US flag signifying that this is a United States Federal Government website An official website of the United States government

Updates

For blog posts, see cloud.gov on the 18F blog.

November 20, 2017

cloud.gov monthly update: Buildpack notifications, volume services, and other new features

We’ve been hard at work shipping out new features to help you make your apps better, more secure, and improve your experience developing and deploying them. There’s a lot more in here than usual. We hope you see some features and additions in here that you’ve been waiting for. As always, get in touch with us if you have any questions or feedback about these features. See you next month.

Added

Thanks to our antipodal compatriots with the Australian Government Digital Transformation Agency for this code contribution.

Screenshot of the environment variable editing view on the dashboard

Updates

Make sure to use the latest version of the Cloud Foundry CLI. The most recent updates contain new commands and bug fixes. You can download the latest binary for Windows, Mac, or Linux from GitHub.

Announcement

We will not, as we previously announced, be switching users with cloud.gov accounts to sign in with MAX.gov.

Coming soon

Sandboxes will expire after 90 days

We plan to automatically delete apps in sandbox spaces after 90 days. We’ll send email notifications before this happens. If you’re developing something you need to keep long-term, we recommend moving it to a prototyping space. If you’d like to start the process of purchasing a prototyping package, get in touch with us.

Additional TIC compliance support

To support agency implementations of Trusted Internet Connection (TIC) requirements, we’ve published documentation about complying with TIC for apps on cloud.gov. To support a wider range of agency TIC needs, we’ve also built a way to support restricting users to trusted IP ranges. We’re waiting to fully implement it until after it’s passed FedRAMP review, but in the meantime, let us know if you have questions or want to use it.

Platform releases

We upgraded the Cloud Foundry deployment to v278.

You should restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

September 12, 2017

High availability Redis, our upcoming workshop, and more from cloud.gov

Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.

Announcements

Reminder: Our workshop is coming up on September 28th. If you’re evaluating cloud.gov or getting started with it, you will learn how to use cloud.gov to launch applications and get the power and advantages that come from using a Platform as a Service. Bring a laptop if you’re coming in-person or join us online to learn how cloud.gov can work for you. Register now if you’d like to attend!

Added

Deprecated

  • Redis version 2.8 is no longer supported and will eventually be unavailable. Please migrate to version 3.2 as soon as possible and watch upcoming release notes for news about this service’s end of life.

Fixed

  • In the dashboard, org managers are now able to properly adjust user roles in their spaces.
  • Some marketplace services cannot be configured via the dashboard. The dashboard now directs you to instructions for using the CLI to provision the service.

Platform releases

We upgraded the Cloud Foundry deployment to v272.

You should restage your application to incorporate fixes in the base filesystem included with this release and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

August 31, 2017

cloud.gov platform release notes, plus join our workshop on September 28

Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.

Announcements

cloud.gov Workshop: You’re invited to our free cloud.gov workshop on September 28th. If you’re evaluating cloud.gov or getting started with it, you will learn how to use cloud.gov to launch applications and get the power and advantages that come from using a Platform as a Service. Bring a laptop if you’re coming in-person or join us online to learn how cloud.gov can work for you.

cloud.gov authentication moving to OMB MAX: If you use a cloud.gov account (not if you use EPA, FDIC, or GSA single sign-on login), read our August 22 update about our plan to migrate your account’s authentication to OMB MAX. We’ll notify you at least three weeks before we make the switch. You can create your MAX account any time. We encourage you to do it soon so you’re set well in advance.

Added

  • Inline messages provide guidance on what roles are required to add or modify users on the dashboard.

Fixed

  • In the dashboard, users who are already added to your spaces will not show up in the drop down list of users.
  • Previously, users who were added to cloud.gov from a space page on the dashboard did not immediately appear in the list of users for that space

In case you missed it

Our latest quarterly newsletter is out and features stories about how two of our customers, FEC and FBI, used the platform. Do you know of an app on cloud.gov more people should be aware of? Let us know what the app is and we’ll reach out to learn more about it.

Platform releases

We upgraded the Cloud Foundry deployment to v271.

You should restage your application to incorporate fixes in the base filesystem included with this release and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

August 22, 2017

Announcement: cloud.gov accounts will migrate to OMB MAX

Note: This page is out of date as of Nov. 2017. cloud.gov is no longer migrating any users to OMB MAX.

cloud.gov is migrating all users with native cloud.gov accounts (not users with an agency single sign on provider) to use OMB MAX for authentication to the platform. This page is a guide to what will change and how you can prepare for this transition. We will post future updates on timing at https://cloud.gov/updates/ and by email.

What’s changing?

Right now, there are two ways to log in to cloud.gov: either you use your agency’s credentials or a cloud.gov account. This change only affects users with a cloud.gov account.

Soon, we will switch these users to use OMB MAX to log in to cloud.gov. We’re making this change to make managing your account easier for you and your agency. We don’t have a definitive deadline yet but we will give you at least three weeks notice before we make the switch.

