Prowler 3.6.1 - Boots On

Fixes

• fix(rds checks): test if key exists prior checking it by @n4ch04 in #2489
• fix(security hub): Adds logic to map to valid ASFF statuses by @ckdake in #2491
• fix(route53): correct Hosted Zone ARN by @sergargar in #2494
• fix(asff): handle empty Recommendation Url by @sergargar in #2496

New Contributors

• @ckdake made their first contribution in #2491

Full Changelog: 3.6.0...3.6.1

Prowler 3.6.0 - Boots On

Die With Your Boots On is a song of Iron Maiden's album Piece of mind, it is self explanatory, we like the vibe of that song in their lives, watch it here.
Basically, this is what we do here, we go all in or nothing! 💪🏼
We are bringing the best we have in this code of Prowler 3.6.0: some new checks, improved GCP support, new features, more fixes making it a better piece of software and more helpful for your daily job 😄
Remember to run pip install prowler --upgrade and rock on! 🤘

New features to highlight in this version:

🥳 GCP Multi-Project support:

• Prowler now supports GCP Multi-Project scans! By default Prowler will scan all the GCP Projects that is allowed to scan, if you want to scan a single project or various specific projects you can use the following flag:

prowler gcp --project-ids <Project ID 1> <Project ID 2> ... <Project ID N>

✅ 16 new checks for GCP (Thanks to @jit-contrib ! 💪🏼 ):

• New services ApiKeys, DNS and Dataproc are covered and additional checks for Compute and IAM services.
• See all checks with prowler gcp --list-checks

📝 OCSF Integration (Hello Amazon Security Lake!):

• OCSF JSON was added as a default output for AWS, Azure and GCP. It was based on the OCSF Schema's Security Finding v1.0.0-rc.3.

📊 AWS Well Architected Framework:

• The Security Pillar of the AWS Well-Architected Framework is now supported by Prowler, you can run it with the following command:

prowler aws --compliance aws_well_architected_framework_security_pillar_aws

⚙️ MFA supported in AWS:

• If your IAM entity enforces MFA for AWS Calls you can use --mfa and Prowler will ask you to input the following values to get a new session:

prowler aws --mfa
Enter ARN of MFA: arn:aws:iam::012345678910:mfa/xxxxxx
Enter MFA code: XXXXXX

What's Changed

Features

• feat(checks-gcp): Include 4 new checks covering GCP CIS by @jit-contrib in #2376
• feat(gcp): add 12 new checks for CIS Framework by @jit-contrib in #2426
• feat(gcp): add --project-ids flag and scan all projects by default by @sergargar in #2393
• feat(mfa): Add MFA flag if it is required by AWS IAM Entity by @senyberg in #2478
• feat(new_security_framework): AWS Well Architected Framework security pillar by @pedromarting3 in #2382
• feat(ocsf): add OCSF format as JSON output for AWS, Azure and GCP. Hello Amazon Security Lake! by @sergargar in #2429
• feat(vpc): add check vpc_subnet_no_public_ip_by_default by @senyberg in #2472
• feat(wellarchitected): add WellArchitected service and check by @sergargar in #2461

Fixes

• fix(arn validator): include : in regex by @n4ch04 in #2471
• fix(aws): Add missing resources ARN by @jfagoagas in #2453
• fix(azure): fix empty subscriptions case by @n4ch04 in #2455
• fix(backup): Handle last_execution_date when None by @jfagoagas in #2454
• fix(browser auth): fix browser auth in Azure to include tenant id by @n4ch04 in #2415
• fix(cloudfront): Bad https_enabled check comparison by @christiandavilakoobin in #2430
• fix(codebuild): handle FAIL in codebuild_project_user_controlled_buildspec by @sergargar in #2410
• fix(dataevents checks): add trails home region by @n4ch04 in #2484
• fix(ec2): handle false positive in ec2_securitygroup_allow_ingress_from_internet_to_any_port by @sergargar in #2449
• fix(ecr): handle LifecyclePolicyNotFoundException by @sergargar in #2411
• fix(efs): Include resource ARN and handle from input by @jfagoagas in #2452
• fix(inventory): handle exception for every call by @sergargar in #2457
• fix(kms): check only KMS CMK tags by @sergargar in #2468
• fix(README): add references to tenant-id when browser auth by @n4ch04 in #2439
• fix(services): Handle AWS service errors by @jfagoagas in #2440
• fix(services): verify Route53 records and handle TrustedAdvisor error by @sergargar in #2448
• fix(typo): typo in README.md by @sergargar in #2406
• fix(typo) typo in README.md by @toniblyx in #2407

