From f4ee758f7dcd0d12f1128f467a551ed49306912f Mon Sep 17 00:00:00 2001 From: "Wickersham, Andy" Date: Mon, 23 May 2022 16:40:11 -0500 Subject: [PATCH] Added DeadLetterConfig to Lambda function and removed checkov suppressions. --- CHANGELOG.md | 11 +++++++++++ .../templates/sra-ec2-default-ebs-encryption.yaml | 6 +++--- .../templates/sra-s3-block-account-public-access.yaml | 4 +--- pyproject.toml | 2 +- 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 094a10e0c..51092b00c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Table of Contents - [Introduction](#introduction) +- [2022-05-23](#2022-05-23) - [2022-05-15](#2022-05-15) - [2022-04-25](#2022-04-25) - [2022-04-14](#2022-04-14) @@ -28,6 +29,16 @@ All notable changes to this project will be documented in this file. --- +## 2022-05-23 + +### Changed + +- [EC2 Default EBS Encryption](aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption) solution updates: + - Added DeadLetterConfig to the Lambda function. + - Removed the checkov suppression for not having a DLQ configured. +- [S3 Block Account Public Access](aws_sra_examples/solutions/s3_block_account_public_access) solution updates: + - Removed the checkov suppression for not having a DLQ configured. + ## 2022-05-15 ### Added diff --git a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml index 6a850adff..93f9e1ddc 100644 --- a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml +++ b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml @@ -9,7 +9,7 @@ Description: Metadata: SRA: - Version: 1.2 + Version: 1.3 Order: 3 AWS::CloudFormation::Interface: ParameterGroups: @@ -403,8 +403,6 @@ Resources: reason: Lambda does not need reserved concurrent executions. checkov: skip: - - id: CKV_AWS_116 - comment: DLQ not needed. - id: CKV_AWS_173 comment: Environment variables are not sensitive. Properties: @@ -421,6 +419,8 @@ Resources: Code: S3Bucket: !Ref pSRAStagingS3BucketName S3Key: !Sub ${pSRASolutionName}/lambda_code/${pSRASolutionName}.zip + DeadLetterConfig: + TargetArn: !GetAtt rEC2DefaultEBSEncryptionDLQ.Arn Environment: Variables: LOG_LEVEL: !Ref pLambdaLogLevel diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml b/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml index d576d383b..648cda1d7 100644 --- a/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml +++ b/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml @@ -9,7 +9,7 @@ Description: Metadata: SRA: - Version: 1.2 + Version: 1.3 Order: 3 AWS::CloudFormation::Interface: ParameterGroups: @@ -323,8 +323,6 @@ Resources: reason: Lambda does not need reserved concurrent executions. checkov: skip: - - id: CKV_AWS_116 - comment: No DLQ added. - id: CKV_AWS_173 comment: Environment variables are not sensitive. Properties: diff --git a/pyproject.toml b/pyproject.toml index 7cf093d27..1fee437bc 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "aws_sra_examples" -version = "2.1.1" +version = "2.1.2" description = "AWS Security Reference Architecture Examples" authors = ["Amazon Web Services "] license = "MIT-0 License"