Merge pull request #31 from aws-solutions/release/v2.0.5

Updated to version v2.0.5
aws-solutions · Jun 5, 2023 · 7a74da1 · 7a74da1
2 parents eb676be + 5cf23d3
commit 7a74da1
Show file tree

Hide file tree

Showing 51 changed files with 35,074 additions and 72,976 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -22,13 +22,12 @@ assignees: ""
 
 - [ ] Version: [e.g. v2.0.0]
 
-To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0134) - The AWS CloudFormation template for deployment of the Automations for AWS Firewall Manager. Version **v2.0.0**_". You can also find the version from [releases](https://github.com/awslabs/aws-firewall-manager-automations-for-aws-organizations/releases)
+To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0134) - The AWS CloudFormation template for deployment of the Automations for AWS Firewall Manager. Version **v2.0.0**_". You can also find the version from [releases](https://github.com/aws-solutions/aws-firewall-manager-automations-for-aws-organizations/releases)
 
 - [ ] Region: [e.g. us-east-1]
 - [ ] Was the solution modified from the version published on this repository?
 - [ ] If the answer to the previous question was yes, are the changes available on GitHub?
 - [ ] Have you checked your [service quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) for the services this solution uses?
-- [ ] Were there any errors in the CloudWatch Logs? [How to enable debug mode?](https://github.com/awslabs/aws-firewall-manager-automations-for-aws-organizations/#enable-debug-mode)
 
 **Screenshots**
 If applicable, add screenshots to help explain your problem (please **DO NOT include sensitive information**).

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,14 +5,23 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.5] - 2023-06-05
+
+### Changed
+
+- Update parameter names for consistency
+- Refactor to reduce code complexity
+- Update client configs to latest sdk version
+- Fix broken URLs in README
+
 ## [2.0.4] - 2023-04-21
 
 ### Changed
 
 - Fix npm json5 vulnerabilites [CVE-2022-46175](https://nvd.nist.gov/vuln/detail/CVE-2022-46175)
 - Upgrade AWS CDK dependencies to version 2
- - Changed the Object Ownership for logging bucket from 'Object writer' to 'Bucket owner enforced' to mitigate the impact caused by new S3 default settings.
- - Updated S3 bucket policy to support access logging.
+- Changed the Object Ownership for logging bucket from 'Object writer' to 'Bucket owner enforced' to mitigate the impact caused by new S3 default settings.
+- Updated S3 bucket policy to support access logging.
 
 ## [2.0.3] - 2022-12-14
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -6,23 +6,24 @@ documentation, we greatly value feedback and contributions from our community.
 Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
 information to effectively respond to your bug report or contribution.
 
+
 ## Reporting Bugs/Feature Requests
 
 We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
-When filing an issue, please check [existing open](https://github.com/awslabs/aws-firewall-manager-automations-for-aws-organizations/issues), or [recently closed](https://github.com/awslabs/aws-firewall-manager-automations-for-aws-organizations/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
+When filing an issue, please check [existing open](https://github.com/aws-solutions/aws-firewall-manager-automations-for-aws-organizations/issues), or [recently closed](https://github.com/aws-solutions/aws-firewall-manager-automations-for-aws-organizations/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
 reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
 
-- A reproducible test case or series of steps
-- The version of our code being used
-- Any modifications you've made relevant to the bug
-- Anything unusual about your environment or deployment
+* A reproducible test case or series of steps
+* The version of our code being used
+* Any modifications you've made relevant to the bug
+* Anything unusual about your environment or deployment
 
-## Contributing via Pull Requests
 
+## Contributing via Pull Requests
 Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
-1. You are working against the latest source on the _master_ branch.
+1. You are working against the latest source on the *main* branch.
 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
 
@@ -38,22 +39,23 @@ To send us a pull request, please:
 GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
 [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
 
+
 ## Finding contributions to work on
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/aws-firewall-manager-automations-for-aws-organizations/labels/help%20wanted) issues is a great place to start.
 
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/awslabs/aws-firewall-manager-automations-for-aws-organizations/labels/help%20wanted) issues is a great place to start.
 
 ## Code of Conduct
-
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
 For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 [email protected] with any additional questions or comments.
 
-## Security issue notifications
 
+## Security issue notifications
 If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
+
 ## Licensing
 
-See the [LICENSE](https://github.com/awslabs/aws-firewall-manager-automations-for-aws-organizations/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+See the [LICENSE](https://github.com/aws-solutions/aws-firewall-manager-automations-for-aws-organizations/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
+We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
diff --git a/NOTICE.txt b/NOTICE.txt
@@ -1,5 +1,12 @@
+Automations for AWS Firewall Manager
+
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-SPDX-License-Identifier: Apache-2.0
+Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except
+in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/
+or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+
 
