Merge pull request #44 from aws-solutions/feature/v2.1.1

Update to version v2.1.1

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.1] - 2024-11-27
+
+### Changed
+
+- Updated dependencies to address cross-spawn CVE-2024-21538
+
 ## [2.1.0] - 2024-06-17
 
 ### Added

README.md

@@ -37,7 +37,7 @@ With the release of v2.1.0, AWS Shield Advanced customers have the option to dep
 
 The default deployment of solution pre-packaged template deploys following infrastructure in your account. The architecture can be grouped into two separate workflows: **Policy manager** and **Compliance report generator**.
 
-<img src="architecture.pdf" width="600" height="350">
+<img src="./architecture.png" width="600" height="350">
 
 **Policy Manager**: The component is responsible for CRUD operations on the Firewall Manager security policies.
 
@@ -47,7 +47,7 @@ The default deployment of solution pre-packaged template deploys following infra
 
 If you are an AWS Shield Advanced subscriber and choose to deploy the `aws-fms-shield-automations` CloudFormation template, the following resources will be automatically created in your deployment account.
 
-<img src="./shield-architecture.png" width="600" height="338">
+<img src="shield-automations-architecture.png" width="600" height="338">
 
 **Policy Manager**: Deployed by the Primary solution stack. This component is responsible for CRUD operations on the Firewall Manager security policies.
 

deployment/aws-fms-automations.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.0",
+  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.1",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -58,7 +58,7 @@
       "Solution": {
         "SolutionId": "SO0134",
         "SolutionName": "automations-for-aws-firewall-manager",
-        "SolutionVersion": "v2.1.0",
+        "SolutionVersion": "v2.1.1",
         "UserAgentPrefix": "AwsSolution"
       }
     }
@@ -84,13 +84,13 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assetc965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip"
         },
         "LayerName": "AFM-UtilsLayer"
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/AFM-UtilsLayer/AFM-UtilsLayer-Layer/Resource",
-        "aws:asset:path": "asset.645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip",
+        "aws:asset:path": "asset.c965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip",
         "aws:asset:is-bundled": false,
         "aws:asset:property": "Content"
       }
@@ -136,7 +136,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset1ed19d411f0511f6e78cdaba0af5e1b28c60664d5ae88424daaba952ad8d2952.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assete7cb5e2dea0686ba3f722f727f4b423ddd2bfac37dabf17c6c04f94a970a9553.zip"
         },
         "Description": {
           "Fn::Join": [
@@ -330,7 +330,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
         },
         "Description": "AWS CDK resource provider framework - onEvent (CommonResourceStack/HelperProvider)",
         "Environment": {
@@ -500,7 +500,7 @@
             ]
           }
         },
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/automations-for-aws-firewall-manager/v2.1.0/aws-fms-compliance.template"
+        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/automations-for-aws-firewall-manager/v2.1.1/aws-fms-compliance.template"
       },
       "UpdateReplacePolicy": "Delete",
       "DeletionPolicy": "Delete",
@@ -529,7 +529,7 @@
             "Ref": "EmailAddress"
           }
         },
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/automations-for-aws-firewall-manager/v2.1.0/aws-fms-policy.template"
+        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/automations-for-aws-firewall-manager/v2.1.1/aws-fms-policy.template"
       },
       "UpdateReplacePolicy": "Delete",
       "DeletionPolicy": "Delete",

deployment/aws-fms-compliance.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager compliance reporter resources. Version v2.1.0",
+  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager compliance reporter resources. Version v2.1.1",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -34,7 +34,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.1.0",
+        "SolutionVersion": "v2.1.1",
         "UserAgentPrefix": "AwsSolution"
       },
       "Compliance": {
@@ -53,13 +53,13 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assetc965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip"
         },
         "LayerName": "AFM-UtilsLayer"
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/ComplianceGeneratorStack/AFM-UtilsLayer/AFM-UtilsLayer-Layer/Resource",
-        "aws:asset:path": "asset.645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip",
+        "aws:asset:path": "asset.c965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip",
         "aws:asset:is-bundled": false,
         "aws:asset:property": "Content"
       }
@@ -494,7 +494,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/assetffef4eabe37b41395dd2b67d0a9bc744c8349c98fd5551e6c3c9cfaed7b192ae.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/asset7e132bb3e75b685b9582edb61790c7e0e5f6c82d1e1c6d7d57fad08d0f0f7843.zip"
         },
         "DeadLetterConfig": {
           "TargetArn": {