What does this mean for me?

If you already use your agency’s single sign-on (SSO) to log in to cloud.gov: There is nothing further you need to do. Currently agencies using SSO are EPA, GSA, and FDIC. These customers will continue to log in as usual.

If you use a cloud.gov account and already have a MAX account: Double check that you can log in successfully to MAX using a PIV/CAC card or username and password with a Secure+ SMS 2-factor device.

If you use a cloud.gov account to log in and don’t have a MAX account: You need to create a MAX account with your PIV/CAC card or username and password with a Secure+ 2-factor device. Once we switch, you’ll be required to use that account to login to cloud.gov and all associated services. You can create your account at any time.

To create a MAX account:

  • Go to login.max.gov, if you see your agency’s logo, click it and sign in with your agency credentials.
  • Go to login.max.gov, if you don’t see your agency’s logo, click the green Register Now button in the top right corner.
    • Register with a PIV/CAC card if you have one and a working card reader
    • Register with a username, password, and a Secure+ 2-factor device to your account if you don’t have a card reader.

What about contractors?

If you’re a contractor with a federal agency email address, you should be able to self-register just like federal employees. If you’re a contractors or working with cloud.gov without a government email address, you’ll need to ask your agency to contact OMB MAX directly to create your account for you.

Prepare for the switch

You can create your account anytime and it only takes a few minutes. We encourage you to do it soon so you’re prepared when we do switch.

After the switch, you won’t be able to login with your cloud.gov account. If you don’t make a MAX account before then, your apps, orgs, and spaces will not go away but you won’t be able to login to either the dashboard or the CLI. Once you create a MAX account, you’ll regain access.

What is OMB MAX?

OMB MAX is a governmentwide collaboration platform with an authentication system agencies can use to log in to other shared services. MAX.gov also enables using a PIV/CAC card to log in to web services.

Though we currently use multi-factor authentication for all cloud.gov accounts, switching to MAX accounts enables agencies which require PIV/CAC cards for login to use cloud.gov more easily. MAX also makes it easier for agencies to meet their own compliance requirements for users of cloud.gov by implementing single sign-on with agency services. For most users, this will provide a better user experience by not having a separate login and second factor to keep track of for cloud.gov.

If you have questions about logging into cloud.gov, please email us. For questions about MAX.gov and setting up your account, contact OMB MAX directly. We appreciate your patience and cooperation as we work to implement MAX authentication with cloud.gov.

August 16, 2017

Platform Release Notes: August 16, 2017

Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.

Added

Changed

  • On the dashboard, new error messages alert you when you try to remove someone from your organization who still has roles in your spaces.
    remove space user dashboard screen
  • Visualization of platform uptime available from the cloud.gov status page. You can see current and the previous 90 days uptime for customer applications, API, dashboard, and many other components of the cloud.gov platform.

Platform releases

We upgraded the Cloud Foundry deployment to v270, which remediates the following vulnerabilities:

Check out our new page on application maintenance. It explains how to restage your application and what else you should do to keep your app up to date and secure. Restaging will incorporate fixes in the base filesystem included with this release and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

August 11, 2017

Quarterly update: Continuous improvement, more tools to help you use cloud.gov

Every quarter we update you with the important news about new features and updates to the cloud.gov platform. In this edition of the newsletter we have updates about the cloud.gov dashboard and other features for our users as well as stories from our customers, and links to recent presentations about cloud.gov.

What’s new

Use the dashboard to invite new users to your team

Managing users in your organization and granting them the permissions they need should be a straightforward process so your team can get to work building your app on cloud.gov. To make it easier for you and us, we built new features for inviting new users and giving them roles within your organization using the dashboard. With these changes, it’s easy for even the least technical people on your team to invite new folks and manage their roles.

The user invitation screen with notification

Continuous improvement

Staying compliant with federal laws is crucial to us and to you, but compliant simply isn’t good enough, or fast enough, for us. That’s why cloud.gov is designed and operated to routinely provide apps the latest security updates within a day of their release. When there’s a major vulnerability in a component managed by cloud.gov, our team makes these updates across the entire platform, so you don’t have to spend time doing it. For updates to the buildpack, operating system, or any other component we manage, all that’s typically required is a restage of your apps, even as they scale and grow.

Improved support and documentation to help you use cloud.gov

We want to make cloud.gov a platform that can successfully support your team and mission. So, we improved our documentation and training to help you find and understand the information you need from the start. For example, we added and documented support for Oracle SE2 databases and updated the demos for commonly used government applications like Drupal and WordPress.

We also added and documented smaller features like setting up specific IP addresses to use when communicating with cloud.gov from apps outside the platform. This will help agencies wanting to use cloud.gov for apps that need to communicate with a system that can’t currently be hosted by us or would be difficult to migrate.

Learn about cloud.gov from the AWS Public Sector Summit

cloud.gov recently presented at the AWS Public Sector Summit. We did two sessions, both have been posted to YouTube. The first, Deliver your agency mission faster with cloud.gov, was about how your agency can use cloud.gov to save time. For the second, we were joined by members of the FedRAMP team to talk more specifically about cloud.gov’s moderate-level P-ATO and the FedRAMP process.

