v1.9.0
Important
We highly recommend that you keep your environments up to date by upgrading to the latest version. See Update the solution for the required actions to upgrade.
New Configuration Repository Location
Parameter for Installation
New LZA Installations:
This release provides the opportunity for new installations to leverage Amazon S3 for storing the LZA configuration files which was previously managed by AWS CodeCommit. New installations of LZA are recommended to use s3
as this will be the default source location for the LZA configuration repository moving forward.
Existing LZA Environments / LZA Version Upgrades:
When performing an upgrade to the latest version of LZA, this parameter will not be automatically selected and will require manual intervention. For upgrades of LZA, please select codecommit
as it is not currently supported to migrate from AWS CodeCommit repository to S3 bucket. This feature is prioritized for an upcoming release.
Added
- feat(s3): added use of S3 as a configuration repository location
- feat(network): allow Route53 resolver endpoints and query logging to be defined in the VPC object.
- feat(control-tower): integrate lz management and lz baseline api
- feat(control-tower) integrate lz management and baseline api for external account deployment
- feat(control-tower): lz management api gov cloud support
- feat(control-tower): add global region into the Control Tower governed region list
- feat(logging): add cloudwatch log group data protection policy
- feat(securityhub): allow custom cloudwatch log group for events
Fixed
- fix(bootstrap): Failed to publish asset when cdkOptions.centralizeBuckets: true
- fix(control-tower): add validation to check incorrect landing zone version in global config
- fix(control-tower): new lza installation overrides existing control tower settings
- fix(organizations): unable to create ou with same name under different parent
- fix(organization): ou baseline operation should be skipped when Control Tower is not enabled
Changed
- chore: add commitlint to precommit hook
- chore: upgrade cdk to 2.148.0
- chore: bump cdk bootstrap to 20
- chore(documentation): update opt-in region requirement for Control Tower deployment
- chore(documentation): update merge request template to add unit test information
- chore(test): update all-enabled custom config rule lambda python version