Chores

• chore(arn): add missing ARNs to AWS Services by @sergargar in #2476
• chore(arn): include ARN of AWS accounts by @sergargar in #2477
• chore(boto3): update boto3 config by @sergargar in #2459
• chore(compliance): Update Description in aws_well_architected_framework_security_pillar_aws.json by @sssalim-aws in #2432
• chore(docs): add summary table to README.md by @toniblyx in #2402
• chore(docs): Create CONTRIBUTING.md by @toniblyx in #2416
• chore(docs): improve allowlist suggestion by @sergargar in #2466
• chore(docs): improve custom checks docs by @sergargar in #2428
• chore(logo): Add Prowler logo in SVG format & Propose to Prowler icon design by @dsict in #2423
• chore(quick inventory): add warning message by @sergargar in #2460
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2474
• chore(vpc): add mapPublicIpOnLaunch attribute to VPC subnets by @senyberg in #2470

Dependencies

• build(deps): bump alive-progress from 3.1.1 to 3.1.4 by @dependabot in #2446
• build(deps): bump boto3 from 1.26.142 to 1.26.147 by @dependabot in #2480
• build(deps): bump botocore from 1.29.147 to 1.29.152 by @dependabot in #2482
• build(deps): bump cryptography from 40.0.2 to 41.0.0 by @dependabot in #2436
• build(deps): bump google-api-python-client from 2.86.0 to 2.88.0 by @dependabot in #2483
• build(deps): bump mkdocs-material from 9.1.12 to 9.1.15 by @dependabot in #2420
• build(deps): bump pydantic from 1.10.8 to 1.10.9 by @dependabot in #2481
• build(deps-dev): bump coverage from 7.2.5 to 7.2.7 by @dependabot in #2422
• build(deps-dev): bump docker from 6.1.2 to 6.1.3 by @dependabot in #2445
• build(deps-dev): bump moto from 4.1.10 to 4.1.11 by @dependabot in #2443
• build(deps-dev): bump pytest-xdist from 3.3.0 to 3.3.1 by @dependabot in #2421
• build(deps-dev): bump pytest from 7.3.1 to 7.3.2 by @dependabot in #2479

New Contributors

• @jit-contrib made their first contribution in #2376
• @dsict made their first contribution in #2423
• @sssalim-aws made their first contribution in #2432
• @christiandavilakoobin made their first contribution in #2430
• @senyberg made their first contribution in #2470

Full Changelog: 3.5.3...3.6.0

Prowler 3.5.3 - Dune (To Tame a Land)

Fixes

• fix(ClientError): handle ClientErrors in DynamoDB and Directory Service by @sergargar in #2400
• fix(OSError): handle different OSErrors by @kij in #2398
• fix(allowlist) - tags parameter is a string, not a list by @kppullin in #2375
• fix(aws): Handle unique map keys by @jfagoagas in #2390
• fix(categories): remove empty categories from metadata by @sergargar in #2401
• fix(inspector2): fix active findings count by @sergargar in #2395
• fix(pypi-release): Push version change to the branch by @jfagoagas in #2374
• fix(route53_dangling_ip_subdomain_takeover): notify only IPs with AWS IP Ranges by @sergargar in #2396

Dependencies

• build(deps): bump azure-identity from 1.12.0 to 1.13.0 by @dependabot in #2386
• build(deps): bump boto3 from 1.26.125 to 1.26.138 by @dependabot in #2389
• build(deps): bump botocore from 1.29.134 to 1.29.138 by @dependabot in #2383
• build(deps): bump requests from 2.30.0 to 2.31.0 by @dependabot in #2388
• build(deps): bump shodan from 1.29.0 to 1.29.1 by @dependabot in #2385
• build(deps-dev): bump moto from 4.1.9 to 4.1.10 by @dependabot in #2384

Chores

• chore(quick-inventory): send quick inventory to output bucket by @sergargar in #2399
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2378

New Contributors

• @kij made their first contribution in #2398

Full Changelog: 3.5.2...3.5.3

Prowler 3.5.2 - Dune (To Tame a Land)

Fixes

• fix(action): solve pypi-release action creating the release branch by @sergargar in #2364
• fix(sts): Use the right region to validate credentials by @jfagoagas in #2349
• fix(resource_not_found): Handle error by @jfagoagas in #2370
• fix(ssm incidents): check if service available in aws partition by @sergargar in #2372

