v1.17.0 🌈

🚀 Features

• Feature | DataLake Reference Architecture v0.1 @exequielrafaela (#646)
• Feature | Genai PoC reference layer with AWS Bedrock added @martingaleano (#612) & (#630)
• Feature | Example for Step Functions workflow that integrates with API Gateway, Lambda, DynamoDB, and showcases a callback @diego-ojeda-binbash (#604)
• Feature | Securely manage ArgoCD secrets with AWS Secrets Manager integration for secrets handling. @lgallard (#581)
• Feature | A new reference architecture to support ECS deployments with DemoApps, providing a modular, production-ready setup. @angelofenoglio (#577)
• Feature | Adds a robust Kubernetes reference layer utilizing Kops, simplifying management and deployment on AWS. @juanmatias (#600)
• Feature | Enable centralized security monitoring and compliance tracking with AWS Security Hub. @rodriguez-matias (#573)
• Feature | Automate dependency management with Renovate, now configurable for this architecture to ensure up-to-date, secure dependencies. (https://www.mend.io/renovate/) (#582), (#595)

✨ Enhancements

• Enhancement | Refactor CloudTrail layer to: @diego-ojeda-binbash (#647)
  • Configured to operate as a delegated administrator in the Security account, enabling a centralized security model.
  • Set up as a multi-region, organization-wide trail for comprehensive activity monitoring and logging.
• Enhancement | Increase billing and budget alert threshold to accommodate to the expected budget @diego-ojeda-binbash (#601)
• Enhancement | improved shared/us-east-1/tools-costs-notifications/README.md doc @juanmatias (#572)
• Enhancement | Enable AWS Config in management account @martingaleano (#575)
• Enhancement | Remove null resource to delegate config to Security Account @martingaleano (#574)
• Enhancement | Create baseline layers for the DataScience account @diego-ojeda-binbash (#571)

🐛 Bug Fixes

• Fix | gatus helm-charts repo @lgallard (#596)
• Fix | ECS service and add small documentation @diego-ojeda-binbash (#592)
• Fix | Unpin patches version restriction @Franr (#578)
• Fix | Remove unnecessary tfvars in DemoApps network layer @diego-ojeda-binbash (#579)
• Fix | SSO updates and typos @rodriguez-matias (#634)
• Fix | Policy issue | Update terraform-aws-cloudtrail-s3-bucket module version @rodriguez-matias (#632)

Version Updates

• Update | chore(deps): update helm release argo-cd to v2.17.5 @renovate (#613)
• Update | chore(deps): update helm release ingress-monitor-controller-endpoint to v0.1.1 @renovate (#614)
• Update | chore(deps): update terraform github.com/binbashar/terraform-aws-cost-billing-alarm to v1.0.17 @renovate (#616)
• Update | chore(deps): update terraform github.com/binbashar/terraform-aws-cost-budget to v1.0.15 @renovate (#617)
• Update | chore(deps): update terraform github.com/binbashar/terraform-aws-domain-redirect to v1.0.1 @renovate (#618)
• Update | chore(deps): update terraform github.com/binbashar/terraform-aws-ec2-basic-layout to v0.3.34 @renovate (#619)
• Update | chore(deps): update terraform github.com/binbashar/terraform-aws-ecs to v5.11.4 @renovate (#620)
• Update | chore(deps): update terraform github.com/binbashar/terraform-aws-rds-export-to-s3 to v0.4.3 @renovate (#636)
• Update | chore(deps): update terraform github.com/binbashar/terraform-aws-guardduty-monitor to v1.2.1 @renovate (#621)
• Update | chore(deps): update terraform github.com/binbashar/terraform-aws-guardduty-multiaccount to v0.2.1 @renovate (#622)
• Update | Helm release gatus to v1.1.4 @renovate-bot (#597)

🔒 Security

• Security | Updating users, build.env and sso policy @exequielrafaela (#629)
• Security | Add new SSO users Dario Villavicencio and Nicolas Ferreira @rodriguez-matias (#627), (#625), (#624), (#608), (#606), (#602)
• Security | Grant full support permissions to Marketplace Sellers @diego-ojeda-binbash (#609)
• Security | Add us-west-2 to the allowed regions @diego-ojeda-binbash (#610)
• Security | Create IAM role for Drata on Production @diego-ojeda-binbash (#626)

