Releases: digitc1/AWSLandingZone
Releases · digitc1/AWSLandingZone
Bugfix LZ install script for client accounts
Bugfix for CIS control, CloudWatch logs groups and KMS policies
- Disabled CIS control 1.14 for standard AWS Foundational Security Best Practices v1.0.0 on all regions
- Change strategy cor custom Cloudwatch streaming, instead of using CloudWatch log groups, use Filter names for custom index.
- Modify Role used by Log shipper lambdas - limit KMS policies
What's Changed
Full Changelog: 1.5.10...1.5.11
Fix for GD logs from regions other than eu-west-1 not being shipped to splunk
Implements a fix to Event rule sending GD events to the Eventbus of the SECLOG account. Works for all regions.
What's Changed
- Release/1.5.9 by @silavjy in #198
- 201 gd logs from regions other thatn eu west 1 not being shipped to splunk by @silavjy in #202
Full Changelog: 1.5.9...1.5.10
AWS Policy change on S3 buckets for Public Access and Object Ownership
Fixes included:
- Fix release issue of S3 buckets due to policy change by AWS #197
Fix regression on Installation script
Update role following AWS has changed its policy and enhance pre-flight checks on LZ update
Updated role and functional changes implemented to simplify LZ management
- #191 - Enhance pre-flight check on EC-Switch-SECLOG.py script
- #190 - Update AWSCloudFormationStackSetExecutionRole to include itself as principal
- #192 - Remove non SSL access on artefacts bucket
Can upgrade release/1.5.5 or release/1.5.6.
What's Changed
Full Changelog: 1.5.6...1.5.7
New scripts for managing SECLOG account switch and LZ deletion
Functional changes implemented to simplify LZ management.
- Update Readme.md documentation. Deleted EC-Create-Account.sh script (deprecated)
- Added switch SECLOG script
- Added Delete landing zone script
Upgrading from 1.5.5 is not required for this release.
Added missing update on runtime engine for a lambda function
Update runtime engine for lambda LandingZoneLocalSNSNotificationForwarder to python3.9
LZ alignment with AWS updated policies
Minor enhancements and required updates as follows:
- upgraded lambda runtime python to 3.9 related of an EOL for python 3.6
- changed SSL permissions set * as principal all bucktes
- removed action from lambda code bucket policy PutObjectAcl
- replaced all AWSConfigRole to AWS_ConfigRole related of an AWS policy update
License file added an minor fix
What's Changed
- Apache 2.0 license file added
- Minor fix on delete default VPC script.
- Added manifest file and updated version file.