Release v5.6

✨ New Policies

• 45701fb - add policy ecc-aws-021-ebs-volume_without_recent_snapshot
• 777acbf - add policy ecc-aws-054-iam_policies_full_administrative_privileges
• 1f5a85d - add policy ecc-aws-069-s3_bucket_should_not_allow_all_actions_from_all_principals
• 72fd7ca - add policy ecc-aws-154-elasticsearch_domains_have_at_least_three_data_nodes
• 3b6eb77 - add policy ecc-aws-301-sqs_dead_letter_queue_enabled
• 8180989 - add policy ecc-aws-363-kinesis_video_stream_encrypted_with_kms_cmk
• f6b2d62 - add policy ecc-aws-437-s3_bucket_object_lock_enabled

🔧 Updates

• 97ac0dc - update release job in .github/workflow/ci.yaml
• abb018a - update policy 310
• 25dcce2 - update policy minimal IAM permissions file for a number of policies
• 3e11dd2 - update iam/All-permissions_*.json
• ed98c9a - update policy 071
• 1affa74 - update policy 482
• 3d23314 - update flight test in workflows
• 1fcd3f3 - add 'version-custodian' file
• 0fb2aa7 - add action to generate rule list wiki page
• b1f8d7f - update policy minimal IAM permissions file for a number of policies (see the list in the commit message)
• e7edc4a - update policies 057, 222, 223, 224, 489, 490, 494, 529, 549, 576
• a272e00 - update policy 299
• e04485b - update description for policies 111, 194, 512
• 04747f5 - update IAM permissions files for a number of policies (see the list in the commit message)
• dcc7049 - update policy 111
• 60c56d3 - update policies 010, 011
• cb1fe86 - add flight tests for non-compatible policies
• 89a9a7d - update description for policy 013
• 372f928 - update IAM permissions files for a number of policies (see the list in the commit message)
• fa01dd8 - add ruleset release job
• d6c807b - update policies 444, 445, 446, 447, 448, 508
• 7a402b7 - update policies 484
• 7a86d57 - update non-compatible policy 458
• da0e5ce - update policy source in 'comment' filed to latest CIS Benchmarks
• fbbfafe - update policy IAM permissions file for 143,144,159, 462
• 04cdf9c - update policy 369 to be supported by open source Cloud Custodian
• 28c860f - update 'comment' for policy 602
• a415b77 - update policy 058 to be supported by open source Cloud Custodian
• 7d88cc7 - update iam/All-permissions_*.json
• 386924e - add unit-test for policies 134, 135
• 8edf44f - update Python version from 3.8 to 3.10 for flight tests in ci.yaml
• 2cd6228 - update policy 295
• 08122bd - update policies 040, 497
• e2b3b85 - update policies 283, 434, 461, 508, 536, 549, 598
• e2ede9d - update policies 190, 520
• d7f178e - update policy 004
• 580b13a - update policy 164
• 7f83c14 - update policy 353
• d4fb0f3 - update 'comment' field for a number of policies (see the list in the commit message)
• beddc78 - update policy 112
• 64dc035 - update 'description' in a number of policies
• e6af2ef - update 'description' for policy 537
• 36bd04e - update policies 006, 026
• c5cd4ce - update policy 224
• 08a7383 - update policy 099
• ad44a77 - update flight test and IAM permissions for policy 133
• 3000f3e - update policy 052 to be supported by open source Cloud Custodian
• bbd23c9 - update policies 143, 144 to be supported by open source Cloud Custodian
• eb27b7a - update policy 358 to be supported by open source Cloud Custodian

🩹 Policy Fixes

• 33f34c8 - fix policy 072
• 5b3a3da - update policies 159, 160, 161, 162
• 5589cfd - fix typo in description for policy 502

🩹 Terraform Fixes

• ee2bac2 - fix terraform for policy 137
• 9f278ff - fix terraform for policy 281
• 37294f6 - 013
• 87d8972 - fix terraform for 367

➖ Deletions

• 477511a - deprecate policy 068

Release v5.3

🔧 Updates

• 5dccbef - update policy 196

➖ Deletions

• 847882d - delete policy 356 as duplicate of 214

Release v5.2

🔧 Updates

• 7b1d175 - update permissions for policy 443
• 13ceb62 - update policy 156
• 0633cf5 - update policy 536
• 0705498 - update policy 067
• 19725be - updated iam/All-permissions_2.json and iam for policies 016 and 133
• f21173e - update policy 286
• e11cabb - update ci.yaml
• 18debed - update IAM permissions for policy 872
• b5fba76 - update policy 434
• 13fec2e - update policy 040
• 87c0119 - update policies 366 and 368
• 6aed3f2 - update policies 192, 407

