Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: aws-samples/aws-security-reference-architecture-examples
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.1.0
Choose a base ref
...
head repository: aws-samples/aws-security-reference-architecture-examples
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
12 contributors
Loading
Showing with 25,425 additions and 4,175 deletions.
  1. +6 −4 .github/workflows/safety.yml
  2. +96 −3 CHANGELOG.md
  3. +6 −1 README.md
  4. +79 −12 aws_sra_examples/docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md
  5. +157 −105 aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml
  6. +828 −378 aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml
  7. +56 −6 aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml
  8. +45 −6 aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml
  9. +3 −3 aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py
  10. +2 −7 aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/codepipeline.py
  11. +5 −19 aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/common.py
  12. +1 −1 ...mi_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml
  13. +11 −0 aws_sra_examples/solutions/ami_bakery/ami_bakery_org/templates/sra-ami-bakery-org-configuration.yaml
  14. +20 −1 aws_sra_examples/solutions/common/common_cfct_setup/README.md
  15. BIN aws_sra_examples/solutions/common/common_cfct_setup/documentation/common-cfct-setup.png
  16. BIN aws_sra_examples/solutions/common/common_cfct_setup/documentation/common-cfct-setup.pptx
  17. +0 −3,137 ...amples/solutions/common/common_cfct_setup/templates/customizations-for-aws-control-tower.template
  18. +381 −5 aws_sra_examples/solutions/common/common_cfct_setup/templates/sra-common-cfct-setup-main.yaml
  19. +5 −19 aws_sra_examples/solutions/config/config_conformance_pack_org/scripts/list_config_recorder_status.py
  20. +4 −27 ...ples/solutions/config/config_management_account/templates/sra-config-management-account-role.yaml
  21. +1 −1 ..._examples/solutions/config/config_management_account/templates/sra-config-management-account.yaml
  22. +5 −19 aws_sra_examples/solutions/config/config_org/lambda/src/common.py
  23. +11 −0 aws_sra_examples/solutions/config/config_org/templates/sra-config-org-configuration.yaml
  24. +5 −19 aws_sra_examples/solutions/detective/detective_org/lambda/src/common.py
  25. +11 −0 aws_sra_examples/solutions/detective/detective_org/templates/sra-detective-org-configuration.yaml
  26. +1 −1 aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/README.md
  27. +9 −20 aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py
  28. +11 −0 ...a_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml
  29. +31 −3 aws_sra_examples/solutions/firewall_manager/firewall_manager_org/lambda/src/app.py
  30. +26 −0 aws_sra_examples/solutions/genai/README.md
  31. +225 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/README.md
  32. BIN aws_sra_examples/solutions/genai/bedrock_guardrails/documentation/bedrock-guardrails.png
  33. BIN aws_sra_examples/solutions/genai/bedrock_guardrails/documentation/bedrock-guardrails.pptx
  34. BIN aws_sra_examples/solutions/genai/bedrock_guardrails/documentation/~$bedrock-guardrails.pptx
  35. +1,071 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py
  36. +46 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/cfnresponse.py
  37. +1 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/requirements.txt
  38. +81 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_bedrock.py
  39. +322 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_dynamodb.py
  40. +213 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_kms.py
  41. +17 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_kms_keys.json
  42. +294 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_lambda.py
  43. +194 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_s3.py
  44. +75 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_sqs.py
  45. +569 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_ssm_params.py
  46. +155 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/sra_sts.py
  47. +474 −0 aws_sra_examples/solutions/genai/bedrock_guardrails/templates/sra-bedrock-guardrails-main.yaml
  48. +492 −0 aws_sra_examples/solutions/genai/bedrock_org/README.md
  49. BIN aws_sra_examples/solutions/genai/bedrock_org/documentation/bedrock-org.png
  50. BIN aws_sra_examples/solutions/genai/bedrock_org/documentation/bedrock-org.pptx
  51. +110 −0 ...a_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_cloudwatch_endpoints/app.py
  52. +190 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_eval_job_bucket/app.py
  53. +99 −0 ...a_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_guardrail_encryption/app.py
  54. +144 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_guardrails/app.py
  55. +171 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_iam_user_access/app.py
  56. +109 −0 ...mples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_invocation_log_cloudwatch/app.py
  57. +146 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_invocation_log_s3/app.py
  58. +151 −0 ...xamples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_ingestion_encryption/app.py
  59. +206 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_logging/app.py
  60. +243 −0 ...amples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_opensearch_encryption/app.py
  61. +285 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_s3_bucket/app.py
  62. +221 −0 ...examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_vector_store_secret/app.py
  63. +114 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_s3_endpoints/app.py
  64. +126 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_vpc_endpoints/app.py
  65. +2,418 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py
  66. +47 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/cfnresponse.py
  67. +1 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/requirements.txt
  68. +600 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_cloudwatch.py
  69. +43 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_cloudwatch_dashboard.json
  70. +6 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_cloudwatch_metric_filters.json
  71. +27 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_cloudwatch_oam_sink_policy.json
  72. +14 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_cloudwatch_oam_trust_policy.json
  73. +183 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_config.py
  74. +251 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_config_lambda_iam_permissions.json
  75. +324 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_dynamodb.py
  76. +343 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_iam.py
  77. +207 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_kms.py
  78. +37 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_kms_keys.json
  79. +295 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_lambda.py
  80. +297 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_repo.py
  81. +196 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_s3.py
