Merge pull request #16 from aws-solutions/release/v2.0.3

updated version to v2.0.3

Author: aijunpeng

.eslintignore

@@ -5,6 +5,4 @@ dist
 # don't lint nyc coverage output
 coverage
 *.js
-resources
-
-
+resources

.eslintrc.js

@@ -12,4 +12,4 @@ module.exports = {
     "prettier",
     "plugin:prettier/recommended",
   ],
-};
+};

.github/ISSUE_TEMPLATE/bug_report.md

@@ -22,7 +22,7 @@ assignees: ""
 
 - [ ] Version: [e.g. v2.0.0]
 
-To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0134) - The AWS CloudFormation template for deployment of the AWS Firewall Manager Automations for AWS Organizations. Version **v2.0.0**_". You can also find the version from [releases](https://github.com/awslabs/aws-firewall-manager-automations-for-aws-organizations/releases)
+To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0134) - The AWS CloudFormation template for deployment of the Automations for AWS Firewall Manager. Version **v2.0.0**_". You can also find the version from [releases](https://github.com/awslabs/aws-firewall-manager-automations-for-aws-organizations/releases)
 
 - [ ] Region: [e.g. us-east-1]
 - [ ] Was the solution modified from the version published on this repository?

CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.3] - 2022-12-14
+
+### Changed
+
+- Fix npm got vulnerabilites
+- Upgrade to node16
+- Update solution name
+
 ## [2.0.2] - 2022-05-09
 
 ### Changed

NOTICE.txt

@@ -1,12 +1,5 @@
-AWS Firewall Manager Automations for AWS Organizations
-
-Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-
-Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except
-in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/
-or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the
-specific language governing permissions and limitations under the License.
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: Apache-2.0
 
 **********************
 THIRD PARTY COMPONENTS

README.md

@@ -1,4 +1,4 @@
-# AWS Firewall Manager Automations for AWS Organizations
+# Automations for AWS Firewall Manager
 
 :grey_exclamation: Notice: This solution supersedes AWS Centralized WAF & VPC SG Management solution.
 |-----------------------------------------|
@@ -7,7 +7,7 @@
 
 _Note:_ For any relevant information outside the scope of this readme, please refer to the solution landing page and implementation guide.
 
-## Table of content
+## Table of contents
 
 - [Solution Overview](#solution-overview)
 - [Architecture](#architecture)
@@ -26,7 +26,7 @@ _Note:_ For any relevant information outside the scope of this readme, please re
 
 ## Solution Overview
 
-The AWS Firewall Manager Automations for AWS Organizations solution is intended for customers looking to easily manage consistent security posture across their entire AWS Organization. The solution uses AWS Firewall Manager Service.
+The Automations for AWS Firewall Manager solution is intended for customers looking to easily manage consistent security posture across their entire AWS Organization. The solution uses AWS Firewall Manager Service.
 
 Additionally, solution eases the installation process required to fulfill Firewall Manager prerequisites so customers can focus more on their organization security posture.
 
@@ -77,7 +77,7 @@ For more details on custom policy template, read here in the [implementation gui
 
 ## Customization
 
-- Prerequisite: Node.js=12
+- Prerequisite: Node.js=16
 
 ### Setup
 
@@ -186,7 +186,7 @@ Additionally, if you want to control sending solution usage metrics to aws-solut
 
 ## File structure
 
-AWS Firewall Manager Automations for AWS Organizations solution consists of:
+Automations for AWS Firewall Manager solution consists of:
 
 - cdk constructs to generate needed resources
 - prereq manager to validate and install Firewall Manager prerequisites

deployment/aws-fms-automations.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.2",
+  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations. Version v2.0.3",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -38,7 +38,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.0.2"
+        "SolutionVersion": "v2.0.3"
       }
     }
   },
@@ -286,7 +286,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/assetb0fb6af9debb07eea6c649c1b1b91b817f8edecd385f04b04ef9f844e23bc0a6.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.3/assetfa5f2ace916918dcb45bcf602ebee5570be72d12cdbec9d2bafaf6ee97ad9663.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -353,7 +353,7 @@
         },
         "Handler": "index.handler",
         "MemorySize": 512,
-        "Runtime": "nodejs14.x"
+        "Runtime": "nodejs16.x"
       },
       "DependsOn": [
         "HelperFunctionServiceRole6B43B152"
@@ -419,12 +419,28 @@
             {
               "Action": "lambda:InvokeFunction",
               "Effect": "Allow",
-              "Resource": {
-                "Fn::GetAtt": [
-                  "HelperFunctionAD0CEB0C",
-                  "Arn"
-                ]
-              }
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "HelperFunctionAD0CEB0C",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      {
+                        "Fn::GetAtt": [
+                          "HelperFunctionAD0CEB0C",
+                          "Arn"
+                        ]
+                      },
+                      ":*"
+                    ]
+                  ]
+                }
+              ]
             }
           ],
           "Version": "2012-10-17"
@@ -447,7 +463,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset543c7a94b144a6259669eaf884305607b7a9abe85c43e4bfe62f9190ace37916.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.3/asset3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -467,7 +483,7 @@
           }
         },
         "Handler": "framework.onEvent",
-        "Runtime": "nodejs12.x",
+        "Runtime": "nodejs14.x",
         "Timeout": 900
       },
       "DependsOn": [
@@ -772,7 +788,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset0179e7fbf546a23833885fe474c28e3679edfd838bb7427522423f00cef71682.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.3/asset11dd34dca7585d45b73d834c460a40768645e87163f46ec7c6868b9725d961d4.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -810,7 +826,7 @@
         "Handler": "index.handler",
         "MemorySize": 128,
         "ReservedConcurrentExecutions": 1,
-        "Runtime": "nodejs14.x",
+        "Runtime": "nodejs16.x",
         "Timeout": 15
       },
       "DependsOn": [
@@ -885,7 +901,7 @@
     "CDKMetadata": {
       "Type": "AWS::CDK::Metadata",
       "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/2WQwU7DMAyGn2X31KMwCY6wCm6I0vECaWKmrE1S4qRoivruNCkqlbjEnx3bv+0SysMD3Owe+TcVQnb7KKxDiCfPRceqT1NzxzV6dMl55cOgzDlhZY1UXlnDnojQz/nn/GMNeReEZ1Ugb3WDZIMTmEpW3gZXobfgh+AnlgaJPdet5BBfghFZZE5Y+XlE40+5w2ag/9GJKa4hNrZf5JOtba/ENS+WaWJ0V/C0AUFeZPbhGESH/sgJmbwarq1sIX7wdumTYa77IojvAUMOLpDfXJfpT2zjThMT+TSF+z0DQe3sqCS6iRkrES60H8sDlPdwu7uQUoULxiuN0Cz2B0YhWi61AQAA"
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/2WQwU7DMAyGn2X31KOagCusGjdE6XiBNDFT1iYpcVI0RX13mhSVSlziz47t33YJ5eMB7nZP/JsKIbt9FNYhxLPnomPVp6m54xo9uuS88mFQ5pKwskYqr6xhz0To5/xL/rGGvAvCsyqQt7pBssEJTCUrb4Or0FvwQ/ATS4PEnutWcogvwYgsMiesfBrR+HPusBnof3RiimuIje0X+WRr2ytxy4tlmhgdCp42IMiLzD4cg+jQHzkhkzfDtZUtxA/eLn0yzHVfBPE9YMjBBfKb6zL9iW3caWIin6Zwv2cgqJ0dlUQ3MWMlwpX2Y/kA5T2UuyspVbhgvNIIzWJ/AH5YZtS1AQAA"
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/CDKMetadata/Default"
@@ -895,7 +911,7 @@
     "ComplianceStack": {
       "Type": "AWS::CloudFormation::Stack",
       "Properties": {
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.2/aws-fms-compliance.template",
+        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.3/aws-fms-compliance.template",
         "Parameters": {
           "MetricsQueue": {
             "Fn::GetAtt": [
@@ -923,7 +939,7 @@
     "PolicyStack": {
       "Type": "AWS::CloudFormation::Stack",
       "Properties": {
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.2/aws-fms-policy.template",
+        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/aws-firewall-manager-automations-for-aws-organizations/v2.0.3/aws-fms-policy.template",
         "Parameters": {
           "PolicyTable": {
             "Ref": "FMSTable84B8646C"

