diff --git a/CHANGELOG.md b/CHANGELOG.md
index b17db5c3..29fcfc64 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,10 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [2.0.0] - 2023-01-17
### Added
-- New remediations contributed by 6Pillars: AFSBP IAM.1/CIS v1.2.0 1.22/PCI.IAM.3, CIS v1.2.0 1.16, CIS v1.2.0 1.20
+- New remediations contributed by 6Pillars: CIS v1.2.0 1.20
+- New AFSBP remediations for CloudFormation.1, EC2.15, SNS.1, SNS.2, SQS.1
+- Service Catalog AppRegistry integration
+- New support for Security Controls, finding deduplication
+- New support for CIS v1.4.0 standard
### Changed
-- Added support for Security Controls, finding deduplication
+- Added protections to avoid deployment failure due to SSM document throttling
## [1.5.1] - 2022-12-22
diff --git a/NOTICE.txt b/NOTICE.txt
index f5f65c2e..1f15ecb2 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -11,7 +11,6 @@ THIRD PARTY COMPONENTS
**********************
This software includes third party software subject to the following copyrights:
-@aws-cdk/assert under the Apache License 2.0
@aws-cdk/aws-servicecatalogappregistry-alpha under the Apache License 2.0
@cdklabs/cdk-ssm-documents under the Apache License 2.0
@types/jest under the MIT License
@@ -35,19 +34,13 @@ ts-jest under the MIT License
ts-node under the MIT License
typescript under the Apache License 2.0
-attrs under the MIT License
boto3 under the Apache License 2.0
botocore under the Apache License 2.0
certifi under the Mozilla Public License 2.0
-charset-normalizer under the MIT License
coverage under the Apache License 2.0
-exceptiongroup under the MIT License
idna under the BSD 3-Clause "New" or "Revised" License
-iniconfig under the MIT License
jmespath under the MIT License
-packaging under the Apache License 2.0
pip under the MIT License
-pluggy under the MIT License
pytest under the MIT License
pytest-cov under the MIT License
pytest-env under the MIT License
@@ -57,6 +50,5 @@ requests under the Apache License 2.0
s3transfer under the Apache License 2.0
setuptools under the MIT License
six under the MIT License
-tomli under the MIT License
urllib3 under the MIT License
virtualenv under the MIT License
diff --git a/README.md b/README.md
index eaafbe76..8bd41580 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-# AWS Security Hub Automated Response and Remediation
+# Automated Security Response on AWS
[🚀 Solution Landing
-Page](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/)
+Page](https://aws.amazon.com/solutions/implementations/automated-security-response-on-aws/)
\| [🚧 Feature
request](https://github.com/aws-solutions/aws-security-hub-automated-response-and-remediation/issues/new?assignees=&labels=feature-request%2C+enhancement&template=feature_request.md&title=)
\| [🐛 Bug
@@ -12,7 +12,7 @@ Solution Landing Page
## Table of contents
-- [AWS Security Hub Automated Response and Remediation](#aws-security-hub-automated-response-and-remediation)
+- [Automated Security Response on AWS](#automated-security-response-on-aws)
- [Table of contents](#table-of-contents)
- [Solution Overview](#solution-overview)
- [Architecture Diagram](#architecture-diagram)
@@ -36,7 +36,7 @@ Solution Landing Page
## Solution Overview
-AWS Security Hub Automated Response and Remediation is an add-on solution that
+Automated Security Response on AWS is an add-on solution that
enables AWS Security Hub customers to remediate security findings with a single
click using predefined response and remediation actions called “Playbooks”.
Alternately the playbooks can also be configured to remediate findings in AWS
@@ -45,8 +45,8 @@ some cases using AWS Systems Manager, the playbooks execute steps to remediate
security issues, such as unused keys, open security groups, password policies,
VPC configurations and public S3 buckets. The solution contains the playbook
remediations for some of the security standards defined as part of CIS AWS
-Foundations Benchmark v1.2.0 and for AWS Foundational Security Best Practices
-v1.0.0.