Interested in using cloud.gov?

We can help you figure out whether the platform meets your needs.

Whether a legacy system or new development, we’d love to learn about your apps and websites. Email us at cloud-gov-inquiries@gsa.gov and we will contact you to discuss cloud.gov benefits, pricing, and any questions you might have.

Prototyping accounts benefit multiple teams

Prototyping packages are a great way to get started on cloud.gov with real applications. If you’re thinking about launching a new product, migrating an existing system to the cloud, or want to benefit from the convenience of a platform as a service, you can test your applications and fully evaluate cloud.gov with a prototyping package. $15,000 gets your development team unlimited access to a FedRAMP authorized environment to try experiments, launch new demos, and test as many applications as you need. cloud.gov prototyping packages can’t host production data but once you’re ready, you’ll be able to easily transfer it to a production-ready system.

If you have leftover funds at the end of the fiscal year and need a prototyping account, you can buy one now, start right away and continue to use it for the next 12 months. Contact us right away at cloud-gov-inquiries@gsa.gov to get started.

FBI: Crime Data Explorer

The Federal Bureau of Investigation (FBI) recently launched their new Crime Data Explorer (CDE) on cloud.gov. 18F and the FBI partnered to make crime data more accessible to the American public. The CDE enables users to visualize national, state, and local crime trends and offers bulk datasets and an open API for more detailed views of the data. Check it out at: https://crime-data-explorer.fr.cloud.gov/

the fbi crime data explorer homepage

Federal Election Commission

The Federal Election Commission (FEC) recently relaunched their flagship website, fec.gov, with cloud.gov. The FEC collects financial reports for all federal elections and discloses fundraising figures to the public. By hosting FEC.gov on cloud.gov and moving its data to the cloud, the FEC anticipates saving 85% in hosting costs and is better prepared for peak traffic events. Read a case study about the FEC here: https://cloud.gov/overview/customer-stories/fec/ and check out their new, cloud.gov-hosted website at https://fec.gov

the new cloud.gov hosted fec homepage

August 2, 2017

Platform Release Notes: August 2, 2017

Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.

Added

You can add people to spaces from the dashboard if you’re an Org Manager. For example, this makes it easier for program managers to add developers to projects without using the command line tool.

Changed

In the dashboard, Org Managers and Space Managers can remove a person from a space with one click on “Remove All Space Roles”. Org Managers must remove a person from all spaces before removing them from the Org otherwise. If you try to remove them with the dashboard, you’ll see an error if the user still belongs to any space.

In case you missed it

We presented at two events during the Amazon Web Services Public Sector summit: Deliver your agency mission faster with cloud.gov and FedRAMP Accelerated: An update with GSA and cloud.gov.

Platform releases

We upgraded the Cloud Foundry deployment to v268.

You should restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

See also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

July 18, 2017

Platform Release Notes: July 18, 2017

Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.

Added

Changed

Platform releases

We upgraded the Cloud Foundry deployment to v267.

You should restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

See Also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

July 10, 2017

Platform Release Notes: July 10, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past six weeks.

Added

Changed

  • When you make a new service account or identity provider service instance, you will now get the credentials using a service key, instead of getting the credentials from a Toaster (formerly Fugacious) link. This doesn’t change existing service account and identity provider instances, but you can delete and recreate them to use this new method.
  • Static IP addresses for communicating with external apps: Outbound traffic from cloud.gov now comes from specific IP addresses to help customers open up a connection between cloud.gov and outside data centers.
  • We recommend you upgrade your Cloud Foundry CLI to the latest version to get the latest bug fixes.
  • We improved the responsiveness of the dashboard to better reflect actions that happen on the backend.

Platform releases

We upgraded the Cloud Foundry deployment to v264. This upgrade addresses this security vulnerability: CVE-2017-4994: Forwarded Headers in UAA.

You should restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

See Also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

July 7, 2017

New instructions for service account and identity provider services

If you use the cloud.gov identity provider or cloud.gov service account services, check out their new instructions for obtaining credentials from new instances of these services.

We’ve updated these services to give you credentials directly (using “service keys”), without needing to use temporary links from Toaster (formerly Fugacious). This simplifies how you set up these services, and it enables you to access the service credentials any time you need to.

Previously: You provisioned a service instance to create a service account or identity provider, then accessed the credentials using a temporary link from Toaster (Fugacious).

Now: Now you provision a service instance, then bind it to a service key to create a service account or identity provider. You access credentials for that service key directly from the cloud.gov command line (CF CLI). If you want another service account or identity provider for the same space, you can bind it to another service key.

Existing service accounts and identity providers will continue to work as normal (your existing credentials for existing service instances continue to work, so your deployments and authentication won’t be disrupted).

To switch to using this new method for getting credentials, delete your service instances and create new ones.

