Views:
July 28, 2021, Conformity—The following updates were released to Conformity on 28th July 2021.
Communication Channels Update
  • Webhook: Updated the Webhook Communication Channel to send checks that have been deleted due to a user removing/deleting a resource. These checks delivered will have an additional field "isDeleted: true" to differentiate them from the current checks being sent via webhook.
  • Jira: Updated the Jira Communication Channel 'Create' and ‘Update' screens to no longer support swapping to an alternative connection type (OAuth or API token) to reduce the risk of breaking a successfully configured channel.
Cloud One Users
  • With SSOv2 can now access Conformity via Cloud One UI. See our help page on SSoV2 Public API.
  • Will receive account update emails if they have a valid email address in Conformity
Scan a Profile with Template Scanner
  • Users without Admin privileges can now select and scan a Profile in Template Scanner via Conformity UI or API by calling the `/profiles` API.
Bug Fixes
  • Fixed a bug to reduce the number of failed Schedule Reports generation.
  • Fixed a bug to return the correct API response when a user typed a value while filtering regions.
  • Fixed a bug to add an account name and account environment to the body of the system-disabled Conformity bot notification email.
  • Fixed a bug with Template Scanner API Response body to include the actual accountId in the `account` field only when the `accountId` field is passed in the request body.
  • Fixed a bug to successfully process intrinsic functions as arguments of '!Join' in the Template Scanner.
  • Fixed a bug where Reports generated with individual checks did not display the Total counts on the PDF report correctly.
Custom Policy Updates
Conformity Bot Updates
  • Boosted error handling to prevent outdated or inconsistent checks.
  • Improvements to prevent Conformity Bot from running longer than expected for European accounts.
Rule Updates
  • EC2-072 - EC2 Instance Not In Public Subnet: This rule has been updated to allow exceptions based on EC2 Instances by name matched with a regex expression pattern.
  • IAM-066 - AWS IAM Groups with Admin Privileges: This rule has been updated to allow exceptions based on tags and resource id.
Rule Bug Fixes
  • IAM-046: Support Role: Fixed a bug where the rule generated false positives due to the throttling of the attached entities.
  • EKS-002: Kubernetes Cluster Version: Fixed a bug to update the rule to the latest Amazon EKS Kubernetes version 1.20.
  • Fixed a bug where the following rules failed to generate any checks because of inability to pull data from the ECS Service:
  • ECS-003: Check for Amazon ECS Service Placement Strategy
  • ECS-004: Check for Fargate Platform Version
  • Fixed a bug that prevents checks from being generated when there are a large number of exclusions for the following rules:
  • Inspector-002: Days since last Amazon Inspector run
  • Inspector-003: Check for Amazon Inspector Exclusions Updated