Merge pull request #3 from aws-solutions/feature/v1.0.1

updated to release v1.0.1

CHANGELOG.md

@@ -3,7 +3,15 @@
 
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
+
+## [1.0.1] - 2024-05
+ ### Fixed
+ - Added new CFN parameter to support optional creation of QS user groups to resolve the [issue](https://github.com/aws-solutions/security-insights-on-aws/issues/2)
+ - Fixed the security widget for Findings by Standards.
+ - Updated the sort order for Security Hub widget.
+ - Added filters to CloudTrail widgets.
+ - Updated the error logging to return errors to CFN console.
+
 ## [1.0.0] - 2024-03
  ### Added
  - Added feature to show QuickSight Analysis for data source vpc, cloudtrail, security hub.

source/resources/lib/cdk-helper/set-condition.ts

@@ -0,0 +1,19 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { CfnCondition, CfnResource } from 'aws-cdk-lib';
+import { IConstruct } from 'constructs';
+
+export default function setCondition(resource: IConstruct | CfnResource, condition: CfnCondition): void {
+    let cfnResource = resource as CfnResource;
+    if (!cfnResource.cfnOptions) {
+        cfnResource = resource.node.defaultChild as CfnResource;
+    }
+    const oldCondition = cfnResource?.cfnOptions?.condition;
+    if (oldCondition) {
+        throw new Error(`Resource ${cfnResource?.logicalId} already has a condition: ${oldCondition.logicalId}`);
+    }
+    if (!cfnResource?.cfnOptions) {
+        throw new Error(`Resource ${cfnResource?.logicalId} is not a CfnResource, unable to add condition`);
+    }
+    cfnResource.cfnOptions.condition = condition;
+}

source/resources/lib/components/glue-data-table-construct.ts

@@ -4,10 +4,10 @@
 import * as cdk from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import { Bucket } from 'aws-cdk-lib/aws-s3';
-import { S3Table, TableBaseProps } from '@aws-cdk/aws-glue-alpha';
+import { Table, TableProps } from '@aws-cdk/aws-glue-alpha';
 import { aws_lakeformation as lf } from 'aws-cdk-lib';
 
-export interface GlueDataTableProps extends TableBaseProps{
+export interface GlueDataTableProps extends TableProps{
   readonly s3Bucket: Bucket;
   readonly bucketPrefix: string;
   readonly listOfQuickSightPrincipals: { name: string; arn: string }[];
@@ -18,7 +18,7 @@ export class GlueDataTable extends Construct {
 
   constructor(scope: Construct, id: string, props: GlueDataTableProps) {
     super(scope, id);
-    const glueTable = new S3Table(this, 'GlueTable', {
+    const glueTable = new Table(this, 'GlueTable', {
       description: props.description,
       database: props.database,
       tableName: props.tableName,

source/resources/lib/permissions.ts

@@ -94,7 +94,9 @@ export const DATA_SET_ARNS = [
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Root_Logins`,
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Route_Table_Changes`,
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Security_Group_Changes`,
-  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_UID_API_Failures`
+  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_UID_API_Failures`,
+  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Security_Hub_Findings_Summary_Standards`
+
 ];
 
 export const INGESTION_ARNS = [
@@ -126,7 +128,9 @@ export const INGESTION_ARNS = [
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Root_Logins/ingestion/*`,
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Route_Table_Changes/ingestion/*`,
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Security_Group_Changes/ingestion/*`,
-  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_UID_API_Failures/ingestion/*`
+  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_UID_API_Failures/ingestion/*`,
+  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Security_Hub_Findings_Summary_Standards/ingestion/*`
+
 ];
 
 export const REFRESH_SCHEDULE_ARNS = [
@@ -158,7 +162,10 @@ export const REFRESH_SCHEDULE_ARNS = [
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Root_Logins/refresh-schedule/Security_Insights_Cloudtrail_Root_Logins`,
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Route_Table_Changes/refresh-schedule/Security_Insights_Cloudtrail_Route_Table_Changes`,
   `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_Security_Group_Changes/refresh-schedule/Security_Insights_Cloudtrail_Security_Group_Changes`,
-  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_UID_API_Failures/refresh-schedule/Security_Insights_Cloudtrail_UID_API_Failures`
+  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Cloudtrail_UID_API_Failures/refresh-schedule/Security_Insights_Cloudtrail_UID_API_Failures`,
+  `arn:${Aws.PARTITION}:quicksight:${Aws.REGION}:${Aws.ACCOUNT_ID}:dataset/Security_Insights_Security_Hub_Findings_Summary_Standards/refresh-schedule/Security_Insights_Security_Hub_Findings_Summary_Standards`
+
+
 ];
 
 export const QUICKSIGHT_ANALYSIS_ACTIONS = [