Skip to content

Release v1.2.6-a
Compare
Choose a tag to compare
@github-actions github-actions released this 25 Feb 02:30
v1.2.6-a
d60f214
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

STOP

  • This release is no longer supported for new installations or upgrades, use v1.3.2 or above
  • Existing installations continue to function

Enhancements

  • Enable automatic KMS key rotation on Accelerator created KMS keys (#619)
  • SCP Policy enhancements (#614)
    • remove references to ALZ solution freeing SCP space
    • fix overly permissive Unclass OU permissions
    • enable KMS key deletion in Sandbox OU
  • Add additional Firewall config replacement variables (for future use) (#625)
  • Add SCP and config file variable replacement capabilities (#623)
    • Enable changing region settings without requiring customers to manually update SCP files
    • add ${HOME_REGION} and ${GBL_REGION} to simplify installing in non ca-central-1 regions
    • add customer provided replacement variable options, defined in the config file to allow all updates in one spot
    • add ${ACCELERATOR_PREFIX}, ${ACCELERATOR_NAME}, ${ACCELERATOR_PREFIX_LND}, ${ACCELERATOR_PREFIX_ND} variables
      • first step to enable installing with a different Accelerator Prefix
      • while the installer prefix is now a CloudFormation parameter, setting the prefix will NOT be supported until v1.3.0
      • changing the prefix on existing deployments will NEVER be supported

Fixes

  • Fix catch exception on ssm GetParam for accelerator/version with new installs (#635)
  • Fix failure when both inbound and outbound resolvers are defined but set to false (#609)
  • Fix enabling new IAM policy creation based on Org config (#610)
  • Fix remove account or leave organization action trigger (#618)

Documentation

  • Improve upgrade instructions incl. clarify v1.2.4 config file requirements (#602)(#628)
  • FAQ Enhancements, incl. ACM and customer provided SCP upgrade handling procedures (#603)(#616)(#617)
  • Updated the "What we do where" document (#625)

Config file changes

  • Added auto-remediating s3 encryption rule in Sandbox OU to reduce Security Hub noise (Optional)
  • Tweaked Access Denied Cloud Watch Alarm to reduce noise (Optional)
  • Renamed Accelerator provided default files containing references to 'PBMM' (Mandatory)
    • Repo provided SCP Files and RDGW policy files need to be updated to reflect new filenames
    • Additionally, updated SCP names and descriptions
  • add new major config file replacements section (Mandatory)
  • replaced references to regions and Accelerator prefix throughout with variables (Optional)
  • Prettier on SCP files
Assets 4
Loading