Release v5.1

🩹 Terraform Fixes

• 28de880 - fix terraform for policies 440, 441

➖ Deletions

• 63ab3ef - deprecate policy 207

Release v5.0

✨ New Policies

• 1f3b9fc - added policy ecc-aws-218-secrets_manager_rotation_enabled
• 7428c6c - added policy ecc-aws-219-secrets_manager_successful_rotation_check
• efd83c8 - added policy ecc-aws-220-secrets_manager_unused_secret

🔧 Updates

• da86c3c - update iam/All-permission_*.json files
• 6f9805f - update terraforms 001-288 to provider version 5
• 0bba04a - update terraforms 289-347 to provider version 5
• 169df56 - update terraform to provider version 5 for policies 348, 349, 366, 377, 378, 379, 458, 462, 469, 471, 472, 489, 490, 517, 531
• 5575d28 - update terraform to provider version 5 for policies 386, 387, 388, 374, 491, 492, 493, 494, 520, 521, 365, 510, 506, 505, 534
• 4d0821b - update terraforms to provider version 5 for a number of policies (see the list in the commit message)
• 750679f - update terraforms to provider version 5 for a number of policies (see the list in the commit message)
• 989598f - update iam permissions for policies 396 and 476
• 9695259 - update CI to support releases instead of CHANGELOG.md

🩹 Terraform Fixes

• 3608353 - fixed terraform for policy 186
• f333850 - fix terraform for policies 383, 384, 385, 474, 475, 476, 479, 488, 513, 514, 529, 552, 503, 504, 461

➖ Deletions

• 205475a - delete terraform for policy 016

Release v4.0

✨ New Policies

• 5254033 - added policy ecc-aws-571-stopped_rds_instances_removed
• 738f42b - added policy ecc-aws-572-disabled_kms_keys_removed
• beb24ca - added policy ecc-aws-573-unused_nat_gateway
• cd5cc3f - added policy ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances
• bb3e948 - added policy ecc-aws-576-ec2_instance_dedicated_tenancy
• 0a9ea6d - added policy ecc-aws-577-reserved_ec2_instance_payment_failed
• 2115d78 - added policy ecc-aws-578-reserved_ec2_instance_payment_pending
• 6a6db51 - added policy ecc-aws-579-reserved_ec2_instance_recent_purchases
• deffe48 - added policy ecc-aws-580-reserved_instance_lease_expiration_in_30_days
• 6edbb11 - added policy ecc-aws-581-reserved_instance_lease_expiration_in_7_days
• f7c3aa5 - added policy ecc-aws-582-ecs_service_placement_strategy
• 26ebbec - added policy ecc-aws-610-idle_ec2_instance
• 27c142e - added policy ecc-aws-594-underutilized_rds_instance_storage
• 3f062a3 - added policy ecc-aws-614-idle_rds_instance
• 9dabefa - added policy ecc-aws-604-efs_without_lifecycle_management
• 537e1fe - added policy ecc-aws-601-auto_scaling_group_statically_configured
• 96f4899 - added policy ecc-aws-067-unauthorized_api_calls_alarm_exists
• e0902d1 - added policy ecc-aws-493-ecs_container_insights_enabled
• 1e356f7 - added policy ecc-aws-376-api_gateway_http_api_and_websocket_api_logs_not_enabled
• a68480d - added policy ecc-aws-872-access_to_cloudshell_restricted
• f96d13e - added policy ecc-aws-549-ec2_instance_previous_generation
• 6d7b1f0 - added policy ecc-aws-583-elb_classic_metadata
• cff94e1 - added policy ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1
• 5c119e8 - added policy ecc-aws-590-rds_general_purpose_ssd_storage_type
• ee0c927 - added policy ecc-aws-598-redshift_instance_generation
• 113c7d8 - added policy ecc-aws-566-opensearch_auto_tune_enabled
• 4471865 - added policy ecc-aws-602-cloudwatch_logs_with_no_log_retention_period
• 203dd37 - added policy ecc-aws-586-elasticsearch_general_purpose_ssd_volume
• 6ec8467 - added policy ecc-aws-630-ec2_ami_not_in_use
• 22888bc - added policy ecc-aws-591-reserved_rds_instance_payment_failed
• 4267de2 - added policy ecc-aws-569-asg_propagate_tags_to_ec2_instances
• 3477e96 - added policy ecc-aws-077-sign_in_without_mfa_alarm_exist
• 4c9c06e - added policy ecc-aws-080-cloudtrail_configuration_changes_alarm_exists
• e49896e - added policy ecc-aws-079-iam_policy_changes_alarm_exist
• 4c25919 - added policy ecc-aws-145-organizations_changes_alarm_exists
• 3658a3b - added policy ecc-aws-094-s3_bucket_policy_changes_alarm_exists
• 743ef15 - added policy ecc-aws-082-cmk_key_disabling_or_deletion_alarm_exists
• 710bdbb - added policy ecc-aws-095-aws_config_configuration_changes_alarm_exists
• 1b7779f - added policy ecc-aws-081-console_auth_failure_alarm_exists
• 0d01684 - added policy ecc-aws-097-network_access_control_lists_changes_alarm_exists
• e664fca - added policy ecc-aws-100-vpc_changes_alarm_exists
• 4e3e5ff - added policy ecc-aws-096-security_group_changes_alarm_exists
• 8ce9cd5 - added policy ecc-aws-078-root_usage_alarm_exists
• cc9c290 - added policy ecc-aws-098-network_gateways_changes_alarm_exists
• bac0064 - added policy ecc-aws-099-route_table_changes_alarm_exists
• dfd9278 - added policy ecc-aws-595-reserved_redshift_node_payment_failed
• 897fbc2 - added policy ecc-aws-596-reserved_redshift_node_payment_pending
• 33a6486 - added policy ecc-aws-587-elasticsearch_reserved_instance_payment_failed
• 004e5ea - added policy ecc-aws-588-elasticsearch_reserved_instance_payment_pending
• 7ac3dee - added policy ecc-aws-592-reserved_rds_instance_payment_pending
• 092f994 - added policy ecc-aws-589-elasticsearch_reserved_instance_recent_purchases
• a47b972 - added policy ecc-aws-593-reserved_rds_instance_recent_purchases
• ce87620 - added policy ecc-aws-597-reserved_redshift_node_recent_purchases

