Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.32.
Conformity Bot Updates
- Boosted error handling to prevent outdated or inconsistent checks.
- Improvements to prevent Conformity Bot from running longer than expected for European accounts.
- EC2-072 - EC2 Instance Not In Public Subnet
This rule has been updated to allow exceptions based on EC2 Instances by name matched with a regex expression pattern. 2. IAM-066 - AWS IAM Groups with Admin Privileges
This rule has been updated to allow exceptions based on tags and resource id.
- IAM-046: Support Role
Fixed a bug where the rule generated false positives due to the throttling of the attached entities.
- Fixed a bug where the following rules failed to generate any checks because of inability to pull data from the ECS Service.
- ECS-003: Check for Amazon ECS Service Placement Strategy
- ECS-004: Check for Fargate Platform Version
- Fixed a bug that prevents checks from being generated when there are a large number of exclusions for the following rules:
- Inspector-002: Days since last Amazon Inspector run
- Inspector-003: Check for Amazon Inspector Exclusions Updated
- EKS-002: Kubernetes Cluster Version
Fixed a bug to update the rule to the latest Amazon EKS Kubernetes version 1.20.