feat(logging): add aws account id, region and log group as available dynamic partition keys

.github/workflows/docs.yml

@@ -22,7 +22,7 @@ jobs:
         with:
           role-to-assume: ${{ secrets.IAM_ROLE_ARN }}
           aws-region: us-east-1
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.12'
       - name: Copy TypeDocs from S3

.viperlightignore

@@ -243,3 +243,6 @@ source/packages/@aws-config-converter/src/config/global-config.ts:2306
 # Assume role declaration
 source/packages/@aws-accelerator/utils/test/get-template.test.ts:67
 source/packages/@aws-accelerator/utils/test/get-template.test.ts:74
+
+# Security Email Address in Security.md file
+SECURITY.md:10

CHANGELOG.md

@@ -5,6 +5,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.9.2] - 08-26-2024
+
+### Fixed
+
+- fix(metadata): fixed config file writes with codecommit
+- fix(validation): configuration validation failure when SecurityHub was enabled with Control Tower
+- fix(control-tower): skip existing ct identifier check when ct is not enabled
+
+### Changed
+
+- chore: add security.md file to repo
+
+## [1.9.1] - 08-09-2024
+
+### Changed
+
+- chore: upgrade github action to node20
+
+### Configuration Changes
+
+- chore(lza-sample-config): enhance SCP statements for invocation of Lambda functions
+
 ## [1.9.0] - 07-25-2024
 
 ### Added

SECURITY.md

@@ -0,0 +1,11 @@
+# Reporting Security Issues
+
+We take all security reports seriously.
+When we receive such reports,
+we will investigate and subsequently address
+any potential vulnerabilities as quickly as possible.
+If you discover a potential security issue in this project,
+please notify AWS/Amazon Security via our
+[vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/)
+or directly via email to [AWS Security](mailto:aws-security@amazon.com).
+Please do *not* create a public GitHub issue in this project.

reference/sample-configurations/lza-sample-config-govcloud-us/govcloud-us-config/service-control-policies/guardrails-1.json

@@ -32,6 +32,7 @@
         "lambda:DeleteEventSourceMapping",
         "lambda:DeleteFunction",
         "lambda:DeleteFunctionConcurrency",
+        "lambda:Invoke*",
         "lambda:PutFunctionConcurrency",
         "lambda:RemovePermission",
         "lambda:UpdateEventSourceMapping",

reference/sample-configurations/lza-sample-config/service-control-policies/guardrails-1.json

@@ -32,6 +32,7 @@
         "lambda:DeleteEventSourceMapping",
         "lambda:DeleteFunction",
         "lambda:DeleteFunctionConcurrency",
+        "lambda:Invoke*",
         "lambda:PutFunctionConcurrency",
         "lambda:RemovePermission",
         "lambda:UpdateEventSourceMapping",

solution-manifest.yaml

@@ -1,7 +1,7 @@
 ---
 id: SO0199
 name: landing-zone-accelerator-on-aws
-version: v1.9.0
+version: v1.9.2
 cloudformation_templates:
   - template: AWSAccelerator-InstallerStack.template
     main_template: true

source/log-scanner.sh

@@ -5,7 +5,7 @@ RED='\033[0;31m'
 BLUE='\033[0;34m'
 NC='\033[0m'
 cd ../
-files=$(git diff --staged --name-only)
+files=$(git diff --staged --diff-filter=AM --name-only)
 for file in $files; do
     lines=$(awk '/console.log\(/{ print NR; }' $file)
     for line in $lines; do

source/mkdocs/mkdocs.yml

@@ -87,7 +87,10 @@ nav:
           - v1.7.1: typedocs/v1.7.1/index.html
       - v1.8:
           - v1.8.0: typedocs/v1.8.0/index.html
-          - v1.8.1: typedocs/latest/index.html
+          - v1.8.1: typedocs/v1.8.1/index.html
+      - v1.9:
+          - v1.9.0: typedocs/v1.9.0/index.html
+          - v1.9.1: typedocs/latest/index.html
 
 theme:
   name: material

source/package.json

@@ -1,6 +1,6 @@
 {
   "name": "landing-zone-accelerator-on-aws",
-  "version": "1.9.0",
+  "version": "1.9.2",
   "private": true,
   "description": "Landing Zone Accelerator on AWS",
   "license": "Apache-2.0",

source/packages/@aws-accelerator/accelerator/lib/asea-resources/vpc-resources.ts

@@ -229,7 +229,7 @@ export class VpcResources extends AseaResource {
         cfnNaclSubnetAssociation = this.modifyNaclSubnetAssociation(
           cfnNaclSubnetAssociation,
           naclId,
-          subnetId?.physicalResourceId,
+          cfnNaclSubnetAssociation.subnetId,
         );
       }
 
@@ -269,7 +269,7 @@ export class VpcResources extends AseaResource {
 
     const naclSubnetAssociation = naclSubnetAssociations.find(
       naclSubnetAssociations =>
-        naclSubnetAssociations.resourceMetadata['Properties'].SubnetId === subnetId?.physicalResourceId,
+        naclSubnetAssociations.resourceMetadata['Properties'].SubnetId.Ref === subnetId?.logicalResourceId,
     );
     return naclSubnetAssociation;
   }

source/packages/@aws-accelerator/accelerator/test/__snapshots__/accounts-stack.test.ts.snap

