Skip to content

Release v1.2.4
Compare
Choose a tag to compare
@github-actions github-actions released this 05 Jan 21:10
v1.2.4
22ed587
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

STOP

  • This release is no longer supported for new installations or upgrades, use v1.3.2 or above
  • Given the API deprecations resolved in v1.2.5, we recommend upgrading to v1.2.5 or above before March 31st, 2021

IMPORTANT

  • Upgrading to this release (or a newer release) requires mandatory updates to the configuration file as described below

Enhancements

  • Set S3 bucket ownership flag on log-archive buckets (#522) (5bb589a)
  • Script to generate Accelerator config rules based on AWS Conformance packs (#530) (a19cb57)
  • Add an additional 94 config rules based on the NIST800-53 Conformance pack (#540) (4785097)
  • Add a 2nd remediating config rule (S3 bucket KMS encryption) (#536) (cea5fe1)
    • while customers can provide their own SSM documents, this remediation required a minor code change
  • Switch to Amazon ECR Public image for the build image to avoid Docker throttling issues (#544) (4e3d68d)
  • CDK upgrade to v1.75.0 (#520) (372aba4)

Fixes

  • Fix issues related to suspending AWS accounts (#518/#546) (3ad41ad)(a8aec1a)
    • Updated SCPs to allow for account suspension (#542) (11a98ed)
    • Updated FAQ document to reflect suspension process
  • Pin Lambda versions to prevent old Lambda versions from executing during upgrades (#537) (6223d8d)
  • Pin a 3rd party dependency which broke new installs (#553) (22ed587)
  • Move zone configuration to VPC config / add a central-endpoint vpc flag (#528/#535) (47cd70b)(15647d7)
    • fixes issues with an ultra-lite config file (i.e. removal of endpoint VPC)
    • enables defining R53 zones on any VPC, not just the central VPC
  • Update Security Hub automation to enable disabling security standards and controls using Accelerator config file (#526) (e76f581)
  • Fix issue related to not deploying any IAM policies in the Accelerator config file (#529) (71c48fb)
  • Fix issue related to using arrays with multi-part config files (#521) (c364f85)

Documentation

  • Enhance Installation and Operations Guides
    • Add v1.1.4 to v1.2.3 upgrade instructions
  • Finalize Developer guide
  • Move FAQ from Installation Guide to separate document, enhance content
  • Move config file customization info from Installation Guide to Customization Guide
  • Tweak sample configuration files

Config file changes

  • Upgrading to this release requires mandatory updates to the configuration file (see latest sample config files) (PR528)
    • the zones section should be removed from global-options (will simply be ignored if not removed)
    • "central-endpoint": true MUST be added to the endpoint VPC config in the shared-network account
    • any previously deployed zones MUST be added to the endpoint VPC config in the shared-network account, i.e.
    "zones": {
            "public": ["cloud-hosted-publicdomain.example.ca"],
            "private": ["cloud-hosted-privatedomain.example.ca"] }
  • Optionally decide to deploy the 94 new config rules (PR540) and the new S3 bucket auto-remediation (PR536)
Assets 4
Loading