@@ -5,50 +5,123 @@ All notable changes to this project will be documented in this file.
55The format is based on [ Keep a Changelog] ( https://keepachangelog.com/en/1.0.0/ ) ,
66and this project adheres to [ Semantic Versioning] ( https://semver.org/spec/v2.0.0.html ) .
77
8- ## [ 1.7.0]
8+ ## [ 1.7.0] - 05-31-2024
99
1010### Added
1111
12- - feat(network): allow Route53 resolver endpoints and query logging to be defined in the VPC object.
13- - feat(control-tower): integrate lz management api.
12+ - feat(control-tower): integrate lz management api
1413- feat(control-tower): integrate lz baseline api
1514- feat(control-tower): add global region into the Control Tower governed region list
16- - feat(securityhub): allow custom cloudwatch log group for events
15+ - feat(network): add IPv6 support for DHCP options sets
16+ - feat(network): Provide static IPv6 support for VPC and Subnets
17+ - feat(network): extend IPv6 support to VPC peering, ENI, and TGW static routes
18+ - feat(network): support vpc peering for vpcs created by vpcTemplates
19+ - feat(network): add resolver config to vpc object
20+ - feat(network): add tag property for interface endpoints
21+ - feat(network): add route53 query logging and resolver endpoint handlers
22+ - feat(logging): wildcards in dynamic partitioning
23+ - feat(logging): add cloudwatch log group data protection policy
24+ - feat(ssm): add targetType to documents
25+ - feat(config): update to use json schema
26+ - feat(replacements): add support for ACCOUNT_NAME in user data
27+ - feat(pipeline): move assets to local directory
28+ - feat(pipeline): validate accelerator version in build stage
29+ - feat(regions): add ca-west-1 support
30+ - feat(securityhub): add custom cloudwatch log group for security hub
1731- feat(iam): allow IAM Principal Arn as well as externalId for trust policy with IAM Roles
18- - fix(organization): ou baseline operation should be skipped when Control Tower is not enabled
19- - chore(documentation): update opt-in region requirement for Control Tower deployment
20- - feat(control-tower) integrate lz management and baseline api for external account deployment
21- - fix(control-tower): add validation to check incorrect landing zone version in global config
32+ - feat(config): added deploymentTargets for awsConfig
33+ - feat(guardduty): added deploymentTargets for GuardDuty
34+
35+ ### Changed
36+
37+ - chore(lambda): upgrade to node18 runtime
38+ - chore(sdkv3): remove references to aws-lambda
39+ - chore(sdkv3): remove aws-lambda reference in batch enable standards
40+ - chore(package): tree shake util import to reduce package size
41+ - chore(docs): added docs for local zone subnet creation
42+
43+ ### Fixed
44+
45+ - fix(replacements): retrieve mgmt credentials during every config validation
46+ - fix(replacements): throw error for undefined replacement
47+ - fix(replacements): updated logic for ignored replacements
48+ - fix(replacements): updated validation pattern
49+ - fix(replacements): updated EmailAddress type to support replacement strings
50+ - fix(route53): revert getHostedZoneNameForService changes
51+ - fix(identity-center): address identity center resource metadata lookup resources
52+ - fix(identity-center): added permission to create assignments for mgmt
53+ - fix(identity-center): removed custom resource for SSM parameters
54+ - fix(diagnostic-pack): assume role name prefix for external deployment
55+ - fix(logging): refactored logging of Security Hub events
56+ - fix(diff): customizations template lookup
57+ - fix(diff): dependent stack lookup
58+ - fix(diff): added error logging to detect file diff errors
59+ - fix(applications): only lookup shared subnet ids for apps in shared vpcs
60+ - fix(toolkit): fixed deployment behavior for non-customization stage
61+ - fix(toolkit): change asset copy files to syn
62+ - fix(toolkit): move asset processing into main
2263- fix(organizations): unable to create ou with same name under different parent
23- - feat(logging): add cloudwatch log group data protection policy
24- - chore(documentation): update merge request template to add unit test information
25- - feat(control-tower): lz management api gov cloud support
26- - chore(test): update all-enabled custom config rule lambda python version
27- - fix(control-tower): exclude ignored ou from registering with control tower
28- - fix(control-tower): manage ignored ou creation and registration
29- - chore(logging): static code scan for logging
30- - documentation(securityhub): security hub findings description with prescriptive guidance
31- - feat(config): added deploymentTargets for awsConfig since configuration recorder cannot be turned off selectively
32- - feat(guardduty): add deploymentTargets and autoEnableOrgMembers settings for guardduty
33- - feat(networking): add tags property to interfaceEndpoints to tag private hosted zones for interface endpoints
64+ - fix(organizations): delete policies based on event
65+ - fix(organizations): Resolve issue where policies are not being updated
66+ - fix(pipeline): send UUID on exception of central logs bucket kms key
67+ - fix(config): Update SSM automation document match string
68+ - fix(config): validate regions in customizations
69+ - fix(service-quotas): check existing limit before request
70+ - fix(idc): explicitly set management account for CDK env
71+ - fix(move-accounts): retry strategy and increase timeout
72+ - fix(alb): Update target types to include lambda
73+ - fix(validation): check for duplicate emails in accounts-config
74+ - fix(validation) Update KMS key lookup validation in security-config
75+
76+ ### Configuration Changes
77+
78+ - chore(sample-config): remove breakglass user from the sample configurations
79+ - chore(sample-config): add alerting for breakglass user account usage
80+
81+ ## [ 1.6.4] - 05-23-2024
82+
83+ ### Added
84+
3485- feat(validation): add option to skip scp validation during prepare stage
3586
87+ ### Fixed
88+
89+ - fix(toolkit): move custom stack queue out of toolkit
90+
91+ ## [ 1.6.3] - 05-09-2024
92+
93+ ### Fixed
94+
95+ - fix(organizations): ignore deletion for policies that do not exist
96+ - fix(organizations): resolve issue where existing policies were not being updated
97+
98+ ## [ 1.6.2] - 03-27-2024
99+
100+ ### Fixed
101+
102+ - fix(replacements): throw error for undefined replacements
103+ - fix(diff): dependent CloudFormation stacks not included in diff review stage
104+ - fix(diff): customizations templates are not included in diff review stage
105+ - fix(networking): ca-central-1 physical AZ subnet incorrect
106+ - fix: metadata updates should execute on pipeline completion
107+
36108### Changed
37109
38- - fix(logging ): refactored Security Hub logging to use EventBridge
39- - chore(lambda): upgraded runtime to Node18
40- - chore(config): remove break glass user from the sample configurations
110+ - chore(documentation ): improvements to installation.md
111+
112+ ## [ 1.6.1 ] - 02-21-2024
41113
42114### Fixed
43115
44116- fix(docs): resolve broken links to appropriate pages
45117- fix(networking): resolve duplicate construct error for endpoint security groups
46118- fix(networking): Fix Canada region physical AZ Subnet lookup
47- - fix(organizations): resolve issue where existing policies were not being updated
48- - fix(sample-config): root account cloudwatch metric filter name
49- - fix(toolkit): move custom stack queue out of toolkit
119+ - fix(docs): broken links in documentation
120+ - fix(route53): associate hosted zones timeout
50121
51- ### Configuration Changes
122+ ### Changed
123+
124+ - chore(diagnostics-pack): cleanup
52125
53126## [ 1.6.0] - 01-10-2024
54127
0 commit comments