@@ -1927,7 +1927,7 @@ exports[`AccountsStack us-east-1 Construct(AccountsStack):  Snapshot Test 1`] =
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-AccountsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -1982,7 +1982,7 @@ exports[`AccountsStack us-west-2 Construct(AccountsStackUsWest2):  Snapshot Test
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-AccountsStack-111111111111-us-west-2/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/applications-stack.test.ts.snap

@@ -440,7 +440,7 @@ exports[`ApplicationsStack Construct(ApplicationsStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-CustomizationsStack-444444444444-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/bootstrap-stack.test.ts.snap

@@ -948,7 +948,7 @@ exports[`BootstrapStack Construct(BootstrapStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-BootstrapStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/customizations-stack.test.ts.snap

@@ -656,7 +656,7 @@ exports[`CustomizationsStack Construct(CustomizationsStack):  Snapshot Test 1`]
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-CustomizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -1114,7 +1114,7 @@ exports[`CustomizationsStack Construct(CustomizationsStack):  Snapshot Test 2`]
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-CustomizationsStack-444444444444-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/dependencies-stack.test.ts.snap

@@ -201,7 +201,7 @@ exports[`DependenciesStack Construct(DependenciesStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-DependenciesStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/finalize-stack.test.ts.snap

@@ -951,7 +951,7 @@ exports[`FinalizeStack Construct(FinalizeStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-FinalizeStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/identity-center-stack.test.ts.snap

@@ -695,7 +695,7 @@ exports[`IdentityCenterStack Construct(IdentityCenterStack):  Snapshot Test 1`]
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-IdentityCenterStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/key-stack.test.ts.snap

@@ -402,7 +402,7 @@ exports[`KeyStack Construct(KeyStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-KeyStack-222222222222-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/logging-stack.test.ts.snap

@@ -4031,7 +4031,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-LoggingStack-333333333333-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -8434,7 +8434,7 @@ exports[`LoggingStack Construct(LoggingStack):  Snapshot Test 2`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-LoggingStack-333333333333-us-west-2/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -12938,7 +12938,7 @@ exports[`LoggingStackOuTargets Construct(LoggingStackOuTargets):  Snapshot Test
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-LoggingStack-333333333333-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-associations-gwlb-stack.test.ts.snap

@@ -2861,7 +2861,7 @@ exports[`NetworkAssociationsGwlbStack Construct(NetworkAssociationsGwlbStack):
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkAssociationsGwlbStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-associations-stack.test.ts.snap

@@ -2996,7 +2996,7 @@ exports[`NetworkAssociationsStack Construct(NetworkAssociationsStack):  Snapshot
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkAssociationsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -5293,7 +5293,7 @@ exports[`NoVpcFlowLogStack Construct(NetworkAssociationsStack):  Snapshot Test 1
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkAssociationsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-prep-stack.test.ts.snap

@@ -2262,7 +2262,7 @@ drop http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"example.com";
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkPrepStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-dns-stack.test.ts.snap

@@ -1101,7 +1101,7 @@ exports[`NetworkVpcDnsStack Construct(NetworkVpcDnsStack):  Snapshot Test 1`] =
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcDnsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-endpoints-stack.test.ts.snap

@@ -2153,7 +2153,7 @@ exports[`NetworkVpcEndpointsStack Construct(NetworkVpcEndpointsStack):  Snapshot
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcEndpointsStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/network-vpc-stack.test.ts.snap

@@ -4396,7 +4396,7 @@ exports[`NetworkVpcStack Construct(NetworkVpcStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcStack-555555555555-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -5852,7 +5852,7 @@ exports[`NoVpcFlowLogStack Construct(NetworkVpcStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-NetworkVpcStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/operations-stack.test.ts.snap

@@ -1120,7 +1120,7 @@ exports[`OperationsStack Construct(OperationsStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-OperationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/organizations-stack.test.ts.snap

@@ -3202,7 +3202,7 @@ exports[`MultiOuOrganizationsStack Construct(OrganizationsStack):  Snapshot Test
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-OrganizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -6572,7 +6572,7 @@ exports[`OrganizationsStack Construct(OrganizationsStack):  Snapshot Test 1`] =
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-OrganizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -9846,7 +9846,7 @@ exports[`delegatedAdminStack Construct(OrganizationsStack):  Snapshot Test 1`] =
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-OrganizationsStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/pipeline-stack.test.ts.snap

@@ -2589,7 +2589,7 @@ exports[`PipelineStack Construct(PipelineStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/PipelineStack/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/prepare-stack.test.ts.snap

@@ -4615,7 +4615,7 @@ exports[`PrepareStack Construct(PrepareStack):  Snapshot Test 1`] = `
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-PrepareStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/resource-policy-enforcement-stack.test.ts.snap

@@ -874,7 +874,7 @@ exports[`ResourcePolicyEnforcementStack Construct(ResourcePolicyEnforcementStack
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-ResourcePolicyEnforcementStack-111111111111-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },

source/packages/@aws-accelerator/accelerator/test/__snapshots__/security-audit-stack.test.ts.snap

@@ -2705,7 +2705,7 @@ def script_handler(events, context):
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-SecurityAuditStack-222222222222-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },
@@ -5069,7 +5069,7 @@ def script_handler(events, context):
       "Properties": {
         "Name": "/accelerator/AWSAccelerator-SecurityAuditStack-222222222222-us-east-1/version",
         "Type": "String",
-        "Value": "1.9.0",
+        "Value": "1.9.2",
       },
       "Type": "AWS::SSM::Parameter",
     },