🔧 Updates

• 63631e0 - updated policy 499
• ee05e81 - updated policies 040, 283, 310, 434, 461, 508
• a638744 - split permissions into two files
• 0dd9539 - updated a number of policies (see the list in the commit message)
• a1f8c6a - updated policies 272, 283, 310, 461, 497, 508

🩹 Policy Fixes

• 0047710 - fixed policy ecc-aws-258-emr_at_rest_and_in_transit_encryption_enabled
• [b2bd85e](b2bd85e3b4bcd3c4...

Release v3.0

✨ New Policies

• 9f014d6 - added policy ecc-aws-547-rds_instance_generation
• 11ef8ce - added policy ecc-aws-552-dynamodb_tables_unused
• f0dc7d1 - added policy ecc-aws-553-unused_clb
• cbe41ca - added policy ecc-aws-560-unused_sns_topic

🔧 Updates

• 1fb3342 - added index(comment) to all rules
• 0b6311c - updated policy ecc-aws-548-ebs_volumes_are_of_type_gp3_instead_of_gp2
• ea93aa3 - updated comment field for all policies
• cd33519 - updated policy 043

🩹 Policy Fixes

• 595a1b0 - fixed policy 298

Release v2.0

✨ New Policies

• b54d258 - added non compatible policies (see the list in the commit message)
• 5e4393b - added a number of terraform files for policies (see the list in the commit message)
• 3e9aed2 - added policy ecc-aws-807-unused_efs_filesystem
• 4d48faf - added policy ecc-aws-1005-ebs_volumes_too_old_snapshots
• 737f6e8 - added policy ecc-aws-526-waf_global_rulegroup_not_empty (commit by @anna-shcherbak)
• 075a903 - added policy ecc-aws-529-ebs_attached_volume_delete_on_termination_enabled (commit by @anna-shcherbak)
• e7208b3 - added policy ecc-aws-543-cloudfront_realtime_logging_enabled (commit by @anna-shcherbak)
• ad35d4c - added policy ecc-aws-546-kinesis_streams_retention_period_set_correctly (commit by @anna-shcherbak)
• 5810523 - added policy ecc-aws-548-ebs_volumes_are_of_type_gp3_instead_of_gp2

🔧 Updates

• 84be271 - re-index all policies (commit by @anna-shcherbak)

🩹 Terraform Fixes

• 5dd197c - fixed a number of terraform files for policies (see the list in the commit message)

🩹 Test Fixes

• a9870e4 - fixed tests for policy 490 (commit by @anna-shcherbak)
• e54a209 - fixed tests for policy 111 (commit by @anna-shcherbak)

📝 Documentation Changes

• 55363ec - added README.md for non-compatible-policies

Release v1.0

Initial Release