Chores

• chore(docs): format regions-and-partitions by @jfagoagas in #2371
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2366

Full Changelog: 3.5.1...3.5.2

Prowler 3.5.1 - Dune (To Tame a Land)

Fixes

• fix(README): order providers alphabetically by @sergargar in #2344
• fix(README): update Architecture image and PyPi links by @sergargar in #2345
• fix(route53): handle empty Records in Zones by @sergargar in #2351

Dependencies

• build(deps): bump pymdown-extensions from 9.11 to 10.0 by @dependabot in #2355
• build(deps): bump shodan from 1.28.0 to 1.29.0 by @dependabot in #2356
• build(deps): bump botocore from 1.29.125 to 1.29.134 by @dependabot in #2357
• build(deps-dev): bump pytest-xdist from 3.2.1 to 3.3.0 by @dependabot in #2358
• build(deps): bump mkdocs-material from 9.1.8 to 9.1.12 by @dependabot in #2359
• build(deps-dev): bump docker from 6.1.1 to 6.1.2 by @dependabot in #2360

Chores

• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2350
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2353

Full Changelog: 3.5.0...3.5.1

Prowler 3.5.0 - Dune (To Tame a Land)

I like the story behind this Iron Maiden song. Enjoy Prowler 3.5.0 - Dune!

New features to highlight in this version:

🥳 Slack integration:

• Prowler now supports Slack integrations! Send a summary of the execution with a Slack APP in your channel, see more in our Integrations Docs

✅ 9 new checks for AWS:

• New services covered like FMS and NetworkFirewall, additional checks for AutoScaling, Organizations, RDS, Route53, S3, SSM Incidents and Workspaces.
• New important checks:
  • iam_role_cross_account_readonlyaccess_policy Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts
  • route53_dangling_ip_subdomain_takeover Check if Route53 Records contains dangling IPs (based on https://github.com/assetnote/ghostbuster)
• See all checks withprowler aws --list-checks

🔨 Allowlist improvements:

• You can allowlist an specific service and include regex expressions in the tags, see more in our Allowlist Docs

What's Changed:

Features

• feat(allowlist): allowlist a specific service by @sergargar in #2331
• feat(allowlist): Support regexes in Tags to allow "or"-like conditional matching by @kppullin in #2300
• feat(autoscaling): new check autoscaling_group_multiple_az by @gabrielsoltz in #2273
• feat(FMS): New Service FMS and Check fms_accounts_compliant by @gabrielsoltz in #2259
• feat(iam): add iam_role_cross_account_readonlyaccess_policy check by @sergargar in #2312
• feat(NetworkFirewall): New Service and Check by @gabrielsoltz in #2261
• feat(Organizations): New check organizations_tags_policies_enabled_and_attached by @gabrielsoltz in #2287
• feat(pre-commit): added trufflehog to pre-commit by @n4ch04 in #2311
• feat(rds): new check rds_instance_deprecated_engine_version by @pedromarting3 in #2298
• feat(route53): add route53_dangling_ip_subdomain_takeover check by @sergargar in #2288
• feat(s3): add s3_bucket_object_lock check by @sergargar in #2274
• feat(slack): add Slack App integration by @sergargar in #2305
• feat(ssmincidents): Use regional_client region instead of audit_profile region by @gabrielsoltz in #2306
• feat(workspaces): New check workspaces_vpc_2private_1public_subnets_nat by @gabrielsoltz in #2286

Fixes

• fix(access-analyzer): Handle ResourceNotFoundException by @jfagoagas in #2336
• fix(apigateway2): correct paginator name by @sergargar in #2283
• fix(backup): Return [] when None AdvancedBackupSettings by @gabrielsoltz in #2304
• fix(backups): change severity and only check report_plans if plans exists by @gabrielsoltz in #2291
• fix(client_error): Handle errors by @jfagoagas in #2308
• fix(cloudfront_distributions_https_enabled): Add default case by @jfagoagas in #2329
• fix(cloudtrail): handle InsightNotEnabledException error by @sergargar in #2322
• fix(ecr): Refactor service by @jfagoagas in #2302
• fix(emr): Handle InvalidRequestException by @jfagoagas in #2320
• fix(iam): Handle ListRoleTags and policy errors by @jfagoagas in #2319
• fix(opensearch): Handle invalid JSON policy by @jfagoagas in #2262
• fix(rds): check configurations for DB instances at cluster level by @sergargar in #2277
• fix(resourceexplorer2): add resource id by @sergargar in #2335
• fix(s3): handle NoSuchBucket error by @sergargar in #2289
• fix(sagemaker): Handle ValidationException by @jfagoagas in #2321
• fix(sns_topics_not_publicly_accessible): Change PASS behaviour by @jfagoagas in #2282
• fix(trustedadvisor): avoid not_available checks by @sergargar in #2323
• fix(typo): remove redundant lines by @kagahd in #2307
• fix(typo): typo in backup_vaults_exist check title by @sergargar in #2317
• fix(vpc services): list to dicts in vpc and subnets by @n4ch04 in #2310

