Skip to content
Eric Holmes edited this page Sep 10, 2016 · 20 revisions

Scheduled tasks Done

This may not necessarily be built into Empire itself, but maybe as a separate daemon that you can run that consumes the Empire API over RPC

Custom CloudFormation resources Done

See https://github.com/remind101/empire/issues/810

CloudFormation scheduling backend Done

https://github.com/remind101/empire/issues/578

Build on demand Done

Within the GitHub Deployments integration, we could integrate with a docker build system (e.g. Conveyor) to build Docker images from git sha's on demand.

Support Docker logging drivers Done

Now that ECS has support for configuring logging drivers and options, we can move to something more configurable and allow users to use something other than the json-file driver.

Extended procfiles

We'd like to support an "extended" procfile format. The first iteration of this will likely start with only allowing health checks to be configured. https://github.com/remind101/empire/pull/696 may be a pre-requisite to make this easy.

See https://github.com/remind101/empire/wiki/Extended-Procfile-Roadmap for more information.

Slack interface

We'd like to provide a native Slack slash command built into Empire for perform operations. See https://github.com/remind101/empire/pull/708 for a work in progress implementation.

GRPC based API

The current API is a re-construction of the Heroku Platform API and we use a fork of the hk client. As Empire has grown, we've begun to outgrow the constraints of the Heroku API.

To avoid server/client boilerplate, I would suggest that we move to a GRPC based API and client. GRPC also handles bi-directional streaming well, which means we could get rid of the Hijack hacks for interactive runs.

ACL

We'd like to have the ability to provide granular access control, so that teams only have access to the bare minimum.

Two-Factor Auth

We'd like to be able to wrap security sensitive actions with a confirmation check (maybe via push notification), so that if an employee's laptop is compromised, or an access tokens is leaked, an attack could not gain access to our infrastructure.