Skip to content

v2.0.0 - Automated Remediation

Latest
Latest
Compare
Choose a tag to compare
@iKnowJavaScript iKnowJavaScript released this 04 Jul 23:00
v2.0.0
3bf3b17
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release Notes

What's Changed

Prerequisites

Important:
The AWS Systems Manager (SSM) agent must be installed and running on all EC2 instances you wish to remediate. This is required for the module to function.

Major Enhancements

  • Automated Remediation (v2):
    Remediation is now fully automated using EventBridge rules, running by default with the NoReboot option for minimal disruption. You can update this option as needed.

  • Flexible Remediation Options:
    remediation_options is now a list of objects, allowing you to define multiple remediation configurations within a single deployment. Each object can specify unique settings (such as region, tags, and severities), enabling fine-grained, multi-region remediation without the need to duplicate resources. This streamlines management and supports complex, multi-region use cases with a single module instance.

  • Configurable Scheduling:
    Added remediation_schedule_days variable to allow users to specify which days of the month remediation should run (default: 15th and last day).
    Remediation targets are now scheduled dynamically for each configuration and schedule day.

  • Optional SNS Notifications:
    Added ssn_notification_topic_arn variable. SNS notification targets are only created if this variable is set. Allows user to get notified whenever an EventBridge rule triggers the remediation Lambda function.

  • Variable Naming Improvements:
    Renamed lambda_zip to path_to_lambda_zip for clarity and consistency.

  • Compatibility Updates:

    • AWS provider version updated to ~> 5.0.
    • Lambda runtime updated to nodejs20.x.

  • IAM Policy Tightening:
    IAM policies now use more specific ARNs for logs, SSM, and Inspector permissions.

  • Example and Documentation Updates:
    Examples and documentation updated to reflect new variable names, list-based remediation options, and scheduling.

Walkthrough Video

A walkthrough video for v2 is available:
assets/v2-walkthrough.mov

Upgrade Notes:

  • Existing users must update their configuration to use remediation_options as a list of objects.
  • If you want scheduled remediation, set remediation_schedule_days (defaults to 15th and last day).
  • If you use SNS notifications, set ssn_notification_topic_arn.

Thank you for using and contributing to vulne-soldier!

Full Changelog: v1.0.3...v2.0.0

Contributors

iKnowJavaScript
Assets 3
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy