December 08, 2022, Conformity—Impact of AWS EventBridge Cross-Account IAM Role Changes
on Conformity
The following features and updates are now available with Conformity's latest release
on 08 December 2022.
From 16 February 2023, all new AWS EventBridge Cross-account event bus targets will
require an IAM role. This change will affect new Conformity Real Time Monitoring (RTM)
EventBridge configurations but does not immediately affect the existing Conformity
customers.
What is the change?
To increase security, AWS will soon require creating an IAM role for new Cross-account
event bus targets. Consequently, Conformity will update the RTM installation process
for new accounts to comply with the new requirement.
- Fixed a bug to prevent Azure RTM events from being created intermittently by improving the logic of detecting duplicate events.
- Fixed a bug with the Security Group rules scanning by ignoring them if the Ingress or Egress rules cannot be extracted from the IaC template.
- Fixed a bug to return the error response of `200 with {data: []}` instead of `403` for service group API for an organisation without any account.
Custom Policy Updates
User Impact
AWS has confirmed that there will be no immediate impact on existing customers. If
you are an existing Conformity customer using RTM, there is no deadline and you will
be able to update your RTM resources after 16 February 2023 at your own pace.
Resolution
We are working on updating the authentication method and installation script for RTM.
The new script will allow you to install or update RTM in your AWS accounts in line
with the new IAM role requirements from AWS.