+Foundations Benchmark v1.2.0, CIS AWS Foundations Benchmark v1.4.0,
+AWS Foundational Security Best Practices v1.0.0, and PCI-DSS v3.2.1.
@@ -64,7 +64,7 @@ v1.0.0.
## Customizing the Solution
-**Note**: If your goal is just to deploy the solution, please use the template on the [AWS Security Hub Automated Response and Remediation Landing Page](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/). *There is no need to build the solution from source.*
+**Note**: If your goal is just to deploy the solution, please use the template on the [Automated Security Response on AWS Landing Page](https://aws.amazon.com/solutions/implementations/automated-security-response-on-aws/). *There is no need to build the solution from source.*
Detailed instructions for creating a new automated remediation in an existing Playbook can be found in the Implementation Guide. Instructions for creating an entirely new Playbook are below.
@@ -174,7 +174,9 @@ AWS Solutions use two buckets: a bucket for global access to templates, which is
#### Build the solution
-From the *deployment* folder in your cloned repo, run build-s3-dist.sh, passing the root name of your bucket (ex. mybucket) and the version you are building (ex. v1.0.0). We recommend using a semver version based on the version downloaded from GitHub (ex. GitHub: v1.0.0, your build: v1.0.0.mybuild)
+First ensure that you've run `npm install` in the *source* folder.
+
+Next from the *deployment* folder in your cloned repo, run build-s3-dist.sh, passing the root name of your bucket (ex. mybucket) and the version you are building (ex. v1.0.0). We recommend using a semver version based on the version downloaded from GitHub (ex. GitHub: v1.0.0, your build: v1.0.0.mybuild)
```bash
chmod +x build-s3-dist.sh
@@ -207,7 +209,7 @@ Use a tool such as the AWS S3 CLI "sync" command to upload your templates to the
## Deploy
-See the [AWS Security Hub Automated Response and Remediation Implementation Guide](http://docs.aws.amazon.com/solutions/latest/aws-security-hub-automated-response-and-remediation/welcome.html) for deployment instructions, using the link to the SolutionDeployStack.template from your bucket, rather than the one for AWS Solutions. Ex. https://mybucket-reference.s3.amazonaws.com/aws-security-hub-automated-response-and-remediation/v1.3.0.mybuild/aws-sharr-deploy.template
+See the [Automated Security Response on AWS Implementation Guide](https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/solution-overview.html) for deployment instructions, using the link to the SolutionDeployStack.template from your bucket, rather than the one for AWS Solutions. Ex. https://mybucket-reference.s3.amazonaws.com/aws-security-hub-automated-response-and-remediation/v1.3.0.mybuild/aws-sharr-deploy.template
# File structure
@@ -220,7 +222,9 @@ aws-security-hub-automated-response-and-remediation uses AWS CDK for generating
|-playbooks [ Playbooks CloudDevelopment Kit Code and lambda source code]
|- AFSBP/ [ AFSBP v1.0.0 playbook code ]
|- CIS120/ [ CIS v1.2.0 playbook code ]
+ |- CIS140/ [ CIS v1.4.0 playbook code ]
|- PCI321/ [ PCI-DSS v3.2.1 playbook code ]
+ |- SC/ [ SC v2.0.0 playbook code ]
|-remediation_runbooks [ Shared remediation runbooks ]
|-solution_deploy [ Solution Cloud Development Kit node module ]
|-test [ CDK unit tests ]
@@ -232,7 +236,7 @@ aws-security-hub-automated-response-and-remediation uses AWS CDK for generating
This solution collects anonymous operational metrics to help AWS improve the
quality of features of the solution. For more information, including how to disable
this capability, please see the
-[Implementation Guide](https://docs.aws.amazon.com/solutions/latest/aws-security-hub-automated-response-and-remediation/collection-of-operational-metrics.html)
+[Implementation Guide](https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/collection-of-operational-metrics.html)
# License