Releases: binbashar/le-tf-infra-aws
Releases · binbashar/le-tf-infra-aws
v1.4.3 🌈
Changes
🚀 Features
- Add VPC attachment appliance mode support @lgallard (#338)
- Feature/reference storage hipaa s3 bucket @exequielrafaela (#341)
- Update SSO layer with the latest updates from DR @diego-ojeda-binbash (#342)
Contributors
lgallard, exequielrafaela, and diego-ojeda-binbash
Assets 2
v1.4.2 🌈
Changes
🚀 Features
- Feature/base-identities @exequielrafaela (#340)
- Feature | new security and root users (with latest tf-aws-iam module + cloudtrail cw alerts thresholds adjusted @exequielrafaela (#339)
- Feature | security-monitoring IDS Guardduty Update @exequielrafaela (#336)
- Feature/guarduty updated to support s3 protection @exequielrafaela (#334)
- Feature | moving cost-management layer to global scope dir @exequielrafaela (#333)
- Feature/reference storage hipaa s3 bucket @exequielrafaela (#341)
📝 Documentation
- Doc | Adding leverage terraform reference cmds to README.md @exequielrafaela (#337)
Contributors
lgallard and exequielrafaela
Assets 2
v1.4.1 🌈
Changes
🚀 Features
- Feature | security-monitoring IDS Guardduty Update @exequielrafaela (#336)
- Feature/guarduty updated to support s3 protection @exequielrafaela (#334)
- Feature | moving cost-management layer to global scope dir @exequielrafaela (#333)
- Feature/update vpc modules @lgallard (#325)
📝 Documentation
- Doc | Adding leverage terraform reference cmds to README.md @exequielrafaela (#337)
Contributors
lgallard and exequielrafaela
Assets 2
v1.4.0 - 2021-11-10T16:55:06Z
v1.3.81 - 2021-11-09T13:38:06Z | JumpCloud & AWS SSO DevOps Group Permissions Set
- 1e21039 Updating CHANGELOG.md via make changelog-patch for v1.3.81 [ci skip]
- 7d348a4 Create a custom policy and permission set for DevOps, plus other small adjustments (#331)
v1.3.80 - 2021-11-08T01:08:17Z | JumpCloud & AWS SSO: Create Permission Sets and Account Assignments
- 33e5986 Updating CHANGELOG.md via make changelog-patch for v1.3.80 [ci skip]
- 44b7664 JumpCloud & AWS SSO: Create Permission Sets and Account Assignments (#328)
v1.3.79 - 2021-11-03T20:49:28Z | Notifications Layers Modules Update
- 8219e71 Updating CHANGELOG.md via make changelog-patch for v1.3.79 [ci skip]
- 47c5b2c Merge pull request #327 from binbashar/feature/update-notifications
- c408c30 Update notifications layers
- eafcd9b Add secops role in devstg
v1.3.78 - 2021-11-03T13:35:39Z | Modules Upgrade KMS Keys, Network, CloudTrail
- 746a8ef Updating CHANGELOG.md via make changelog-patch for v1.3.78 [ci skip]
- ff6c684 Merge pull request #326 from binbashar/feature/security-layers
- ec63f0d disabling terraform validate in pre-commit since it's failing to be reviewed in a future PR
- baeedd7 adding Circleci new variable for Ref Arch terraform version 1.0.9
- e276143 apps-devstg/us-east-1/database-aurora/rds-export-to-s3 module fixed to its latest version instead of master
- f1237f8 Using latest makefile lib test file for terraform v1.0.9 + deprecating tflint (not support for recursive checks) + updating pre-commit terraform hook checks including terraform validate
- 73577de make pre-commit applied to get terraform fmt command applied
- 04ae7a0 Update shared / security-audit terraform modules
- 3cd2eef Update root / security-audit terraform modules
- 3b7e19d Update network / security-audit terraform modules
- d3910e0 Change string to boolean values
- 57991aa Update devstg / security-audit terraform modules
- a92ef50 Update security-audit terraform modules
- 186ac73 Update terraform-aws-kms-key module version
