aws-solutions
diff --git a/‎CHANGELOG.md‎
Lines changed: 15 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎NOTICE.txt‎
Lines changed: 898 additions & 1546 deletions b/‎NOTICE.txt‎
Lines changed: 898 additions & 1546 deletions
diff --git a/‎deployment/network-orchestration-hub.template‎
Lines changed: 109 additions & 0 deletions b/‎deployment/network-orchestration-hub.template‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎deployment/network-orchestration-spoke.template‎
Lines changed: 34 additions & 0 deletions b/‎deployment/network-orchestration-spoke.template‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎sonar-project.properties‎
Lines changed: 0 additions & 1 deletion b/‎sonar-project.properties‎
Lines changed: 0 additions & 1 deletion
@@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.3.24] - 2026-03-25
+
+### Changed
+
+- Migrated `source/ui` from Create React App (`react-scripts`) to Vite + Vitest
+
+### Fixed
+
+- Fixed VPC CIDR display showing only the primary CIDR block. Now captures all associated CIDRs (primary + secondary) and automatically updates on CIDR changes
+
+### Security
+
+- Removed deprecated `react-scripts` and its transitive dependency tree, eliminating associated CVEs
+- Removed dead security overrides (`svgo`, `node-forge`, `qs`, `@isaacs/brace-expansion`, `lodash`) that no longer apply
+
 ## [3.3.23] - 2026-02-24
 
 ### Security
 
@@ -696,6 +696,60 @@ Resources:
       Principal: "events.amazonaws.com"
       SourceArn: !Sub ${LambdaEventRuleHubAccount.Arn}
 
+  # For hub account VPC CIDR changes:
+  LambdaEventRuleOnVpcCidrChangeHubAccount:
+    Type: AWS::Events::Rule
+    Properties:
+      Description: Serverless Transit Network Orchestrator - Invokes StateMachineLambda on VPC CIDR changes in the hub account
+      EventPattern:
+        {
+          "account": [
+            !Ref "AWS::AccountId"
+          ],
+          "source": [
+            "aws.ec2"
+          ],
+          "detail-type": [
+            "AWS API Call via CloudTrail"
+          ],
+          "detail": {
+            "eventSource": [
+              "ec2.amazonaws.com"
+            ],
+            "eventName": [
+              "AssociateVpcCidrBlock",
+              "DisassociateVpcCidrBlock"
+            ]
+          }
+        }
+      State: ENABLED
+      Targets:
+        - Arn: !GetAtt StateMachineLambdaFunction.Arn
+          Id: 'StateMachineLambdaOnCidrChangeHub'
+          InputTransformer:
+            InputPathsMap:
+              "detail" : "$.detail"
+              "account": "$.account"
+            InputTemplate: |
+              {
+                "params": {
+                  "ClassName": "VPC",
+                  "FunctionName": "update_vpc_cidr"
+                },
+                "event": {
+                  "detail" : <detail>,
+                  "account" : <account>
+                }
+              }
+
+  PermissionForVpcCidrChangeHubAccountRule:
+    Type: AWS::Lambda::Permission
+    Properties:
+      FunctionName: !Ref "StateMachineLambdaFunction"
+      Action: "lambda:InvokeFunction"
+      Principal: "events.amazonaws.com"
+      SourceArn: !Sub ${LambdaEventRuleOnVpcCidrChangeHubAccount.Arn}
+
   LambdaEventRuleOnSubnetDeletion:
     Type: AWS::Events::Rule
     Properties:
@@ -750,6 +804,59 @@ Resources:
       Principal: "events.amazonaws.com"
       SourceArn: !Sub ${LambdaEventRuleOnSubnetDeletion.Arn}
 
