Releases: fivexl/terraform-aws-cloudtrail-to-slack
4.2.1
4.2.0
What Changed:
Breaking Changes
It was decided to discontinue pushing the AccessDeniedByEvent metric that was added in the previous 4.1.0 release of CloudTrailToSlack. Because this metric was pushed by event type, it resulted in excessive costs.
New functionality
- Now, by default, every time Lambda receives an
AccessDenied
event, it pushes aTotalAccessDeniedEvents
metric to CloudWatch. This metric is pushed for all access-denied events, including events ignored by rules. To separate ignored events from the total, the module also pushes aTotalIgnoredAccessDeniedEvents
metric to CloudWatch. Both metrics are placed in theCloudTrailToSlack/AccessDeniedEvents
namespace. This feature allows you to gain more insights into the number and dynamics of access-denied events in your AWS Organization. This functionality can be disabled by settingpush_access_denied_cloudwatch_metrics
tofalse
. - Fix and update examples in the
/examples
directory
Internal changes:
- Fix log formatter to properly display set and str logs.
- Fix passing boolean variables from Terraform to Python.
- More logs for debugging purposes
- Refactor rule processing to separate ignored events from others.
- Update dependencies
- Bump urllib3 from 1.26.16 to 1.26.19 in /src by @dependabot in #68
Full Changelog: 4.1.0...4.2.0
4.1.0
What's Changed
- Export CloudWatch metrics by @irazzhivin in #66
CloudTrail-to-Slack Lambda function now pushes CloudWatch metrics for all AccessDenied events, recording both the total number of such events and categorizing them by event name. This allows for monitoring and alerting on spikes in AccessDenied errors, enabling the creation of dashboards and alerts to manage these events in the AWS environment. - Bump black from 23.7.0 to 24.3.0 in /src by @dependabot in #59
- Bump urllib3 from 1.26.18 to 1.26.19 in /src by @dependabot in #61
New Contributors
- @irazzhivin made their first contribution in #66
Full Changelog: 4.0.2...4.1.0
4.0.2
4.0.1
Change python version requirements from pinned 3.10.10 to 3.10.10 <= X <= 4.0.0 range
4.0.0
Introduced a Slack App variant for configurations, enabling:
Posting duplicated events to a thread of the previous Slack message with a configurable duration for "considering" previous events.
Introduced an SNS as another destination for notifications.
Default Rules:
Made minor fixes to the existing default rules.
Introduced more rules for:
Stopping Cloudtrail logs.
Updating, deleting, and configuring the Trail.
Updating the configuration and code of the Cloudtrail to Slack lambda.
Notifications:
Slack will be notified if an object is deleted from the Access logs bucket.
Error Handling:
The module now continues parsing events even if an error is encountered. In case of a ParsingEventError, a notification is sent to Slack.
Logging:
Improved logging
Log levels
Testing:
Added tests for every default rule.
Integrated message processing tests within CI.
Dependencies: Updated internal dependencies and modules.
Configuration:
Added validation for module configurations.
Introduced an S3 notification filter prefix.
Breaking Changes:
Renamed the branch from master
to main
.
Full Changelog: 3.2.2...4.0.0
3.2.2
- update default rules: catch Client.UnauthorizedOperation and other UnauthorizedOperation, also catch more AccessDenied events
- default rules bug fix. "*" is not supported inside rules templates
Full Changelog: 3.2.0...3.2.2
3.2.0
- update lambda module to 4.10.1
- allow setting memory for the lambda and bump default to 256
- update lambda runtime to python 3.9
Full Changelog: 3.1.1...3.2.0