 **********************
 THIRD PARTY COMPONENTS
@@ -8,7 +15,26 @@ This software includes third party software subject to the following copyrights:
 
 aws-sdk-js-v3 under Apache License 2.0
 aws-cdk under Apache License 2.0
+aws-cdk-lib under Apache License 2.0
 aws-solutions-constructs under Apache License 2.0
+@aws-sdk/client-s3 under Apache License 2.0
+@aws-solutions-constructs/aws-cloudfront-s3 under Apache License 2.0
+@aws-solutions-constructs/aws-eventbridge-lambda under Apache License 2.0
+@aws-sdk/client-fms under Apache License 2.0
+@aws-sdk/client-ec2 under Apache License 2.0 
+@aws-sdk/client-s3 under Apache License 2.0
+@aws-sdk/client-sns under Apache License 2.0
+@aws-sdk/client-sqs under Apache License 2.0
+@aws-sdk/client-fms under Apache License 2.0
+@aws-sdk/client-dynamodb under Apache License 2.0
+@aws-sdk/client-ram under Apache License 2.0
+@aws-sdk/client-route53resolver under Apache License 2.0
+@aws-sdk/client-ssm under Apache License 2.0
+@aws-sdk/middleware-retry under Apache License 2.0
+@aws-sdk/util-waiter under Apache License 2.0
+@aws-sdk/client-cloudformation under Apache License 2.0
+@aws-sdk/client-organizations under Apache License 2.0
+fs under Apache License 2.0
 csv-writer under MIT License
 got under MIT License
 uuid under MIT License

diff --git a/README.md b/README.md
@@ -73,7 +73,7 @@ The policy template requires following parameters:
 
 _Value for other parameters **Policy Table**, **Metric Queue** and **UUID** can be found out from output section of primary FMS automations stack_
 
-For more details on custom policy template, read here in the [implementation guide](https://docs.aws.amazon.com/solutions/latest/aws-firewall-manager-automations-for-aws-organizations/customize-policies.html)
+For more details on custom policy template, read here in the [implementation guide](https://docs.aws.amazon.com/solutions/latest/automations-for-aws-firewall-manager/customize-policies.html)
 
 ## Customization
 
@@ -249,7 +249,7 @@ Automations for AWS Firewall Manager solution consists of:
 
 ## Collection of operational metrics
 
-This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/aws-firewall-manager-automations-for-aws-organizations).
+This solution collects anonymized operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/automations-for-aws-firewall-manager/solution-overview.html).
 
 ---
 

diff --git a/deployment/aws-fms-automations.template b/deployment/aws-fms-automations.template
@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.4",
+  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.5",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -38,7 +38,8 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.0.4"
+        "SolutionVersion": "v2.0.5",
+        "UserAgentPrefix": "AwsSolution"
       }
     }
   },
@@ -286,7 +287,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.4/asset24842558b9c75d96211d69797ccc4f45a68b0202cdad21acedf6f2e97515a608.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.5/assetf61d8efdffd22a1aaf0e604e17c95273adfd0cfbc4bd714478dbdb7e5adea20b.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -326,27 +327,11 @@
               ]
             },
             "LOG_LEVEL": "info",
-            "CUSTOM_SDK_USER_AGENT": {
-              "Fn::Join": [
-                "",
-                [
-                  "AwsSolution/",
-                  {
-                    "Fn::FindInMap": [
-                      "CommonResourceStackMap",
-                      "Solution",
-                      "SolutionId"
-                    ]
-                  },
-                  "/",
-                  {
-                    "Fn::FindInMap": [
-                      "CommonResourceStackMap",
-                      "Solution",
-                      "SolutionVersion"
-                    ]
-                  }
-                ]
+            "USER_AGENT_PREFIX": {
+              "Fn::FindInMap": [
+                "CommonResourceStackMap",
+                "Solution",
+                "UserAgentPrefix"
               ]
             }
           }
@@ -463,7 +448,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.4/asset1eabd374284db340b74179e3429008132f5b6b0b7b28d472d852807d7f5f9746.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.5/asset8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -788,7 +773,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.4/assetaffb1a48bf50e8217e27ad04a18c084f4333ab82cce043250c7db971ef92de29.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.5/assetd72c40e9198a7f69e1e525c456cae4305e1dc8b40874eca18533b8157e166a7d.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -901,7 +886,7 @@
     "CDKMetadata": {
       "Type": "AWS::CDK::Metadata",
       "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/2VRTU/DMAz9LdzTwECAOLIJbojSca/cxJuytkmJk6Kp6n8ncVGZxCV+z/bzV27l4728uYJvKpRui840ctoHUK3YHWwJHnoM6DN5g2Ew9pjhzlltgnFWJF09ddA3GuT0Gq1ib0pZ8cuINuxd9AovKvz3zsJAL6fKdZgT2JauM+rMkzCaBd3VQISB5HM2icttVC2GLRAKfbbQO51W+IRmqcMg6b5ITh8RIzsXwC/rGP01u6DzLCoknlNwx3SbY95BRQqur/1vkGTp3Wh0PhVHVlXe5QKvt32PYYhhFtZplCe6HjcPcvOUvuJExhQ+2mB6lNVifwARyTzapgEAAA=="
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/2VRTU/DMAz9LdyzsA0JcWUTuyFKx71yEzNlbZJSJ0VT1f9O4qJSiUv8nu3nr+zl005u7+CbNko3m9bUcjwHUI04froCerAYsM/kFbrOuEuGR++0CcY7kXTV2IKtNcjxFJ1ib0pZ8MuALpx97BWuKvz3TsKAlWPpW8wJbAvfGnXjSRhNgh4qIMJA8jmbxOUhqgbDAQiFvjmwXqcVPqCe6zBIui+S43vEyM4Z8Ms6Rn/NVnSaRInEcwrumG5zyTuoSMHbqv8Nkix6PxidT8WRRZV3WeHltm8xdDFMwnmN8kr3w+5R7rfpK65kzKaPLhiLspztDyJ/yIymAQAA"
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/CDKMetadata/Default"
@@ -911,7 +896,7 @@
     "ComplianceStack": {
       "Type": "AWS::CloudFormation::Stack",
       "Properties": {
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.4/aws-fms-compliance.template",
+        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.5/aws-fms-compliance.template",
         "Parameters": {
           "MetricsQueue": {
             "Fn::GetAtt": [
@@ -939,7 +924,7 @@
     "PolicyStack": {
       "Type": "AWS::CloudFormation::Stack",
       "Properties": {
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.4/aws-fms-policy.template",
+        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.5/aws-fms-policy.template",
         "Parameters": {
           "PolicyTable": {
             "Ref": "FMSTable84B8646C"
@@ -985,7 +970,7 @@
       }
     },
     "MetricsSQSQueue": {
-      "Description": "SQS queue for solution anonymous metric",
+      "Description": "SQS queue for solution anonymized metric",
       "Value": {
         "Fn::GetAtt": [
           "MetricsQueue0DAB96B7",

