Reverted change for dynamic OU and disable the AWS Config service role check

What's Changed

• Add the ssm parameter GuardDuty subscription filter name to client accounts by @silavjy in #208
• Merged fom Master by @silavjy in #210
• Merge from Master by @silavjy in #213
• Release 1 5 13 fixes by @tutunal in #215

New Contributors

• @tutunal made their first contribution in #215

Full Changelog: 1.5.12...1.5.13

Bugfix LZ install script for client accounts

What's Changed

• Add the ssm parameter GuardDuty subscription filter name to client accounts by @silavjy in #209
• Updated LZ script (client) updated version and added manifest for new release by @silavjy in #211
• Fixes on LZ client install script by @silavjy in #212

Full Changelog: 1.5.11...1.5.12

Bugfix for CIS control, CloudWatch logs groups and KMS policies

• Disabled CIS control 1.14 for standard AWS Foundational Security Best Practices v1.0.0 on all regions
• Change strategy cor custom Cloudwatch streaming, instead of using CloudWatch log groups, use Filter names for custom index.
• Modify Role used by Log shipper lambdas - limit KMS policies

What's Changed

• Master by @silavjy in #207

Full Changelog: 1.5.10...1.5.11

Fix for GD logs from regions other than eu-west-1 not being shipped to splunk

Implements a fix to Event rule sending GD events to the Eventbus of the SECLOG account. Works for all regions.

What's Changed

• Release/1.5.9 by @silavjy in #198
• 201 gd logs from regions other thatn eu west 1 not being shipped to splunk by @silavjy in #202

Full Changelog: 1.5.9...1.5.10

AWS Policy change on S3 buckets for Public Access and Object Ownership

Fixes included:

• Fix release issue of S3 buckets due to policy change by AWS #197

Fix regression on Installation script

Fixes included:

• issue on the EC-Setup-Seclog.sh script that prevented the AWSCloudFormationStackSetExecutionRole from being deployed. #196
• Fix dependency on linked_status variable for update script #195

Upgrading from 1.5.7 is not required for this release.

Update role following AWS has changed its policy and enhance pre-flight checks on LZ update

Updated role and functional changes implemented to simplify LZ management

• #191 - Enhance pre-flight check on EC-Switch-SECLOG.py script
• #190 - Update AWSCloudFormationStackSetExecutionRole to include itself as principal
• #192 - Remove non SSL access on artefacts bucket

Can upgrade release/1.5.5 or release/1.5.6.

What's Changed

• Release/1.5.7 by @silavjy in #194

Full Changelog: 1.5.6...1.5.7

New scripts for managing SECLOG account switch and LZ deletion

Functional changes implemented to simplify LZ management.

• Update Readme.md documentation. Deleted EC-Create-Account.sh script (deprecated)
• Added switch SECLOG script
• Added Delete landing zone script

Upgrading from 1.5.5 is not required for this release.

Added missing update on runtime engine for a lambda function

Update runtime engine for lambda LandingZoneLocalSNSNotificationForwarder to python3.9

LZ alignment with AWS updated policies

Minor enhancements and required updates as follows:

• upgraded lambda runtime python to 3.9 related of an EOL for python 3.6
• changed SSL permissions set * as principal all bucktes
• removed action from lambda code bucket policy PutObjectAcl
• replaced all AWSConfigRole to AWS_ConfigRole related of an AWS policy update