📝 Documentation

• https://leverage.binbash.co

v1.16.0 🌈

Changes

🚀 Features

• Feature | Create DataScience account, set up permission sets and assignments @diego-ojeda-binbash (#562)
• Feature | AWS Cloudwatch Synthetics layer added @juanmatias (#552)

✨ Enhancements

• Enhancement | BBL-563 k8s eks addons moved to their own layer in acordance to the new EKS Ref Arch components doc @juanmatias (#549)
• Enhancement | Use latest version of tf-state module @martingaleano (#563)
• Enhancement | base-network: Update terraform provider and module versions and constraints @crcedenop (#555)

🐛 Bug Fixes

• Fix | Description in the feature request github issue template @borland667 (#556)
• Fix | Route53 Hosted Zone Output fixed @joseapeinado (#550)
• Fix | DemoApps workflows and remove old EKS layers @diego-ojeda-binbash (#560)
• Fix | shared vpn-server data source missing index @exequielrafaela (#570)

📝 Documentation

• doc | Update README.md broken link @exequielrafaela (#567)

v1.15.0 🌈

Overview

We are excited to announce the latest release of the Leverage Reference Architecture for AWS. This release introduces a range of new features, enhancements, and bug fixes, aimed at improving the functionality and user experience of our AWS infrastructure management tool.

🚀 New Features

• Layer Dependency Checker: Introduces a tool for checking dependencies between terraform layers, simplifying the management of complex infrastructures. Implemented by @juanmatias in PR #538.

• Start/Stop Module Update: Points the start/stop module to a modified updated version maintained by binbash, providing improved control over resource usage. Implemented by @juanmatias in PR #542.

• EC2 Fleet with EBS Attachment: Allows for the provisioning of EC2 fleets with attached EBS volumes, offering expanded storage solutions. Implemented by @juanmatias in PR #540.

• Cost Reporting Tool: Implements a tool for detailed cost reporting and analysis, aiding in budget management. Implemented by @joseapeinado in PR #535.

• EKS EFS Add-on in DemoApps: Adds an EFS file system provisioning layer to EKS in DemoApps, enhancing storage capabilities. Implemented by @diego-ojeda-binbash in PR #537.

• AWS Q Permission for DevOps Role: Adds permissions for AWS Q to the DevOps role, expanding the role's access and capabilities for this new GenAI based AWS assistant. Implemented by @crcedenop in PR #539.

• Cluster Over-provisioning controller for EKS in DemoApps: Adds over-provisioning controller capabilities to EKS clusters in DemoApps, optimizing resource allocation. Implemented by @diego-ojeda-binbash in PR #532.

✨ Enhancements

• EKS Additions: Includes ArgoCD notifications and kube Prometheus stack in EKS, enhancing monitoring and deployment capabilities. Implemented by @angelofenoglio in PR #534.

• Toolbox Image Version Bump: Updates the toolbox image version to 1.3.5-0.1.12, ensuring compatibility and performance improvements. Implemented by @angelofenoglio in PR #526.

🐛 Bug Fixes

• Cost Management Budget Threshold Update: Fixes issues related to budget threshold settings in cost management, enhancing accuracy and reliability. Implemented by @marcosgacosta in PR #545.

• Account Assignment Module Version Update: Resolves API errors by updating the account_assignment module version. Implemented by @rodriguez-matias in PR #528.

---

This release reflects our commitment to continuously improving the Leverage Reference Architecture for AWS, making cloud infrastructure management more efficient and user-friendly. We encourage users to explore these new features and enhancements and provide feedback for future improvements.

v1.14.0 🌈

Changes

🚀 Features

• Feature | management/global/base-identities Marketplace & AWS IQ users updated @exequielrafaela (#525)
• Feature | add binbash.co dns hosted zone + redirect from binbash.com.ar @exequielrafaela (#520)
• Feature | [POC] Security Tool Wazuh @diego-ojeda-binbash (#506)

✨ Enhancements

• Enhancement | Use a custom VPC Flow Logs format on both EKS DevStg VPCs @diego-ojeda-binbash (#522)
• Enhancement | ISSUE-495 | Enhancement: sync LZ Template into Ref-Arch Mgmt Org layer @rodriguez-matias (#509)
• Enhancement | RDS snap export s3 @eze-godoy (#517)
• Enhancement | EKS DemoApps upgrade plus Add-ons @diego-ojeda-binbash (#510)

