Skip to content

V2.0.6

Latest
Latest

Choose a tag to compare

View all tags
@maninderjanjua maninderjanjua released this 28 Oct 14:44
V2.0.6
4230ecd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

V2.0.6 Release Notes

New Features & Changes

Guardrail Updates

GR1

  • Issue 195: Updated gc01_check_dedicated_admin_account Lambda to prevent Invalid Type for parameter PolicyArn error.
  • Issue 197: Updated gc01_check_iam_users_mfa Lambda to return only "Compliant" or "Non-Compliant".
  • Issue 188:
  • Updated gc01_check_alerts_flag_misuse Lambda to validate presence of attestation file in S3.
  • Added LogSourceAttestationFilePath parameter to ConformancePack.yaml and main.yaml.

GR2

  • Issue 194: Updated gc02_check_group_access_configuration Lambda to prevent JSON object must be str error.
  • Issue 211:
  • Updated gc02_check_iam_password_policy Lambda and ConformancePack.yaml for password-as-phrase support.

GR4

  • Issue 203: Updated gc04_check_alerts_flag_misuse Lambda to check for log group as EventBridge rule target.

GR5

  • Issue 209: Updated gc05_check_data_location Lambda to handle QLDB service unavailability.

GR6

  • Issue 210: Updated gc06_check_encryption_at_rest_part1 Lambda to handle DAX service unavailability.

GR7

  • Issue 186: Added config:Get* permission to OrgRoleGenerator.yaml to resolve AccessDeniedException.
  • Issue 198: Removed Secure Network Transmission check:
  • Deleted related Lambda code and CloudFormation entries across multiple templates.

GR9

  • Issue 202: Removed Network Security Architecture check:
  • Deleted related Lambda code and CloudFormation entries across multiple templates.
  • Issue 192: Updated gc09_check_non_public_storage_accounts Lambda to check account-level block public access before bucket-level settings.

GR11

  • Updated gc11_check_trail_logging Lambda to validate event selector configuration.

GR12

  • Issue 196: Updated gc12_check_private_marketplace Lambda to run only in management account.

GR13

  • Issue 188:
  • Updated gc13_check_emergency_account_alerts Lambda to validate attestation file presence.
  • Added LogSourceNonComplianceAttestationFilePath parameter to ConformancePack.yaml and main.yaml.

Audit Report Enhancements

  • Issue 199: aws_compile_audit_report Lambda now excludes NOT_APPLICABLE controls from AWS CaC CSV.
  • Issue 200:
  • Filters out Audit Manager evidence folders older than 7 days.
  • Adjusted evidence item cutoff to 7 days.

AWS Lambda Runtime Upgrade

  • Issue 204:
  • Upgraded runtime to Python 3.12 in AuditAccountPreRequisitesPart1.yaml and EvidenceCollectionComponents.yaml.

Release Merge

  • Issue 205: Merged 2.0.5a and 2.0.5:
  • Added LogArchiveAccountName parameter to ConformancePack.yaml, main.yaml, and root.yaml.

📄 Licensing

  • Issue 150: Added MIT License to LICENSE file.

Breakglass Account Expansion

  • Issue 191: Added support for BGA3 and BGA4 accounts:
  • Updated base.json, config.yaml, ConformancePack.yaml, main.yaml, and root.yaml.
Assets 2
Loading