• Add optional KMS encryption for CloudWatch log groups and SNS topics using the AFT-created customer managed key (CMK). This encryption can be enabled at the time of deployment using the cloudwatch_log_group_enable_cmk_encryption and sns_topic_enable_cmk_encryption variables. Learn more about using CMK encryption for Cloudwatch log groups and SNS topics here. (#396)
  • When first enabling CMK encryption for CloudWatch log groups, an AssociateKmsKey error may occur due to eventual consistency in an updated policy. If this occurs, re-run terraform apply.
• Enable changing CodeBuild compute type, using variable aft_codebuild_compute_type (#474, #560)
• Add new Terraform outputs for DynamoDB table, IAM role, S3 bucket name, KMS Key, Step Function, and SNS Topic ARNs (#81, #84)
• Require SSL for connections to S3 buckets (#300)
• Change DynamoDB tables to on-demand capacity mode, for more efficient utilization (#359, #497)
• Fix error preventing deployment in regions where the SSM global infrastructure parameter is not supported (#501)
• Improved error handling for missing Jinja2 templates in account request and customizations pipelines (#349)
• Update Lambda function dependencies
  • requests 2.32.4
  • boto3/botocore 1.39.3