Skip to content

Release v1.2.5
Compare
Choose a tag to compare
@github-actions github-actions released this 05 Feb 04:20
v1.2.5
6d6e0d2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

STOP

  • This release is no longer supported for new installations or upgrades, use v1.3.2 or above
  • Existing installations of v1.2.5 continue to function

IMPORTANT

  • Releases prior to v1.2.5 leverage API's being deprecated on March 31, 2021, please upgrade accordingly
  • A manual pre-upgrade procedure is required before upgrading to v1.2.5, see Upgrade Considerations in the Intsallation Guide
  • UPDATE: The Organization Account Access Role (default: AWSCloudFormationStackSetExecutionRole) has been moved within the governance structure. This role can continue to be used for troubleshooting/investigative purposes, without the previous associated risk. It can no longer be used to perform corrective actions or make changes to ASEA controlled resources.

Enhancements

  • Pinned all dependencies to exact versions (#563)(#558)(#588)
  • Upgraded CDK from 1.75.0 to 1.85.0 (#587)
  • Removed references to deprecated CDK modules (#585)
  • Migrated off StackSets, enabling customers to define a custom Org account trust role (#568)(#576)(#579)(#583)
  • Added state machine flag to enable rebuilding "storeAllOutputs" (#554)
  • Prevent multiple concurrent Accelerator executions (#575)
  • Add ability to create cross-account role with read-only access to log-archive bucket (#543)(#589)(#596)
    • Used to feed SIEM solutions in Ops account
  • Minor CloudWatch Event and SCP enhancements

Fixes

  • Add missing rsysLog parameter to SSM ParameterStore in perimeter account (#555)
  • Fix new installations w/3AZ's which caused MAD deployments to fail (#565)
  • Resolve S3 'consistency' issues caused by enabling bucket versioning (#564)
  • Fix issue when CloudWatch central logging was only enabled on a single central account (#566)
  • After 100 upgrades, parameter store truncates version history, dropping initial install version (#574)(#577)
  • CreateAccount trigger fails when triggered with IAM user (#573)
  • Fix missing protections for unsupported or risky config file changes (#584)
  • Continue to leverage customer customizations to non-core config files found in customer bucket after upgrades (#591)
  • Bypass SCP change prevention on ignored-ous (#595)

Documentation

  • Add additional sample Accelerator config files (ultra-lite and multi-region) (#562)
  • Add documentation to detail Accelerator config file protections
  • Update documents for v1.2.5 release, clarify upgrade process, remove pre-1.2.0 references
  • Minor tweaks and clarifications
  • Fix PDF document generator

Config file changes

  • renamed ssm-log-archive-access to ssm-log-archive-write-access (both supported interchangeably for several releases)
  • added ssm-log-archive-read-only-access parameter (Optional)
  • Tweaked MFA Cloud Watch Alarm to reduce noise (Optional)
  • Add additional Cloud Watch Alarm (IAM Unapproved IP) (Optional)
Assets 4
Loading