🐛 Bug Fixes

• Fix | FluentBit defaults to ensure they create indices by day instead o… @diego-ojeda-binbash (#513)
• Fix | ISSUE-521: add github OIDC thumbprints @rodriguez-matias (#523)
• Fix | EKS DemoApps Add-ons implementation which was failing at cluster … @diego-ojeda-binbash (#515)
• Fix | removing apps-devstg/us-east-1/databases-mysql duplicated layer @exequielrafaela (#514)

v1.13.0 🌈

Changes

🚀 Features

• Feature | feature add reference secret manager implementation demoapps @marianod92 (#503)
• Feature | adding axel.mainel user via AWS IdC (sso) @exequielrafaela (#504)
• Feature | Add export to S3 module @lgallard (#488)
• Feature | adding martin.galeano user via AWS IdC (sso) @exequielrafaela (#502)
• Feature | LEWW-93 | shared-base-dns: create dns record for google search console @rodriguez-matias (#496)
• Feature | Enable ALB access logs for EKS clusters @Franr (#484)
• Feature | Add FinOps tools @diego-ojeda-binbash (#492)
• Feature | Add SSO DevOps role as an admin of the DemoApps cluster @diego-ojeda-binbash (#490)
• Feature | Migrate from JumpCloud to AWS IAM Identity Center (SSO) @diego-ojeda-binbash (#481)
• Feature | Enhancement | Implement VPC Flow logs on EKS VPCs @Franr (#478)
• Feature | BBL-535 | Sync RDS Postgres layer @angelofenoglio (#463)

✨ Enhancements

• Enhancement | Update build.env for latests 1.2.7-0.1.7 features and fixes @exequielrafaela (#494)
• Enhancement | Grant SSO Devops role permissions on SecretsManager @diego-ojeda-binbash (#491)
• Enhancement | tools-cloud-nuke: Update versions constraint @rodriguez-matias (#489)
• Enhancement | Remove SecOps role @eze-godoy (#487)
• Enhancement | base-dns: Update versions constraint @rodriguez-matias (#475)
• Enhancement | ISSUE-3 updated toolbox version @juanmatias (#479)
• Enhancement | container-registry : Update versions constraint @rodriguez-matias (#473)
• Enhancement | Chore: Update ArgoCD deployment definition to allow Web Terminal in UI @angelofenoglio (#472)
• Enhancement | Update build.env @juanmatias (#471)
• Enhancement | Issue 3 fitting demoapps needs @juanmatias (#470)
• Enhancement | Update build.env @juanmatias (#469)
• Enhancement | Github Self-Hosted runner module updated @juanmatias (#464)

🐛 Bug Fixes

• Fix | readme.md links @exequielrafaela (#505)

📝 Documentation

• Doc | Clarify Pritunl VPN server https/ssl cert renewal steps @Franr (#480)
• Doc | mananagement aws organizations layer README.md merge @exequielrafaela (#467)

v1.12.0 🌈

🚀 Features

• Feature | Add Kube Prometheus Stack to the DemoApps @diego-ojeda-binbash (#462)
• Feature | Add configuration required for AWS WAFv2 logging @marianod92 (#449)

✨ Enhancements

• Enhancement | notifications: Update versions constraint + Update module version @rodriguez-matias (#459)
• Enhancement | ISSUE-460 Toolbox version fixed @juanmatias (#461)
• Enhancement | ISSUE-152 Refactored RefArch-CLI-Toolbox test @juanmatias (#458)
• Enhancement | base-network: Update versions constraint + Update module version @rodriguez-matias (#450)
• Enhancement | base-identities: Update versions constraint + Update module version @rodriguez-matias (#454)
• Enhancement | security-base: Update versions constraint @rodriguez-matias (#453)
• Enhancement | security-keys: Update versions constraint + Update module version @rodriguez-matias (#451)
• Enhancement | BBL-541: cost optimization - update natgw and cloudwatch @rodriguez-matias (#452)
• Enhancement | security-audit / Update versions constraint + Update module version @rodriguez-matias (#442)
• Enhancement | Added MarketplaceSeller SSO assignment and permission set @mpagnucco (#448)
• Enhancement | Admin Group policies on Management Account @eze-godoy (#455)

🐛 Bug Fixes

• Fix | ConsoleSignInWithoutMfaCount false positive on Management Account @eze-godoy (#456)
• Fix | Issue 40 test cli refarch failing @juanmatias (#444)

