Updated to version 4.0.0

Author: Joshua Leaverton

.eslintignore

@@ -0,0 +1,12 @@
+# don't ever lint node_modules
+node_modules
+cdk.out
+# don't lint build output (make sure it's set to your correct build folder name)
+dist
+# don't lint nyc coverage output
+coverage
+*.config.js
+*.eslint*
+
+
+

.eslintrc.js

@@ -0,0 +1,23 @@
+module.exports = {
+  root: true,
+  env: {
+    node: true,
+    es2017: true,
+    mocha: true,
+  },
+  extends: ["eslint:recommended"],
+  overrides: [
+    {
+      files: ["**/*.ts"],
+      parser: "@typescript-eslint/parser",
+      plugins: ["@typescript-eslint"],
+      extends: [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/eslint-recommended",
+        "plugin:@typescript-eslint/recommended",
+        "prettier",
+        "prettier/@typescript-eslint",
+      ],
+    },
+  ],
+};

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,37 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ""
+labels: bug
+assignees: ""
+---
+
+**Describe the bug**
+
+<!--- A clear and concise description of what the bug is -->
+
+**To Reproduce**
+
+<!--- Steps to reproduce the behavior -->
+
+**Expected behavior**
+
+<!--- A clear and concise description of what you expected to happen -->
+
+**Please complete the following information about the solution:**
+
+- [ ] Version: [e.g. v1.0.0]
+
+To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0134) - The AWS CloudFormation template for deployment of the AWS Centralized WAF & SG Management. Version **v1.0.0**_". You can also find the version from [releases](https://github.com/awslabs/aws-centralized-logging/releases)
+
+- [ ] Region: [e.g. us-east-1]
+- [ ] Was the solution modified from the version published on this repository?
+- [ ] If the answer to the previous question was yes, are the changes available on GitHub?
+- [ ] Have you checked your [service quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) for the sevices this solution uses?
+- [ ] Were there any errors in the CloudWatch Logs? [How to enable debug mode?](https://docs.aws.amazon.com/solutions/latest/centralized-logging/appendix-d.html)
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem (please **DO NOT include sensitive information**).
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/documentation-improvements.md

@@ -0,0 +1,17 @@
+---
+name: Documentation improvements
+about: Suggest a documentation update
+title: ''
+labels: documentation
+assignees: ''
+
+---
+
+**What were you initially searching for in the docs?**
+<!--- Please help us understand how you looked for information that was either not available or unclear -->
+
+**Is this related to an existing part of the documentation? Please share a link**
+
+**Describe how we could make it clearer**
+
+**If you have a proposed update, please share it here**

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this solution
+title: ''
+labels: feature-request, enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+<!--- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+**Describe the feature you'd like**
+<!--- A clear and concise description of what you want to happen -->
+
+**Additional context**
+<!--- Add any other context or screenshots about the feature request here -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,5 @@
+*Issue #, if available:*
+
+*Description of changes:*
+
+By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

.gitignore

@@ -0,0 +1,27 @@
+# Test and Compiler files
+**test.json
+**test.js
+
+# distribution folders
+global-s3-assets
+regional-s3-assets
+open-source
+
+# Generated ouputs
+dist
+coverage
+docs
+npm-debug.log
+*.zip
+.scannerwork
+*.xml
+reports
+
+# Node dependencies
+node_modules
+package-lock.json
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+__snapshots__

.prettierignore

@@ -0,0 +1 @@
+node_modules

.prettierrc.yml

@@ -0,0 +1,12 @@
+# .prettierrc or .prettierrc.yaml
+arrowParens: "always"
+bracketSpacing: true
+endOfLine: "lf"
+htmlWhitespaceSensitivity: "css"
+proseWrap: "preserve"
+trailingComma: "es5"
+tabWidth: 2
+semi: true
+singleQuote: false
+quoteProps: "as-needed"
+printWidth: 80

CHANGELOG.md

@@ -1,28 +1,71 @@
 # Change Log
- All notable changes to this project will be documented in this file.
- 
- The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [3.2] - BUGFIX 2020-09-28
-- Changed Cognito user pool to only allow account creation by the Cognito Admin user
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [4.0.0] - 2020-12-15
+
+### Added
+
+- VPC with 2 isolated & 2 public subnets
+- Elasticsearch domain in isolated subnets
+- Kinesis Data Stream and Kinesis Firehose for data streaming
+- CloudWatch Logs Destination for cross account/region data streaming
+- Windows jumpbox for accessing kibana
+- Security group for jumpbox
+- Security group for ES and Kinesis resources
+
+### Updated
+
+- Elasticsearch V7.7
+- Lambda log event transformer
+- AWS CDK constructs for IaC
+
+### Removed
+
+- Spoke templates
+- Cross account IAM role for Lambda (cross account streaming now uses CloudWatch Logs Destination)
+
+## [3.2.1] - 2020-09-14
+
+### Added
+
+- SNS topic is now encrypted using KMS CMK
+- Optional MFA support for Cognito users
+
+### Updated
+
+- Now uses CDK to create deployment templates
+- Leverages AWS Solutions Contruct for Lambda/ElasticSearch/Kibana
+- Updated to use Amazon Elasticsearch Service v7.7
+
+### Removed
+
+- Demo Access Logging bucket no longer enables versioning
+- Removed global egress access from the VPC security group
+- Removed all hard-coded logical resource IDs and names to enable multiple stacks to be deployed, such as for testing or migration
 
 ## [3.2] - 2019-12-18
 
 ### Added
+
 - Backward-compatible to v3.0.0
 - Includes all v3.0.1 changes
 - Do NOT upgrade from v3.0.1 to v3.2
 
 ## [3.0.1] - 2019-11-29
 
 ### Added
+
 - Uses SSM Parameters to retrieve the latest HVM x86_64 AMI
 - Block public access to 2 buckets created for demo
 - CLFullAccessUserRole replaces CognitoAuthorizedRole. It is associated with the Admin group. Initial user is placed in this group.
 - CLReadOnlyAccessRole is added. It provides read-only access to users in UserPoolGroupROAccess. This is the default role for Authenticated users in the pool.
 
 ### Updated
+
 - Nodejs8.10 to Nodejs12.x Lambda run time.
 - Updated license to Apache License version 2.0
 - Corrected Master_Role environmental variable in spoke template to MASTER_ROLE
@@ -36,16 +79,20 @@
 - Tightened security on IAM roles to specific methods and resources
 
 ### Removed
+
 - Unreferenced SolutionHelperRole in demo template
 - Unreferenced S3 bucket mapping in demo template
 - AMIInfo lookup Lambda
 - CognitoUnAuthorizedRole / unauthenticated Cognito access
- 
+
 ## [0.0.1] - 2019-09-09
+
 ### Added
+
 - CHANGELOG template file to fix new pipeline standards
 
 ### Updated
+
 - updated buildspec.yml to meet new pipeline build standards
 - updated build-s3-dist.sh to meet new pipeline build standards
 - updated run-unit-tests.sh for correct references to folders