Skip to content

Releases: iKnowJavaScript/terraform-aws-vulne-soldier

v2.0.0 - Automated Remediation

04 Jul 23:00
@iKnowJavaScript iKnowJavaScript
v2.0.0
3bf3b17
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0 - Automated Remediation Latest
Latest

Release Notes

What's Changed

Prerequisites

Important:
The AWS Systems Manager (SSM) agent must be installed and running on all EC2 instances you wish to remediate. This is required for the module to function.

Major Enhancements

  • Automated Remediation (v2):
    Remediation is now fully automated using EventBridge rules, running by default with the NoReboot option for minimal disruption. You can update this option as needed.

  • Flexible Remediation Options:
    remediation_options is now a list of objects, allowing you to define multiple remediation configurations within a single deployment. Each object can specify unique settings (such as region, tags, and severities), enabling fine-grained, multi-region remediation without the need to duplicate resources. This streamlines management and supports complex, multi-region use cases with a single module instance.

  • Configurable Scheduling:
    Added remediation_schedule_days variable to allow users to specify which days of the month remediation should run (default: 15th and last day).
    Remediation targets are now scheduled dynamically for each configuration and schedule day.

  • Optional SNS Notifications:
    Added ssn_notification_topic_arn variable. SNS notification targets are only created if this variable is set. Allows user to get notified whenever an EventBridge rule triggers the remediation Lambda function.

  • Variable Naming Improvements:
    Renamed lambda_zip to path_to_lambda_zip for clarity and consistency.

  • Compatibility Updates:

    • AWS provider version updated to ~> 5.0.
    • Lambda runtime updated to nodejs20.x.

  • IAM Policy Tightening:
    IAM policies now use more specific ARNs for logs, SSM, and Inspector permissions.

  • Example and Documentation Updates:
    Examples and documentation updated to reflect new variable names, list-based remediation options, and scheduling.

Walkthrough Video

A walkthrough video for v2 is available:
assets/v2-walkthrough.mov

Upgrade Notes:

  • Existing users must update their configuration to use remediation_options as a list of objects.
  • If you want scheduled remediation, set remediation_schedule_days (defaults to 15th and last day).
  • If you use SNS notifications, set ssn_notification_topic_arn.

Thank you for using and contributing to vulne-soldier!

Full Changelog: v1.0.3...v2.0.0

Contributors

iKnowJavaScript
Assets 3
Loading

Release v0.0.3 - Validate variables

25 Jan 23:44
@iKnowJavaScript iKnowJavaScript
v1.0.3
ffad25b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v0.0.3 - Validate variables

What's Changed

New Contributors

Full Changelog: https://github.com/iKnowJavaScript/terraform-aws-vulne-soldier/commits/v1.0.3

Contributors

iKnowJavaScript
Loading

Release v1.0.2

14 Jan 15:28
@iKnowJavaScript iKnowJavaScript
v1.0.2
50ca5ba
Compare
Choose a tag to compare
Release v1.0.2

What's Changed

New Contributors

Full Changelog: https://github.com/iKnowJavaScript/terraform-aws-vulne-soldier/commits/v1.0.2

Contributors

iKnowJavaScript
Loading

v1.0.1

14 Jan 14:14
@iKnowJavaScript iKnowJavaScript
v1.0.1
1d24d11
Compare
Choose a tag to compare
v1.0.1

Full Changelog: v1.0.0...v1.0.1

Loading

Initial Release

14 Jan 13:55
@iKnowJavaScript iKnowJavaScript
v1.0.0
2084129
Compare
Choose a tag to compare
Initial Release

Release 1.0

Loading