release/v1.3.0

Author: rgd11

CHANGELOG.md

@@ -5,6 +5,65 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.0] - 2022-12-21
+
+### Added
+
+- feat(installer): add support for organization only install
+- feat(network): add ability to create site-to-site vpn to tgw
+- feat(network): add ability to specify file with list of suricata rules for network firewall
+- feat(network): add ability to specify transit gateway peering
+- feat(network): add ability to create routes for vpc peering connections
+- feat(network): add ability to create and reference VGWs for VPNs, subnet routes, and gateway route table associations
+- feat(network): add ability to create third-party firewalls
+- feat(network): add ability to configure firewall manager
+- feat(network): add ability to define ALBs and NLBs
+- feat(logs): allow specification of centralized logging bucket region independent of home region
+- feat(iam): add ability for IAM policy replacements
+- feat(organizations): add support to ignore organizational units
+- feat(organizations): add functionality to move accounts between ous (orgs-only install)
+- feat(security): add centralized and configurable sns topics
+- feat(security): add ability to create ACM from s3 and integrate that with ELBv2
+- feat(guardDuty): enable S3 export config override
+- feat(guardDuty): provide functionality to enable EKS protection
+- feat(ssm): enable SSM Inventory
+- feat(securityhub): add support for CIS 1.4.0 controls in SecurityHub
+- feat(cloudformation): Create custom CloudFormation stacks
+- feat(s3): add ability to define policy statements to s3 buckets and keys
+- feat(quotas): limits increase for services
+- feat(sso): add ability to configure iam identity center
+- feat(mad): add ability to configure managed ad
+- feat(kms): allow parameter replacement in key files
+
+### Changed
+
+- enhancement(network): add use of static CIDR property for VPC templates
+- enhancement(network): update Direct Connect custom resource logic to handle asynchronous actions
+- enhancement(network): add Resolver endpoint name to deployed endpoints
+- enhancement(logging): transform cloudwatch logs data to allow query from athena
+- enhancement(organizations): move replacements to stack level
+- enhancement(organizations): added checks for scps with no OUs or accounts
+- enhancement(organizations): validate scp count
+- enhancement(configs): add config rules and ssm auto remediation in AWS GovCloud (US) reference config
+- fix(logging): update central log key lookup set log bucket to central log region
+- fix(logging): move account CloudTrail S3 logs to central log bucket
+- fix(organizations): add cases for null organizations and accounts in SCP
+- fix(pipeline): force bootstraping to run in global region and home region if missing
+- fix(ssm) limit api calls to 20 accounts per invocation
+- fix(sns): update sns policies
+- fix(sns): added account check on sns kms key policy
+- fix(kms): add ebs kms policy for cloud9
+- fix(security): updated sns topic to use home region rather than global region
+
+### New Configurations
+
+- [US Aerospace](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/aerospace.html)
+- [US State and Local Government Central IT](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/central-it.html)
+- [Canadian Centre for Cyber Security (CCCS) Cloud Medium](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/canadian-centre-for-cyber-security-cccs-cloud-medium.html)
+- [Trusted Secure Enclaves Sensitive Edition (TSE-SE) for National Security, Defence, and National Law Enforcement](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/trusted-secure-enclaves-sensitive-edition-for-national-security-defence-and-national-law-enforcement.html)
+- [Elections](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/elections.html)
+- [Finance (Tax)](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/finance-tax.html)
+
 ## [1.2.2] - 2022-11-04
 
 ### Changed

source/package.json

@@ -1,6 +1,6 @@
 {
   "name": "landing-zone-accelerator-on-aws",
-  "version": "1.2.2",
+  "version": "1.3.0",
   "description": "Landing Zone Accelerator on AWS",
   "license": "Apache-2.0",
   "author": {

source/packages/@aws-accelerator/accelerator/test/__snapshots__/accounts-stack.test.ts.snap

@@ -926,7 +926,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-AccountsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/applications-stack.test.ts.snap

@@ -7,7 +7,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-CustomizationsStack-444444444444-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/bootstrap-stack.test.ts.snap

@@ -797,7 +797,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-BootstrapStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/customizations-stack.test.ts.snap

@@ -74,7 +74,7 @@ Resources:
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-CustomizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/finalize-stack.test.ts.snap

@@ -151,7 +151,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-FinalizeStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/key-stack.test.ts.snap

@@ -475,7 +475,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-KeyStack-222222222222-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/logging-stack.test.ts.snap

@@ -2681,7 +2681,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-LoggingStack-333333333333-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-associations-gwlb-stack.test.ts.snap