  82. +232 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_sns.py
  83. +570 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_ssm_params.py
  84. +156 −0 aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_sts.py
  85. +771 −0 aws_sra_examples/solutions/genai/bedrock_org/templates/sra-bedrock-org-main.yaml
  86. +137 −0 aws_sra_examples/solutions/guardduty/guardduty_malware_protection_for_s3/README.md
  87. BIN ...uty/guardduty_malware_protection_for_s3/documentation/sra-guardduty-malware-protection-for-s3.png
  88. BIN ...ty/guardduty_malware_protection_for_s3/documentation/sra-guardduty-malware-protection-for-s3.pptx
  89. BIN .../guardduty_malware_protection_for_s3/documentation/~$sra-guardduty-malware-protection-for-s3.pptx
  90. +482 −0 ...y/guardduty_malware_protection_for_s3/templates/sra-guardduty-malware-protection-for-s3-main.yaml
  91. +6 −2 ...sra_examples/solutions/guardduty/guardduty_org/customizations_for_aws_control_tower/manifest.yaml
  92. +10 −2 ...uty/guardduty_org/customizations_for_aws_control_tower/parameters/sra-guardduty-org-main-ssm.json
  93. +23 −11 aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py
  94. +8 −19 aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/common.py
  95. +99 −171 aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/guardduty.py
  96. +33 −5 aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-configuration.yaml
  97. +14 −1 aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-kms-key.yaml
  98. +49 −0 ...ra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-s3-bucket.yaml
  99. +38 −8 aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-main-ssm.yaml
  100. +5 −19 aws_sra_examples/solutions/inspector/inspector_org/lambda/src/common.py
  101. +14 −5 ...ra_examples/solutions/inspector/inspector_org/templates/sra-inspector-org-configuration-role.yaml
  102. +23 −4 aws_sra_examples/solutions/inspector/inspector_org/templates/sra-inspector-org-configuration.yaml
  103. +5 −19 aws_sra_examples/solutions/macie/macie_org/lambda/src/common.py
  104. +11 −0 aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-configuration.yaml
  105. +249 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/README.md
  106. BIN aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/documentation/missing-patch-summary.png
  107. BIN aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/documentation/node-compliance.png
  108. BIN aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/documentation/patch-mgr-deployment.png
  109. BIN aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/documentation/patch-mgr-solution.png
  110. +942 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py
  111. +212 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/common.py
  112. +140 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/patchmgmt.py
  113. +2 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/requirements.txt
  114. +1 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/layer/boto3/package.txt
  115. +296 −0 ...sra_examples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-configuration-role.yaml
  116. +1,302 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-configuration.yaml
  117. +68 −0 ...amples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-default-host-config-role.yaml
  118. +68 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-org-global-events.yaml
  119. +1,029 −0 aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-org-main-ssm.yaml
  120. +208 −0 aws_sra_examples/solutions/security_lake/security_lake_org/README.md
  121. +7 −0 ...examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md
  122. +87 −0 ...ples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml
  123. +142 −0 ...security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json
  124. BIN aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png
  125. BIN aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.pptx
  126. +696 −0 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py
  127. +169 −0 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py
  128. +2 −0 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt
  129. +1,010 −0 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py
  130. +65 −0 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py
  131. +1 −0 aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt
  132. +19 −0 ...ples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml
  133. +76 −0 ...olutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml
  134. +198 −0 ...solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml
  135. +811 −0 ...ples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml
  136. +151 −0 ...a_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml
  137. +753 −0 ..._examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml
  138. +168 −0 .../solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml
  139. +19 −0 ...tions/security_lake/security_lake_org/templates/sra-service-role-for-asl-resource-management.yaml
  140. +5 −19 aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/common.py
  141. +11 −0 ...a_examples/solutions/securityhub/securityhub_org/templates/sra-securityhub-org-configuration.yaml
  142. +4 −19 aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/common.py
  143. +11 −0 ...amples/solutions/shield_advanced/shield_advanced/templates/sra-shield-advanced-configuration.yaml
  144. +4 −2 aws_sra_examples/terraform/common/main.tf
  145. +3 −2 aws_sra_examples/terraform/common/s3/main.tf
  146. +6 −5 aws_sra_examples/terraform/common/sra_execution_role/main.tf
  147. +2 −1 aws_sra_examples/terraform/solutions/cloudtrail_org/s3/main.tf
  148. +3 −1 aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/invoke.tf
  149. +22 −1 aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/main.tf
  150. +11 −1 aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/variables.tf
  151. +3 −1 aws_sra_examples/terraform/solutions/guard_duty/main.tf
  152. +2 −1 aws_sra_examples/terraform/solutions/guard_duty/s3/main.tf
  153. +11 −1 aws_sra_examples/terraform/solutions/guard_duty/variables.tf
  154. +1 −0 aws_sra_examples/terraform/solutions/inspector/configuration/main.tf
  155. +1 −0 aws_sra_examples/terraform/solutions/macie/configuration/main.tf
  156. +1 −0 aws_sra_examples/terraform/solutions/macie/delivery_s3_bucket/main.tf
  157. +3 −1 aws_sra_examples/terraform/solutions/main.tf
  158. +1 −0 aws_sra_examples/terraform/solutions/providers.tf
  159. +1 −1 aws_sra_examples/terraform/solutions/security_hub/README.md
  160. +1 −0 aws_sra_examples/terraform/solutions/security_hub/configuration/main.tf
  161. +5 −1 aws_sra_examples/terraform/solutions/security_hub/configuration/variables.tf
  162. +10 −2 aws_sra_examples/terraform/solutions/security_hub/variables.tf
  163. +6 −1 aws_sra_examples/terraform/solutions/terraform_stack.py
  164. +11 −1 aws_sra_examples/terraform/solutions/variables.tf
  165. +48 −48 aws_sra_examples/utils/packaging_scripts/stage_solution.sh
  166. +12 −3 pyproject.toml
10 changes: 6 additions & 4 deletions .github/workflows/safety.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: safety - Python Dependency Check

