Skip to content

v2.1.0
Compare
Choose a tag to compare
@AaronSchuetter AaronSchuetter released this 28 Mar 19:26
· 26 commits to main since this release
v2.1.0
362b0ac
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • CloudWatch Dashboard for monitoring solution metrics
  • Remediations will be scheduled in the future to prevent throttling if many remediations are triggered in a short period of time
  • New support for NIST 800-53 standard
  • New remediations for CloudFront.1, CloudFront.12, Codebuild.5, EC2.4, EC2.8, EC2.18, EC2.19, EC2.23, ECR.1, GuardDuty.1 IAM.3, S3.9, S3.11, S3.13, SecretsManager.1, SecretsManager.3, SecretsManager.4, SSM.4
  • Support for customizable input parameters to remediations

Changed

  • Updated AFBSP to FBSP in docs
  • Add HttpEndpoint parameter as enabled for EC2.8 remediation
  • Updated imports for moto 5.0.0

Fixed

  • Disabled AppRegistry functionality in China regions. AppRegistry is not available in those regions.
  • Added missing EventBridge rules for CloudFormation.1, EC2.15, SNS.1, SNS.2, and SQS.1
  • Fixed SC_SNS.2 Not executing due to wrong automation document
  • Fixed RDS.4 remediation failing to remediate due to incorrect regex
  • RDS.4 regex now includes snapshots created by Backup
  • Enable CloudTrail encryption remediation is now a regional remediation
  • Fixed SC_SQS.2 incorrect parameter
  • Fixed SC_EC2.6 message on finding note
  • Added AddTagsToResource to EncryptRDSSnapshot remediation role
  • SNS.2 now works in regions other than where the roles are deployed
  • Updated SNS.1 parameter to TopicArn instead of SNSTopicArn
  • SC_RDS.1 regex now includes snapshots
  • Fixed certain remediations failing in opt-in regions due to STS token endpoint
  • Rules for CIS 1.4.0 no longer match on CIS 1.2.0 generator ID
  • Fixed S3.6 creating malformed policy when all principals are "*"

Security

  • Upgraded urllib3
Assets 2
Loading