## New Features - Scan jobs with AWS. Add an AWS to A2 automate-URL/integrations. You can add a management service for AWS account scanning and a manager for EC2 scanning, which skips credential information for nodes running in EC2. Your credentials for AWS account scanning need to access: `ec2:DescribeRegions`, `sts:GetCallerIdentity`, `IAM-ListAccountAliases` and global read permissions. For EC2 scanning, youaccess to: `sts:GetCallerIdentity`, `ec2:DescribeInstances`, `ec2:DescribeInstanceStatus`, `ec2:DescribeRegions`. With AWS EC2 scanning, you can associate groups of nodes with credentials by the key/value tag associated with the node. In EC2, you can choose to read credential information from your environment and use the AWS SSM functionality to perform "credential-less" infrastructure scanning. For "credential-less" EC2 scanning, you need access to `sts:GetCallerIdentity`, `ec2:DescribeInstances, ec2:DescribeInstanceStatus`, `ec2:DescribeRegions, ssm:*` - Get notified in Slack or via webhook when client run failures or compliance scan failures happen. Click the bell icon in the top right corner, to configure your notifications. Currently, only compliance scans using the Audit Cookbook trigger notifications. Scan Jobs configured from Automate do not trigger notifications. - Get a list of active nodes from the CLI by using the command `chef-automate node-inventory`. This outputs the list of nodes in JSON to the terminal. Output JSON to a file by adding a file path. - Liveness agent messages are now accepted and ingested. Nodes with liveness agent cookbooks on them will checkin with automate and prevent nodes from being labelled missing even if they are not converging on a regular basis. - When running without a license, user will now be invited to enter their contact information to get a trial license, after which A2 will download and apply the license (but please see the Known Issue below). - `API Key` changed to `API Token` in admin panel, to normalize our terminology. ## Improvements - Notifications now works with proxy servers. - `chef-automate config` commands now return errors if you've tried to set keys that don't exist - `/nodes` page has moved to `/client-runs` to disambiguate chef-client nodes from node manager nodes. ## Bug Fixes - User id hash for the compliance profile identifier has been replaced with username - Resolved "unclickable" buttons on credentials add screen - Resolved several small bugs re: job creation and editing - Resolved compliance reporting pages sorting issues ## Known Issues - If a user doesn't have permission to access notifications, the error displayed to the user will state there was an error loading notifications instead of properly stating the user does not have permissions. - On the Event Feed, Profiles and Scan Job events will show in the list, but will not be visualized as icons in the graph or be included in the counts. - Requesting a trial license will only succeeded if the user has checked the 'allow chef to send me information` box. This is not intended, and will be fixed in the next release. - When deploying behind a proxy with the `https_proxy` or `http_proxy` environment variables set, but nothing set for `no_proxy`, the `notifications-service` fails to start. To workaround this, please set `no_proxy=""` when running `chef-automate init-config` or `chef-automate deploy`.