1.0.7

[1.0.7] - 2021-08-16

Improvements

• Add KMSKeyEnabledKeyRotation rule
• Bump pycfmodel to 0.10.4

1.0.6

[1.0.6] - 2021-07-28

Improvements

• Add S3BucketPublicReadAclRule rule

1.0.5

[1.0.5] - 2021-07-29

Improvements

• Add EKS permissions that accept wildcard resource only

1.0.4

[1.0.4] - 2021-06-03

Improvements

• Add stack_id to log output when failing to convert a YML template to JSON.
• Various minor test improvements
• Added CLI args for aws account id and aws principals
• Fix an issue in S3BucketPublicReadAclAndListStatementRule where it could crash if the model was unresolved
• Center logo (thanks @lpmi-13)
• Run tests in python 3.9

1.0.3

[1.0.3] - 2021-03-30

Improvements

• Downgrade logging severity from exception to warning when there is no stack in AWS

1.0.2

[1.0.2] - 2021-03-26

Improvements

• Handle AWS throttling errors when listing exports for a given account and region
• If we get a throttling error, we actually sleep for some time before retrying (before we were sleeping for 0 seconds)

1.0.1

[1.0.1] - 2021-03-25

Improvements

• Decrease logging level when loading external filters
• Decrease logging level on known AWS errors such as AccessDenied when listing exports and
  throttling errors on getting a template from AWS CloudFormation.

1.0.0

[1.0.0] - 2021-03-16

Breaking changes

• Filter include the set of rules in which it is applied.
• RuleConfig only contains rule_mode and risk_value now.
• Removes old whitelisting methods in favour of Filters
• Rename RuleMode.WHITELISTED to RuleMode.ALLOWED, and all whitelist word in strings.
• Add debug flag to Filter class.

Improvements

• Implements pluggy https://github.com/pytest-dev/pluggy to enable dynamic rule loading.
• Add support to load filters from external files

0.23.3

[0.23.3] - 2021-02-15

Additions

• All rules now support filter contexts!

Improvements

• Update WildcardResourceRule to allow for certain resources to be excluded.

0.23.2

[0.23.2] - 2021-02-04

Bugfix

• GenericWildcardPrincipalRule to ignore account IDs where full or partial wildcard is required in the Principal.
  These accounts should be AWS Service Accounts defined in the config.
• Fix CLI flag --rules-config-file

Improvements

• Update ResourceSpecificRule to allow for certain resources to be excluded. In particular, the
  PrivilegeEscalationRule will now no longer be invoked for S3BucketPolicy resources.
• Add rules config for Kinesis Data Firehose IPs that can be applied