Releases v1.3.3
Enhancements
Add a new optional verbose logging level for the state machine (#698 )
Add the ability to optionally control account level SCP's with the Accelerator (#708 )
Add support for up to 5 CIDR ranges on VPCs (#705 )
Minor security enhancements (#704 )
Tighten permissions on one role
Tighten VPC interface endpoint security group permissions and enable customization
Accelerator uninstall script improvements (#709 )(#719 )
Add SCP to block ClientVPN Setup/Configuration (#725 )
Fixes
Fail the state machine if a CloudWatch Metric cannot be deployed due to a missing log group (#697 )
Extra validation to ensure GuardDuty enabled on all member accounts (#721 )
Handle SCP attachment events on Accelerator managed OUs and accounts (#720 )
Stop removal of customer SCPs from accounts when not Accelerator managed (#711 )
Only attach NATGW's to subnets as defined in the config file (#705 )
Remove assumerole block on Accelerator role SCP (#723 )
Documentation
Update documentation for v1.3.2 and v1.3.3 (#699 ) (#723 )
Install guide, FAQ, Sample Snippets, State Machine Inputs
Config file changes
Subnet level "cidr2": objects renamed to "cidr": (MANDATORY)(#723 )
VPC level "cidr2": "a.b.c.d/z" field changed to array "cidr2": ["a.b.c.d/z"] (MANDATORY)(#723 )
Replaced several CIDR ranges with variables (OPTIONAL)(#723 )
Enables updating these values in one place rather than many
Highlights values that may need to be updated by customers
Updated the default organization-admin-role to align with AWS default (NEW INSTALLS ONLY)(#723 )
Removed duplicate NIST800-53 Config rules which overlapped with deployed Security Hub rules (RECOMMENDED)(#722 )
In release v1.3.1 we missed adding "security-hub": true to the sample config files (RECOMMENDED) (#690 )
Add logs and monitoring endpoints to the lite sample config file to resolve session manager issues (RECOMMENDED) (#712 )
You can’t perform that action at this time.
