Skip to content

v0.16.0 ⚠️ Requires migration steps

Latest
Latest

Choose a tag to compare

View all tags
@doshitan doshitan released this 09 Feb 21:23
· 21 commits to main since this release
v0.16.0
c08a1d4
This commit was signed with the committer’s verified signature.
doshitan Tanner Doshier
GPG key ID: 5190D3F1CC1334A6
Verified
Learn about vigilant mode.

Summary

Remove Pinpoint and use SES directly for email notifications. Better handle
non-us-east-1 project regions.

Layer Has changes Needs migration
Account
Network
Build repository
Database
Service
CI/CD

⚠️ Migration notes

AWS Pinpoint has been deprecated and can no longer be used for new projects. Existing projects can continue to use resources that have already been created. See #942 for more background.

Your applications utilizing the notifications setup from the infra template will need code changes to use SES directly.

If you want to test SES alongside your existing Pinpoint setup before fully migrating, you can adopt a gradual approach while pulling updates.

Phase 1: Add SES alongside Pinpoint (Optional)

  • Keep your Pinpoint resources - Don't delete aws_pinpoint_app.app or
    related resources yet

  • Add the SES environment variable to your service configuration

    infra/<app_name>/service/notifications.tf:

    notifications_environment_variables = local.notifications_config != null ? {
# Existing Pinpoint variables
AWS_PINPOINT_APP_ID = module.notifications[0].app_id

# New SES variable (can construct inline to avoid output changes)
AWS_SES_FROM_EMAIL = local.notifications_config.sender_display_name != null ? 
    "${local.notifications_config.sender_display_name} <${local.notifications_config.sender_email}>" :
    local.notifications_config.sender_email
} : {}

  • Update your application code to use the sesv2 client instead of pinpoint,
    referencing AWS_SES_FROM_EMAIL

  • Test that SES email sending works in your environment

Phase 2: Remove Pinpoint

Once you've confirmed SES works:

  • Apply the full migration by merging/pulling the changes from this release
  • Run terraform apply to destroy the Pinpoint resources
  • This approach minimizes risk by allowing you to validate SES functionality before removing Pinpoint infrastructure.

PR Envs

If any active PR environments exist from before you remove Pinpoint, you'll need
to take some additional steps. After updating your trunk branch with the release
changes, but before apply the account layer changes, ensure all PRs
merge/rebase on the lastest changes.

If you don't do this, you will need to manually clean up the PR environment
after the PR is closed. You can update bin/destroy-pr-environment as follows.

After:

echo "Select Terraform workspace: ${workspace}"
terraform -chdir="infra/${app_name}/service" workspace select "${workspace}"

Add:

# TODO: tmp remove pinpoint state stuff so the rest of the removal can proceed
#
# Then go delete the actual resources via Console UI, Pinpoint > All projects > <project> > Settings > General Settings, "Delete project" button in upper right, enter "delete" then click "Delete" button
terraform -chdir="infra/${app_name}/service" state rm 'module.notifications[0].aws_pinpoint_email_channel.app'
terraform -chdir="infra/${app_name}/service" state rm 'module.notifications[0].aws_pinpoint_app.app'

Then run the PR environment cleanup script locally. Then manually removed resources as indicated in the comment. Then discard the script changes.

Service

Network

  • Better handle non-us-east-1 project regions by @sean-navapbc in #980
    • This touches a few things across the stack, but mostly impacts the network
      layer, ensuring DNS query logging CloudWatch resources remain in us-east-1
      despite the default project region.

CI / CD

  • Remove type from custom GitHub action inputs by @doshitan in 01cd538
  • Better match only p-<num> format for orphaned PR environment detection by @doshitan in #994
  • Parameterize service infra test code for container image tag by @doshitan in 85472c0
  • Bump golang.org/x/crypto from 0.36.0 to 0.45.0 in /infra/test by @dependabot[bot] in #983

Tech debt and maintenance

The template has an AWS account cleanup script for itself, which you may find useful to reference if you are also doing extensive automated testing. Added by @sean-navapbc in #973.

Full Changelog: v0.15.7...v0.16.0

Contributors

doshitan, dependabot, and sean-navapbc
Assets 2
Loading