July 28, 2021, Conformity—The following updates were released to Conformity on 28th
July 2021.
Communication Channels Update
- Webhook: Updated the Webhook Communication Channel to send checks that have been deleted due to a user removing/deleting a resource. These checks delivered will have an additional field "isDeleted: true" to differentiate them from the current checks being sent via webhook.
- Jira: Updated the Jira Communication Channel 'Create' and ‘Update' screens to no longer support swapping to an alternative connection type (OAuth or API token) to reduce the risk of breaking a successfully configured channel.
Cloud One Users
- With SSOv2 can now access Conformity via Cloud One UI. See our help page on SSoV2 Public API.
- Will receive account update emails if they have a valid email address in Conformity
Scan a Profile with Template Scanner
- Users without Admin privileges can now select and scan a Profile in Template Scanner via Conformity UI or API by calling the `/profiles` API.
Bug Fixes
- Fixed a bug to reduce the number of failed Schedule Reports generation.
- Fixed a bug to return the correct API response when a user typed a value while filtering regions.
- Fixed a bug to add an account name and account environment to the body of the system-disabled Conformity bot notification email.
- Fixed a bug with Template Scanner API Response body to include the actual accountId in the `account` field only when the `accountId` field is passed in the request body.
- Fixed a bug to successfully process intrinsic functions as arguments of '!Join' in the Template Scanner.
- Fixed a bug where Reports generated with individual checks did not display the Total counts on the PDF report correctly.
Custom Policy Updates
- There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.32. Click here to access the latest custom policy.
Conformity Bot Updates
- Boosted error handling to prevent outdated or inconsistent checks.
- Improvements to prevent Conformity Bot from running longer than expected for European accounts.
Rule Updates
- EC2-072 - EC2 Instance Not In Public Subnet: This rule has been updated to allow exceptions based on EC2 Instances by name matched with a regex expression pattern.
- IAM-066 - AWS IAM Groups with Admin Privileges: This rule has been updated to allow exceptions based on tags and resource id.
Rule Bug Fixes
- IAM-046: Support Role: Fixed a bug where the rule generated false positives due to the throttling of the attached entities.
- EKS-002: Kubernetes Cluster Version: Fixed a bug to update the rule to the latest Amazon EKS Kubernetes version 1.20.
- Fixed a bug where the following rules failed to generate any checks because of inability to pull data from the ECS Service:
- ECS-003: Check for Amazon ECS Service Placement Strategy
- ECS-004: Check for Fargate Platform Version
- Fixed a bug that prevents checks from being generated when there are a large number of exclusions for the following rules:
- Inspector-002: Days since last Amazon Inspector run
- Inspector-003: Check for Amazon Inspector Exclusions Updated