We are pleased to announce an experimental release of the Landing Zone Accelerator on AWS, providing early access to upcoming features and improvements.
Intended Usage and Environment Considerations
This experimental release is specifically designed for evaluation and testing purposes in development environments only. Given the nature of pre-release software and ongoing refinements, we strongly advise against deploying these features in production environments at this time. Organizations should continue to rely on our latest official release for production workloads to ensure maximum stability and support coverage.
Support and Issue Reporting Guidelines
Any issues encountered while using this experimental release should be reported directly through our GitHub issues, rather than through AWS Support directly. This approach allows our development team to rapidly address feedback and incorporate improvements into the upcoming official release. When submitting GitHub issues, please clearly indicate that it relates to the experimental release (experimental/v1.15.0) to help us properly track and address your input.
Path to Official Release
Features and improvements introduced in this experimental release will undergo thorough testing and refinement before being incorporated into an official release. We encourage users to subscribe to our repository notifications to stay informed about updates and the timeline for official release availability.
New Features
Container deployment
The LZA now supports container-based deployment, providing an alternative deployment method with enhanced capabilities. To get started, see README.md
- Regional Flexibility: Enables deployment in AWS regions without support for CodeBuild and CodePipeline services, providing a focused path for select regions without support for Code* services
- Improved Performance: Optimized deployment process for faster infrastructure provisioning
Security Hub Automation Rules
LZA now includes support for Security Hub automation rules, enabling automated response and remediation workflows:
- Add and remove Security Hub automation rules through your security configuration
- Streamline security operations with automated response to security findings
Transit Gateway Enhancements
Landing Zone Accelerator now includes enhanced Transit Gateway capabilities:
- Multicast Support: Enable multicast functionality for one-to-many or many-to-many network communication patterns, useful for media streaming, financial data distribution, gaming applications, and IoT deployments
- Flow Logs: Added support for Transit Gateway flow logs to capture information about IP traffic going to and from network interfaces in your Transit Gateway
Important: Enabling multicast on an existing Transit Gateway will cause the TGW to be recreated, which may disrupt TGW attachments, route tables, VPN connections, Direct Connect associations, and peering attachments. The LZA team highly recommends utilizing stack policies to protect critical CloudFormation resources.
GuardDuty S3 Malware Protection
LZA now supports Amazon GuardDuty S3 Malware Protection, enabling automated malware scanning for objects uploaded to S3 buckets:
- Detect malicious files before they impact your environment
- Enhance security posture with automated threat detection
AWS Network Firewall Managed Rule Groups
The LZA now supports AWS Managed Rule Groups for AWS Network Firewall:
- Leverage pre-configured rule sets maintained by AWS
- Simplify network security management with ready-to-use protection
- Automatically deploy and manage AWS-provided rule sets through your network configuration
Changes
CodeStar Notifications Removal
CodeStar notification functionality has been removed from the solution. Organizations requiring deployment notifications should implement alternative notification mechanisms.
Node.js Runtime Update
The solution runtime has been upgraded to Node.js 22, providing improved performance, security updates, and access to the latest JavaScript features.
Additional Resources
For full details, please see the CHANGELOG.