Merge pull request #215 from aws-solutions/release/v2.2.0

Upgrade to v2.2.0

Author: hayesry

.gitignore

@@ -13,6 +13,9 @@
 *.d.ts
 *.js
 
+# CloudTrail event processor is JavaScript
+!**/cloud-trail-event-processor/*.js
+
 # config
 !.eslintrc.js
 
@@ -29,12 +32,15 @@ coverage/
 .venv/
 __pycache__/
 *.egg-info/
+# generated by poetry export command in build script
+requirements.txt
 
 # pytest
 .coverage
 
 # IDE
 .vscode/
+.idea/
 
 # system
 .DS_Store

CHANGELOG.md

@@ -5,22 +5,56 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.2.0] - 2024-12-16
+
+### Added
+
+- Option to integrate an external ticket system by providing a lambda function name at deployment time
+- Integration stacks for Jira and ServiceNow as external ticketing systems
+- Widget "Total successful remediations" on the CloudWatch Dashboard
+- Detailed success/failure metrics on the CloudWatch Dashboard grouped by control id
+- Detailed log of account management actions taken by ASR on the CloudWatch Dashboard
+- Remediations for additional control ids
+- Playbook for CIS 3.0 standard
+- Integrated Poetry for python dependency management
+- Integration with AWS Lambda Powertools Logger & Tracer
+- Deletion protection and autoscaling to scheduling table
+
+### Changed
+
+- More detailed notifications
+- Added namespace to member roles to avoid name conflicts when reinstalling the solution
+- Removed CloudFormation retention policies for member IAM roles where unnecessary
+
+### Fixed
+
+- Config.1 remediation script to allow non-"default" Config recorder name
+- parse_non_string_types.py script to allow boolean values
+
+
 ## [2.1.4] - 2024-11-18
+
 ### Changed
+
 - Upgraded python runtimes in all control runbooks from python3.8 to python3.11.
-  - Upgrade is done at build-time temporarily, until the `cdklabs/cdk-ssm-documents` package adds support for newer python runtimes. 
+  - Upgrade is done at build-time temporarily, until the `cdklabs/cdk-ssm-documents` package adds support for newer python runtimes.
+
 ### Security
+
 - Upgraded cross-spawn to mitigate [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)
 
 ## [2.1.3] - 2024-09-18
 
 ### Fixed
+
 - Resolved an issue in the remediation scripts for EC2.18 and EC2.19 where security group rules with IpProtocol set to "-1" were being incorrectly ignored.
 
 ### Changed
+
 - Upgraded all Python runtimes in remediation SSM documents from Python 3.8 to Python 3.11.
 
 ### Security
+
 - Upgraded micromatch package to mitigate [CVE-2024-4067](https://avd.aquasec.com/nvd/2024/cve-2024-4067/)
 
 ## [2.1.2] - 2024-06-20
@@ -32,7 +66,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Security
 
-- Updated braces package version for CVE-2024-4068 - https://avd.aquasec.com/nvd/cve-2024-4068
+- Updated braces package version for [CVE-2024-4068](https://avd.aquasec.com/nvd/cve-2024-4068)
 
 ## [2.1.1] - 2024-04-10
 

CODE_OF_CONDUCT.md

@@ -1,4 +1,2 @@
 ## Code of Conduct
-This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
-For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
-[email protected] with any additional questions or comments.
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact [email protected] with any additional questions or comments.

CONTRIBUTING.md

@@ -6,24 +6,23 @@ documentation, we greatly value feedback and contributions from our community.
 Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
 information to effectively respond to your bug report or contribution.
 
-
 ## Reporting Bugs/Feature Requests
 
 We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
 When filing an issue, please check [existing open](https://github.com/aws-solutions/automated-security-response-on-aws/issues), or [recently closed](https://github.com/aws-solutions/automated-security-response-on-aws/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
 reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
 
-* A reproducible test case or series of steps
-* The version of our code being used
-* Any modifications you've made relevant to the bug
-* Anything unusual about your environment or deployment
-
+- A reproducible test case or series of steps
+- The version of our code being used
+- Any modifications you've made relevant to the bug
+- Anything unusual about your environment or deployment
 
 ## Contributing via Pull Requests
+
 Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
-1. You are working against the latest source on the *main* branch.
+1. You are working against the latest source on the _master_ branch.
 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
 
@@ -39,23 +38,22 @@ To send us a pull request, please:
 GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
 [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
 
-
 ## Finding contributions to work on
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/automated-security-response-on-aws/labels/help%20wanted) issues is a great place to start.
 
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/automated-security-response-on-aws/labels/help%20wanted) issues is a great place to start.
 
 ## Code of Conduct
+
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
 For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 [email protected] with any additional questions or comments.
 
-
 ## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
 ## Licensing
 
 See the [LICENSE](https://github.com/aws-solutions/automated-security-response-on-aws/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
+We may ask you to sign a [Contributor License Agreement (CLA)](https://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.