v0.9.10

Full Changelog: v0.9.9...v0.9.10

Features

• add deploy_aws_iam_user optional for example/single-k8s by @jprieto92 @wideawakening in #124

In order to avoid IAM user credentials for k8s, use the following terraform input parameter:

    module "secure_for_cloud_aws_single_account_k8s" {
      source = "sysdiglabs/secure-for-cloud/aws//examples/single-account-k8s"
      deploy_aws_iam_user = false
      ...
    }

Documentation

• clarify scanning start logs on force events

New Contributors

• @jprieto92 made their first contribution in #124

v0.9.9

Features

• Expose s3 log retention (#130)

v0.9.8

Full Changelog: v0.9.7...v0.9.8

Bug Fixes

• fix: cloudtrail creation conditional in #129

  after the existing_cloudtrail_config refactor the deploy_cloudtrail flag was not correctly setup

Documentation

• Contribute. Howto unlock tf state for tests
• Org. Use case variables clarify org existing_cloudtrail_config

v0.9.7

Full Changelog: v0.9.6...v0.9.7

Features

• feat: organizational, add support for single-account deployment by @wideawakening in #128
  small steps to go for organizational single-account setup as required by many customers;
  ⚠️ scanning still not supported
  • added use-case explanation
  • added deploy_benchmark_organizational to deploy cloud-bench module
    on single account OR stackset (organizational)
  • added test (wip, evaluating if required time makes sense)

Documentation

• Added DecisionRecord
• Some more General Troubleshooting insights

v0.9.6

Full Changelog: v0.9.5...v0.9.6

Use-Cases

• use-case for no terraform org three-way k8s threat compliance by @wideawakening in #122

Small Changes

• Create CODEOWNERS file by @tembleking
• Added Makefile 🥳 and update READMEs with provider versions by @tembleking in #127
• Remove unneeded configuration_aliases in sysdig provider by @tembleking in #126

Documentation

• Remove unneeded configuration_aliases in sysdig provider by @hayk99 and @tembleking (#126)
• clarify ecs requirements on cluster/vpc/subnet by @wideawakening in #123
• s/existing_cloudtrail_s3_config/existing_cloudtrail_config/g
• clarify aws ingestion types
• clarify force events
• sync cloudtrail available options
• fix Terraform Registry links

v0.9.5

Full Changelog: v0.9.4...v0.9.5

Small Modifications

• chore: remove deprecated sqs:*batch actions by @wideawakening in #121

Documentation

• troubleshooting for organizational management account ECR scanning
• troubleshoot not getting datasources alias
• troubleshoot for group already exists
• forcing events, clarify what's technically expected when image is scanned
• k8s example, clarify any kind of K8S cluster can be used for
• upgrading, clarify procedure

@hayk99 🙇🏽

v0.9.4

Feature

• feat!: Enable in org-ecs, cloudtrail-s3-sns-sqs ingestor (#103)

Documentation

• add more questions to questionnaire
• upgrade howto
• troubleshooting when no logs in ECS task
• permissions clarifications

v0.9.3

Small Modifications

• avoid benchmark collision leveraging name var (#115)
• restore required_providers for aws provider (#114)
• remove sns member policy for sns:Subscribewhen not-required (#116)

Doc

• add question about org account purpose and cloud landing zones
• add region questions

v0.9.2

Features

• Allow deploying all resources in management account (#112)

v0.9.1

Bug Fixes

• Limit KMS IAM policy principal to account id (#76)