@@ -699,7 +699,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-NetworkAssociationsGwlbStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-associations-stack.test.ts.snap

@@ -1736,7 +1736,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-NetworkAssociationsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-prep-stack.test.ts.snap

@@ -1171,7 +1171,7 @@ drop http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:\\"example.com\
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-NetworkPrepStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-dns-stack.test.ts.snap

@@ -438,7 +438,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcDnsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-endpoints-stack.test.ts.snap

@@ -855,7 +855,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcEndpointsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-stack.test.ts.snap

@@ -2114,7 +2114,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/operations-stack.test.ts.snap

@@ -710,7 +710,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-OperationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -1635,7 +1635,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-OperationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/organizations-stack.test.ts.snap

@@ -2536,7 +2536,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-OrganizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -5104,7 +5104,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-OrganizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -7672,7 +7672,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-OrganizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/pipeline-stack.test.ts.snap

@@ -1957,7 +1957,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/PipelineStack/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/prepare-stack.test.ts.snap

@@ -4322,7 +4322,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-PrepareStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/security-audit-stack.test.ts.snap

@@ -2348,7 +2348,7 @@ def script_handler(events, context):
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-SecurityAuditStack-222222222222-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -4731,7 +4731,7 @@ def script_handler(events, context):
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-SecurityAuditStack-222222222222-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/security-resources-stack.test.ts.snap

@@ -2983,7 +2983,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-SecurityResourcesStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -6269,7 +6269,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-SecurityResourcesStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/security-stack.test.ts.snap

@@ -973,7 +973,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-SecurityStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -1786,7 +1786,7 @@ Object {
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-SecurityStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/installer/test/__snapshots__/installer.test.ts.snap

@@ -184,7 +184,7 @@ Object {
     "RepositoryBranchName": Object {
       "AllowedPattern": ".+",
       "ConstraintDescription": "The repository branch name must not be empty",
-      "Default": "release/v1.2.2",
+      "Default": "release/v1.3.0",
       "Description": "The name of the git branch to use for installation. To determine the branch name, navigate to the Landing Zone Accelerator GitHub branches page and choose the release branch you would like to deploy. Release branch names will align with the semantic versioning of our GitHub releases. New release branches will be available as the open source project is updated with new features.",
       "Type": "String",
     },
@@ -2049,7 +2049,7 @@ phases:
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-Test-InstallerStack/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -2701,7 +2701,7 @@ Object {
     "RepositoryBranchName": Object {
       "AllowedPattern": ".+",
       "ConstraintDescription": "The repository branch name must not be empty",
-      "Default": "release/v1.2.2",
+      "Default": "release/v1.3.0",
       "Description": "The name of the git branch to use for installation. To determine the branch name, navigate to the Landing Zone Accelerator GitHub branches page and choose the release branch you would like to deploy. Release branch names will align with the semantic versioning of our GitHub releases. New release branches will be available as the open source project is updated with new features.",
       "Type": "String",
     },
@@ -4556,7 +4556,7 @@ phases:
       "Properties": Object {
         "Name": "/accelerator/AWSAccelerator-Test-InstallerStack/version",
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -5240,7 +5240,7 @@ Object {
     "RepositoryBranchName": Object {
       "AllowedPattern": ".+",
       "ConstraintDescription": "The repository branch name must not be empty",
-      "Default": "release/v1.2.2",
+      "Default": "release/v1.3.0",
       "Description": "The name of the git branch to use for installation. To determine the branch name, navigate to the Landing Zone Accelerator GitHub branches page and choose the release branch you would like to deploy. Release branch names will align with the semantic versioning of our GitHub releases. New release branches will be available as the open source project is updated with new features.",
       "Type": "String",
     },
@@ -7229,7 +7229,7 @@ phases:
           ],
         },
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -7956,7 +7956,7 @@ Object {
     "RepositoryBranchName": Object {
       "AllowedPattern": ".+",
       "ConstraintDescription": "The repository branch name must not be empty",
-      "Default": "release/v1.2.2",
+      "Default": "release/v1.3.0",
       "Description": "The name of the git branch to use for installation. To determine the branch name, navigate to the Landing Zone Accelerator GitHub branches page and choose the release branch you would like to deploy. Release branch names will align with the semantic versioning of our GitHub releases. New release branches will be available as the open source project is updated with new features.",
       "Type": "String",
     },
@@ -9935,7 +9935,7 @@ phases:
           ],
         },
         "Type": "String",
-        "Value": "1.2.2",
+        "Value": "1.3.0",
       },
       "Type": "AWS::SSM::Parameter",
     },