v2.8.2

• Update policies for CfCT roles to limit access to the CfCT KMS key only.
• Update dependencies
  • Jinja2 3.1.6
  • requests 2.32.4
  • boto3/botocore 1.34.162

v2.8.1

• Add support for Resource Control Policies (RCPs). RCPs help you ensure that resources in your accounts stay within
  your organization’s access control guidelines. Learn more here.
  • To set up a configuration package for Resource Control Polices, see CfCT customization guide.
• Add support for GitHub as a version control system (VCS) alternative for CfCT. (#21)
  • Learn more on how to set up CfCT using GitHub in the Set up GitHub as the configuration source section of the user guide.
• Add guidance on CodeCommit availability to new customers.

v2.7.3

• Update dependencies
  • PyYAML 5.4.1 (#154, #169)
  • Jinja2 3.1.4 (#169)
  • requests 2.32.2

v2.7.2

• Add support for AWS Regions: Asia Pacific (Hyderabad, Jakarta, and Osaka), Israel (Tel Aviv), Middle East (UAE), and AWS GovCloud (US-East). Customers with these Regions as their AWS Control Tower home Region can now deploy account customizations using the CfCT framework.
• Enable lifecycle configuration, enable access logging and add versioning on S3 buckets
• Enhance security and robustness through improved handling of file paths and highly compressed data
• Upgrade botocore to version 1.31.17 and boto3 to version 1.28.17

v2.7.1

• Update dependencies & runtimes (#186, #193)
  • Building the solution from source now requires Python 3.11 or higher
  • Update Python Lambda runtimes to 3.11
  • Update Ruby version to 3.3
  • Update CodeBuild container image to aws/codebuild/standard:7.0
• Pinned version for PyYAML to 5.3.1 due to yaml/pyyaml#724 (#183, #184)
• Pinned version for moto to 4.2.14.
• Add UpdateReplacePolicy and DeletionPolicy to lifecycle event queue and DLQ to improve deployment safety.

v2.7.0

• Resolve ConcurrentModificationException errors that occur during parallel SCP deployments due to a race condition when enabling SCPs (#175)
• Improve performance when querying for StackSet instance account IDs in large organizations (#174)
• The CFCT pipeline now triggers on UpdateManagedAccount Control Tower lifecycle events, in addition to CreateManagedAccount events (#173)
• Honor the CodeCommitBranchName stack parameter on the CFCT repo’s initial commit. The example code is now committed to your chosen branch instead of main (#117)
• Enable the use of privately registered CloudFormation resources in customization templates (for example, the AWSUtility::CloudFormation::CommandRunner resource type) (#76)
• CFCT now ignores non-existent OU targets when deploying SCPs, aligning with how non-existent OUs are treated when deploying StackSets (#126)

v2.6.0

• Now supported in the following regions: me-south-1, af-south-1, eu-south-1, ap-east-1, us-west-1.
• Manifest now allows the use of S3 global urls to download template files and uses regional urls as a fallback mechanism.
• Eventbased triggers for CodePipeline deployments now supported.

v2.5.3

• Bugfix: Add S3 bucket policy necessary for new CfCT deployments

v2.5.2

• Fix bug where adding a resource to the middle of the manifest file caused CFCT to submit step function executions for all remaining manifest resources even if those resources had no changes
• Drop polling wait time for step function execution status from 30s to 15s

v2.5.1

• Add support for AWS GovCloud
• Please note: using CFCT in AWS GovCloud requires the Control Tower home region to be AWS GovCloud West (us-gov-west-1)