Important
We highly recommend that you keep your environments up to date by upgrading to the latest version. To upgrade your environments to this version, use the CloudFormation console to update your AWSAccelerator-Installer stack using the latest installer template and ensure that that you set Branch Name to the latest version (release/v1.4.3 for this release). See Update the solution for more information.
Upgrading from version 1.4.0/1.4.1 to 1.4.2+
For users with shared VPC subnets configured, if you are encountering an SSM parameter validation error during the Network_Associations stage, use the following update procedure:
- Determine the parameters that are needed in the share target accounts by reviewing the CloudWatch logs for the Lambda function that is prefixed with
AWSAccelerator-NetworkVpc-CustomSsmPutParameterVal-
in the account that owns the shared VPC. - Manually create the parameters in any accounts that are failing SSM parameter validation.
- Re-run the core pipeline
- After upgrading to 1.4.2+, this process will not be required for newly-enrolled accounts in the share target OUs.
Fixed
- fix(logging): cloudwatch logging, change log format in firehose to json
- fix(organizations): large OU organizations fail to load during prepare stage
- fix(networking): cannot provision new IPAM subnets when VPC has CIDRs from non-contiguous CIDR blocks
- fix(networking): Modify Transit Gateway resource lookup construct ids
- fix(validate-config): ValidateEnvironmentConfig improperly evaluates enrolled CT accounts as not enrolled
Configuration Changes
- chore(aws-best-practices-tse-se): include granular billing SCP permission updates
- chore(aws-best-practices-cccs-medium): include granular billing SCP permission updates