- 90ce616 Grant CloudWatch to use KSM Keys
v1.3.77 - 2021-10-30T05:12:55Z | Adding SMS notifications to Billing and Budget Alerts
- 5890beb Updating CHANGELOG.md via make changelog-patch for v1.3.77 [ci skip]
- bf70677 Merge pull request #317 from binbashar/feature/sms-budget-billing-notifications
- b539185 Add SNS Topic for Lambda and SMS
- 0662f7e Change to SNS topic for costs
- 4d8d9cb Add Bugets for SMS notifications
- 97539d1 Add loop for SNS phone subscribers
- c4ddf1d Fix SNS policy & raw_message_delivery default option
- 69769ea Add sns_topic_sms output
- f67f75c Add required parameters for SNS subscribers
- 3cbcf97 Update terraform-aws-cost-billing-alarm module version
- 403c553 * Update cost & billing source * Add SMS SNT topic arn
- 36f3e03 Add SMS SNS Topic output
- c842f7a Add support to SNS Topic for SMS
v1.3.74 - 2021-10-28T16:35:24Z | Std repo structure update
- 9e4b139 Updating CHANGELOG.md via make changelog-patch for v1.3.74 [ci skip]
- b4a0a9c Merge pull request #322 from binbashar/feature/deactivate-cf-s3-www
- 8a024e1 updating .gitignore to avoid common.tfvars
- 01218b9 removing common.tfvars
v1.3.73 - 2021-10-28T16:31:56Z | Feature | build.env to tf 1.0.9 + configs updated to .tfvars => leverage cli 1.1.0 + deactivate cf-s3-www.binbash.com.ar
- 19e5cfd Updating CHANGELOG.md via make changelog-patch for v1.3.73 [ci skip]
- 1fce661 Merge pull request #321 from binbashar/revert-320-feature/deactivate-cf-s3-www
- 0725927 Revert "Feature | build.env to tf 1.0.9 + configs updated to .tfvars => leverage cli 1.1.0 + deactivate cf-s3-www.binbash.com.ar"
- 6bd6c1b Merge pull request #320 from binbashar/feature/deactivate-cf-s3-www
- bfa266f fixing .gitignore from common.config to common.tfvars
- 3fb6f5b Renaming common.config.example to .tfvars.example removing common.tfvars
- ef1e3a4 adding missing vars to avoid warnings + adding new www.binbash.com.ar records
- 320de63 IMPORTANT! Setting network/us-east-1/base-network => var enable_tgw = false by default
- 37a8df5 renaming apps-prd/config/backend.config to backend.tfvars
- b620db4 removing shared/us-east-1/base-network/build.env since it has been tested with tf 1.0.9 and everything works fine
- 8d4281b Fixing leverage cli organization version variable to terraform 1.0.9
- aea755f pointing cds-s3-frontend stack to its latets terraform version (tested and working fine)
- 2c6be35 disabling and destroying old dev.binbash.com.ar and www.binbash.com.ar cloudfront + s3 stacks
- 3fc755f updating .gitignore to include every keys dir through wilcard expression
- cbc66b2 renaming all configs as .tfvars
- 6c5cf5a Updating network account to have DR std dir structure
v1.3.72 - 2021-10-27T00:35:00Z | DR support for EFK + Prometheus / Grafana layer
- 003de18 Updating CHANGELOG.md via make changelog-patch for v1.3.72 [ci skip]
- 9bebf79 Create ElasticSearch/Kibana and Prometheus/Grafana in the Shared DR (#319)
v1.3.71 - 2021-10-26T17:49:56Z | Shared DR: VPC Peerings (#318)
v1.3.70 - 2021-10-19T15:51:48Z
v1.3.70 - 2021-10-19T15:51:48Z
- 013587f Updating CHANGELOG.md via make changelog-patch for v1.3.70 [ci skip]
- 173cf10 Create SockShop DemoApp ECR repositories in both regions; also create DR VPC in Shared (#316)
v1.3.69 - 2021-10-18T15:33:11Z
- f4056c6 Updating CHANGELOG.md via make changelog-patch for v1.3.69 [ci skip]
- c87d073 Create EKS layers in the secondary region (#315)
v1.3.68 - 2021-10-08T12:00:53Z
v1.3.67 - 2021-10-07T13:41:15Z
v1.3.65 - 2021-10-06T12:20:02Z
v1.3.64 - 2021-10-01T19:14:32Z
v1.3.64 - 2021-10-01T19:14:32Z
