Open menu

28 July 2021 - Rule Update Notice

Custom Policy Updates

There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.32.

Click here to access the latest Custom Policy.

Conformity Bot Updates

  1. Boosted error handling to prevent outdated or inconsistent checks.
  2. Improvements to prevent Conformity Bot from running longer than expected for European accounts.

Rule Updates

  1. EC2-072 - EC2 Instance Not In Public Subnet

    This rule has been updated to allow exceptions based on EC2 Instances by name matched with a regex expression pattern.

  2. IAM-066 - AWS IAM Groups with Admin Privileges

    This rule has been updated to allow exceptions based on tags and resource id.

Bug Fixes

  1. IAM-046: Support Role
    Fixed a bug where the rule generated false positives due to the throttling of the attached entities.
  2. Fixed a bug where the following rules failed to generate any checks because of inability to pull data from the ECS Service.
    • ECS-003: Check for Amazon ECS Service Placement Strategy
    • ECS-004: Check for Fargate Platform Version
  3. Fixed a bug that prevents checks from being generated when there are a large number of exclusions for the following rules:
    • Inspector-002: Days since last Amazon Inspector run
    • Inspector-003: Check for Amazon Inspector Exclusions Updated
  4. EKS-002: Kubernetes Cluster Version
    Fixed a bug to update the rule to the latest Amazon EKS Kubernetes version 1.20.