June 1, 2017

Platform Release Notes: June 1, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past week and a half.

Fixed

Removed

  • cloud.gov documentation no longer provides instructions for using the deprecated East/West environment, because all customer applications have migrated to the GovCloud environment.

Platform releases

cloud.gov now includes the following releases and upgrades. You will need to restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

We upgraded the Cloud Foundry deployment to v262. This upgrade addresses this security vulnerability: CVE-2017-4991: UAA password reset vulnerability

Additional upgrades

May 24, 2017

Get what you need from cloud.gov

What’s new

The web interface helps you learn and use cloud.gov concepts

The dashboard is the web-based interface for managing apps and services on cloud.gov. With the dashboard, you don’t need to use the command line to handle some of the basic tasks of managing applications on the platform. You can orient yourself more easily now with information we’ve added to some of the dashboard’s core tools. Meaningful error messages (for example, alerts about data retrieval issues) can help you troubleshoot. Prompts in empty fields (for example, an empty list of applications or users) help you figure out how to get started. If you have a cloud.gov account, log in to get started. If you don’t but you have a federal government email address, you can create a free sandbox to explore.

Example of the text prompt that appears to someone who is the only user in their organization. It describes the user's ability to invite other users and then offers a link to more information about how to do so. If you’re the only user in your organization, this prompt helps you figure out how to add more users. cloud.gov now has more information like this to help you orient yourself.

Strengthen your cloud.gov know-how with Cloud Foundry

cloud.gov is built on the open source Cloud Foundry project, which means Cloud Foundry materials will help you learn about cloud.gov, as well. The Cloud Foundry Foundation is creating new training resources that you might want to check out. The first is a free Intro to Cloud Foundry course that can help you learn more about building and hosting applications on the platform. And next month they’re launching additional courses. And if you’d like to meet other users or learn what’s coming next in cloud platforms, check out an upcoming event, whether it’s the Cloud Foundry Summit or a smaller event near you.

Build tools for managing and auditing cloud.gov usage

cloud.gov was built with compliance in mind. We want the tools your agency uses to meet your management and compliance needs to work as seamlessly as they can with your cloud.gov applications and spaces. Now you can share specific information about your cloud.gov usage with a cloud.gov identity provider service instance. When you create that instance, you can configure it to ask people who use your tools to surface information about their cloud.gov accounts to those tools. This is just one option for building tools that work with cloud.gov data; you can also use the Cloud Foundry API.

Interested in using cloud.gov?

We can help you figure out whether the platform meets your needs.

Email us at cloud-gov-inquiries@gsa.gov and we will contact you with next steps shortly.

You can also try a free sandbox space.

Anyone with a federal government email address can now create a free, limited sandbox space for themselves. Instead of getting an invite from the cloud.gov team or someone else at your organization, you can now go to https://account.fr.cloud.gov/signup and send yourself an invite. You don’t need paperwork with us; you don’t even need to know what sort of app you want to build. Sandboxes are for experimenting, not for production or information with security requirements. But if you’re considering cloud.gov, or you’re already a user and want to explore doing something new, a sandbox is a great place to get started.

Help us make cloud.gov better

The cloud.gov team is looking to make the cloud.gov platform easier to evaluate and use, and we’re recruiting volunteers to help us do that. Usually this takes the form of walking through a few aspects of the platform or changes we’re working on and sharing your feedback with us. If you’d be interested in talking with us, let us know at cloud-gov-inquiries@gsa.gov.

May 22, 2017

Platform Release Notes: May 22, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.

Volunteers needed

The cloud.gov team is looking to make the cloud.gov platform easier to evaluate and use, and we’re recruiting volunteers to help us do that. If you’re interested, let us know at cloud-gov-inquiries@gsa.gov. We’ll ask you a few questions and ask you to walk us through using some aspect of the platform via screenshare.

Added

  • We’ve published a cost estimator spreadsheet (in XLSX and ODS formats) that your team can use to get a sense of how much cloud.gov will cost for your organization. If you’re interested in switching from a sandbox to a paid cloud.gov package, or if you want to expand your use of the platform to additional applications, use the estimator to get a sense of what the access package and usage quota fees will be across all your cloud.gov systems.
  • The Defense Information Systems Agency (DISA) has issued a provisional authorization for Department of Defense teams to use cloud.gov’s FedRAMP P-ATO for systems at the DISA level 2 impact level. This is a followup to the P-ATO; Level 2 is equivalent to FedRAMP Moderate.
  • The latest version of the PHP buildpack supports PHP 7.1.4 and 7.0.18.

Fixed

We’ve improved our automated process for updating the part of cloud.gov that routes traffic to your application. Previously, you might have seen occasional 502 errors in your application when we made updates.

Removed

The latest version of the PHP buildpack removes support for PHP 7.1.2 and 7.0.16. If your applications rely on one of these versions, update your application to use a supported version of PHP.

