github awslabs/landing-zone-accelerator-on-aws v1.12.0
on GitHub

2 days ago

Important

We highly recommend that you keep your environments up to date by upgrading to the latest version. See Update the solution for the required actions to upgrade.

New Features

Account Management

  • Account Alias Management: You can now create and manage aliases for your AWS accounts, making it easier to identify and organize your accounts.

Logging and Monitoring

  • Dynamic CloudWatch Logs Partitioning: Added the ability to dynamically partition CloudWatch Logs by account ID, improving log management and analysis. (#731)
  • Custom Lambda Processor for Firehose: Users can now customize the Lambda processor for Amazon Kinesis Firehose, enabling more options for log processing.
  • CloudWatch Logs Subscription Filters: Introduced account-level settings for CloudWatch Logs subscription filters, providing more granular control over log data flow.
  • Kinesis Customization: Allow for greater customization of Amazon Kinesis streams, including retention period, streaming mode, and shard count. (#283)

Networking

  • Direct Connect Enhancements: Added support for BGP authentication keys on Direct Connect virtual interfaces, increasing security for your hybrid network connections.

Security and Governance

  • Service-Linked Role for AWS Config: Added support to create and use a service-linked role for AWS Config.
  • GuardDuty Improvements: Expanded AWS GuardDuty support to include malware protection, RDS monitoring, Lambda function monitoring, and additional EKS options. (#480 #558 #559)
  • Customizable StackSet Execution: You now have the ability to skip the creation of StackSet execution roles when needed, providing more flexibility for organizations with existing StackSets.

Bug Fixes

  • Addressed problems with log group destinations and subscription filter permissions.
  • Corrected Macie principal access to S3 buckets in opt-in regions.
  • Corrected the mapping upload logic to properly use LZA-enabled regions and accounts.
  • Fixed environment variable configuration for metadata Lambda functions.
  • Fixed issues with AWS Audit Manager delegated admin account setup.
  • Fixed multiple networking-related issues, including VPC peering, hosted zones for SageMaker VPC endpoints, and transit gateway peering attachments. (#713)
  • Fixed service quota provisioning logic for home regions.
  • Fixed suspended account blocking uninstallation. (#727)
  • Resolved network association stack failures related to security groups and RAM-shared subnets/VPCs.
  • Resolved various IAM role trust policy issues, particularly for VPC peering.

Changed

  • Added a new section on preventative controls to our documentation.
  • Migrated several AWS SDK interactions to v3, including EC2, Identity Center, Macie, KMS, Organizations, RAM, Route 53, S3, and SecurityHub.
  • Updated ECR-related findings documentation in Security Hub.
  • Updated esbuild to version 0.25.0.
  • Updated Node.js runtime to version 20 for improved performance and security.
  • Updated sample configurations to include S3 object-level controls and additional network controls.

Contributors

Thank you to the following open-source contributors with features included in this release:

Full Changelog: https://github.com/awslabs/landing-zone-accelerator-on-aws/blob/release/v1.12.0/CHANGELOG.md

Check out latest releases or
releases around awslabs/landing-zone-accelerator-on-aws v1.12.0

Don't miss a new landing-zone-accelerator-on-aws release

NewReleases is sending notifications on new releases.

Get notifications