Releases: digitc1/AWSLandingZone
Releases · digitc1/AWSLandingZone
Fix for GD logs from regions other than eu-west-1 not being shipped to splunk
Implements a fix to Event rule sending GD events to the Eventbus of the SECLOG account. Works for all regions.
What's Changed
- Release/1.5.9 by @silavjy in #198
- 201 gd logs from regions other thatn eu west 1 not being shipped to splunk by @silavjy in #202
Full Changelog: 1.5.9...1.5.10
AWS Policy change on S3 buckets for Public Access and Object Ownership
Fixes included:
- Fix release issue of S3 buckets due to policy change by AWS #197
Fix regression on Installation script
Update role following AWS has changed its policy and enhance pre-flight checks on LZ update
Updated role and functional changes implemented to simplify LZ management
- #191 - Enhance pre-flight check on EC-Switch-SECLOG.py script
- #190 - Update AWSCloudFormationStackSetExecutionRole to include itself as principal
- #192 - Remove non SSL access on artefacts bucket
Can upgrade release/1.5.5 or release/1.5.6.
What's Changed
Full Changelog: 1.5.6...1.5.7
New scripts for managing SECLOG account switch and LZ deletion
Functional changes implemented to simplify LZ management.
- Update Readme.md documentation. Deleted EC-Create-Account.sh script (deprecated)
- Added switch SECLOG script
- Added Delete landing zone script
Upgrading from 1.5.5 is not required for this release.
Added missing update on runtime engine for a lambda function
Update runtime engine for lambda LandingZoneLocalSNSNotificationForwarder to python3.9
LZ alignment with AWS updated policies
Minor enhancements and required updates as follows:
- upgraded lambda runtime python to 3.9 related of an EOL for python 3.6
- changed SSL permissions set * as principal all bucktes
- removed action from lambda code bucket policy PutObjectAcl
- replaced all AWSConfigRole to AWS_ConfigRole related of an AWS policy update
License file added an minor fix
What's Changed
- Apache 2.0 license file added
- Minor fix on delete default VPC script.
- Added manifest file and updated version file.
Enhancements and feature activation
Number of enhancements which include:
- AWS Security Hub adds support for cross-Region aggregation of findings to simplify how you evaluate and improve your AWS security posture
- Update the code of the LZ to enable CloudTrail error rate Insights
- Explicit tagging of all the AWS resources created by the AWS CLI
- CIS1.11 can be disabled - this control is not compliant with the password policy set by the LZ
- VA 3.3 enable encryption on config-logs and access-logs S3 buckets
- VA 3.2 : Enable encryption on the SNS topic
- Enable Guardduty for Kubernetes
- Region ap-northeast-1 added for installation of SLZ resources.
Simplified installation
New release 1.5.1. Items added:
- Added OU parameter to EC-Setup-Client.sh script to allow C2 to install their accounts without needing to pass the root account email.
- Modified script to update the LZ version on the SSM parameter only if the execution of the update is successful.
- Updated documentation.