deployment/aws-fms-demo.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager demo resources. Version v2.1.0",
+  "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager demo resources. Version v2.1.1",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Resources": {
     "testcloudfronts3S3LoggingBucket90D239DD": {

deployment/aws-fms-policy.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134-po) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.0",
+  "Description": "(SO0134-po) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.1",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -65,7 +65,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.1.0",
+        "SolutionVersion": "v2.1.1",
         "UserAgentPrefix": "AwsSolution"
       },
       "PolicyManager": {
@@ -307,13 +307,13 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assetc965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip"
         },
         "LayerName": "AFM-UtilsLayer"
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/PolicyStack-DefaultPolicy/AFM-UtilsLayer/AFM-UtilsLayer-Layer/Resource",
-        "aws:asset:path": "asset.645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip",
+        "aws:asset:path": "asset.c965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip",
         "aws:asset:is-bundled": false,
         "aws:asset:property": "Content"
       }
@@ -760,7 +760,7 @@
               {
                 "Ref": "AWS::Region"
               },
-              "/automations-for-aws-firewall-manager/v2.1.0/policy_manifest.json\",\"Key\":\"policy_manifest.json\"},\"physicalResourceId\":{\"id\":\"1728402214962\"},\"logApiResponseData\":true}"
+              "/automations-for-aws-firewall-manager/v2.1.1/policy_manifest.json\",\"Key\":\"policy_manifest.json\"},\"physicalResourceId\":{\"id\":\"1732588519861\"},\"logApiResponseData\":true}"
             ]
           ]
         },
@@ -875,7 +875,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset97f30e67419a1676a2215492723e5add1aa491caf0cbe2dd878fc4fab0468cd4.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/asset97f30e67419a1676a2215492723e5add1aa491caf0cbe2dd878fc4fab0468cd4.zip"
         },
         "Handler": "index.handler",
         "Role": {
@@ -1070,7 +1070,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset1371dd8d359d3577356c5bc1315c52c31fec101b757c893a9406955e7c4a9261.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assetf91af2212d14e3f9d6376511d6c31f975d421193831cd9fd25e75990590c8cbb.zip"
         },
         "DeadLetterConfig": {
           "TargetArn": {

deployment/aws-fms-prereq.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134N) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.0",
+  "Description": "(SO0134N) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.1",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -49,7 +49,7 @@
       "Solution": {
         "SolutionId": "SO0134N",
         "SolutionName": "automations-for-aws-firewall-manager",
-        "SolutionVersion": "v2.1.0",
+        "SolutionVersion": "v2.1.1",
         "GlobalStackSetName": "FMS-EnableConfig-Global",
         "RegionalStackSetName": "FMS-EnableConfig-Regional",
         "UserAgentPrefix": "AwsSolution"
@@ -67,13 +67,13 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assetc965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip"
         },
         "LayerName": "AFM-UtilsLayer"
       },
       "Metadata": {
         "aws:cdk:path": "PreReqStack/AFM-UtilsLayer/AFM-UtilsLayer-Layer/Resource",
-        "aws:asset:path": "asset.645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip",
+        "aws:asset:path": "asset.c965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip",
         "aws:asset:is-bundled": false,
         "aws:asset:property": "Content"
       }
@@ -119,7 +119,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset1ed19d411f0511f6e78cdaba0af5e1b28c60664d5ae88424daaba952ad8d2952.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assete7cb5e2dea0686ba3f722f727f4b423ddd2bfac37dabf17c6c04f94a970a9553.zip"
         },
         "Description": "DO NOT DELETE - FMS helper function",
         "Environment": {
@@ -300,7 +300,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
         },
         "Description": "AWS CDK resource provider framework - onEvent (PreReqStack/HelperProvider)",
         "Environment": {
@@ -421,7 +421,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset09d2df55bf165f35846951f6366b22f705edf6cd16bdbab7e3bb57225e8adad6.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/asset0113fbcf7789a7926df4dce02ff886d04d75127836298db2a10c3547f3a38449.zip"
         },
         "Description": "Function to validate and install pre-requisites for the FMS solution",
         "Environment": {
@@ -838,7 +838,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
         },
         "Description": "AWS CDK resource provider framework - onEvent (PreReqStack/PreReqProvider)",
         "Environment": {

