StackZone AWS Core: v4.44.x Release

Release Notes

Eduardo Van Cauteren

Last Update 7 个月前

Highlights

New Features:

  • AWS Config Rule: WAF Global Rule Group Not Empty
  • AWS Config Rule: WAF Regional Rule Group Not Empty
  • AWS Config Rule: WAF Global Rule Not Empty
  • AWS Config Rule: WAF Regional Rule Not Empty
  • AWS Config Rule: WAF Global Web ACL Not Empty
  • AWS Config Rule: WAF Classic Logging Enabled
  • Added the ability to disable the yearly rotation for AWS KMS keys created by StackZone
  • Several Config Rules are now enabled by default since they are required for the Operations > Advisor new feature:
    • Config Rules Global:
      • Account Part of Organizations

      • IAM Access keys Rotated

      • IAM Password Policy

      • Root MFA Enabled

    • Config Rules Regional:
      • ASG: AutoScaling Group Capacity Rebalancing
      • Backup: Recovery Point manual deletion disabled
      • CloudFormation: CloudFormation Stack Notification Check
      • CloudFront: CloudFront Access Logs Enabled
      • CloudFront: CloudFront Origin Failover Enabled
      • CloudTrail: CloudTrail Amazon CloudWatch Logs Enabled
      • CloudTrail: CloudTrail S3 Dataevents Enabled
      • CloudTrail: Multi Region CloudTrail Enabled
      • CloudWatch: CloudWatch Alarm Action Enabled Check
      • CloudWatch: CloudWatch Retention Period Check
      • Development: API Gateway Execution Logging Enabled
      • Development: API Gateway X-Ray Enabled
      • Development: CodeBuild Project Logging Enabled
      • Development: CodeDeploy Auto Rollback Monitor Enabled
      • Development: CodeDeploy Lambda All at Once Traffic Shift Disabled Check
      • Development: Lambda Function Concurrency
      • Development: Lambda Function Dead Letter Queue
      • DynamoDB: DynamoDB Autoscaling Enabled
      • DynamoDB: DynamoDB in Backup Plan
      • DynamoDB: DynamoDB PITR Enabled
      • EBS: EBS in Backup Plan
      • EBS: EBS Optimized Instance
      • EC2: AutoScaling Group Created From Launch Template
      • EC2: AutoScaling Group Multi AZ
      • EC2: AutoScaling Group Using ELB Healthcheck
      • EC2: EC2 Instance Association Compliance Status
      • EC2: EC2 Instance Detailed Monitoring Enabled
      • EC2: EC2 Instance Managed by SSM
      • EC2: EC2 Paravirtual Instance Check
      • EC2: EC2 Stopped Instance
      • EC2: ELB Cross Zone Load Balancing Enabled
      • ECR: ECR Private Lifecycle Policy Configured
      • ECR: ECR Private Tag Immutability Enabled
      • ECS: ECS Containers Insights Enabled
      • ECS: ECS Fargate Latest Platform Version
      • ECS: ECS Task Definition Log Configuration
      • ECS: ECS Task Definition Memory Hard Limit
      • EFS: EFS in Backup Plan
      • Elasticache: Elasticache Redis Backup enabled
      • Network: Classic Load Balancer in Multiple AZs
      • Network: Elastic Load Balancer Deletion Protection
      • Network: Elastic Load Balancer in Multiple AZs
      • Network: Elastic Load Balancer Logging
      • Network: Elastic Load Balancer TLS https Listener Only
      • Network: VPC Elastic IP Attached
      • Network: VPC Flowlogs Enabled
      • Network: VPC VPN 2 Tunnels Up
      • PCI-DSS: EBS Snapshot Not Public Restorable
      • PCI-DSS: EBS Snapshot Not Public Restorable
      • PCI-DSS: Elastic Beanstalk Managed Updates
      • PCI-DSS: Lambda Function Supported Runtime
      • PCI-DSS: OpenSearch Logs to CloudWatch
      • PCI-DSS: RDS Snapshot Public Access Prohibited
      • RDS: RDS Aurora Backtracking Enabled
      • RDS: RDS Cluster Deletion Protection Enabled
      • RDS: RDS Cluster Multi AZ Enabled
      • RDS: RDS Encryption Enabled
      • RDS: RDS Enhanced Monitoring Enabled
      • RDS: RDS in Backup Plan
      • RDS: RDS Instance Multi AZ Enabled
      • RDS: RDS Instances Backup Enabled
      • RDS: RDS Minor Version Upgrade Enabled
      • RedShift: Cluster Audit Logging Enabled
      • RedShift: Cluster Backup Enabled
      • S3: S3 Bucket Event Notifications Enabled
      • S3: S3 Bucket Lifecycle Policy Enabled
      • S3: S3 Bucket Replication Enabled
      • S3: S3 Bucket Version Lifecycle Policy Enabled
      • S3: S3 Bucket Versioning Enabled
      • SNS: SNS Topic Message Delivery Notification Enabled

      Bug Fixes

      Bug Fixes:

      • Added .Net8 to Supported Runtimes for AWS Config Rule Lambda Supported Runtime
      • Fixed an issue with S3 AntiVirus where the Ruby SDK would not consistently build the URI correctly resulting in incorrect scanning request
      • Added ServiceCatalog and KMS read permissions to SupportRole
      • Fixed a small number of Info Panels
      • Fixed AWS Price Updates subscription
      • Fixed several fields validations in Provisioning
      • Fixed subscription in AWS Price Updates

      Known Issues

      • STNO deployment fails when there are more than one StackZone enabled region in the Organization
      • Remediations in Operations > Security Compliance > Rules may fail when executed

      Want to know more about StackZone and how to make your cloud management simple and secure?

      Check our how it works section with easy to follow videos or just create your own StackZone Account here

      Was this article helpful?

      0 out of 0 liked this article

      Still need help? Message Us