Summary of Changes
EventBridge Limit:
- Last release we crossed the default AWS account soft limit for the number of rules that can be created for an event bus (300). So we have requested users to upgrade their limit before redeploy or install process.
- The good news is that we have overcome that limitation in the current release using a new micro-service called job-scheduler. Now Paladin uses separate custom event buses for each cloud provider.
Policy/Rules Update:
- We have added new collectors and rules across the three cloud providers, AWS, Azure and GCP
- We have added our first auto-fixes for a couple of policies in Azure and GCP. We will be updating the steps required to enable the same in the wiki.
- We have made some changes to Rule metadata.
- We are updating the Wiki with the current rules we support. This is an ongoing effort.
UI updates:
- We have redesigned the Policy Knowledge base screen.
- We have added a new feature, a collapsible navigation bar
- We have fixed an issue with the table to store the previous state
- We have fixed minor fixes across the other components
Azure AD:
- We have added a feature to enable Azure AD authentication in the Paladin Cloud.
- Azure AD can now be used as an authentication mechanism over the default db-based authentication.
- We are in the process of testing the Azure AD feature. Please watch this space for an update on the Azure AD
Infrastructure Updates:
- As stated above, we are now using custom EventBridge buses.
- We have created a new micro-service job-scheduler in our existing ECS cluster.
- This microservice would emit the events periodically to trigger the jobs/rules.
- We have upgraded the Terraform to the latest version, 1.2.x
- If you are upgrading from previous versions, please follow this link to start upgrading to this release.
What's Changed
- chore:modified domains in config file by @ranadheer-b in #332
- chore: updated lambda run time to 3.8 by @rnithinpaladin in #335
- Fix/asset type display name change by @arunpaladin in #331
- feat: vm instances should be migrated on maintenance event by @AishwaryaKulkarni97 in #337
- feat: added a new policy for the nsg. This policy checks the public … by @kushZemoso in #338
- fix:Combined aws listener policies for classic elb and elbv2 by @amishavijayakumar08 in #340
- chore:Upgraded aws-java-sdk version in commons by @amishavijayakumar08 in #341
- Fix/asset type display name change by @arunpaladin in #343
- Implemented autofix for azure and gcp policies by @dheerajkholia-paladin in #342
- feat: GCP policy to restict access to GKE cluster by @AnjaliMadhavi-Nakirikanti in #344
- PaladinCloud Login using AzureAD by @arunpaladin in #348
- feat: added a new policy for the gke Cluster.This rule checks if the … by @kushZemoso in #347
- feat: Added a new policy for the gke Cluster by @kushZemoso in #350
- Collapsed navbar by @ranadheer-b in #346
- feat : Ensure DB owner chaning flag is disable for Google SQL server by @AnjaliMadhavi-Nakirikanti in #354
- fix: updated the Azure activitylog policies display names as per wiki by @AnjaliMadhavi-Nakirikanti in #356
- feat:Policy to check delete access policy for aws backup vault by @amishavijayakumar08 in #351
- feat: Ensure Enable trusted microsoft services to access Storage Account by @AnjaliMadhavi-Nakirikanti in #349
- feat:Autofix for azure policy unrestricted database access by @dheerajkholia-paladin in #353
- Feature/gcpsql by @AishwaryaKulkarni97 in #355
- feat:redirect azure app service webapp from http to https by @AnjaliMadhavi-Nakirikanti in #357
- Feat/aws iam user multiple access key policy by @amishavijayakumar08 in #358
- feat: added error state by @sidharthjain-zemoso in #363
- feat:Added a new Policy for cloudStorage. by @kushZemoso in #362
- fix: removed extra spaces in gcp and azure policy rule name by @AnjaliMadhavi-Nakirikanti in #364
- fix:remove the spacial charaters from the rule Ensure _web_app_using_late… by @AnjaliMadhavi-Nakirikanti in #365
- Policy knowledgebase by @sidharthjain-zemoso in #366
- feat:Added a new policy for webApp by @kushZemoso in #367
- feat: App service authentication should be enabled by @AishwaryaKulkarni97 in #360
- feat: gcp sql instances should not be public by @AishwaryaKulkarni97 in #368
- fix:removed mismatched quote in db.sql file by @AnjaliMadhavi-Nakirikanti in #372
- Fix/sso login azure ad by @arunpaladin in #370
- Fix/bug fix by @sidharthjain-zemoso in #369
- feat:Rule to check expired aws iam certificates by @amishavijayakumar08 in #371
- feat: Enable DNSSEC for Google Cloud DNS Zones by @AnjaliMadhavi-Nakirikanti in #359
- Update README.md by @Steve-Hull in #377
- Feature/tls encryption by @kushZemoso in #375
- Feat/aws customer manged full admin access policy by @amishavijayakumar08 in #376
- feat: Ensure Client certificate on for Web App. by @AnjaliMadhavi-Nakirikanti in #374
- feature :Autofix for azure and gcp policy by @dheerajkholia-paladin in #379
- feat:Added new aws policy to check IAM role with full admin access by @amishavijayakumar08 in #380
- feat:Added new aws rule for users with full admin access by @amishavijayakumar08 in #381
- fix: list-state by @sidharthjain-zemoso in #384
- feat: Disable Contained Database Authentication Flag for SQL Server Database Instances by @AnjaliMadhavi-Nakirikanti in #378
- Feat/function app cert by @AishwaryaKulkarni97 in #382
- feat: Disable external scripts enabled Flag for SQL Server Database Instances by @kushZemoso in #383
- fix:fixing the target type table display name update by @amishavijayakumar08 in #386
- added cmd to update policyId column size and truncate the cf_policy and cf_ruleInstance Tables by @AnjaliMadhavi-Nakirikanti in #387
- updated terrafrom version to v1.2.8 and custom event bus for diff cloud provider by @rnithinpaladin in #388
- feat: job scheduler service by @santhosh-challa in #391
- fix:fixed cloud watch rule json syntax error by @AnjaliMadhavi-Nakirikanti in #393
- fix: GCP discovery issue by @dheerajkholia-paladin in #397
- fix: fixed syntax error in db.sql and rule_cloudwatch.json by @AnjaliMadhavi-Nakirikanti in #396
- fix: running the three cloud rules in parallel, instead of sequentially by @santhosh-challa in #399
- job_schedule_interval by @rnithinpaladin in #405
- common.py update by @rnithinpaladin in #411
New Contributors
- @Steve-Hull made their first contribution in #377
Full Changelog: 1.1.0...1.2.0