Platform releases

We upgraded the Cloud Foundry deployment to v258. This upgrade addresses these security vulnerabilities: - CVE-2017-4972: Blind SQL Injection in UAA - CVE-2017-4973: Privilege Escalation in UAA

Restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

See also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

May 5, 2017

Platform Release Notes: May 5, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past five weeks.

Changed

  • logs.fr.cloud.gov, where you can view and search your logs on the web, has been upgraded to a newer version of Kibana (the open source project that powers the log viewer). The new version includes bug fixes and provides a slightly different look. For help navigating the new interface, start with our logs documentation. The Kibana user guide provides more information about the most recent version.
  • You can now migrate to the cloud.gov CDN broker with zero downtime. You can create a TXT record to be validated by Let’s Encrypt before you migrate, whereas before you needed to start by pointing your domain at the cloud.gov CDN to create a certificate.
  • cloud.gov’s web-based dashboard now provides more useful information if you have an empty org or space. For example, if you’re the only user in your organization, the dashboard gives you more information about inviting new users.

Deprecated

Python 3.3 has been deprecated with an anticipated end-of-life (EOL) in October 2017. The latest Python buildpacks no longer include 3.3.

Removed

Ruby 2.1 is now at EOL. If your app relies on Ruby 2.1 it will stop working following your next push. You should upgrade as soon as possible.

Production releases

We upgraded the Cloud Foundry deployment to v257. This addresses several security vulnerabilities. You should restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

Additional upgrades

See also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

March 27, 2017

Platform Release Notes: March 27, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.

Added

When you create a cloud.gov identity provider service instance, you can now add scopes from a whitelist of approved scopes. This makes it easier to enable specific permissions and access for additional types of users in your applications.

Changed

We recommend updating to the latest version (6.25) of the Cloud Foundry command line interface (CLI). This can prevent errors when using the cf CLI. You can check your currently-installed version using cf -v

Fixed

The cloud.gov dashboard’s loading icon no longer displays after pages finish loading. Before, they would continue indefinitely.

Deprecated

  • On March 15th, we deprecated support for building and deployment on the cloud.gov East/West environment. This is in preparation for an upcoming shutdown of that environment. We are supporting a few customers in the process of migrating from East/West to GovCloud, but in all other cases we now support the GovCloud environment exclusively.
  • The latest Go buildpack deprecates support for Go 1.6. The next Go release will remove support for 1.6.

Removed

The latest Go buildpack no longer supports Go 1.5.

Security

We upgraded the Cloud Foundry deployment to v254. We have also upgraded the following buildpacks to versions newer than the buildpacks included in CF v254:

As part of the Cloud Foundry upgrade, the base filesystem used for running your application has been updated to address several security vulnerabilities. You should restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

See also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

March 14, 2017

Platform Release Notes: March 14, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.

Added

The cloud.gov dashboard now alerts you when it’s unable to fetch recent data. This can help you when you’re troubleshooting problems with your application.

Changed

cf logs now accesses logs over port 443 instead of the previous port 4443, to increase the number of people who can use cf logs without errors. In many workplaces port 4443 is blocked, which leads cf logs to return an error.

Security

We upgraded the Cloud Foundry deployment to v252. We have also upgraded the following buildpacks to versions newer than the buildpacks included in CF v252:

As part of the Cloud Foundry upgrade, the base filesystem used for running your application has been updated to address several security vulnerabilities. You should restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

See also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

February 28, 2017

Platform Release Notes: February 28, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.

Added

People who have a federal government email address can create a free sandbox space using https://account.fr.cloud.gov/signup. Previously, they had to send an email requesting an invite.

Changed

  • You can configure CDN instances that pass the original host to your application. This lets you set up relative redirects with your own domain name rather than with *.app.cloud.gov. Related, the commands for creating a new CDN service instance have changed slightly.
  • To accept a cloud.gov invitation, you have to click a button after visiting the link in the invitation email. This prevents invitations from expiring before use. Some government agencies use services that scan URLs in incoming emails by automatically clicking them, which caused earlier invites to expire before they could be used.

Fixed

Available services appear consistently in the cloud.gov dashboard. Previously, the UI sometimes acted as though it was loading them without ever serving them to you.

See also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

February 10, 2017

Platform Release Notes: February 10, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.

Added

You can download the cloud.gov Control Implementation Summary + Customer Responsibility Matrix, a summary from the FedRAMP JAB P-ATO documentation. It lists whether each Low and Moderate security control is handled by cloud.gov, shared responsibility, or customer responsibility.

Fixed

  • In the dashboard, when you reach the end of your activity log, the log no longer displays a “Show more” button. Previously this button implied there might be more content when there was not.
  • If you’re a member of many organizations, the dashboard can now display all of the spaces and apps for which you’re a member. Previously, on the overview page, some organizations would appear empty or with some spaces and apps missing.

Security

cloud.gov is now included in the 18F vulnerability disclosure policy, which gives guidelines for security researchers from the public.

See also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

February 2, 2017

cloud.gov is now FedRAMP Authorized.

