v2.5.0

• Support for opt-in deletion of Stack Set resources. This functionality is only supported when using the manifest v2 schema. Opting in to the new functionality reduces the overhead of manually deleting resources provisioned by CfCT.

  • In the manifest v2 schema, the enable_stack_set_deletion flag is set to false by default. In this configuration, when a resource is removed from Customizations for Control Tower's manifest, no actions will be taken against the StackSet removed.

  • Once opting into enable_stack_set_deletion by setting its value to true in the manifest, Removing a resource in its entirety from the manifest will delete the StackSet and all owned resources.

  • https://docs.aws.amazon.com/controltower/latest/userguide/cfct-delete-stack.html

Note: With enable_stack_set_deletion set to true, on the next invocation of CfCT, ALL resources not declared in the manifest, that start with the prefix CustomControlTower- and have the associated Tag: "Key": "AWS_Solutions", "Value": "CustomControlTowerStackSet" will be deleted

• Bug Fix: Resolves a bug with CFCT versions >= 2.0.0 where using a v1 manifest format and defining a resource block without a parameter_file attribute (which is optional in v1 manifests) causes the CFCT pipeline to fail.

v2.4.0

• Add support for CfCT pipeline to fail if any stack instances within a stack set deployment have failed
  • New template parameter EnforceSuccessfulStackInstances can be set to True to achieve this behaviour
  • Previously, when customers set high fault tolerance values to get concurrent stack instance deployments, the CfCT pipeline would succeed even when stack instances failed, which caused cascading failures for customer workflow dependencies
• Bug-Fix: Add non-interactive flag to dpkg-reconfigure to support non-US-ACSII characters in template #121

v2.3.1

• Reduce CodeBuild runtime by removing unnecessary apt-get upgrade and apt-mark hold commands
• Update CodeBuild container image to aws/codebuild/standard:5.0. This should reduce CodeBuild queued and provisioning stage wait times.
• Fix bug related to Service Control Policy (SCP) deployment in organizations with >100 SCPs

v2.3.0

• Pinned version for MarkupSafe dependency to 2.0.1 due to pallets/jinja#1585
• Pinned version of Amazon Corretto to java-1.8.0-amazon-corretto-jdk due to #102
• Moved python code into its own package
• Building the solution from source now requires Python 3.6 or higher
• Customers should now download the Customizations for AWS Control Tower CloudFormation Template from GitHub instead of S3

v2.2.0

Added

• Added support for organization Root as an OU for manifest schema version "2021-03-15". #8
• Added support for nested OU for manifest schema version "2021-03-15". #19
• Added support for CAPABILITY_AUTO_EXPAND for SAM. #78

Changed

• Fixed the issue that SSM parameter names were not output to logs for troubleshooting. #68
• Fixed the issue that resources starting with "S3" were incorrectly parsed as empty buckets. #65
• Fixed the issue that customization example folder was missing from the github repository. #71

v2.1.0

Added

• Added option to enable concurrency to deploy StackSets operations in regions in parallel.
• Added support for UTF-8 encoded CloudFormation templates. #55

Changed

• Support list of SSM Parameter Store keys as CloudFormation parameter value. #43
• Use environment variable for Update StackSet API #50
• Handle account names with overlapping string #45
• Handle SCP policy tag name with whitespace.
• Update parsing logic to learn manifest version in the manifest.

v2.0.0

Added

• Support for new simplified manifest schema (version "2021-03-15"). This does not impact existing customers using manifest version "2020-01-01".

Changed

• Optimization to skip update Stack Set workflow when only new accounts are added to the Stack Set.
• Ability to create only Stack Sets if the account list is empty. This allows users to configure Stack Set resources with empty Organizational Units. Ref:GitHub Issue 42
• Pinned versions for all the third-party packages.
• Update cfn-nag package to v0.7.2 to utilize new rules. This may result in new failures and warning in the build stage. However, it would help you identify new issues.
• Update default branch name to 'main'.
• Add support for https path for the resource file in the manifest.

v1.2.1

[1.2.1] - 2020-10-01

Changed

• Fix the issue related to incompatibility between latest version of BotoCore and AWS CLI. Ref:Boto3 Issue #2596