Release v1.5.11

• Update release.yml with change of v2 to v4 of GitHub Actions Artifacts (aab6095)
• fix for tgw peering multiple attachments issue (#1237) (be9b11a)
• Bump braces from 3.0.2 to 3.0.3 in /reference-artifacts/Add-ons/opensiem (#1230) (d961589)

Release v1.5.10

NOTES

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments

• Customers MUST update their ASEA installer stack with the provided CloudFormation template for this release.

  • This release includes important runtime and bug fix updates that customers should install. This release focuses on stability and preparing for the end of support.
  • It's recommend customers on older versions upgrade to v1.5.9-b first before moving to v1.5.10.
  • Upgrade testing for future releases will only be for upgrades from v1.5.10 or higher
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q2 2025. Upgrades from ASEA to LZA will occur over the few quarters.

FEATURES

• code changes to support use of ca-west-1 (Canada West) region.
• enables opt-in region for guardduty logging (#1222) (2102ceb)
• ca-west-1 config sample and documentation (#1225) (1ed3ea3)

FIXES

• fix for 1205 (#1223) (6cfa5eb)
• eslint config upgrade (#1224) (a588e9a)
• s3 template update (#1221) (b59818b)

Release v1.5.9-b

NOTES

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments

• Customers MUST update their ASEA installer stack with the provided CloudFormation template for this release.

  • This release includes important runtime and bug fix updates that customers should install. This release focuses on stability and preparing for the end of support.
  • It's recommend customers on older versions upgrade to v1.5.8-d first before moving to v1.5.9-b.
  • Upgrade testing for future releases will only be for upgrades from v1.5.9-b or higher
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q2 2025. Upgrades from ASEA to LZA will occur over the few quarters.

FEATURES

• None

FIXES

• Fix for cross-account Security Group rules using dynamic cidr ranges (#1220) (b31529a)
• Add ca-west-1 (#1218) (63ca3b3)
• Added latest proxy-agent version (#1215) (76b4e8f)
• Removed strict flag (#1216) (e0eb93e)
• Removed proxy-agent dependency (#1209) (32ee10c)
• Update retry logic to match error (#1208) (8a62515)
• Increase memory size for ALB IP forwarding lambdas (#1204) (9c17165)
• Fix cannot find module 'aws-sdk' on custom config rule lambdas (#1207) (1660d5c)

Release v1.5.8-d

NOTES

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments

• Customers MUST update their ASEA installer stack with the provided CloudFormation template for this release.

  • This release includes important runtime and bug fix updates that customers should install. This release focuses on stability and preparing for the end of support.
  • It's recommend customers on older versions upgrade to 1.5.7-b first before moving to v1.5.8-d.
  • Upgrade testing for future releases will only be for upgrades from v1.5.8-d or higher
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q2 2025. Upgrades from ASEA to LZA will occur over the few quarters.

FEATURES

• None

FIXES

• Fix issue with vpcEndpoint az lookup (#1194) (8f590e0)
• Upgrade to Node 18 runtimes (#1189) (d940dfa)
• Fix wrong argument passed to updateTerminationProtection function (#1197) (f93a132)
• increase lambda memory (#1201) (c09266c)
• added memory (#1202) (5e33f47)

Release v1.5.8-c

NOTES

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments

• Customers MUST update their ASEA installer stack with the provided CloudFormation template for this release.

  • This release includes important runtime and bug fix updates that customers should install. This release focuses on stability and preparing for the end of support.
  • It's recommend customers on older versions upgrade to 1.5.7-b first before moving to v1.5.8-c.
  • Upgrade testing for future releases will only be for upgrades from v1.5.8-c or higher
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q2 2025. Upgrades from ASEA to LZA will occur over the few quarters.

FEATURES

• None

FIXES

• Fix issue with vpcEndpoint az lookup (#1194) (8f590e0)
• Upgrade to Node 18 runtimes (#1189) (d940dfa)
• Fix wrong argument passed to updateTerminationProtection function (#1197) (f93a132)
• increase lambda memory (#1201) (c09266c)

Release v1.5.8-b

NOTES

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments

• Customers MUST update their ASEA installer stack with the provided CloudFormation template for this release.

  • This release includes important runtime and bug fix updates that customers should install. This release focuses on stability and preparing for the end of support.
  • It's recommend customers on older versions upgrade to 1.5.7-b first before moving to v1.5.8-b.
  • Upgrade testing for future releases will only be for upgrades from v1.5.8-b or higher
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q2 2025. Upgrades from ASEA to LZA will occur over the few quarters.

FEATURES

• None

FIXES

• Fix issue with vpcEndpoint az lookup (#1194) (8f590e0)
• Upgrade to Node 18 runtimes (#1189) (d940dfa)
• Fix wrong argument passed to updateTerminationProtection function (#1197) (f93a132)

Release v1.5.8

NOTES

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments

• Customers MUST update their ASEA installer stack with the provided CloudFormation template for this release.

  • This release includes important runtime and bug fix updates that customers should install. This release focuses on stability and preparing for the end of support.
  • It's recommend customers on older versions upgrade to 1.5.7-b first before moving to v1.5.8.
  • Upgrade testing for future releases will only be for upgrades from v1.5.8 or higher
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q2 2025. Upgrades from ASEA to LZA will occur over the few quarters.

