v2.1.1

[2.1.1] - 2024-11-27

Changed

• Updated dependencies to address cross-spawn CVE-2024-21538

v2.1.0

[2.1.0] - 2024-06-17

Added

• Support for China regions.
• Support for GovCloud regions.
• Support for Opt-in regions.
• Policies will now update automatically when a new version of policy_manifest.json file is uploaded to the solution's PolicyManifest S3 bucket.
• Automations for AWS Shield Advanced subscribers to set up health-based detection and proactive engagement. This includes three new CloudFormation templates: aws-fms-shield-automations-prereq, aws-fms-shield-automations, and aws-fms-proactive-event-response.
• Option to subscribe to SNS topic for error notifications.
• Integration with Amazon X-Ray.
• Lambda layer for utilities shared by solution's lambda functions.
• Snapshots for CDK stacks in source/resources/__tests__.
• upload-s3-dist.sh script to the /deployment directory to upload solution artifacts directly to S3.

Changed

• Updated default policy_manifest.json to enable AWS Shield Advanced automatic application-layer DDoS protection in "count" mode for Shield Advanced policies deployed by the solution via Firewall Manager. Currently, AWS Shield supports this feature for CloudFront distributions and Application Load Balancers only.
• General refactor to increase code and unit test clarity.
• policyUpdateToken is no longer stored in DynamoDB, instead it is retrieved using FMS GetPolicy API.
• Removed anonymized metrics publishing from PreReqManager Lambda function.
• Removed UUID from the Prerequisite stack.
• Updated wording from "anonymous" to "anonymized" for metric publishing.
• Removed MetricsQueue resource & MetricsManager Lambda function and consolidated metrics publishing to the utilsLayer.
• Enhanced log statements to use Lambda Powertools Logger.
• Enhanced SSM Parameter retrieval to use Lambda Powertools.
• Upgraded dependencies with npm upgrade.

Fixed

• Fixed bug in Prerequisite stack which halted AWS Organizations trusted access with CloudFormation StackSets from being activated.

v2.0.12

[2.0.12] - 2024-09-19

Security

• Upgrade depdendencies to mitigate CVE-2024-45296

v2.0.11

[2.0.11] - 2024-08-01

Security

• Upgrade fast-xml-parser to mitigate CVE-2024-41818

Changed

• Extended PolicyManager's Log Group retention period to ten years.

v2.0.10

[2.0.10] - 2024-06-19

Security

• Upgraded braces package to mitigate CVE-2024-4068

Fixed

• Fixed intermittent deployment failure caused by "CopyManifest" custom resource installing latest SDK version.

v2.0.9

[2.0.9] - 2024-01-07

Changed

• Update NodeJS runtimes to Nodejs18.x for all the lambda functions in the solution.

v2.0.8

Changed

• Update lambda timeout for custom resource PreReqManagerCR.

Fixed

• Update node dependencies for security vulnerabilities.

v2.0.7

[2.0.7] - 2023-08-10

Changed

• Update aws-cdk-lib to force CustomResourceProvider and Provider to update lambda runtimes to Nodejs18.x.

v2.0.6

Fixed

• Fixed dependabot issues for fast-xml-parser, CVE-2023-34104.
• Fixed deployment issue which was limiting the solution to be deployed in only us-east-1.

v2.0.5

Changed

• Update parameter names for consistency
• Refactor to reduce code complexity
• Update client configs to latest sdk version
• Fix broken URLs in README