1.13.5

• Update the check for service dependencies to support deployment in opt-in regions without SSM public parameter support. (#501)
• Increase timeout for aft-account-request-action-trigger Lambda to 10 minutes. (#494)

1.13.4

• Change AWS CodeStar Connections to AWS CodeConnections for connecting to third party VCS providers. Customers with an existing external VCS connection will need to:
  • Re-authorize the connection through AWS Developer Tools console. Learn more on updating your connection here.
  • Run aft-invoke-customizations for all accounts to update the source for account pipelines.

1.13.3

• Update log message input validation for enhanced logging security
• Shorten CodeConnection name to fit within 32 character limit when using GitLab self-managed VCS (#508)
• Upgrade to using V2 of AWS CodePipelines which allows additional parameters for release safety and trigger configuration (#438)
• Update Terraform configurations to remove deprecation warnings (#430)

1.13.2

• Add support for GitLab and GitLab self-managed as version control systems (VCS) alternatives for AFT (#102). Learn more on how to set up AFT using GitLab here.

1.13.1

• Upgrade setuptools to version >=70.0.0 and requests to version 2.32.2
• Update log messages for enhanced logging security

1.13.0

• Add support for AWS Regions: Asia Pacific (Hyderabad, Jakarta, and Osaka), Israel (Tel Aviv), Middle East (UAE), and AWS GovCloud (US-East) Region. Customers with these Regions as their AWS Control Tower home Region can now deploy account customizations using the AFT framework.
• Upgrade the default version of Terraform used to deploy user-defined Terraform modules to 1.6.0
• Upgrade botocore to version 1.31.17 and boto3 to version 1.28.17
• Add access logging for AFT backend primary S3 bucket

1.12.2

• Mitigate IAM errors caused by eventual consistency during initial AFT deployment by adding a delay between provisioning IAM roles and AWS CodeBuild projects.

1.12.1

• AFT deployment will be unsuccessful if AWS Control Tower is set up in a home Region where AFT dependencies are not available.
• Upgrade the minimum supported version of Terraform to 1.2.0.
  • Note: This change does not affect the deployment configuration of user-defined Terraform modules on existing AFT deployments.

1.12.0

• AFT can now be deployed without the use of a VPC and related private networking resources (NAT Gateways, VPC endpoints) by setting the aft_enable_vpc parameter to false. This configuration allows customers to further customize their AFT deployment. aft_enable_vpc = true by default.

  • NOTE: When enabling VPC by toggling aft_enable_vpc from false to true, you may need to run terraform apply twice in succession. This is a known public issue with the Terraform AWS Provider.

• An expiration or retention period can now be set for the following AFT resources -

  • AWS Backup recovery point retention period through the backup_recovery_point_retention parameter. backup_recovery_point_retention = None by default. (#295)
  • Log archive S3 bucket objects expiration through the log_archive_bucket_object_expiration_days parameter. log_archive_bucket_object_expiration_days = 365 days by default. (#405)

• Upgrade the Python requests library version in aft-lambda-layer.

• Ensure the AFT VPC default Security Group has no inbound/outbound rules, complying with AWS Foundational Security Best Practices. (#275)

• Bug Fix: Add missing retention period for CloudWatch Log Groups associated with the Lambda and CodeBuild. (#290)

• Bug Fix: Fix invalid resource type for action in IAM policy. (#408)

1.11.1

• Bugfix: Replace use of the deprecated template_file resource with the preferred templatefile function. Fixes a bug introduced in AFT 1.11.0 that could cause failure to deploy or update AFT on some newer computer architectures.