deployment/aws-fms-compliance.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations compliance reporter resources. Version v2.0.2",
+  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations compliance reporter resources. Version v2.0.3",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -41,7 +41,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.0.2"
+        "SolutionVersion": "v2.0.3"
       }
     }
   },
@@ -320,7 +320,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.2/asset88636237c0e4a294ce83c7bf4f72b753d5d8c3cc8b14d7f8063ad3153278678e.zip"
+          "S3Key": "aws-firewall-manager-automations-for-aws-organizations/v2.0.3/asset332cd915df4cfe99ce18813b9a848e7f1fda348be9a4dfdf4bf64007435c84f2.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -422,7 +422,7 @@
         "Handler": "index.handler",
         "MemorySize": 256,
         "ReservedConcurrentExecutions": 200,
-        "Runtime": "nodejs14.x",
+        "Runtime": "nodejs16.x",
         "Timeout": 300
       },
       "DependsOn": [
@@ -629,7 +629,7 @@
     "CDKMetadata": {
       "Type": "AWS::CDK::Metadata",
       "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/01Q0W7CMAz8Ft5Tsw6k7XEDibexruwHQuqh0DYpccI0Rfn3JWmBvvju7Ms5cgnl+hWeFm/8lwrRtEsvtEHweySLzcFy0bLtj6q44T1aNEl88GGQ6sRqJO2MQPZOhDZ6T6kbDZ/ODs6yrVZkjRM29e7myOOgkVZqFVha62kFfuNEi9k5sRE2nDAwUgT+Ww9SJMNIcq10J8XfvTnJgzuSMHJIK9JsrmPYJYZ9OXT5LyPJ9RE2k4F1vD82HPzOKXFLnPMKTS+JcrbkPfhadzk64yP0lkergqeDEeS7MbyiisLXbnoWMYTAlG4QzrS8lmsoX+B5cSYpC+OUlT1CPeI/GcUafcABAAA="
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/01Q0W7DIAz8lr4Td1HU7XVrpb5tzdL9ACVeRZNAhqHThPj3AUnbvPju7OOMXEL5UsHT6pX/UiHabu2FNgj+A8lie7RcdGz3rWpu+IAWTRLvfBylOrMGSTsjkL0RoY3ec+pGw8HZ0Vm204qsccKm3t0ceRy00kqtAktrPVXgt050mJ0zm2DLCQMjReC/9ChFMkwk11r3Uvzdm7M8uhMJI8e0Is2WOob9xLBPhy7/ZSK5PsIWMrCeD6eWg987JW6JS16jGSRRzpZ8AN/oPkdnfITe8qgqeDoYQb4bwyuqKHzj5mcRQwhM6RbhQutr+QzlBsrVhaQsjFNWDgjNhP/ayCChwAEAAA=="
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/ComplianceGeneratorStack/CDKMetadata/Default"

deployment/aws-fms-demo.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations demo resources. Version v2.0.2",
+  "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the aws-firewall-manager-automations-for-aws-organizations demo resources. Version v2.0.3",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Resources": {
     "testcloudfronts3S3LoggingBucket90D239DD": {
@@ -431,7 +431,6 @@
     "testVPCPublicSubnet1SubnetD8AD9C87": {
       "Type": "AWS::EC2::Subnet",
       "Properties": {
-        "CidrBlock": "10.0.0.0/18",
         "VpcId": {
           "Ref": "testVPC102E57DE"
         },
@@ -443,6 +442,7 @@
             }
           ]
         },
+        "CidrBlock": "10.0.0.0/18",
         "MapPublicIpOnLaunch": false,
         "Tags": [
           {
@@ -553,7 +553,6 @@
     "testVPCPublicSubnet2Subnet384459D2": {
       "Type": "AWS::EC2::Subnet",
       "Properties": {
-        "CidrBlock": "10.0.64.0/18",
         "VpcId": {
           "Ref": "testVPC102E57DE"
         },
@@ -565,6 +564,7 @@
             }
           ]
         },
+        "CidrBlock": "10.0.64.0/18",
         "MapPublicIpOnLaunch": false,
         "Tags": [
           {
@@ -675,7 +675,6 @@
     "testVPCPrivateSubnet1Subnet096C7B7F": {
       "Type": "AWS::EC2::Subnet",
       "Properties": {
-        "CidrBlock": "10.0.128.0/18",
         "VpcId": {
           "Ref": "testVPC102E57DE"
         },
@@ -687,6 +686,7 @@
             }
           ]
         },
+        "CidrBlock": "10.0.128.0/18",
         "MapPublicIpOnLaunch": false,
         "Tags": [
           {
@@ -756,7 +756,6 @@
     "testVPCPrivateSubnet2SubnetE307A6A8": {
       "Type": "AWS::EC2::Subnet",
       "Properties": {
-        "CidrBlock": "10.0.192.0/18",
         "VpcId": {
           "Ref": "testVPC102E57DE"
         },
@@ -768,6 +767,7 @@
             }
           ]
         },
+        "CidrBlock": "10.0.192.0/18",
         "MapPublicIpOnLaunch": false,
         "Tags": [
           {
@@ -916,7 +916,7 @@
     "CDKMetadata": {
       "Type": "AWS::CDK::Metadata",
       "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/3VRwW7CMAz9Fu5pWAFpO451A3HZKoq4p67ZAiVBiQNCVf59SQsLl538/Pz09GznPJ+98KfRq7jYrIPmMO5AG+RdRQIOrNDKknFAbI1WOwPIip16xEHRSJJaedZb2Cnv3hwckOL0hoZS6lbCNdFD7xm02jU7oxXxbuEURLeo+sPvMoSQteubLyO/pZoDoLWrBhVJ6j2L6LKILv8pHm08Q5jwbnuCONmWBStdHeJUrlZD9ITW2hFuRN1i4hM3t1aDFPfQ/SCCj1UZy6egpSC8iCsrjTwHmIxXitAEfBcMSW7dnMIHfo4hPqsQnAlLLI12pz7DI+G9Z1a3/Vo2g/vH7Dj+I902C59JN9roauqZ0g3yvR2f8xnPn/lktLdSZsaFkx2Rr4f6C9hOrY4jAgAA"
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/3VRTW/CMAz9LdzTsK7adh3rBuKyVRRxT12zBUqM8gFCVf77khYWLjv5+fnp6dnOef5S8IfJqzibrId2P+2BNPK+tgL2rCRlrHZg2QoNOQ3Iyq26x0HRSitJeTZYmIL3bw72aOP0isZSUSfhkuix9ww6cu1Wk7K8nzsF0S2q/vC7DCFk44bmS8tvqWYAaMyyRWWlHTzL6DKPLv8p7m08Q3jk/eYIcbKpSla5JsSpXaPG6AmtyFlci6bDxCduZgyBFLfQwyCCj2UVy6ewC2HxLC6s0vIUYDJeKos64JtgTHLtZjZ84OcQ4rMawemwxEKTOw4Z7gnvPTPUDWuZDG4fM9P4j3TbLHwm3WhNdeGZohb5zkxP+TPPn3g+2RkpM+3CyQ7IV2P9BTg15LUjAgAA"
       },
       "Metadata": {
         "aws:cdk:path": "DemoStack/CDKMetadata/Default"