github awslabs/landing-zone-accelerator-on-aws v1.11.0
on GitHub

one day ago

Important

We highly recommend that you keep your environments up to date by upgrading to the latest version. See Update the solution for the required actions to upgrade.

Advanced CloudFormation Stacksets Operational Control:

This new feature enables the option to specify operational preferences such as region order, max concurrency, and concurrency mode to StackSets in the customizations stage (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-stackset-operationpreferences.html).

Chatbot Policies Integration with Organizations:

This release adds support for Chatbot Policies through the Organizations config file. Chatbot policies allow you to control access to an organization's accounts from chat applications such as Slack and Microsoft Teams(https://docs.aws.amazon.com/chatbot/latest/adminguide/chatbot-orgs-policy.html).

Enhanced CloudWatch Log Replication to S3:

This release provides the ability to specify a log file extension for CloudWatch Logs that are replicated to S3 via Firehose. This functionality allows for improved log file organization, identification, and a better SIEM integration experience.

Added

  • feat: add eks-auth endpoints to hosted-zone
  • feat(customizations): add feature to set custom admin and execution roles for custom stacksets
  • feat(customizations): add operational preferences support or stacksets customization
  • feat(doc): add package dependency section in typedoc
  • feat(eventbus): add support for default event bus resource policy
  • feat(iam): create IAM user without console access
  • feat(lambda): add lambda runtime to the construct props and default to Node 18
  • feat(logging): provide file extension to CloudWatch log replicated files in S3
  • feat(networking): allows the option of specifying a network firewall policy arn
  • feat(organizations): add support for chatbot policies
  • feat(pipeline): add feature to parallelise synth and diff operations
  • feat(pipeline): add feature to reuse synth for all deploy actions
  • feat(pipeline): add feature to consolidate all diffs and generate URL for review in Review stage
  • feat(pipeline): add feature to deploy LZA solution region by region
  • feat(test): add api assertion to integration testing
  • feat(validation): validating that order of CIDRs is not changed

Fixed

  • fix: added missing imports to test file
  • fix: Disable management events for Lambda & S3 Cloudtrail event selectors
  • fix: hosted zone DNS for Sagemaker VPC Endpoints
  • fix: updated GitHub action target
  • fix(account): remove partition checks for account creation in prepare stack
  • fix(assets): add local account for ssm parameters to assets policy
  • fix(build): fixing naming scheme of installer templates
  • fix(config/validation): make account email comparisons case insensitive
  • fix(config-service): only record global resources in home region
  • fix(config-service): exclude global resources from recorder except in home region
  • fix(control-tower): update landingzone fails for non-default security ou name
  • fix(docs): change macie api version
  • fix(globalConfig): provide required permissions for subscriptions
  • fix(iam): add supported partition for service linked roles
  • fix(identity-center): checks if a user or group exists when building assignments
  • fix(installer): fix management account bootstrap failed when using external pipeline
  • fix(logging): add log stream arn for SubscriptionFilterRole IAM Policy
  • fix(logging): fixed permissions on custom resource for when cloudwatch encryption is enabled in global-config
  • fix(logging): incorrect managed policy for imported elb access log bucket
  • fix(logging): updated kms key for imported asset bucket
  • fix(macie): unable to publish sensitive data findings to security hub
  • fix(networking): add conditions to trust policy for DescribeTgwAttach IAM Role
  • fix(networking): add conditions to trust policy for VpcPeering IAM Role
  • fix(networking): fixes ssm parameter name format
  • fix(networking): trust policy for tgw peering multiple acceptors to single requestor account
  • fix(organizations): create ou's in all partitions with exceptions
  • fix(resolver): correctly identify custom domain list filename
  • fix(s3): imported elb bucket policy attachment failed
  • fix(uninstaller): correct syntax for debug log
  • fix(validation): make case insensitive comparisons when validating email addresses
  • fix(warning): removes unreachable code that results in warning

Changed

  • chore: bump version to v1.11.0
  • chore: change viperscan from cli to wget
  • chore(cli): modify cli signature
  • chore(documentation): create lza module documentation
  • chore(modules): add config parsing module lza-config
  • chore(modules): add aws-lza package for ct module and lza cli
  • chore(test): updated tests for stack creation
  • chore(testing): moves construction of stacks from test bootstrap into test run

Configuration Changes

  • chore(cn): remove cn sample configuration directory
  • chore(sample-config): add kms key disable rotation prevention control in sample config
  • chore(sample-config): add kms delete policy to scp in sample config
  • chore(sample-config): add transit gateway and ram share protection in sample config
  • chore(sample-config): externalize healthcare configurations

Full Changelog: v1.10.0...v1.11.0

Check out latest releases or
releases around awslabs/landing-zone-accelerator-on-aws v1.11.0

Don't miss a new landing-zone-accelerator-on-aws release

NewReleases is sending notifications on new releases.

Get notifications