Skip to content

v0.14.2
Compare
Choose a tag to compare
@cloudposse-releaser cloudposse-releaser released this 15 Apr 10:47
· 14 commits to refs/heads/main since this release
0.14.2
5bfeb94
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

🐛 Bug Fixes

Minor cleanups @Nuru (#50)

what

Minor fixes to several SCPs

  • DenyLambdaWithoutVpc was previously invalid. It is now valid, but has not been thoroughly tested to ensure it does what it promises.
  • DenyRDSUnencrypted was fixed to deny rds:RestoreDBClusterFromSnapshot when not encrypted. Previously this action was not denied, and instead the nonexistent RestoreDBClusterFromDBSnapshot was denied
  • The DenyS3BucketsPublicAccess policy was cleaned up by eliminating the nonexistent s3:DeletePublicAccessBlock action. Note that it still is probably not something you want to use, because it denies enabling a public access block as well as removing one. We hope to have a better policy in the future.
  • The Region Restriction Templates DenyRegions and RestrictToSpecifiedRegions were updated to exclude the account, artifact, and supportplans services from region restrictions, since they are global services. The obsolete awsbillingconsole service was removed.
  • DenyS3InNonSelectedRegion was fixed to allow users to allow S3 bucket creation in us-east-1. Previously us-east-1 was always prohibited even when expressly allowed, due to quirks in S3.

why

  • Restore intended behavior

references

Contributors

Nuru
Assets 2
Loading