on:
pull_request:
pull_request_target:
branches:
- main
push:
@@ -54,9 +54,11 @@ jobs:
if: steps.cached-poetry-no-dev-dependencies.outputs.cache-hit != 'true'
run: poetry install --only main --no-root
#----------------------------------------------
# Run Safety check
# Run Safety scan
#----------------------------------------------
- name: Safety check
- name: Safety scan
env:
API_KEY: ${{secrets.SAFETY_API_KEY}}
run: |
poetry run pip install safety
poetry run safety check
poetry run safety --key "$API_KEY" --stage cicd scan
99 changes: 96 additions & 3 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -3,6 +3,18 @@
## Table of Contents<!-- omit in toc -->

- [Introduction](#introduction)
- [2025-03-20](#2025-03-20)
- [2025-03-04](#2025-03-04)
- [2025-02-13](#2025-02-13)
- [2025-02-04](#2025-02-04)
- [2025-01-21](#2025-01-21)
- [2025-01-08](#2025-01-08)
- [2024-09-18](#2024-09-18)
- [2024-08-22](#2024-08-22)
- [2024-07-17](#2024-07-17)
- [2024-06-24](#2024-06-24)
- [2024-05-03](#2024-05-03)
- [2024-04-15](#2024-04-15)
- [2024-02-12](#2024-02-12)
- [2024-02-09](#2024-02-09)
- [2024-01-29](#2024-01-29)
@@ -51,6 +63,87 @@
All notable changes to this project will be documented in this file.

---

## 2025-03-20

### Added<!-- omit in toc -->

- Added [SRA Amazon GuardDuty Malware Protection for S3](aws_sra_examples/solutions/guardduty/guardduty_malware_protection_for_s3) solution for GenAI deep-dive Bedrock capability two security controls.

## 2025-03-04

### Updated<!-- omit in toc -->

- Updated [Security Lake Organization](aws_sra_examples/solutions/security_lake/security_lake_org) solution with resource management service-linked role.

## 2025-02-13

### Added<!-- omit in toc -->

- Added [SRA Bedrock Guardrails Solution](aws_sra_examples/solutions/genai/bedrock_guardrails) solution to deploy the sra-bedrock-org solution for GenAI deep-dive Bedrock capability one security controls.

## 2025-02-04

### Added<!-- omit in toc -->

- Added [Bedrock](aws_sra_examples/solutions/genai/bedrock_org) solution to deploy the sra-bedrock-org solution for GenAI deep-dive Bedrock capability one security controls.

### Updated<!-- omit in toc -->

- Updated [EC2 Default EBS Encryption](aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption) solution with STS environment variable to enable enforcement in opt-in regions.

