November 25, 2021, Conformity—The following features and updates will be released
to Conformity on 29th November 2021.
New API Endpoints for:
GCP Account Onboarding
- Create GCP Organisation: `POST/gcp/organisations`
- Create GCP Account: `POST/accounts/gcp`
- List GCP Projects in an Organisation: `GET/v1/gcp/organisations/{id}/projects`
Azure Subscriptions Onboarding
- Onboard Azure Active Directory: `POST /azure/active-directories`
- List all subscriptions in an onboarded Azure Active Directory: `GET azure/active-directories/{directoryId}/subscriptions`
Bug Fixes
- Fixed a bug where a Conformity user and a CloudOne user having the same email address trying to reset the password over the Conformity screen was resulting in an error.
- Fixed a bug to prevent the same checks from being generated on different GCP projects that are onboarded in the same service account.
Custom Policy Updates
- There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.34. Click here to access the latest custom policy
New Rules
GCP
- CloudSQL-004:Enable SSL/TLS for Cloud SQL Incoming Connections: This rule checks whether secure SSL/TLS is used for Incoming Connections to Cloud SQL server database instances.
- ComputeEngine-002: Enforce HTTPS Connections for App Engine Applications: This rule ensures that all connections made to your Google App Engine applications are using HTTPS in order to protect against eavesdropping and data exposure.
Rule Updates
- Route53-011: Remove AWS Route 53 Dangling DNS Records: Updated primary resource from “hosted zone” to “hosted zone's record” to allow-list IPs and record names. Please note that only records with AWS IPs can generate checks.
Note: resourceID has changed from "hosted zone" to "hosted zone-record name" (e.g.
used to be "/hostedzone/xxxx" and now "/hostedzone/xxxx-domain.com."). You’ll need
to update the existing resourceID exceptions and suppression settings accordingly.
- RTM now supports RDS DB cluster events rules.