diff --git a/deployment/aws-fms-compliance.template b/deployment/aws-fms-compliance.template
@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations compliance reporter resources. Version v2.0.4",
+  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations compliance reporter resources. Version v2.0.5",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -31,7 +31,7 @@
     },
     "MetricsQueue": {
       "Type": "String",
-      "Description": "Metrics queue for solution anonymous metrics"
+      "Description": "Metrics queue for solution anonymized metrics"
     }
   },
   "Mappings": {
@@ -41,7 +41,8 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.0.4"
+        "SolutionVersion": "v2.0.5",
+        "UserAgentPrefix": "AwsSolution"
       }
     }
   },
@@ -455,7 +456,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.4/asset7ca48ba4c31630e32e9bbd83b4930a1cc50ce235d4df68ede7e2560ed40a09e1.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.5/asset738d410bd06b89003de777add46019407797681fbd3f108c2e93f72586460f7a.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -529,27 +530,11 @@
                 ]
               ]
             },
-            "CUSTOM_SDK_USER_AGENT": {
-              "Fn::Join": [
-                "",
-                [
-                  "AwsSolution/",
-                  {
-                    "Fn::FindInMap": [
-                      "PolicyStackMap",
-                      "Solution",
-                      "SolutionId"
-                    ]
-                  },
-                  "/",
-                  {
-                    "Fn::FindInMap": [
-                      "PolicyStackMap",
-                      "Solution",
-                      "SolutionVersion"
-                    ]
-                  }
-                ]
+            "USER_AGENT_PREFIX": {
+              "Fn::FindInMap": [
+                "PolicyStackMap",
+                "Solution",
+                "UserAgentPrefix"
               ]
             }
           }
@@ -764,7 +749,7 @@
     "CDKMetadata": {
       "Type": "AWS::CDK::Metadata",
       "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/02RzU7DMBCEn4W7YygVII60EjdoSLlXjrOttkns1GsXISvvjn9Skotnxrv7SV4/8pcn/nAnfqiQTVt0WHP/CWSh2VshW7Y9qlIY0YMFE8OHGAZUJxYGDp7W3G+cbMHG0uSylLpD+TtfTzmHjSAYGSni/lsPKGNbNumcZ5dx72qSBgeLWsXaMgfYJcC+HDiItWzSOcMWcWSd6OtGcP/ulLwRl74E0yNRYqPoua90l9BJZ+iNR+uDIAJL/C0KgyuoEHzlprGg48gqIO2MBJa6wopPcZmhvnN2cGmN/y3Bb7VqMD9Q6Qb4me6vq2e+eg1fdibEwjhlsQdeZf0DWOxBKM4BAAA="
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/02Ry27DIBBFv6V7TPOQqm6bSN2ldZzuI4yn0cQ2OAykqpD/vTyc2hvuvczMkRg2/HXNV0/ihwrZtEWHNfcfQBaakxWyZftvVQojerBgYjiIYUB1YWHg7GnL/c7JFmwsTS5LqTuUv/P1lHPYCYKRkSLuv/SAMrZlk855dhlPriZpcLCoVawtc4DdAuzowEGsZZPOGbaII+tEXzeC+3en5IO49CWYHokSG0XPfaW7hE46Qx882p4FEVjib1EY3EGF4Cs3jQUdR1YBaWcksNQVVnyJywz1T2cHl9b43xL8XqsG8wOVboBf6fm+fuGbVfiyKyEWximLPfAq6x9YUz12zgEAAA=="
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/ComplianceGeneratorStack/CDKMetadata/Default"