updated change history based on fixing team dev permission set and bo…

…undary bug
cyberchankya · Feb 2, 2021 · 4f87489 · 4f87489
1 parent 2716fbe
commit 4f87489
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/content/00-intro/07-change-history.md b/content/00-intro/07-change-history.md
@@ -13,6 +13,7 @@ A history of notable changes to the guide.
 
 |Date|Change|Description|Upgrading|
 |----|------|-----------|---------|
+|February 2, 2021|**Fixed bug in team development AWS SSO permission set and permission boundary policy examples**|The AWS CloudFormation resource ARN had a bug in that it did not specify a wildcard `*` in the Region portion. Consequently, a builder using the team developer role could have deleted a stack with the name `StackSet-*` in their team development account. The fix was to insert a wildcard `*` in the Region portion of the ARN:<br><br>`"Resource": "arn:aws:cloudformation:*:*:stack/StackSet-*"`|**1. Update the team development permission boundary stack set:** Download the updated template [`example-infra-team-dev-boundary.yml`](/code-samples/iam-policies/example-infra-team-dev-boundary.yml). In the organization management account, go to CloudFormation StackSets, select the team development boundary stack set. Select **`Actions`** -> **`Edit StackSet details`**. Select **`Replace current template`** and select the newly downloaded template containing the fix. Keep the parameters the same. Provide the OU IDs for the development OUs. Deploy and monitor the process of updating the stack set.<br><br>**2. Update the team development AWS SSO permission set:** Access AWS SSO, select **`AWS accounts`** and **`Permission sets`**. Select the team development permission set. Select **`Edit permissions`** and insert the wildcard in the Region portion of the CloudFormation resource ARN. Select **`Save Policy`**, select all of the accounts, and select **`Reprovision`** to deploy the changes.|
 |November 9, 2020|**Certificate-based authentication for site-to-site VPN connections**|Updated the guide to highlight a GitHub repository that provides details on setting up certificate-based authentication for your site-to-site VPN connections.|To move from private shared key (PSK)-based authentication to using certificate-based authentication, you will need to create a new customer gateway and migrate your connection to use the new gateway.|
 |November 5, 2020|**New Environment guardrails section**|Consolidated and enhanced information about using guardrails for your AWS environment in support of security, operations, and compliance requirements.|Not applicable. New capability.|
 |October 29, 2020|**Alternative site-to-site VPN architectures and cost examples**|In the Hybrid Networking section, added alternative site-to-site VPN architecture to compare and contrast with the recommended use of AWS Transit Gateway. Included operational and cost considerations.|Not applicable. New capability.|