Now it’s easier than ever to get started with cloud.gov.

We’re delighted to announce that cloud.gov has received a FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) at the Moderate impact level. This means that cloud.gov successfully completed a comprehensive security and compliance assessment performed by a board of the CIOs and their teams from the General Services Administration, the Department of Defense, and the Department of Homeland Security. cloud.gov is the first completely open source service to receive FedRAMP authorization. Teams can now use cloud.gov with less upfront work, so they can use cloud.gov to deliver services even faster.

Read more about how this new authorization can help your team.

Other new and improved features

Native multifactor authentication

For teams that cannot integrate their agency single sign-on authentication provider with cloud.gov, or for teammates who don’t have access to agency accounts (such as some contractors), cloud.gov now provides a built-in authentication option with multifactor authentication. This is not yet included in the FedRAMP Authorization, but teams can use it if their agency approves.

Clearer pricing and product information

We’ve been making changes to the cloud.gov website in order to make our pricing model and our offerings clearer. We will continue to make improvements to the website and can only do so with feedback from our visitors. If you have anything to share with us, drop us a line at cloud-gov-inquiries@gsa.gov.

A more functional dashboard for using cloud.gov without using the command line

Our web-based dashboard gives people an easy web-based way to manage their applications. You can see an overview of your apps, spaces, and their current state. The dashboard now offers more visual clarity between activities. And now you can edit limits on your applications with a few clicks.

Demonstration of edit mode on the cloud.gov dashboard app panel. User clicks “Modify allocation and scale” to change their application’s allocated memory and disk space.

Interested in using cloud.gov?

We can help you figure out whether the platform meets your needs.

Please complete this interest survey and we will contact you with next steps shortly.

You can also try a free Sandbox account.

If you’re curious to see how the platform works, explore cloud.gov on your own with a limited free Sandbox account. If you have a GSA or EPA email address, you can just log in. Anyone else with a .gov or .mil email address can request an invitation by emailing cloud-gov-inquiries@gsa.gov. No paperwork required.

February 1, 2017

Platform Release Notes: February 1, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past six weeks.

Added

  • cloud.gov account holders in the GovCloud environment get automated notifications of expiring passwords, starting ten days before expiration.
  • The dashboard provides a start button for stopped apps (on the app page).

Changed

  • The dashboard homepage shows a more detailed summary of all your orgs, spaces, and apps.

Fixed

  • In the dashboard on the app page’s route creation panel, available domains now appear instead of returning an error.

Security

We upgraded the Cloud Foundry deployment to v251. The base filesystem used for running your application has been updated to address several security vulnerabilities. You should restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

See also

If you’re interested in details about recent dashboard updates, you can also see the dashboard release notes.

December 28, 2016

Platform Release Notes

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.

Added

  • You can now create S3 service keys to get direct access to your cloud.gov S3 buckets.

Changed

  • We upgraded Cloud Foundry (the underlying open source project that powers cloud.gov) to Release v250, which includes updates to buildpacks and improvements for internal components.

Security

The Cloud Foundry upgrade included updates for the base filesystem used for running your application, addressing several security vulnerabilities in that filesystem. You can restage your application to ensure you incorporate fixes in the base filesystem and are running the most recent language version supported by your buildpack.

December 21, 2016

East/West Sandbox Deprecation Notice

Update: since the time of this posting, we have postponed the cutoff date from January 15th to a new date that we expect to confirm and announce soon.

The original cloud.gov environment in AWS East/West is now officially deprecated and will be retired. We will be in touch to assist with migration of Prototyping, FISMA Moderate, and FISMA Low organizations to the new environment shortly.

Sandbox organizations in AWS East/West will be retired as of January 15. We will be deleting these sandbox organizations after this date. If you have hosted anything in a sandbox space that you would like to preserve, you must back it up or migrate it to the new environment yourself.

Required steps

  1. Create a GovCloud sandbox space.
    • EPA, FDIC and GSA users log into dashboard.fr.cloud.gov.
    • All others please request an invitation by contacting cloud-gov-inquiries@gsa.gov.
  2. Using the Cloud Foundry command line interface (CLI) cf run the command cf login -a api.fr.cloud.gov --sso and follow the instructions.
  3. (Optional) Migrate your application.

Background

We heard loud and clear that a FedRAMP Moderate JAB P-ATO for cloud.gov would be critical to ensuring cloud.gov could be used in production for most federal agencies. Getting that ATO required hosting on AWS GovCloud instead of AWS East/West so we have created a new and improved version of cloud.gov there. We anticipate receiving JAB P-ATO for cloud.gov in January, 2017. The new version of cloud.gov includes additional features that many have asked for, including: more reliable and faster SSH, better services, easy custom domains and IPv6 support. We are now opening access to this new environment to everyone.

December 14, 2016

Platform Release Notes

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.

Added

  • New dashboard features:
    • On an application page, you can now edit the number of application instances, instance memory, and disk quota.
    • Org and space level views now include a quick overview of the health of application instances.