- b9f1884 Updating CHANGELOG.md via make changelog-patch for v1.3.64 [ci skip]
- b37aded Merge pull request #311 from binbashar/feature/aws-config-aggregator
- 9b0eac6 Change tag refs to lowerCamelCase
- 2c75cad Change FirewallManager resource_tags to true
- 20cbf2f Fix tfstate path
- 85fc785 Rename wrong filename
- cf28c73 Remove AWS config authorization resources
- c8ca966 Add AWS Config delegation to the Security account
- d2df4cd Update resource_tags to use FirewallManager tag
- 372f3f6 Add AWS Config agregator into the Security account
v1.3.63 - 2021-09-30T03:41:24Z
- fba849c Updating CHANGELOG.md via make changelog-patch for v1.3.63 [ci skip]
- 02cf48d Merge pull request #309 from binbashar/feature/fms-nfw
- 04458af Add resource dependecies for FMS
- a0f594b Change Network Firewall module version
- baf8d05 Update terraform-aws-firewall-manager module source to Binbash release
- be4da2e * Update terraform-aws-firewall-manager module source to Binbash release * Update fms policies & rules
- 7d40091 Add DNS Firewall rules support in FMS
- b0a150f Ad Network Firewall rules definitions
- 103d83d Add Network Firewall Policies
v1.3.62 - 2021-09-17T13:58:52Z
- 50fd511 Updating CHANGELOG.md via make changelog-patch for v1.3.62 [ci skip]
- 884de16 Merge pull request #308 from binbashar/feature/firewall-manager-service
- efde88e Rename service policies
- 6acfe8d Add SecOps role in the network account
- a76a2ef Update policies default values
- 80d81b0 Remove not longer needed dependency
- 3886793 Remove root profile
- 0ff55f3 Add FMS account association from the root layer
- d316b57 * Add Web ACL rules for CloudFromt * Remove FMS account assocition from the security layer
- 8d42cb1 Add policies for secops role
- 2c3fa60 Fix required_tags_resource_types typo
- dfacf49 Add default FMS account association logic & NFS staless default actions
- 7b894a2 * Disable aggregate organization setting
- eab0067 Fix assume role for secops
- 0ce0a55 * Set module source to binbash fork / branch * Add provider anmed aws.admin in fms module * Define fms account in module * - Set orchestration config for nfw
- c08cf6a Fix SecOps aws_iam_policy resource name
- c2c0e01 Add SecOps groups and cross-account access
- ebf69c9 Fix SecOps aws_iam_policy resource name
- 03914a9 Add SecOps role
- 2eeb783 Add first implementation for Firewall Manager
- f002d03 Set network security-compliance tftste file
v1.3.61 - 2021-09-06T16:34:51Z
v1.3.61 - 2021-09-06T16:34:51Z
- 1e784c9 Updating CHANGELOG.md via make changelog-patch for v1.3.61 [ci skip]
- f60aaae Merge pull request #307 from binbashar/feature/open-soruce-repo
- 666b0c7 removing legacy diagram files
- 6419f48 running make pre-commit to fix -> Trim Trailing Whitespaces check
- 0ae0a56 Adding code of conduct, updateing license and adding contributing guidelines
v1.3.60 - 2021-09-02T15:43:18Z
v1.3.60 - 2021-09-02T15:43:18Z
- 42b7f1d Updating CHANGELOG.md via make changelog-patch for v1.3.60 [ci skip]
- 208c77d Merge pull request #305 from binbashar/feature/delete-protection
- c311f28 Remove aws backup role from SCP policy
- c2366d4 Add tag key condition fro creation/deletion of EC2, EKS and RDS tags
- 5d65b44 Change tag key/value to make its purpose clearer
- a7d14f7 Add delete_protection policy in all accounts
- 752a855 Add tag protection policy (SCP) for DevOps roles
- d842636 Remove create tag denial
- acff4a3 Add tag protection policy (SCP)
- f83e990 Add profile and region variable to RAM enabling command
- a57f457 Add protection tag in locals
- 30bd887 Add delete proctecton policy (SCP)