Revisions
Date | Change |
---|---|
August 2020 | Initial release |
October 2020 | Added additional troubleshooting information to Appendix C. |
November 2020 | Added deployment instructions for China regions; updated solution deployment
instructions for the Security Hub admin account; for more information, refer to the
CHANGELOG.md |
April 2021 | Release v1.2.0: Added new playbook architecture and new FSBP remediations. For more
information, refer to the CHANGELOG.md |
May 2021 | Release v1.2.1: Bug fix for an issue affecting EC2.2 and EC2.7. For more
information, refer to the CHANGELOG.md |
August 2021 | Release v1.3.0: Added PCI DSS v3.2.1 Playbook. Added 17 new remediations to CIS
v1.2.0. Added four new remediations to FSBP. Converted CIS to use new playbook
architecture based on SSM runbooks. Added instructions to extend existing Playbooks with
customer-defined remediations. For more information, refer to the CHANGELOG.md |
September 2021 | Release v1.3.1: CreateLogMetricFilterAndAlarm.py changed to make
Actions active, add SNS notification to
SO0111-SHARR-LocalAlarmNotification . Changed CIS 2.8 remediation to match
new finding data format. For more information, refer to the CHANGELOG.md |
November 2021 | Release v1.3.2: Bug fixes for CIS v1.2.0 controls 3.1 - 3.14. For more information,
refer to the CHANGELOG.md |
December 2021 | Release v1.4.0: The solution can now be deployed using StackSets. Cross-Region
remediation is now supported in addition to cross-account. Member account IAM roles are
now retained when the stack is removed. For more information, refer to the CHANGELOG.md |
January 2022 | Release v1.4.1: Bug fixes. For more information, refer to the CHANGELOG.md |
January 2022 | Release v1.4.2: Bug fixes. For more information, refer to the CHANGELOG.md |
June 2022 | Release v1.5.0: Additional remediations. For more information, refer to the CHANGELOG.md |
December 2022 | Release 1.5.1 Changes to switch SSM document creation from Custom Resource Lambda
to CfnDocument . Prefix for the SSM document names are updated to start with
ASR instead of SHARR. For more information, refer to the CHANGELOG.md |
March 2023 | Release 2.0.0: Added support for security controls and CIS v1.4.0 standards, five
new remediations to FSBP standards, one new remediation to CIS v1.2.0 standards, the
service catalog AppRegistry integration, and additional protections to avoid deployment
failure due to SSM document throttling. For more information, refer to the CHANGELOG.md |
April 2023 | Release 2.0.1: Mitigated impact caused by new default settings for S3 Object
Ownership (ACLs disabled) for all new S3 buckets. For more information, refer to the
CHANGELOG.md |
May 2023 |
Documentation update: Updated Well-Architected definitions, added guidance on where to deploy each stack, additional Troubleshooting edition of issues with specific remediation, and updated code examples in SNS notification. |
July 2023 | Documentation update: Updated the architecture diagram and the solution components in the workflow. |
October 2023 | Release 2.0.2: Updated package versions to resolve security vulnerabilities. For
more information, refer to the CHANGELOG.md |
November 2023 | Documentation update: Added Confirm cost tags associated with the solution to the Monitoring the solution with AWS Service Catalog AppRegistry section. |
March 2024 |
Release 2.1.0: Added support for the NIST standard, added 17 new remediations to
FSBP standards, added CloudWatch dashboard for monitoring solution, added throttling
handler to architecture, added support for Security Hub customizable input parameters,
and added support for remediating Config findings. For more information, refer to the
CHANGELOG.md |
April 2024 |
Release 2.1.1: Updated to CloudFormation parameter order and default values
Documentation update. Added references to NIST standard. Added information regarding
EventBridge rule service quotas. For more information, refer to the CHANGELOG.md |
June 2024 | Release 2.1.2: Disabled AppRegistry for certain playbooks to avoid errors when
updating the solution. For more information, refer to the CHANGELOG.md |
September 2024 | Release 2.1.3: Resolved an issue in the remediation scripts for EC2.18 and EC2.19
where security group rules with IpProtocol set to -1 were being incorrectly ignored.
Upgraded all Python runtimes in remediation SSM documents from Python 3.8 to Python
3.11. For more information, refer to the CHANGELOG.md |
November 2024 | Release 2.1.4: Upgraded Python runtimes in all control runbooks from
Python 3.8 to Python 3.11. For more information, refer to the CHANGELOG.md |