier to distinguish between Webiny-related deployed cloud infrastructure resources and other resources you already might have in your AWS account, apart from the default tags, we’re now also prefixing every resource name with the wby- prefix. For example, if we were to take a look at the list of deployed AWS Lambda functions, we’d be able to see the following:

Introduced Prefixed Cloud Infrastructure (Pulumi) Resource NamesIntroduced Prefixed Cloud Infrastructure (Pulumi) Resource Names
(click to enlarge)

Note that the prefix will only be applied for new Webiny projects, created with version 5.33.4 or greater.

Still, if you’d like to adopt the same naming convention within an existing Webiny project, you can do that by utilizing the newly introduced pulumiResourceNamePrefix parameter, in your webiny.application.ts configuration files.

For existing projects that are already serving production workloads, we do not recommend performing the below steps. Changing cloud infrastructure resource name can cause a complete replacement of the resource, which might result in downtime or even a permanent data loss.

For example, in the apps/core/webiny.application.ts file, we’d need to perform the following addition:

The exact same addition then needs to be made in the remaining three webiny.application.ts files:

  1. apps/api/webiny.application.ts
  2. apps/admin/webiny.application.ts
  3. apps/website/webiny.application.ts

Once performed, the final step is to redeploy your Webiny project, as usual, via the webiny deploy command.