StackZone AWS Core: v4.49.x Release

New Features:

• Added UAE (me-central-1) as new StackZone primary region
• Added AWS Config Rule Auto Scaling Group Launch Config Hop Limit
• Added AWS Config Rule Auto Scaling Group Launch Config Requires IMDSv2
• Added AWS Config Rule CloudFront SNI Enabled
• Added AWS Config Rule CloudFront Traffic to Origin Encrypted
• Added AWS Config Rule CodeDeploy EC2 Minimum Healthy Hosts Configured
• Added AWS Config Rule EC2 Instance Multiple ENI Check
• Added AWS Config Rule EC2 Security Group Attached to ENI Periodic
• Added AWS Config Rule EC2 Token Hop Limit Check
• Added AWS Config Rule EFS Access Point Enforce Root Directory
• Added AWS Config Rule EFS Access Point Enforce User Identity
• Added AWS Config Rule Kinesis Stream Encrypted
• Added AWS Config Rule Security Account Information Provided
• Added No Automatic Remediation Option to all Remediations - This feature gives clients the option to have AWS Config Rule Remediations perform automatically or trigger manually. If you prefer your AWS Config Rule Remediation to remediate all of your resources automatically, enable this feature! Or, if you prefer more fine-grained control, you can leave automatic as disabled and choose to trigger the Remediation from the Operations Module

Bug Fixes:

• All Lambda functions were migrated to ARM64
• All Lambda functions remaining in Python 3.8 were migrated to Python 3.11
• Fixed Conditions to Remediations which use SSM Documents from AWS as these SSM Documents are not supported in some regions
• Fixed exception when enabling SSM Explorer
• Upgrade StackZone CodeBuild ECR image
• Cleanup unused / duplicated parameters in StackZone Operations Policy
• Added Malware Protection Plan permissions
• Fixed / Updated several Info Panels

• Some queries in the Operations Module may fail due to timeouts if your AWS Accounts List and Regions are on the larger side ( >20 )
• Remediations in Operations > Security Compliance > Rules may fail when executed
• Baseline Resources may fail due to CloudFormation errors outside of our control when updating Config Rules Stacksets in your Organization. If this happens, contact Support who can resolve this

Bug Fixes:

• Fixed regional conditions for several AWS Config Remediations
• Fixed a bug in Instance Scheduler feature that could potentially make the Upgrade process to fail

Bug Fixes:

1. Fixed labels for Guardrails and Automatic Remediations, so they show properly under Deployment History
2. Fixed STNO race condition that might lead to a failed deployment
3. Added a new Lambda function to improve enabled-regions management prior to pipeline run
4. Fixed a bug in the Baseline template in which GuardDuty wasn't deployed in the initial onboarding
5. Fixed issues with ServiceTimeouts in custom CloudFormation resources that may lead to failure in deployment

Want to know more about StackZone and how to make your cloud management simple and secure?