FEATURES

• None

FIXES

• Fix issue with vpcEndpoint az lookup (#1194) (8f590e0)
• Upgrade to Node 18 runtimes (#1189) (d940dfa)

Release v1.5.7-b

NOTES

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments
  • Upgrade testing for future releases will only be for upgrades from v1.5.7-b or higher
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q4 2024. Upgrades from ASEA to LZA will occur over the next year.
• Note that the Organization SCPs (in Reference Artifacts) have multiple changes to address AWS service changes, etc. Customers should review and reconcile differences between these reference artifacts and the SCPs they currently have in place.

FEATURES

• Configuration and docs to enable SSM Quick Setup patch policies (centralized patching) (#1157) (9478471)
• Implement versioning on ASEA Docs site (#1128) (7655c29)

FIXES

• Cloudwatch Logs customer subscription filters being removed (#1172) (10d3790)
• Policy changes rule must only revert SCPs; not backup or tag policies (#1169) (b363bf5)
• Multiple Organizations SCP updates (#1167) (30e9be4)
• Add support for EC2 IMDSv2 (#1161) (4e72dec)
• Fix sfn deployment (#1158) (caee051)
• Support for EC2 Launch templates (#1156) (e571cf2)
• Fix for EventBridge notifications sent to SNS (#1132) (4df28a9)
• Node 16 ASEA update (#1149) (d628fd8)

Release v1.5.6-a

Notes

• v1.5.6-a was released to address an issue with log replication. If you already upgraded to v1.5.6 reach out to your AWS Account Team for instructions on additional steps required while upgrading to v1.5.6-a from v1.5.6

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments

• Existing customers MUST upgrade to v1.5.6 or higher to avoid impacts by 2023-06-01

  • Upgrade testing for future releases will only be for upgrades from v1.5.6 or higher
  • AWS CDK version 1 will reach its end-of-support, and will no longer receive updates or releases
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q2 2024. Upgrades from ASEA to LZA will occur over the next year.

• IMPORTANT - In order to implement the VPC flow log fix (#1112) (b5dc19c):

1. Before update: for every VPC of the configuration, change the “flow-logs” option to “CWL”
2. Execute the State Machine in Full Apply mode. Wait for successful completion
3. Change the “flow-logs” option to the original value (“BOTH”) (don’t re-run the state machine)
4. Follow the general instructions to update ASEA to version 1.5.6
5. Update the CloudFormation stack
6. Run the ASEA-InstallerPipeline
7. When the ASEA-InstallerPipeline completes it will trigger the State Machine. Verify that it completes successfully

FIXES

• Fixes logging bucket replication not being applied.
• CDK Rebase (from v1 to v2) (#1117) (6642b61)
• Adjust vpc flow log creation logic (#1112) (b5dc19c)
• AWS Config rule IAM Password Policy boolean values (#1100) (58208ad)
• Update alb ip monitor dns lookup check (#1076) (fe0ed82)
• Switch Log archive bucket policy to Org policy (#1051) (696adb8)
• Lambda timeout in large customer environments (#1020) (bed0a62)

DOCUMENTATION

• Update install.md (#1115) (2a5ed54)

CONFIG FILE CHANGES

• None

Release v1.5.6

Notes

• This release was REPLACED by v1.5.6-a due to an issue, customers should upgrade to v1.5.6-a instead

• Customers MUST use Landing Zone Accelerator on AWS (LZA) for new deployments

• Existing customers MUST upgrade to v1.5.6 or higher to avoid impacts by 2023-06-01

  • Upgrade testing for future releases will only be for upgrades from v1.5.6 or higher
  • AWS CDK version 1 will reach its end-of-support, and will no longer receive updates or releases
  • ASEA is currently in maintenance with no new features or enhancements planned. It's expected that a future Release will help customers upgrade from ASEA to LZA.
  • End of support is expected in Q2 2024. Upgrades from ASEA to LZA will occur over the next year.

• IMPORTANT - In order to implement the VPC flow log fix (#1112) (b5dc19c):

1. Before update: for every VPC of the configuration, change the “flow-logs” option to “CWL”
2. Execute the State Machine in Full Apply mode. Wait for successful completion
3. Change the “flow-logs” option to the original value (“BOTH”) (don’t re-run the state machine)
4. Follow the general instructions to update ASEA to version 1.5.6
5. Update the CloudFormation stack
6. Run the ASEA-InstallerPipeline
7. When the ASEA-InstallerPipeline completes it will trigger the State Machine. Verify that it completes successfully

FIXES

• CDK Rebase (from v1 to v2) (#1117) (6642b61)
• Adjust vpc flow log creation logic (#1112) (b5dc19c)
• AWS Config rule IAM Password Policy boolean values (#1100) (58208ad)
• Update alb ip monitor dns lookup check (#1076) (fe0ed82)
• Switch Log archive bucket policy to Org policy (#1051) (696adb8)
• Lambda timeout in large customer environments (#1020) (bed0a62)

DOCUMENTATION

• Update install.md (#1115) (2a5ed54)

CONFIG FILE CHANGES

• None