📝 Documentation

• Doc | improve tools vpn server inline comments + aws-organization README.md added @exequielrafaela (#447)
• Doc | Add example to generate SSH keys @diego-ojeda-binbash (#443)

v1.11.0 🌈

Changes

🚀 Features

• Feature | GitHub Actions OIDC integration and more @diego-ojeda-binbash (#438)
• Feature | Implement ArgoCD worflows in K8s clusters @angelofenoglio (#434)
• Feature | Implement external-secrets for Apps-DevStg K8s-EKS cluster @angelofenoglio (#416)
• Feature | Add AWS Guardduty Kubernetes and Malware Protection @marianod92 (#435)

✨ Enhancements

• Enhancement | DemoApps Google Microservices @diego-ojeda-binbash (#439)
• Enhancement | Upgrade node-exporter version and add Security Group Rules @marianod92 (#437)
• Enhancement | Rename Prometheus & Grafana folder @marianod92 (#436)
• Enhancement | Add the enhancements category to our release template l… @exequielrafaela (#433)

🐛 Bug Fixes

• Fix | 'ConsoleSignInWithoutMfaCount' false positive alarm when users access via SSO @diego-ojeda-binbash (#441)

v1.10.0 🌈

Changes

🚀 Features

• Enhancement | Upgrade tfstate-backend cross-account layer version aws provider 4.0 @damianleys (#432)
• Enhancement | Upgrade tfstate-backend version to add public access block to the replication bucket @damianleys (#431)
• Feature | Security WAFv2 with demo ALB @marianod92 (#428)
• Feature | Workflow and layer to test leverage CLI @angelofenoglio (#427)
• Enhancement | implementing aws inspector2 @damianleys (#426)
• Enhancement | Update AWS Required Providers & Update WAFv2 Module Version @marianod92 (#425)
• Feature | apps-devstg/databases-aurora/ Update versions constraint + Update modules version @rodriguez-matias (#424)
• Enhancement | Management IAM admins improvement @eze-godoy (#419)
• Enhancement | Shared/ container-registry bump modules version @damianleys (#420)
• Enhancement | wafv2 fix rules and add outputs @marianod92 (#418)
• Enhancement | Add networkmanager / firewall permissions to DevOps IAM Policy @marianod92 (#415)
• Feature | security-certs layer code syntax improvement @fgauchat-binbash (#412)
• Feature | cdn-s3-frontend/ layer update versions constraint + Update modules versions @rodriguez-matias (#408)
• Feature | storage/s3-bucket-demo/ Update versions constraint + Update modules version @rodriguez-matias (#411)

🐛 Bug Fixes

• Fix | Issue/256 s3 public access restriction @marianod92 (#421)
• Fix | /shared/us-east-2/container-registry @damianleys (#423)
• Fix | Feature/prune configuration and files @marianod92 (#417)
• Fix | global config variables fixed @exequielrafaela (#406)

📝 Documentation

• Doc | README.md-update-banner @exequielrafaela (#429)

v1.9.0 🌈

Changes

🚀 Features

• Feature | terraform aws apps-devstg/us-east-1/k8s-eks/k8s-components and k8s-workloads layers @exequielrafaela (#405)
• Enhancement | Refactor common.tfvars account vars @eze-godoy (#402)

🐛 Bug Fixes

• apps-devstg/us-east-1/k8s-eks-v1.17 adjustments @exequielrafaela (#404)

📝 Documentation

• Doc | apps-devstg-k8s-eks layer README.md improvement @exequielrafaela (#403)

v1.8.1 🌈

Changes

🚀 Features

• Enhancement | Add enable ssm access variable @angelofenoglio (#401)
• Feature | apps-devstg/us-east-1/k8s-eks/cluster layer baseline for terraform-aws-eks 1.18 module @exequielrafaela (#400)
• Feature | apps-devstg/us-east-1/k8s-eks/network layer baseline for terraform-aws-eks 1.18 module @exequielrafaela (#399)
• Feature | k8s-eks-v1.17 layer tested @exequielrafaela (#398)
• Feature | structuring code to support both k8s-eks-v1.17 (module) and latest k8-eks version @exequielrafaela (#397)
• Feature | ec2-fleet/ Update versions constraint + Update modules versions + Enable SSM service @rodriguez-matias (#396)"