## 2025-01-21

### Updated<!-- omit in toc -->

- Updated [Config Management Account](aws_sra_examples/solutions/config/config_management_account) solution to use service-linked role for AWS Config.

## 2025-01-08

### Updated<!-- omit in toc -->

- Updated [Common Prerequisites](aws_sra_examples/solutions/common/common_prerequisites) staging util script to fix lambda layer deploy when using solution_directory.

## 2024-09-18

### Added<!-- omit in toc -->

- Added [Security Lake Organization](aws_sra_examples/solutions/security_lake/security_lake_org) solution to configure Security Lake in AWS Organizations.

### Changed<!-- omit in toc -->

- Updated [Inspector](https://github.com/aws-samples/aws-security-reference-architecture-examples/tree/main/aws_sra_examples/solutions/inspector/inspector_org) solution to allow creation of AWSServiceRoleForAmazonInspector2Agentless SLR.
- Updated documentation for [EC2 Default EBS Encryption](aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption) solution.

## 2024-08-22

### Added<!-- omit in toc -->

- Added [Patch Manager](aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org) solution to streamline the patch management process across multiple AWS accounts and regions in AWS Organizations.

## 2024-07-17

### Fixed<!-- omit in toc -->

- Fixed [Terraform edition](aws_sra_examples/terraform) Workspace creation on suspended accounts.
- Fixed [Firewall Manager](https://github.com/aws-samples/aws-security-reference-architecture-examples/tree/main/aws_sra_examples/solutions/firewall_manager/firewall_manager_org) solution deployment issue (invalid operation error).
- Fixed [GuardDuty terraform](aws_sra_examples/terraform/solutions/guard_duty) module installation failure.

## 2024-06-24

### Changed<!-- omit in toc -->

- Updated [GuardDuty Organization](aws_sra_examples/solutions/guardduty/guardduty_org) solution to support Opt-in regions.

## 2024-05-03

- Updated [GuardDuty Organization](aws_sra_examples/solutions/guardduty/guardduty_org) solution to add Runtime Monitoring protection.
- Updated [GuardDuty Organization](aws_sra_examples/solutions/guardduty/guardduty_org) solution default setting to deploy in all enabled regions.

## 2024-04-15

- Updated [Common CFCT Setup](aws_sra_examples/solutions/common/common_cfct_setup) solution to download the latest CfCT template.

## 2024-02-12

- Added [AMI Bakery](aws_sra_examples/solutions/ami_bakery/ami_bakery_org) solution for AMI image management.
@@ -130,7 +223,7 @@ Updated [Firewall Manager](https://github.com/aws-samples/aws-security-reference

### Changed<!-- omit in toc -->

- Updated [CfCT template](aws_sra_examples/solutions/common/common_cfct_setup/templates/customizations-for-aws-control-tower.template) to resolve issue #137.
- Updated [CfCT template](aws_sra_examples/solutions/common/common_cfct_setup/templates/) to resolve issue #137.

## 2023-05-05

@@ -160,7 +253,7 @@ Updated [Firewall Manager](https://github.com/aws-samples/aws-security-reference

### Changed<!-- omit in toc -->

- Updated the [customizations-for-aws-control-tower.template](aws_sra_examples/solutions/common/common_cfct_setup/templates/customizations-for-aws-control-tower.template) to the latest version v2.5.0 and added Checkov suppressions.
- Updated the [customizations-for-aws-control-tower.template](aws_sra_examples/solutions/common/common_cfct_setup/templates/) to the latest version v2.5.0 and added Checkov suppressions.

## 2022-07-29

@@ -187,7 +280,7 @@ Updated [Firewall Manager](https://github.com/aws-samples/aws-security-reference

- Added Checkov Lambda Function suppressions for CKV_AWS_115 (Reserved Concurrent Executions) and CKV_AWS_117 (Run within a VPC) to all solution templates with Lambda Function configurations.
- Updated Lambda python files to fix mypy finding for log_level to always be a string value.
- Updated the [customizations-for-aws-control-tower.template](aws_sra_examples/solutions/common/common_cfct_setup/templates/customizations-for-aws-control-tower.template) to the latest version v2.4.0 and added Checkov suppressions.
- Updated the [customizations-for-aws-control-tower.template](aws_sra_examples/solutions/common/common_cfct_setup/templates/) to the latest version v2.4.0 and added Checkov suppressions.
- Updated pyproject.toml dependencies to the latest versions.
- Updated [Macie](aws_sra_examples/solutions/macie/macie_org) solution to increase retries and handle API errors when creating existing members.
- Updated [EC2 Default EBS Encryption](aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption) to include default string value for the pExcludeEC2DefaultEBSEncryptionTags parameter.
Loading