Changed

  • We upgraded Cloud Foundry (the underlying open source project that powers cloud.gov) to Release v249 (see also Release v248), which includes updates to buildpacks and improvements for internal components.
  • Changes in Cloud Foundry require an upgrade to the latest version of the command line interface (CLI) client (cf) in order for cf logs to work properly. Please upgrade your local version to the latest version (installation instructions).

Fixed

  • The latest Cloud Foundry command line interface client (available here) addresses an issue where inspecting application logs returned errors.
  • We updated the cloud.gov account creation form to include previously-missing information about password requirements.

Security

The Cloud Foundry upgrade included updates for the base filesystem used for running your application, addressing several security vulnerabilities in that filesystem. You can restage your application to ensure you incorporate fixes in the base filesystem and are running the most recent language version supported by your buildpack.

November 30, 2016

Platform Release Notes

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.

Added

  • The dashboard now allows restarting of apps from the app page.

Changed

  • We upgraded Cloud Foundry (the underlying open source project that powers cloud.gov) to Release v247, which includes updates to buildpacks and improvements for internal components.

Fixed

  • Dashboard: We fixed an issue that prevented creating service instances on the marketplace page.

Security

The base filesystem used for running your application has been updated to address several security vulnerabilities. You can restage your application to ensure you incorporate fixes in the base filesystem and are running the most recent language version supported by your buildpack.

November 18, 2016

Platform Release Notes

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past four weeks.

Added

  • cloud.gov supports the .NET Core buildpack (learn about buildpacks).
  • You can invite teammates who aren’t in agencies with supported single-sign-on authentication (GSA, EPA, FDIC). After you invite them, they can log in by creating a cloud.gov account with multi-factor authentication.
  • The dashboard shows the current memory, disk usage and quota limits for apps.
  • You can create deployer accounts programmatically.
  • For FDIC users: you can log into cloud.gov using your agency single-sign-on credentials.

Changed

  • We upgraded Cloud Foundry (the underlying open source project that powers cloud.gov) to Release v246, which includes updates to buildpacks and improvements for internal components.

Security

You can restage your application to incorporate the latest security fixes and ensure you’re running the most recent language version supported.

July 19, 2016

Full steam ahead on FedRAMP assessment

Over on the 18F team blog, we’ve posted an update on cloud.gov’s FedRAMP assessment progress. In short: we’ve passed the FedRAMP Ready milestone, and we expect to receive FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) in November. More details in the post!

July 7, 2016

Today’s Dashboard update (formerly the “Deck”)

Today we released a new version of the cloud.gov Deck (now Dashboard). The best part is invisible: we refactored the codebase so we can improve it much faster than we could with the old version. But it has visible changes too, so here’s what’s new, what we have in mind, and how to tell us what you think.

We’ll keep the old Deck around for about a week and then will redirect it to this new version. Let us know if this would cause problems for you.

What’s new and different

  • Name: We took this opportunity to rename it from the “Deck” to the “Dashboard”, since that’s what people usually call it.
  • Style: It fits into the overall cloud.gov style and navigation! So for example, when you’re in the Dashboard troubleshooting something, you can easily go look at documentation and status.
  • Navigation: Navigating to your orgs, spaces, and apps is simpler: the sidebar displays a straightforward list of the orgs and spaces in your account, along with the marketplaces available for your orgs. You won’t have to click as many menus to do common tasks.
  • Labels: Data about your apps has unit labels to identify whether numbers are in GB or MB.
  • Code: The Dashboard’s refactored codebase has better tests and less repetition.
  • More potential for open source collaboration: This improved codebase will help us encourage reuse and contributions by outside-18F teams that are also building tools on top of Cloud Foundry.

What’s missing in this version

  • App management options: This version doesn’t include all the earlier Deck’s options for managing apps (such as starting/stopping them, binding services, and updating routes). Instead, it links to documentation for those tasks on the command line. These web options weren’t used much, and we’re researching whether we should prioritize rebuilding them. (We’re curious what you think.)
  • App logs and events: The Dashboard now points to logs.cloud.gov for viewing app logs and events, instead of duplicating it.
  • Quota meter: We didn’t re-implement the small quota indicator from the old Deck, since it was mostly mysterious to people. We’re researching how to helpfully explain your quota usage.
  • Perfectly bug-free experience: We have a list of known bugs — please feel free to file more if you notice something weird or broken.

What we’ve heard that people want

As we figure out next steps, we know that people want the Dashboard to help them:

  • Understand how to use cloud.gov
  • Troubleshoot apps that are having problems
  • Do more tasks that are only available on the command line
  • Get insight into quotas and billing

We’d like your thoughts

Everyone can file issues for bugs and suggestions. If you’re in 18F, come talk to us about the Dashboard in #cloud-gov-navigator. If you’re a cloud.gov user outside 18F, you can send thoughts and questions to us at cloud-gov-support@gsa.gov.