Chores

• chore(docs): improve GCP docs by @sergargar in #2318
• chore(docs): improve security hub docs by @sergargar in #2285
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2334

Dependencies

• build(deps): bump boto3 from 1.26.115 to 1.26.125 by @dependabot in #2327
• build(deps): bump botocore from 1.29.115 to 1.29.125 by @dependabot in #2301
• build(deps): bump google-api-python-client from 2.84.0 to 2.86.0 by @dependabot in #2296
• build(deps): bump mkdocs-material from 9.1.6 to 9.1.8 by @dependabot in #2294
• build(deps): bump mkdocs from 1.4.2 to 1.4.3 by @dependabot in #2324
• build(deps-dev): bump coverage from 7.2.3 to 7.2.5 by @dependabot in #2297
• build(deps-dev): bump docker from 6.0.1 to 6.1.1 by @dependabot in #2326
• build(deps-dev): bump moto from 4.1.8 to 4.1.9 by @dependabot in #2328
• build(deps-dev): bump pylint from 2.17.3 to 2.17.4 by @dependabot in #2325

New Contributors

• @kppullin made their first contribution in #2300

Full Changelog: 3.4.1...3.5.0

Prowler 3.4.1 - Still Life

Fixes

• fix(iam_role_cross_service_confused_deputy_prevention): avoid service linked roles by @sergargar in #2249
• fix(version): execute check current version function only when -v by @sergargar in #2263
• fix(log_group_retention): handle log groups that never expire by @jfagoagas in #2272

Chores

• chore(test): add rds_instance_transport_encrypted test by @sergargar in #2252
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2251
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2258
• chore(test): add CloudWatch and Logs tests by @sergargar in #2264

Builds

• build(deps-dev): bump pytest from 7.3.0 to 7.3.1 by @dependabot in #2266
• build(deps-dev): bump pylint from 2.17.2 to 2.17.3 by @dependabot in #2267
• build(deps-dev): bump moto from 4.1.7 to 4.1.8 by @dependabot in #2268
• build(deps): bump boto3 from 1.26.105 to 1.26.115 by @dependabot in #2269
• build(deps): bump azure-mgmt-security from 4.0.0 to 5.0.0 by @dependabot in #2270

Full Changelog: 3.4.0...3.4.1

Prowler 3.4.0 - Still Life

Take a look in the pool and what do you see
In the dark depths there faces beckoning me
Can't you see them it's plain for all to see
They were there oh I know you don't believe me

Still Life is one of those jewels that Iron Maiden has (well… aren’t jewels all their songs? 😉) and it is so good that they also included it in their live double vhs/dvd/cd/lp called “Maiden England” back in 1988. The song is based on a book from Ramsey Campbell called "The Inhabitant of the lake and less welcome tenants”, and it is about somebody that see ghosts in the bottom of a lake and gets crazy about that. They are like cloud security vulnerabilities, they are everywhere and seems to be hard to beat them. Listen to the song here 🔥Still Life🔥 while hardening and reading below what we did.

A brand new version of Prowler 3.4.0 at your command! This version won’t make your ghosts to disappear but will help you to put them in their place and in line to start the journey of getting rid of them. Time to shine up your boots with pip install prowler --upgrade.

New features to highlight in this version:

☁️ New support for Google Cloud with 43 checks!:

• GCP services covered: IAM, BigQuery, CloudSQL, CloudStorage, Compute, KMS and Logging.
• Run prowler gcp --list-checks for details and visit our Prowler GCP documentation here.

