release/v1.10.0

CHANGELOG.md

@@ -5,38 +5,79 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [1.10.0] -
+## [1.10.0] - 10-16-2024
 
 ### Added
 
 - feat(networking): add support for TLS1.3 security policy for ALB and NLB listener
+- feat(performance): changed transpiler to swc
+- feat(pipeline): add codeconnection as configuration source
 - feat(regions): add support for the ap-southeast-5 opt-in region
+- feat(regions): add feature to enable opt-in regions programmatically
+- feat(s3): add error handling and validation for s3 config
+- feat(s3): add feature flag parameter use-s3-source for S3 as LZA source code location
+- feat(stacksets): added support for dependencies between stacksets
+- feat(uninstaller): deleted s3 repo in uninstaller
+- feat(yarn): add ability to use .yarnrc to use custom package registry and ca-certs
 
 ### Fixed
 
-- fix: configuration validation failure when SecurityHub was enabled with Control Tower
-- fix(uninstaller): include deletion of IdentityCenter and ResourcePolicyEnforcement stacks 
-- fix(ssm): updated session manager role to allow kms permissions in all enabled regions
+- fix(bootstrap): batched bootstrap checks
+- fix(control-tower): updated boolean logic to get LZ identifier
+- fix(custom-stacks): loaded replacement values during custom stack deployment
+- fix(diff): parse error during diff
+- fix(firewalls): fix firewall owner lookup when deployed in shared VPC
+- fix(iam): add cdk feature flag to minimize iam policy
+- fix(iam): use same form of service principal in all partitions: <service>.amazonaws.com
+- fix(logs): refactored NewCloudWatchLogEvent to ignore LZA-managed log groups
+- fix(metadata): fixed config file writes with codecommit
+- fix(organizations): failure when 5 SCPs with allow-list strategy option is defined
+- fix(organizations): update organizations module to handle nested ou's correctly
+- fix(prerequisites): checks forces child accounts to have CodeBuild parallel executions
+- fix(replacements): accel_lookup variable not getting replaced for all the occurrences
 - fix(s3): fix s3 bucket name constructs for imported buckets
 - fix(s3): fixed issue where s3 bucket as source did not support a KMS-encrypted bucket
-- fix(iam): add cdk feature flag to minimize iam policy
+- fix(s3): default asset bucket name to home region
+- fix(s3): add methods to construct imported bucket
+- fix(ssm): updated session manager role to allow kms permissions in all enabled regions
+- fix(validation): configuration validation failure when SecurityHub was enabled with Control Tower
+- fix(uninstaller): include deletion of IdentityCenter and ResourcePolicyEnforcement stacks 
 
 ### Changed
 
+- chore: remove cdk 2.148.0 dependencies
+- chore: suppress node warnings on synth
+- chore: update typedoc to v0.26.7
+- chore: updated cdk version
+- chore: updated deps @types/jest v29.5.12 aws-sdk v3.637.0 
+- chore: upgrade aws sdk to v2.1691.0
+- chore: upgrade lerna to v8.1.8
+- chore(cfn-nag): added suppressions
+- chore(documentation): add security.md file to repo
+- chore(documentation): added json-schema page
+- chore(documentation): update config.md Control Tower OU guidance
+- chore(documentation): updating typedoc for vpc cidrs to include caveat about cidr list
+- chore(installer): added clarification to CF template
 - chore(lambda): remove debug console log statements
 - chore(modules): renamed modules to lza-modules
-- chore(config): add iam user create prevention control in sample config
-- chore(config): add kms modification protection to preventative controls in sample config
-- chore(config): add disable import findings integration to scp
+- chore(organizations): use global region in AWS Organizations client
+- chore(regions): update global region map
+- chore(sample-config): add iam user create prevention control in sample config
+- chore(sample-config): add kms modification protection to preventative controls in sample config
+- chore(sample-config): add disable import findings integration to scp
+- chore(sample-config): update s3 service control policy
+- chore(sts): updated sts endpoints
 - chore(uninstaller): improved performance for deployments with many regions
+- chore(validation): extending validation on ENI lookups to allow for _ character
 
