github awslabs/landing-zone-accelerator-on-aws v1.6.0

latest releases: v1.10.0, v1.9.2, v1.9.1...
10 months ago

Important

We highly recommend that you keep your environments up to date by upgrading to the latest version. See Update the solution for more information.

Added

  • feat(budgets): Budget notifications accept array of email addresses
  • feat(cloudwatch): provide the ability to use CloudWatch service key for LogGroup encryption
  • feat(config-service): allow reference of public ssm documents
  • feat(customizations): Enhance custom applications to deploy in shared VPC
  • feat(firewalls): load firewall configuration from directory and support secret replacement
  • feat(lambda): Allow option to use service key for AWS Lambda function environment variables encryption
  • feat(networking): add support for targeting network interfaces
  • feat(pipeline): use v2 tokens for sts
  • feat(regions) Add il-central-1 region
  • feat(replacements): added check for commented out replacements-config.yaml
  • feat(replacements): extend dynamic parameter lookups
  • feat(resource-policies): Support additional AWS services in resource based policies
  • feat(s3): make the creation of access log buckets and S3 encryption CMK optional
  • feat(ssm): add aggregated ssm region policy construct
  • feat(support): add Diagnostic Pack support
  • feat(validation): adds configuration validation for cmk replacement in the AWS config remediation lambda.
  • feat(validation): add option to skip static validation

Changed

  • chore(documentation): added SBOM instructions to FAQ
  • chore(documentation): added Architecture and Design Philosophy section to DEVELOPING.md
  • chore(documentation): Update security hub cis 1.4.0 control examples
  • chore(esbuild): update build target from node16 to node18
  • enhancement(ebs): Add deployment targets to ebs encryption options
  • enhancement(iam): added prefix condition to trust policies
  • enhancement(logging): Add validation for s3 resource policy attachments against public block access
  • enhancement(networking): allow ability to define static replacements for EC2 firewall configurations
  • enhancement(networking): allow ability to deploy EC2 firewall in RAM shared VPC account
  • enhancement(pipeline): optimize CodeBuild memory for over 1000 stacks
  • enhancement(validation): Managed active directory secret config account validation

Fixed

  • fix(aspects): saml lookup for console login to non-standard partitions fails
  • fix(budget): sns topic arn for budgets notifications
  • fix(config-service): modify public ssm document name validation
  • fix(guardduty): export findings frequency and exclude region settings for protections are ignored
  • fix(iam): update the iam role for systems manager
  • fix(logging): refactored CloudWatch Log exclusion filter to use regex
  • fix(networking): Allow for Target Groups with type IP to be created within VPC without targets specified
  • fix(networking): added explicit dependency between vpc creation and deletion of default vpc
  • fix(networking): create network interface route for firewall in shared vpc
  • fix(networking): reverted role name to VpcPeeringRole
  • fix(networking): share subnets with tags causes SSM parameter race condition
  • fix(networking): add dependency between networkAssociations and GWLB stages
  • fix(operations): account warming fails
  • fix(organizations): enablePolicyType function blocks tag and backup policy creation in GovCloud
  • fix(pipeline): consolidate customizations into single app
  • fix(pipeline): exit pipeline upon synth failure
  • fix(pipeline): evaluate limits before deploying workloads
  • fix(scp): Catch PolicyNotAttachedException when SCP is allow-list strategy
  • fix(scp): Add organization_enabled variable to revertSCP Lambda function
  • fix(ssm): intermittent failure in OperationsStack, added missing dependency
  • fix(toolkit): enforce runOrder for custom stacks in customizations stage
  • fix(validation): allow OUs and accounts for MAD shares
  • fix(validation): Fix max concurrent stacks validation
  • fix(validation): Add validation on static parameters for policy templates
  • fix(validation): validate kmsKey and subnet deployment targets

Configuration Changes

  • chore(aws-best-practices-tse-se): migrated to new GitHub repository
  • chore(aws-best-practices-cccs-medium): migrated to new GitHub repository

Don't miss a new landing-zone-accelerator-on-aws release

NewReleases is sending notifications on new releases.