✅ 21 new checks for AWS:

• New services covered like Organizations best practices, SSM Incidents, Resource Explorer, Backup, additional checks for CloudTrail, ECR scan on push check updated, GuardDuty, VPC best practices, IAM (see these ones that will help you a lot!) thanks to @gabrielsoltz
• Watch out! iam_policy_no_administrative_privileges has been renamed to iam_customer_unattached_policy_no_administrative_privileges
• New important IAM checks:
  • [iam_aws_attached_policy_no_administrative_privileges] Ensure IAM AWS-Managed policies that allow full ":" administrative privileges are not attached - iam [high]
  • [iam_customer_attached_policy_no_administrative_privileges] Ensure IAM Customer-Managed policies that allow full ":" administrative privileges are not attached - iam [high]
  • [iam_customer_unattached_policy_no_administrative_privileges] Ensure IAM policies that allow full ":" administrative privileges are not created - iam [low]
• See all checks withprowler aws --list-checks

📊 New html report for Azure and GCP:

• When running Azure or GCP checks, html report is now also created for you to enjoy them during your security assessments.

⚙️ Custom checks now supported:

• You can create your custom checks inside Prowler or in your custom folders following our Developer Guide and a Tutorial about it here, new option -x/--checks-folder for your custom checks.

🏷️ Resource Tags supported in Allow list:

• Take advantage of Allow list during your scans also using tags filers, more information here https://docs.prowler.cloud/en/latest/tutorials/allowlist/.

What's Changed:

Features

• feat(allowlist): Add tags filter to allowlist by @sergargar in #2105
• feat(backup): New backup service and checks by @gabrielsoltz in #2172
• feat(banner): Include Azure credential banner by @n4ch04 in #2179
• feat(check): New Check and Service: resourceexplorer2_indexes_found by @gabrielsoltz in #2196
• feat(check): New check ecr_registry_scan_images_on_push_enabled by @sergargar in #2237
• feat(check): New CloudTrail check cloudtrail_insights_exist by @gabrielsoltz in #2184
• feat(check): New CloudTrail check cloudtrail_bucket_requires_mfa_delete by @gabrielsoltz in #2194
• feat(check): New GuardDuty check guardduty_centrally_managed by @gabrielsoltz in #2195
• feat(check): New VPC checks by @gabrielsoltz in #2218
• feat(checks): New IAM Checks no full access to critical services by @gabrielsoltz in #2183
• feat(checks): New IAM check iam_securityaudit_role_created by @gabrielsoltz in #2182
• feat(custom checks): Add -x/--checks-folder for custom checks by @sergargar in #2191
• feat(gcp): Add Google Cloud provider with 43 checks by @sergargar in #2125
• feat(html): Add html to Azure and GCP by @sergargar in #2181
• feat(new_checks): New AWS Organizations checks by @gabrielsoltz in #2133
• feat(orgs checks region): Add region to all Organizations checks by @n4ch04 in #2202
• feat(ssmincidents): New Service and Checks by @gabrielsoltz in #2219

Fixes

• fix(audit_info): Azure subscriptions parsing error by @n4ch04 in #2147
• fix(aws_provider): Fix assessment session name by @jfagoagas in #2132
• fix(azure output): Change default values of audit identity metadata by @n4ch04 in #2144
• fix(brew): Move brew formula action to the bottom by @sergargar in #2135
• fix(cloudformation): Handle ValidationError by @jfagoagas in #2166
• fix(dax): Call list_tags using the cluster ARN by @jfagoagas in #2167
• fix(defender service): Retrieve key dicts with get by @n4ch04 in #2129
• fix(delete check): Delete check ec2.._in_use_without_ingrgess_filtering by @n4ch04 in #2148
• fix(docs): Check extra_742 name adjusted in the V2 to V3 mapping by @cerontrustly in #2154
• fix(elb-test): Use a mocked current audit info by @jfagoagas in #2207
• fix(elbv2 desync check): Mixed elbv2 desync and smuggling by @n4ch04 in #2171
• fix(errors): Solve ECR and CodeArtifact errors by @sergargar in #2239
• fix(gcp): Handle error when Project ID is None by @sergargar in #2130
• fix(global services): Fix global services region by @n4ch04 in #2203
• fix(iam): Handle LimitExceededException when calling generate_credential_report by @jfagoagas in #2168
• fix(iam): Handle no display name error in service account by @sergargar in #2176
• fix(iam tests): Mock audit_info object by @sergargar in #2226
• fix(iam_policy_no_administrative_privileges): Check attached policies and AWS-Managed by @sergargar in #2200
• fix(kms): Handle empty principal error by @sergargar in #2192
• fix(logging): Add default resource id when no resources by @sergargar in #2177
• fix(output bucket): Solve IsADirectoryError using compliance flag by @sergargar in #2121
• fix(pipeline build): Fix wording when build and push by @n4ch04 in #2169
• fix(pypi): Set base branch when updating release version by @jfagoagas in #2152
• fix(quickinventory): AttributError when creating inventory table by @bnugent in #2122
• fix(rds): Handle DBSnapshotNotFound by @jfagoagas in #2165
• fix(readme): Add GCP provider to README introduction by @sergargar in #2143
• fix(redshift): correct description in redshift_cluster_automatic_upgrades by @rubtoa #2246
• fix(resourceexplorer2): Solve test and region by @sergargar in #2206
• fix(resource_not_found): Handle error by @jfagoagas in #2136
• fix(rds): exclude Aurora in rds_instance_transport_encrypted check by @sergargar #2245
• fix(s3): Handle if ignore_public_acls is None by @jfagoagas in #2128
• fix(secretsmanager_automatic_rotation_enabled): Improve description for Secrets Manager secret rotation by @visit1985 in #2156
• fix(ssm): Handle ValidationException when retrieving documents by @jfagoagas in #2146
• fix(test): Call cloudtrail_s3_dataevents_write_enabled check by @jfagoagas in #2204
• fix(test): Mock audit info in services #2208 #2210 #2211 http...

