Release v1.3.0

STOP

• This release is no longer supported for new installations or upgrades, use v1.3.2 or above
• Existing installations continue to function

IMPORTANT

• Please note MAJOR changes to state machine behavior, as documented here.

Features

• Centralize Accelerator CDK buckets (one bucket per region instead of one per account per region) (#572)
  • move to new CDK default synthesizer from the legacy synthesizer
• Enable customer control of State Machine execution scope (#606)(#637)
• Enable deploying customer provided config rules (#654)
  • Detect and remediate EC2 instances without a role (to allow using Systems Manager and Centralized Logging)
  • Detect and remediate EC2 instance profiles without desired permissions (to allow using Systems Manager and Centralized Logging)

Enhancements

• Convert to Org based permissions to avoid policy size challenges (#622)
• Update firewalls to v6.4.4, refine configs and add option to provision the 2nd tunnel/connection (#638)
• Enable changing Accelerator prefix for NEW installs (#632)(#639)
• Change the default Github and CodeCommit repo branch names to main (#647)(#648)(#643)(#645)

Fixes

• Fix intermittent issue with ssm-log-archive-write-access feature (#653)
• Revert SCP change to enable root to suspend accounts

Documentation

• Update sample config files (#659)
• Update Docs to reflect v1.2.6 and v1.3.0 releases (#634)(#656)
• Improve ACM cert import documentation (add "chain" attribute) (#640)

Config file changes

• Removed "managed-rules" level from aws-config json object (MANDATORY)
• Renamed master account keys to management account keys (New installs ONLY)
• Added new VPCFlow log fields (Optional)
• Replaced all uses of the Accelerator prefix (PBMMAccel) with variables (Optional)
• Deploy new SSM document Attach-IAM-Instance-Profile (Optional)
• Deploy new custom config rule EC2-INSTANCE-PROFILE (Optional)
• Updated firewall AMI's to v6.4.4 (New installs ONLY)