Releases: aws-solutions/network-orchestration-for-aws-transit-gateway
Releases · aws-solutions/network-orchestration-for-aws-transit-gateway
v3.3.2
Added
New CloudFormation parameter to allow users to skip transit gateway registration with the global network.
Fixed
Updated package versions to resolve security vulnerabilities.
v3.3.1
Changed
- Move the service linked roles from hub and spoke stacks to separate stacks to allow
multi-region deployments and avoid 'AlreadyExists' error.
v3.3.0
Added
- Support for new routing tag (route-to-tgw) that allows users to update route table for secondary subnets in the
same availability zone. - Support to update main route table associated with the subnets in the VPC.
- Support for new regions - Beijing, Ningxia and Stockholm.
- Option to deploy the solution without Web UI.
- Option to disable Transit Gateway resource sharing with external principals.
- Allow disabling Transit Gateway resource sharing with external principals.
- Ability to enable MFA for Cognito User Pool
Changed
- Updated Web UI console using CloudScape design system.
- Step Function execution name to reflect create or delete tagging action.
- Enabled X-Ray for Step Functions and AppSync GraphQL API
- Improve error handling in Step Functions to create Transit Gateway route table associations.
- Refactor VPC-TGW Attachment modules for maintainability.
- Refactor exception handling - use decorator in the BOTO3 client modules.
- AppRegistry Attribute Group name with a unique string.
Fixed
v3.2.2
Added
- ObjectWriter ownership control to access log bucket to mitigate S3 default ACL setting change
v3.2.1
Changed
- Updated python requests to 2.28.1 due to security patch required for certifi module which is a dependency.
- Updated json5 version to 2.2.3 to address the prototype pollution vulnerability
v3.2.0
[3.2.0] - 2022-11-25
Added
- Support for App Registry
- Unit tests for ui and lambda
Release v3.1.1
[3.1.1] - 2022-10-18
Changed
- package-lock.json to address dependabot identified vulnerabilities
v3.1.0
[3.1.0] - 2022-07-14
Added
- CF template allows to connect external SAML identity provider to cognito user pool
- If SAML IdP is used, cognito-trigger function will add any federated user to ReadOnlyUserGroup after first login
- Added WAF protection to the CloudFront distribution
- Added Security relevant http headers in CloudFront responses
Changed
- Creation of ServiceLinkedRole can be skipped if it exists in spoke account
- Web UI will utilize Cognito Hosted UI instead of Amplify Authenticator component
v3.0.1
v3.0.0
Added
- Tagging the Transit Gateway attachment with "Name" on both the hub and spoke accounts; with the account name, the AWS Organizations OU path and the VPC name
- ListOfVpcTagsForAttachment CloudFormation parameter to specify a comma separated list of tags which if found in the VPC, will be copied across to the TGW attachments
- Support for Organizations Tag policies
- STNO state machine logging using CloudWatch logs
Changed
- Improved reliability. Fixed race conditions (issue #1).
- Conditional auto-approval or auto-reject rules based on AWS Organizations OU membership, with separate rules for associations and propagations.
- Events now logged in CloudWatch Logs in addition to DynamoDB; to enable searching with CloudWatch Log Insights
- Allow VPCs deployed using CloudFormation, that has the STNO tags, to be deleted. This is done by triggering a deletion of the transit gateway attachment when CloudFormation attempts to delete the subnet.
- Transit Gateway peering feature now implemented using AWS Lambda
- Pinned dependency versions for deterministic builds