Custom Policy Updates
The custom policy has been updated to version 1.30 as a result of the new deployment. You’ll need to update your custom policy to the latest version.
The permissions added include:
Click here to access the new Custom Policy.
SSM-003: Check for SSM Managed Instances
This rule ensures that all EC2 instances are managed by AWS Systems Manager (SSM) service.
- S3-028: Enable Amazon S3 Bucket Keys
This rule ensures that Amazon S3 buckets are using S3 bucket keys to optimize service costs.
ComputeOptimizer-002: Compute Optimizer Auto Scaling Group Findings
This rule ensures that your Amazon EC2 Auto Scaling groups are optimized for better performance and cost savings.
- ECR-004: Check for Fargate Platform Version
This rule ensures that your Amazon Elastic Container Service (ECS) cluster services are using the latest version of AWS Fargate platform to receive new, or improved capabilities, features, and security updates.
- ECS-005: Check for ECS Container Instance Agent Version
This rule ensures that your Amazon ECS cluster instances are running the latest version of ECS container agent to receive new or improved features and security updates.
CFM-007: AWS CloudFormation Drift Detection
This rule ensures that Amazon CloudFormation stacks have not been drifted from their expected template configuration.
Improved the following rules to prevent them from generating false positives:
- CWE-001: AWS CloudWatch Events In Use
- CT-001: CloudTrail Enabled
- CT-005: CloudTrail Global Services Enabled
Support-001: Support Plan
- Inspector-001: Amazon Inspector Findings
Optimized the rule and its performance to prevent throttling for AWS Inspector APIs when facing a large number of resources. The rule now focuses on generating checks for the latest Assessment Run findings instead of old Assessment Runs and their findings.