Prowler 3.3.4 - Sun and Steel [HOTFIX]

Fixes

• fix(docs): check extra_742 name adjusted in the V2 to V3 mapping by @cerontrustly in #2154
• fix(secretsmanager_automatic_rotation_enabled): Improve description for Secrets Manager secret rotation by @visit1985 in #2156
• fix(rds): Handle DBSnapshotNotFound by @jfagoagas in #2165
• fix(cloudformation): Handle ValidationError by @jfagoagas in #2166
• fix(iam): Handle LimitExceededException when calling generate_credential_report by @jfagoagas in #2168
• fix(dax): Call list_tags using the cluster ARN by @jfagoagas in #2167
• fix(pipeline build): fixed wording when build and push by @n4ch04 in #2169
• fix(elbv2 desync check): Mixed elbv2 desync and smuggling by @n4ch04 in #2171

Chores

• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2155 #2159 #2170 #2173

Dependencies

• build(deps-dev): bump pylint from 2.17.0 to 2.17.2 by @dependabot in #2161
• build(deps): bump mkdocs-material from 9.1.4 to 9.1.5 by @dependabot in #2162
• build(deps): bump botocore from 1.29.100 to 1.29.105 by @dependabot in #2163
• build(deps-dev): bump moto from 4.1.5 to 4.1.6 by @dependabot in #2164

New Contributors

• @cerontrustly made their first contribution in #2154
• @visit1985 made their first contribution in #2156

Full Changelog: 3.3.2...3.3.3

Prowler 3.3.3 - Sun and Steel

Fixes

• fix(docs): check extra_742 name adjusted in the V2 to V3 mapping by @cerontrustly in #2154
• fix(secretsmanager_automatic_rotation_enabled): Improve description for Secrets Manager secret rotation by @visit1985 in #2156
• fix(rds): Handle DBSnapshotNotFound by @jfagoagas in #2165
• fix(cloudformation): Handle ValidationError by @jfagoagas in #2166
• fix(iam): Handle LimitExceededException when calling generate_credential_report by @jfagoagas in #2168
• fix(dax): Call list_tags using the cluster ARN by @jfagoagas in #2167
• fix(pipeline build): fixed wording when build and push by @n4ch04 in #2169
• fix(elbv2 desync check): Mixed elbv2 desync and smuggling by @n4ch04 in #2171

Chores

• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2155 #2159 #2170 #2173

Dependencies

• build(deps-dev): bump pylint from 2.17.0 to 2.17.2 by @dependabot in #2161
• build(deps): bump mkdocs-material from 9.1.4 to 9.1.5 by @dependabot in #2162
• build(deps): bump botocore from 1.29.100 to 1.29.105 by @dependabot in #2163
• build(deps-dev): bump moto from 4.1.5 to 4.1.6 by @dependabot in #2164

New Contributors

• @cerontrustly made their first contribution in #2154
• @visit1985 made their first contribution in #2156

Full Changelog: 3.3.2...3.3.3