Releases: sysdiglabs/terraform-aws-secure-for-cloud
v0.10.9
Bug Fixes
- fix: ACL issue by @hayk99 in #167
removing ACL block since it's no longer supported by AWS
Adding aws_s3_bucket_ownership_controls to block ACL modifications
Documentation
-
refresh/clarify org-three-way
-
optionall to use containerInsight on the ECS cluster
-
ads usage on coudrail-s3-sns-sqs
-
raise features on docs
v0.10.8
Bug Fixes
- Remove legacy benchmark task creation (#165)
Removes creation of a deprecated resource.
Benchmarks has been replaced by a new Compliance system, which is
triggered by the creation of the cloud account. The explicit creation of
a benchmark task is thus not needed, and is failing since the API has
been disabled.
Documentation
-
spacing
- clarify use-case
Features
-
add ability to turn off S3 public access block (#164)
Copy of #162 with renaming of variables.
Co-authored-by: jameslarrea <97474779+jameslarrea@users.noreply.github.com>
Small Modifications
- cloud-bench: adds failure tolerance and max concurrent count (#161)
v0.10.7
v0.10.6
Bug Fixes
- ECS autoscale (#159)
- fix autoscale since previous composition was not working as expected
- fix scaledown and bypass hashicorp/terraform-provider-aws#10376
- expose as inputs
autoscaling_confing
Documentation
- redirect compliance only use-case to official docs
v0.10.5
v0.10.4
v0.10.3
Documentation
-
Clarify externalID format
- Update compliance-role-single-account.md (#154)
Use correct module path in example
-
Give some air to aws vs. general
-
Create headers for proper linking
-
Organizational compliance role use-case (#153)
-
Clarify region requirement on questionnaire
Small Modifications
-
Make cloud-connector image configurable (#156)
v0.10.2
Full Changelog: v0.10.1...v0.10.2
Small Changes
- move trigger example to test in #144
- terrascan compliance in #146
- Require all requests to S3 Bucket to be SSL (PCI.S3.5) and enable encryption at rest (PCI.S3.4) in #149
- ignore terraform lifecycle fields that are not in sync with backend in #151
Documentation
- refactor use-cases in #138
- merge manual use-case for org-three-way with sns in #139
- split manual compliance use-cas in #140
- organizational optional limitations in #141
- default-tags usage in #142
- non-normative organizational review in #143
- homogeneize three-way use-case in #145
- fix broken link in #147
- clarify troubleshooting and add 403 error on policies by @dalejrodriguez in #148
New Contributors
- @dalejrodriguez made their first contribution in #148
v0.10.1
Bug Fixes
- Add ECRReader permission role to beta scanner ecr (#134)
- do not deploy aws-ecr scanning when set to false (#136)
Documentation
- clarify ssm
- add link to image scanning
- add KMS on the created resources
- troubleshoot error on TF 1.3
- clarify questionnaire and remove selection guides (will restore them)
Style
- remove trailing whitespace and fix linter (#135)
v0.10.0
Full Changelog: v0.9.10...v0.10.0
⚠️ Breaking Changes
- Upgrade terraform 1.3 requirement and remove experimental
optional
usage by @wideawakening in #132
If the use of a terraform version <1.3 is required, pin down the latest supported Secure for Cloud Module
module "secure-for-cloud" {
source = "sysdiglabs/secure-for-cloud/aws"
version = "0.9.10"
}
WIP Feature
- Replacement of the legacy scanning engine, for the new one, by @miketnt in #131
This feature is a small step for the adoption of the new Vulnerability Management engine scanner.⚠️ no support given yet
Documentation
- troubleshooting; homogeneize and add more data for "i don't see"
- clarify ECR in org-management account
Continuous Integration
- Added codeowners
- Enhance PR template with tips to test branch code