update to v2.0.2

Author: gsingh04

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.2] - 2022-05-09
+
+### Changed
+
+- Fix: Enforce encrypted access to config S3 buckets
+
 ## [2.0.1] - 2022-04-14
 
 ### Changed

deployment/aws-fms-automations.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.1",
+  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.2",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -38,7 +38,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.0.1"
+        "SolutionVersion": "v2.0.2"
       }
     }
   },
@@ -286,7 +286,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/asset7d121ff6b5b2240d66521bfba24c9137d4e487d4d88b503015120636a794733f.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/assetb0fb6af9debb07eea6c649c1b1b91b817f8edecd385f04b04ef9f844e23bc0a6.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -447,7 +447,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/asset543c7a94b144a6259669eaf884305607b7a9abe85c43e4bfe62f9190ace37916.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset543c7a94b144a6259669eaf884305607b7a9abe85c43e4bfe62f9190ace37916.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -772,7 +772,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/assetcbc212180b21e031789014eb0d449ba42dc4902aeb261396a6c2a5fddda23eca.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset0179e7fbf546a23833885fe474c28e3679edfd838bb7427522423f00cef71682.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -895,7 +895,7 @@
     "ComplianceStack": {
       "Type": "AWS::CloudFormation::Stack",
       "Properties": {
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.1/aws-fms-compliance.template",
+        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.2/aws-fms-compliance.template",
         "Parameters": {
           "MetricsQueue": {
             "Fn::GetAtt": [
@@ -923,7 +923,7 @@
     "PolicyStack": {
       "Type": "AWS::CloudFormation::Stack",
       "Properties": {
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.1/aws-fms-policy.template",
+        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.2/aws-fms-policy.template",
         "Parameters": {
           "PolicyTable": {
             "Ref": "FMSTable84B8646C"

deployment/aws-fms-compliance.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations compliance reporter resources. Version v2.0.1",
+  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations compliance reporter resources. Version v2.0.2",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -41,7 +41,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.0.1"
+        "SolutionVersion": "v2.0.2"
       }
     }
   },
@@ -320,7 +320,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/assetd47dad2be31cff0db7cf6349460680f6a94f0391344f22bbfc66d6d4ddaf123f.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset88636237c0e4a294ce83c7bf4f72b753d5d8c3cc8b14d7f8063ad3153278678e.zip"
         },
         "Role": {
           "Fn::GetAtt": [

deployment/aws-fms-demo.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations demo resources. Version v2.0.1",
+  "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations demo resources. Version v2.0.2",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Resources": {
     "testcloudfronts3S3LoggingBucket90D239DD": {

deployment/aws-fms-policy.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134-po) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.1",
+  "Description": "(SO0134-po) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.2",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -64,7 +64,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.0.1"
+        "SolutionVersion": "v2.0.2"
       }
     }
   },
@@ -297,7 +297,7 @@
               {
                 "Ref": "ManifestBucket46C412A5"
               },
-              "\",\"CopySource\":\"solutions-reference/aws-firewall-manager-automations-for-aws-organizations/v2.0.1/policy_manifest.json\",\"Key\":\"policy_manifest.json\"},\"physicalResourceId\":{\"id\":\"1649957921854\"}}"
+              "\",\"CopySource\":\"solutions-reference/aws-firewall-manager-automations-for-aws-organizations/v2.0.2/policy_manifest.json\",\"Key\":\"policy_manifest.json\"},\"physicalResourceId\":{\"id\":\"1652122161364\"}}"
             ]
           ]
         },
@@ -353,7 +353,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/asset70893b631249dc61260989e92e90d60ae94fbbec490a1e065680d77383084d8d.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset70893b631249dc61260989e92e90d60ae94fbbec490a1e065680d77383084d8d.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -499,7 +499,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/assete44617e41a42d04987a954188ec99b79d6bd0a40dba3e296c5e68ecf9bae774e.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset20a6ddee216fc547e092b7d7269e7d861280ad0a4e13e97cc0e7157ce3e4cfa2.zip"
         },
         "Role": {
           "Fn::GetAtt": [

deployment/aws-fms-prereq.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134N) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.1",
+  "Description": "(SO0134N) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.2",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -48,7 +48,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134N",
-        "SolutionVersion": "v2.0.1",
+        "SolutionVersion": "v2.0.2",
         "GlobalStackSetName": "FMS-EnableConfig-Global",
         "RegionalStackSetName": "FMS-EnableConfig-Regional"
       }
@@ -96,7 +96,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/asset7d121ff6b5b2240d66521bfba24c9137d4e487d4d88b503015120636a794733f.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/assetb0fb6af9debb07eea6c649c1b1b91b817f8edecd385f04b04ef9f844e23bc0a6.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -244,7 +244,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/asset543c7a94b144a6259669eaf884305607b7a9abe85c43e4bfe62f9190ace37916.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset543c7a94b144a6259669eaf884305607b7a9abe85c43e4bfe62f9190ace37916.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -384,7 +384,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/asset24a001b98f37514aaeedadeb46bf816090c31d13c5904895b4a3eaa7139371a4.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset2ce0363386151b1ade9f4327e5fba71018394df8f106609a4a5fab0fd38ebf36.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -626,7 +626,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.1/asset543c7a94b144a6259669eaf884305607b7a9abe85c43e4bfe62f9190ace37916.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset543c7a94b144a6259669eaf884305607b7a9abe85c43e4bfe62f9190ace37916.zip"
         },
         "Role": {
           "Fn::GetAtt": [

source/services/preReqManager/lib/enableConfig.json

@@ -163,8 +163,8 @@
               "Effect":"Deny",
               "Principal": "*",
               "Resource": [
-                "arn:aws:s3:::${ConfigBucket}/*",
-                "arn:aws:s3:::${ConfigBucket}"
+                { "Fn::Sub": "arn:aws:s3:::${ConfigBucket}/*" },
+                { "Fn::Sub": "arn:aws:s3:::${ConfigBucket}" }
               ],
               "Condition":{
                 "Bool":