 ## [1.9.2] - 08-26-2024
 
 ### Fixed
 
+- fix(control-tower): skip existing ct identifier check when ct is not enabled
 - fix(metadata): fixed config file writes with codecommit
 - fix(validation): configuration validation failure when SecurityHub was enabled with Control Tower
-- fix(control-tower): skip existing ct identifier check when ct is not enabled
+
 ### Changed
 
 - chore: add security.md file to repo

NOTICE.txt

@@ -23,28 +23,35 @@ This software includes third party software subject to the following copyrights:
 @aws-cdk/cloud-assembly-schema - Apache-2.0
 @aws-cdk/cx-api - Apache-2.0
 @aws-cdk/region-info - Apache-2.0
+@aws-sdk/client-account - Apache-2.0
 @aws-sdk/client-backup - Apache-2.0
 @aws-sdk/client-cloudformation - Apache-2.0
 @aws-sdk/client-cloudwatch-logs - Apache-2.0
 @aws-sdk/client-codebuild - Apache-2.0
 @aws-sdk/client-codecommit - Apache-2.0
 @aws-sdk/client-codepipeline - Apache-2.0
 @aws-sdk/client-config-service - Apache-2.0
+@aws-sdk/client-controltower - Apache-2.0
 @aws-sdk/client-detective - Apache-2.0
 @aws-sdk/client-dynamodb - Apache-2.0
 @aws-sdk/client-ec2 - Apache-2.0
 @aws-sdk/client-ecr - Apache-2.0
 @aws-sdk/client-guardduty - Apache-2.0
 @aws-sdk/client-iam - Apache-2.0
+@aws-sdk/client-identitystore - Apache-2.0
+@aws-sdk/client-kinesis - Apache-2.0
 @aws-sdk/client-kms - Apache-2.0
 @aws-sdk/client-network-firewall - Apache-2.0
 @aws-sdk/client-organizations - Apache-2.0
-@aws-sdk/client-s3 - Apache-2.0
+@aws-sdk/client-route-53 - Apache-2.0
 @aws-sdk/client-s3 - Apache-2.0
 @aws-sdk/client-secrets-manager - Apache-2.0
+@aws-sdk/client-securityhub - Apache-2.0
+@aws-sdk/client-service-catalog - Apache-2.0
 @aws-sdk/client-service-quotas - Apache-2.0
 @aws-sdk/client-sns - Apache-2.0
-@aws-sdk/client-ssm - - Apache-2.0
+@aws-sdk/client-ssm - Apache-2.0
+@aws-sdk/client-sso-admin - Apache-2.0
 @aws-sdk/client-sts - Apache-2.0
 @aws-sdk/lib-dynamodb - Apache-2.0
 @aws-sdk/smithy-client - Apache-2.0
@@ -93,10 +100,13 @@ eslint-plugin-node - MIT
 eslint-plugin-prettier - MIT
 eslint-plugin-promise - ISC
 exponential-backoff - Apache-2.0
+fp-ts - MIT
 fs-extra - MIT
 hash-sum - MIT
 husky - MIT
 husky-init - MIT
+io-ts - MIT
+io-ts-types - MIT
 ip-num - MIT
 jest - MIT
 jest-junit - Apache-2.0
@@ -117,6 +127,7 @@ prettier - MIT
 promptly - MIT
 proxy-agent - MIT
 semver - MIT
+swc - MIT
 tempy - MIT
 ts-jest - MIT
 ts-json-schema-generator - MIT

solution-manifest.yaml

@@ -1,7 +1,7 @@
 ---
 id: SO0199
 name: landing-zone-accelerator-on-aws
-version: v1.9.2
+version: v1.10.0
 cloudformation_templates:
   - template: AWSAccelerator-InstallerStack.template
     main_template: true

source/mkdocs/mkdocs.yml

@@ -90,7 +90,10 @@ nav:
           - v1.8.1: typedocs/v1.8.1/index.html
       - v1.9:
           - v1.9.0: typedocs/v1.9.0/index.html
-          - v1.9.1: typedocs/latest/index.html
+          - v1.9.1: typedocs/v1.9.1/index.html
+          - v1.9.2: typedocs/v1.9.2/index.html
+      - v1.10:
+          - v1.10.0: typedocs/latest/index.html
 
 theme:
   name: material

source/package.json

@@ -1,6 +1,6 @@
 {
   "name": "landing-zone-accelerator-on-aws",
-  "version": "v1.10.0-rc.1",
+  "version": "1.10.0",
   "private": true,
   "description": "Landing Zone Accelerator on AWS",
   "license": "Apache-2.0",

source/packages/@aws-accelerator/accelerator/test/__snapshots__/accounts-stack.test.ts.snap

