Fix for GD logs from regions other than eu-west-1 not being shipped to splunk

Implements a fix to Event rule sending GD events to the Eventbus of the SECLOG account. Works for all regions.

What's Changed

• Release/1.5.9 by @silavjy in #198
• 201 gd logs from regions other thatn eu west 1 not being shipped to splunk by @silavjy in #202

Full Changelog: 1.5.9...1.5.10

AWS Policy change on S3 buckets for Public Access and Object Ownership

Fixes included:

• Fix release issue of S3 buckets due to policy change by AWS #197

Fix regression on Installation script

Fixes included:

• issue on the EC-Setup-Seclog.sh script that prevented the AWSCloudFormationStackSetExecutionRole from being deployed. #196
• Fix dependency on linked_status variable for update script #195

Upgrading from 1.5.7 is not required for this release.

Update role following AWS has changed its policy and enhance pre-flight checks on LZ update

Updated role and functional changes implemented to simplify LZ management

• #191 - Enhance pre-flight check on EC-Switch-SECLOG.py script
• #190 - Update AWSCloudFormationStackSetExecutionRole to include itself as principal
• #192 - Remove non SSL access on artefacts bucket

Can upgrade release/1.5.5 or release/1.5.6.

What's Changed

• Release/1.5.7 by @silavjy in #194

Full Changelog: 1.5.6...1.5.7

New scripts for managing SECLOG account switch and LZ deletion

Functional changes implemented to simplify LZ management.

• Update Readme.md documentation. Deleted EC-Create-Account.sh script (deprecated)
• Added switch SECLOG script
• Added Delete landing zone script

Upgrading from 1.5.5 is not required for this release.

Added missing update on runtime engine for a lambda function

Update runtime engine for lambda LandingZoneLocalSNSNotificationForwarder to python3.9

LZ alignment with AWS updated policies

Minor enhancements and required updates as follows:

• upgraded lambda runtime python to 3.9 related of an EOL for python 3.6
• changed SSL permissions set * as principal all bucktes
• removed action from lambda code bucket policy PutObjectAcl
• replaced all AWSConfigRole to AWS_ConfigRole related of an AWS policy update

License file added an minor fix

What's Changed

• Apache 2.0 license file added
• Minor fix on delete default VPC script.
• Added manifest file and updated version file.

Enhancements and feature activation

Number of enhancements which include:

• AWS Security Hub adds support for cross-Region aggregation of findings to simplify how you evaluate and improve your AWS security posture
• Update the code of the LZ to enable CloudTrail error rate Insights
• Explicit tagging of all the AWS resources created by the AWS CLI
• CIS1.11 can be disabled - this control is not compliant with the password policy set by the LZ
• VA 3.3 enable encryption on config-logs and access-logs S3 buckets
• VA 3.2 : Enable encryption on the SNS topic
• Enable Guardduty for Kubernetes
• Region ap-northeast-1 added for installation of SLZ resources.

Simplified installation

New release 1.5.1. Items added:

• Added OU parameter to EC-Setup-Client.sh script to allow C2 to install their accounts without needing to pass the root account email.
• Modified script to update the LZ version on the SSM parameter only if the execution of the update is successful.
• Updated documentation.