June 15, 2016

Changes to login and cf-ssh

Earlier this month we updated cloud.gov login and cf-ssh in ways that mean most cloud.gov users need to change how they use them. You’ve probably already made these changes if you need to (we sent email notifications to people who should log in using the new system), but here are the details as a handy reference.

For GSA and EPA, your cloud.gov login is now your agency login

We updated how @gsa.gov and @epa.gov accounts authenticate with cloud.gov. When you log in, use your official agency credentials instead of your old cloud.gov-specific username and password. Here’s how:

  • On the web: At https://login.cloud.gov/, select the button for your agency and enter your agency credentials (the same credentials you use for your agency’s own services).
  • On the command line: Use the new command listed at Setting up the command line for agency accounts: cf login -a api.cloud.gov --sso

This update improves the security of these accounts because you’re now using your agency’s existing multi-factor authentication system. This is a step in our progress toward FedRAMP compliance and certification for cloud.gov.

Use the new version of cf-ssh

If you use cf-ssh for running one-off commands, we released version 3 on June 2. Please download and use that latest version.

If you haven’t updated cf-ssh, you may get this error when you try to use it:

Initiating tmate connection...success
ssh: Could not resolve hostname tmate.18f.us: nodename nor servname provided, or not known

That usually means you need to update cf-ssh to our latest version.

February 12, 2016

Logging service

New feature: Zero-setup persistent logs.

Given the universal need for compliant logging, we’ve recently added a common logging facility to cloud.gov. Now, logs and events for every cloud.gov application are stored and indexed automatically, with zero setup required.

For more information about this feature, please see our documentation about logging.

Now that cloud.gov provides platform-level logging, the ELK service we previously provided will be deprecated. If you are still using it, we recommend you delete the instance whenever is convenient to reduce your resource usage (and hence costs).

If you have feedback about this service, please don’t hesitate to contact us.

September 14, 2015

Even more console features and a new home for updates

Now you can view log and event data for your apps and adjust permissions for your org and spaces via the web. We’re also publishing these updates via cloud.gov.

View log and event data for your apps in the console

When you take a look at the details for an application via the cloud.gov console, you’ll now be able to see any recent logs generated by your application, as well as a list of recent deployment events from cloud.gov itself.

Adjust permissions for your orgs and spaces in the console

It’s now possible to inspect and adjust the permissions for the individual orgs and spaces you control.

Updates now published via the cloud.gov website

We’ve also started consolidating announcement about updates to cloud.gov, like this one, on cloud.gov! Check it out.

Want to know more?

Follow our team:

That’s all for now…

September 1, 2015

Status page and console additions

We’ve added a new status page to show you the state of the cloud.gov platform, and we’ve made significant upgrades in your ability to manage your apps via the web.

Status Page

As production use of cloud.gov ramps up, it’s important that you have a constant picture of the platform’s status, which may affect your product’s operations and availability.

We’re now providing this visibility via the cloud.gov Status Page, where you’ll be able to see at a glance:

  • When there are any ongoing or recent degradations in service
  • When any maintenance is planned or recently completed

We’ve proactively subscribed existing users to that page, so there’s no need for any action on your part… You’ll be notified via e-mail whenever problems are identified, or when planned maintenance is expected to impact your application’s availability. However, you can also use the subscription control at the upper-right of the page to subscribe to updates via texts or Atom/RSS feed if you so choose.

Console Improvements

In addition to the command-line client, the cloud.gov web-based console has now entered an alpha state. You can use the console to review your organizations and spaces, and manage the state of your applications, services, and routes. Creation of accounts, orgs, and spaces is still managed via GitHub request.

Here are examples of actions now possible via the magic of your Interweb-capable browsing apparatus:

  • Traverse the layout of your accessible organizations and spaces
  • Control access to your owned orgs and spaces for other accounts
  • Browse a list of available services and provision new instances
  • Bind service instances with specific applications
  • Edit the routes that will bring user traffic to an application
  • Inspect the live resource utilization of a running application
  • Restart stopped or misbehaving applications

If you’ve not taken a look in a while, please check it out!

Note I said above the console is in “alpha” state, and really it’s more of an MVP. Please report problems or feature requests or better yet, make pull-requests via GitHub. (Side note: We are short-handed on front-end/design/UI resources, so any quick help anyone can offer, even if it’s just some help with our IA, would be very VERY welcome!)

Other stuff

We’re now publishing our roadmap in story-map form in case anyone wants to get a peek at what we’re focused on now and what we’re juggling for the future. Our focus right now is: Buttoning up loose ends that prevent us from offering cloud.gov to other agencies.

Our intra-sprint kanban board is also visible, as is the calendar of cloud.gov team rituals for anyone who would like to attend.

That’s all for now…

May 29, 2015

Updates for the week of 5/29/2015

Platform:

  • Upgraded to release 210
  • Binary and Static buildpacks are now built in the deployment
  • Added Newrelic Insights and Plugins for platform monitoring data

Services:

  • The rds service now encrypts the passwords