Skip to content

Release v1.5.2
Compare
Choose a tag to compare
@github-actions github-actions released this 13 Jul 03:17
v1.5.2
d26d68a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Notes

  • This release is no longer installable based on changes to IAM role trust policy behavior and to tagging behavior (#1085), use v1.5.5 or above
  • Upgrades were only supported directly from v1.3.8, v1.3.9, and v1.5.0+

FEATURES

  • Add AWS Outpost, Local Zone, and Wavelength support (#964) (Spec: #963)
    • Enable local subnet creation
    • Enable targeting customer created objects in ASEA managed route tables (required to target LGW)
  • Add option to collect ASEA configuration and metadata in a new restricted log archive bucket (#976) (Spec: #1011)
    • Enables providing visibility into ASEA deployed configuration without access to the Org mgmt. account (i.e. SOC)

FIXES

  • Enable support for IAM conditions w/role policies (#1003)
  • Leverage region STS endpoints, rather than the global endpoint (#997)
  • Fix issues w/ASEA removing Control Tower SCP's in certain situations (#998)
  • Filter out non-active Organizational accounts from state machine activity (#981)
  • Fix Lambda role permissions w/KMS keys which broke SNS alerting in v1.5.1 (#971)
  • Fix spelling error in CloudWatch metric (#973)
  • Add warn message when TGW route fails to deploy (#979)
  • Allow reading tags outside Canada (enables installing OpenShift) (#977)

DOCUMENTATION

ADD-ONS

  • DDB-Update - Enabled Versioning on the S3 Bucket (#954)
  • opensiem - Move to SNS topics to enable supporting multiple log consumers (#952)
  • opensiem - Update packages and cdk (#949)

CONFIG FILE CHANGES

  • Add "meta-data-collection": true to global-options (OPTIONAL)
  • Add "meta-data-read-only-access": true to any role to enable log archive bucket access (AS NEEDED)
    • similar to "ssm-log-archive-read-access" and "ssm-log-archive-write-access"
  • Outposts support (AS NEEDED)
    • Add additional options to subnet "az" field (i.e. "us-east-1-atl-1a", instead of just "a")
    • Add "outpost-arn" field to subnet object
    • Add "lgw-route-table-id" field to VPC object
  • Enable route tables to target externally created objects (AS NEEDED)
    • Add "customer" option to route table "target" field
    • Add "type" and "target-id" fields to route table entries (i.e. "localGatewayId" and "lgw-12345678901234567")
Assets 6
Loading