deployment/aws-fms-proactive-event-response.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134P) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.0",
+  "Description": "(SO0134P) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.1",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -71,7 +71,7 @@
       "Solution": {
         "SolutionId": "SO0134P",
         "SolutionName": "automations-for-aws-firewall-manager",
-        "SolutionVersion": "v2.1.0",
+        "SolutionVersion": "v2.1.1",
         "UserAgentPrefix": "AwsSolution"
       }
     }
@@ -97,13 +97,13 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assetc965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip"
         },
         "LayerName": "AFM-UtilsLayer"
       },
       "Metadata": {
         "aws:cdk:path": "ProactiveEventResponseStack/AFM-UtilsLayer/AFM-UtilsLayer-Layer/Resource",
-        "aws:asset:path": "asset.645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip",
+        "aws:asset:path": "asset.c965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip",
         "aws:asset:is-bundled": false,
         "aws:asset:property": "Content"
       }
@@ -149,7 +149,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset1ed19d411f0511f6e78cdaba0af5e1b28c60664d5ae88424daaba952ad8d2952.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assete7cb5e2dea0686ba3f722f727f4b423ddd2bfac37dabf17c6c04f94a970a9553.zip"
         },
         "Description": {
           "Fn::Join": [
@@ -382,7 +382,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
         },
         "Description": "AWS CDK resource provider framework - onEvent (ProactiveEventResponseStack/HelperProvider)",
         "Environment": {

deployment/aws-fms-shield-automations-prereq.template

@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134S) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.0",
+  "Description": "(SO0134S) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.1",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Mappings": {
     "ShieldAutomationsPrereqStackMap": {
@@ -10,7 +10,7 @@
       "Solution": {
         "SolutionId": "SO0134N",
         "SolutionName": "automations-for-aws-firewall-manager",
-        "SolutionVersion": "v2.1.0",
+        "SolutionVersion": "v2.1.1",
         "UserAgentPrefix": "AwsSolution"
       },
       "ShieldAutomationsPrereq": {
@@ -34,13 +34,13 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assetc965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip"
         },
         "LayerName": "AFM-UtilsLayer"
       },
       "Metadata": {
         "aws:cdk:path": "ShieldAutomationsPrereqStack/AFM-UtilsLayer/AFM-UtilsLayer-Layer/Resource",
-        "aws:asset:path": "asset.645e48137124194ac7fe230538be6da8f9f43ec7279262e6125db4628b35f4bf.zip",
+        "aws:asset:path": "asset.c965a81477226dc8ad191791e3f5719ab4fea400b7f1197de8016f0765c68b4f.zip",
         "aws:asset:is-bundled": false,
         "aws:asset:property": "Content"
       }
@@ -86,7 +86,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset1ed19d411f0511f6e78cdaba0af5e1b28c60664d5ae88424daaba952ad8d2952.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/assete7cb5e2dea0686ba3f722f727f4b423ddd2bfac37dabf17c6c04f94a970a9553.zip"
         },
         "Description": {
           "Fn::Join": [
@@ -313,7 +313,7 @@
           "S3Bucket": {
             "Fn::Sub": "solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.0/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.1/asset3542be390685e0c8353d92ccb5796d343cd93ca946b6b0de798004206a199adc.zip"
         },
         "Description": "AWS CDK resource provider framework - onEvent (ShieldAutomationsPrereqStack/HelperProvider)",
         "Environment": {