@@ -2893,7 +2893,7 @@ exports[`AccountsStack us-east-1 Construct(AccountsStack):  Snapshot Test 1`] =
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-AccountsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -3902,7 +3902,7 @@ exports[`AccountsStack us-west-2 Construct(AccountsStackUsWest2):  Snapshot Test
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-AccountsStack-111111111111-us-west-2/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/applications-stack.test.ts.snap

@@ -440,7 +440,7 @@ exports[`ApplicationsStack Construct(ApplicationsStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-CustomizationsStack-444444444444-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/bootstrap-stack.test.ts.snap

@@ -948,7 +948,7 @@ exports[`BootstrapStack Construct(BootstrapStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-BootstrapStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/customizations-stack.test.ts.snap

@@ -656,7 +656,7 @@ exports[`CustomizationsStack Construct(CustomizationsStack):  Snapshot Test 1`]
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-CustomizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -1114,7 +1114,7 @@ exports[`CustomizationsStack Construct(CustomizationsStack):  Snapshot Test 2`]
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-CustomizationsStack-444444444444-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/dependencies-stack.test.ts.snap

@@ -201,7 +201,7 @@ exports[`DependenciesStack Construct(DependenciesStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-DependenciesStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/finalize-stack.test.ts.snap

@@ -951,7 +951,7 @@ exports[`FinalizeStack Construct(FinalizeStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-FinalizeStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/identity-center-stack.test.ts.snap

@@ -695,7 +695,7 @@ exports[`IdentityCenterStack Construct(IdentityCenterStack):  Snapshot Test 1`]
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-IdentityCenterStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/key-stack.test.ts.snap

@@ -392,7 +392,7 @@ exports[`KeyStack Construct(KeyStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-KeyStack-222222222222-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/logging-stack.test.ts.snap

@@ -4012,7 +4012,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-LoggingStack-333333333333-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -8396,7 +8396,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-LoggingStack-333333333333-us-west-2/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -12871,7 +12871,7 @@ exports[`LoggingStackOuTargets Construct(LoggingStackOuTargets):  Snapshot Test
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-LoggingStack-333333333333-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-associations-gwlb-stack.test.ts.snap

@@ -2861,7 +2861,7 @@ exports[`NetworkAssociationsGwlbStack Construct(NetworkAssociationsGwlbStack):
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkAssociationsGwlbStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-associations-stack.test.ts.snap

@@ -2996,7 +2996,7 @@ exports[`NetworkAssociationsStack Construct(NetworkAssociationsStack):  Snapshot
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkAssociationsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -5293,7 +5293,7 @@ exports[`NoVpcFlowLogStack Construct(NetworkAssociationsStack):  Snapshot Test 1
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkAssociationsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-prep-stack.test.ts.snap

@@ -2262,7 +2262,7 @@ drop http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"example.com";
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkPrepStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-dns-stack.test.ts.snap

@@ -1101,7 +1101,7 @@ exports[`NetworkVpcDnsStack Construct(NetworkVpcDnsStack):  Snapshot Test 1`] =
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcDnsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-endpoints-stack.test.ts.snap

@@ -2153,7 +2153,7 @@ exports[`NetworkVpcEndpointsStack Construct(NetworkVpcEndpointsStack):  Snapshot
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcEndpointsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-stack.test.ts.snap

@@ -4396,7 +4396,7 @@ exports[`NetworkVpcStack Construct(NetworkVpcStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -5852,7 +5852,7 @@ exports[`NoVpcFlowLogStack Construct(NetworkVpcStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/operations-stack.test.ts.snap

@@ -1120,7 +1120,7 @@ exports[`OperationsStack Construct(OperationsStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-OperationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "v1.10.0-rc.1",
+        "Value": "1.10.0",
       },
       "Type": "AWS::SSM::Parameter",
     },