From 07dc101179fa2d1649cd987e3d8f3d269db546b8 Mon Sep 17 00:00:00 2001
From: K3ndu <37668739+K3ndu@users.noreply.github.com>
Date: Sun, 2 Oct 2022 03:20:59 +0300
Subject: [PATCH 1/3] feat: make audit log bucket access logs bucket name
 customizable (#303)

* Make audit log bucket access logs bucket name customizable

* docs: run terraform-docs

Co-authored-by: Kendi Paet <kendi@tavex.eu>
Co-authored-by: nozaq <code@nozaq.com>
---
 README.md    | 1 +
 bucket.tf    | 2 +-
 variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fc3389cf..55b5c742 100644
--- a/README.md
+++ b/README.md
@@ -142,6 +142,7 @@ This module is composed of several submodules and each of which can be used inde
 | <a name="input_allow_users_to_change_password"></a> [allow\_users\_to\_change\_password](#input\_allow\_users\_to\_change\_password) | Whether to allow users to change their own password. | `bool` | no |
 | <a name="input_analyzer_baseline_enabled"></a> [analyzer\_baseline\_enabled](#input\_analyzer\_baseline\_enabled) | Boolean whether analyzer-baseline is enabled. | `bool` | no |
 | <a name="input_analyzer_name"></a> [analyzer\_name](#input\_analyzer\_name) | The name for the IAM Access Analyzer resource to be created. | `string` | no |
+| <a name="input_audit_log_bucket_access_logs_name"></a> [audit\_log\_bucket\_access\_logs\_name](#input\_audit\_log\_bucket\_access\_logs\_name) | The name of the S3 bucket to store various audit logs. | `string` | no |
 | <a name="input_audit_log_bucket_custom_policy_json"></a> [audit\_log\_bucket\_custom\_policy\_json](#input\_audit\_log\_bucket\_custom\_policy\_json) | Override policy for the audit log bucket. Allows addition of extra policies. | `string` | no |
 | <a name="input_audit_log_bucket_force_destroy"></a> [audit\_log\_bucket\_force\_destroy](#input\_audit\_log\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the audit log bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | no |
 | <a name="input_audit_log_bucket_key_enabled"></a> [audit\_log\_bucket\_key\_enabled](#input\_audit\_log\_bucket\_key\_enabled) | Whether or not to use Amazon S3 Bucket Keys for encrypting the audit log bucket. | `bool` | no |
diff --git a/bucket.tf b/bucket.tf
index 2c6f30ef..5d92b3d9 100644
--- a/bucket.tf
+++ b/bucket.tf
@@ -36,7 +36,7 @@ module "audit_log_bucket" {
 
   bucket_name                       = var.audit_log_bucket_name
   bucket_key_enabled                = var.audit_log_bucket_key_enabled
-  log_bucket_name                   = "${var.audit_log_bucket_name}-access-logs"
+  log_bucket_name                   = var.audit_log_bucket_access_logs_name != "" ? var.audit_log_bucket_access_logs_name : "${var.audit_log_bucket_name}-access-logs"
   lifecycle_glacier_transition_days = var.audit_log_lifecycle_glacier_transition_days
   force_destroy                     = var.audit_log_bucket_force_destroy
 
diff --git a/variables.tf b/variables.tf
index 4e7df2c7..a942f3c9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -79,6 +79,12 @@ variable "audit_log_bucket_name" {
   type        = string
 }
 
+variable "audit_log_bucket_access_logs_name" {
+  description = "The name of the S3 bucket to store various audit logs."
+  type        = string
+  default     = ""
+}
+
 variable "audit_log_bucket_custom_policy_json" {
   description = "Override policy for the audit log bucket. Allows addition of extra policies."
   type        = string

From bb724cd7783ae3e645cbbb4468b367fc5095cb53 Mon Sep 17 00:00:00 2001
From: nozaq <code@nozaq.com>
Date: Sat, 3 Dec 2022 09:56:19 +0900
Subject: [PATCH 2/3] feat: enable CIS benchmark v1.4.0 standard (#308)

---
 modules/securityhub-baseline/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/securityhub-baseline/main.tf b/modules/securityhub-baseline/main.tf
index c929047b..bb87b7e6 100644
--- a/modules/securityhub-baseline/main.tf
+++ b/modules/securityhub-baseline/main.tf
@@ -43,7 +43,7 @@ resource "aws_securityhub_invite_accepter" "invitee" {
 resource "aws_securityhub_standards_subscription" "cis" {
   count = var.enable_cis_standard ? 1 : 0
 
-  standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+  standards_arn = "arn:aws:securityhub:${data.aws_region.current.name}::standards/cis-aws-foundations-benchmark/v/1.4.0"
 
   depends_on = [aws_securityhub_account.main]
 }

From 7c4a1e5b876495753695786490350741c5fc188b Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sat, 3 Dec 2022 09:59:39 +0900
Subject: [PATCH 3/3] chore(main): release 2.1.0 (#304)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 CHANGELOG.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7b91cbe1..1ea69b0d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.0](https://github.com/nozaq/terraform-aws-secure-baseline/compare/v2.0.0...v2.1.0) (2022-12-03)
+
+
+### Features
+
+* enable CIS benchmark v1.4.0 standard ([#308](https://github.com/nozaq/terraform-aws-secure-baseline/issues/308)) ([bb724cd](https://github.com/nozaq/terraform-aws-secure-baseline/commit/bb724cd7783ae3e645cbbb4468b367fc5095cb53))
+* make audit log bucket access logs bucket name customizable ([#303](https://github.com/nozaq/terraform-aws-secure-baseline/issues/303)) ([07dc101](https://github.com/nozaq/terraform-aws-secure-baseline/commit/07dc101179fa2d1649cd987e3d8f3d269db546b8))
+
 ## [2.0.0](https://github.com/nozaq/terraform-aws-secure-baseline/compare/v1.1.0...v2.0.0) (2022-06-05)