+  # For spoke account VPC CIDR changes:
+  LambdaEventRuleOnVpcCidrChangeSpokeAccounts:
+    Type: AWS::Events::Rule
+    Properties:
+      Description: Serverless Transit Network Orchestrator - Invokes StateMachineLambda on VPC CIDR changes in spoke accounts
+      EventBusName: !Ref STNOCustomEventBus
+      EventPattern:
+        {
+          "account": !If [ IsNotMemberOfOrganization, !Ref Principals, !Ref "AWS::NoValue" ],
+          "source": [
+            "aws.ec2"
+          ],
+          "detail-type": [
+            "AWS API Call via CloudTrail"
+          ],
+          "detail": {
+            "eventSource": [
+              "ec2.amazonaws.com"
+            ],
+            "eventName": [
+              "AssociateVpcCidrBlock",
+              "DisassociateVpcCidrBlock"
+            ]
+          }
+        }
+      State: ENABLED
+      Targets:
+        - Arn: !GetAtt StateMachineLambdaFunction.Arn
+          Id: 'StateMachineLambdaOnCidrChange'
+          InputTransformer:
+            InputPathsMap:
+              "detail" : "$.detail"
+              "account": "$.account"
+            InputTemplate: |
+              {
+                "params": {
+                  "ClassName": "VPC",
+                  "FunctionName": "update_vpc_cidr"
+                },
+                "event": {
+                  "detail" : <detail>,
+                  "account" : <account>
+                }
+              }
+
+  PermissionForVpcCidrChangeRule:
+    Type: AWS::Lambda::Permission
+    Properties:
+      FunctionName: !Ref "StateMachineLambdaFunction"
+      Action: "lambda:InvokeFunction"
+      Principal: "events.amazonaws.com"
+      SourceArn: !Sub ${LambdaEventRuleOnVpcCidrChangeSpokeAccounts.Arn}
+
   STNOCustomEventBus:
     Type: AWS::Events::EventBus
     Properties:
@@ -1118,6 +1225,8 @@ Resources:
               - Effect: Allow
                 Action:
                   - dynamodb:PutItem
+                  - dynamodb:Scan
+                  - dynamodb:UpdateItem
                 Resource: !GetAtt DynamoDbTable.Arn
               - !If
                   - OrganizationManagementAccountRoleArn
 
@@ -80,6 +80,40 @@ Resources:
           RoleArn: !GetAtt TransitNetworkEventDeliveryRole.Arn
 
 
+  VpcCidrChangeEventRule:
+    Condition: "IsSpokeAccountOtherThanHubAccount"
+    Type: AWS::Events::Rule
+    Properties:
+      Description: Serverless Transit Network Orchestrator - Spoke - Rule for VPC CIDR changes
+      EventPattern:
+        {
+          "account": [
+            !Ref "AWS::AccountId"
+          ],
+          "source": [
+            "aws.ec2"
+          ],
+          "detail-type": [
+            "AWS API Call via CloudTrail"
+          ],
+          "detail": {
+            "eventSource": [
+              "ec2.amazonaws.com"
+            ],
+            "eventName": [
+              "AssociateVpcCidrBlock",
+              "DisassociateVpcCidrBlock"
+            ]
+          }
+        }
+      State: ENABLED
+      Targets:
+        - Arn: !Sub
+            - arn:${AWS::Partition}:events:${AWS::Region}:${HubAccount}:event-bus/${EventBusName}
+            - {EventBusName: !FindInMap [EventBridge, Bus, Name]}
+          Id: SpokeVpcCidrChangeEvent
+          RoleArn: !GetAtt TransitNetworkEventDeliveryRole.Arn
+
   SubnetDeletionEventRule:
     Condition: "IsSpokeAccountOtherThanHubAccount"  # Adding an EventBus as a target within an account is not allowed.
     Type: AWS::Events::Rule
 
@@ -31,7 +31,6 @@ sonar.exclusions=\
     source/lambda/coverage/**, \
     source/ui/coverage/**, \
     source/cognito-trigger/jest.config.js, \
-    source/ui/src/jest.config.js, \
     source/cognito-trigger/setJestEnvironmentVariables.ts, \
     source/ui/src/setupTests.ts