Revisions

Date	Change
August 2020	Initial release
October 2020	Added additional troubleshooting information to Appendix C.
November 2020	Added deployment instructions for China regions; updated solution deployment instructions for the Security Hub admin account; for more information, refer to the CHANGELOG.md file in the GitHub repository.
April 2021	Release v1.2.0: Added new playbook architecture and new FSBP remediations. For more information, refer to the CHANGELOG.md file in the GitHub repository.
May 2021	Release v1.2.1: Bug fix for an issue affecting EC2.2 and EC2.7. For more information, refer to the CHANGELOG.md file in the GitHub repository.
August 2021	Release v1.3.0: Added PCI DSS v3.2.1 Playbook. Added 17 new remediations to CIS v1.2.0. Added four new remediations to FSBP. Converted CIS to use new playbook architecture based on SSM runbooks. Added instructions to extend existing Playbooks with customer-defined remediations. For more information, refer to the CHANGELOG.md file in the GitHub repository.
September 2021	Release v1.3.1: `CreateLogMetricFilterAndAlarm.py` changed to make Actions active, add SNS notification to `SO0111-SHARR-LocalAlarmNotification`. Changed CIS 2.8 remediation to match new finding data format. For more information, refer to the CHANGELOG.md file in the GitHub repository.
November 2021	Release v1.3.2: Bug fixes for CIS v1.2.0 controls 3.1 - 3.14. For more information, refer to the CHANGELOG.md file in the GitHub repository.
December 2021	Release v1.4.0: The solution can now be deployed using StackSets. Cross-Region remediation is now supported in addition to cross-account. Member account IAM roles are now retained when the stack is removed. For more information, refer to the CHANGELOG.md file in the GitHub repository.
January 2022	Release v1.4.1: Bug fixes. For more information, refer to the CHANGELOG.md file in the GitHub repository.
January 2022	Release v1.4.2: Bug fixes. For more information, refer to the CHANGELOG.md file in the GitHub repository.
June 2022	Release v1.5.0: Additional remediations. For more information, refer to the CHANGELOG.md file in the GitHub repository.
December 2022	Release 1.5.1 Changes to switch SSM document creation from Custom Resource Lambda to `CfnDocument`. Prefix for the SSM document names are updated to start with ASR instead of SHARR. For more information, refer to the CHANGELOG.md file in the GitHub repository.
March 2023	Release 2.0.0: Added support for security controls and CIS v1.4.0 standards, five new remediations to FSBP standards, one new remediation to CIS v1.2.0 standards, the service catalog AppRegistry integration, and additional protections to avoid deployment failure due to SSM document throttling. For more information, refer to the CHANGELOG.md file in the GitHub repository.
April 2023	Release 2.0.1: Mitigated impact caused by new default settings for S3 Object Ownership (ACLs disabled) for all new S3 buckets. For more information, refer to the CHANGELOG.md file in the GitHub repository.
May 2023	Documentation update: Updated Well-Architected definitions, added guidance on where to deploy each stack, additional Troubleshooting edition of issues with specific remediation, and updated code examples in SNS notification.
July 2023	Documentation update: Updated the architecture diagram and the solution components in the workflow.
October 2023	Release 2.0.2: Updated package versions to resolve security vulnerabilities. For more information, refer to the CHANGELOG.md file in the GitHub repository.
November 2023	Documentation update: Added Confirm cost tags associated with the solution to the Monitoring the solution with AWS Service Catalog AppRegistry section.
March 2024	Release 2.1.0: Added support for the NIST standard, added 17 new remediations to FSBP standards, added CloudWatch dashboard for monitoring solution, added throttling handler to architecture, added support for Security Hub customizable input parameters, and added support for remediating Config findings. For more information, refer to the CHANGELOG.md file in the GitHub repository.
April 2024	Release 2.1.1: Updated to CloudFormation parameter order and default values Documentation update. Added references to NIST standard. Added information regarding EventBridge rule service quotas. For more information, refer to the CHANGELOG.md file in the GitHub repository.
June 2024	Release 2.1.2: Disabled AppRegistry for certain playbooks to avoid errors when updating the solution. For more information, refer to the CHANGELOG.md file in the GitHub repository.
September 2024	Release 2.1.3: Resolved an issue in the remediation scripts for EC2.18 and EC2.19 where security group rules with IpProtocol set to -1 were being incorrectly ignored. Upgraded all Python runtimes in remediation SSM documents from Python 3.8 to Python 3.11. For more information, refer to the CHANGELOG.md file in the GitHub repository.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Contributors

Notices