3.1.0

v3.1.0 by @ashmeetp in #39

Overview

This release focuses on significant performance improvements and reliability enhancements, introducing parallel processing, caching mechanisms, and improved error handling while maintaining full compatibility with existing configurations.

What's New

Performance Improvements

1. Parallel Processing

   • Implemented ThreadPoolExecutor with configurable worker pools
     • 10 workers for account assignments
     • 20 workers for read/list operations
   • Parallel execution of permission set operations (provisioning, deprovisioning, deletion)
   • Concurrent processing of account assignments and policy management

2. Caching & Optimization

   • New CacheManager class with TTL for API results
   • Optimized AWS API connection pooling
   • Reduced redundant API calls through intelligent caching
   • Improved batch processing for API operations

3. Reliability Enhancements

   • Robust Error Handling
     • Implemented exponential backoff retry logic
   • Enhanced exception handling with granular control
   • Improved throttling and conflict management

4. Code Quality Improvements

   • Added comprehensive type hints
   • Implemented consistent logging patterns
   • Enhanced code documentation
   • Reorganized code structure for better maintainability
   • Added cache statistics for monitoring

Bug Fixes

1. Resolved race conditions in assignment operations
2. Fixed empty inline policies handling
3. Improved provisioning status checks
4. Enhanced API throttling handling
5. Fixed concurrent provisioning request issues

Compatibility

• Fully compatible with existing deployments
• No breaking changes
• Supports both pre-3.0.0 and post-3.0.0 configuration file structures

Testing

Performance improvements have been validated in both management account and delegated administrator scenarios, demonstrating significant execution time reduction in large-scale environments.

---

Full Changelog: 3.0.0...3.1.0

3.0.0

What's New

v3.0.0 by @ashmeetp in #17

• Auto generation of permission sets and mapping files
• Migration from Lambda based solution to CodeBuild Project for improved timeout and memory
• Support for account names and OU names/path in target mappings
• Support for permission boundaries, both customer managed and AWS managed policies
• Syntax validation for permission sets and mapping files - Initial recommendation and implementation by @lowpast #16
• Implemented CodePipeline V2
• Added support for CodeConnections for external Git providers, in addition to AWS CodeCommit

Full Changelog: 2.1.0...3.0.0

---

3.0.0

• Fixed issues with whitespace handling in permission set and group names.
• Corrected validation logic for various fields in permission sets and mapping files.
• Addressed potential race conditions in account assignment operations.
• Fixed the timeout issue in automation.
• Updated the Lambda runtime to the latest python3.12 in delegated-admin.py
• Updated pipeline stage names to better reflect their purpose.

Feel free to refer to the CHANGELOG for more details.

Update API, bug fixes to paginated response and validation

What's Changed

• Parse scan update by @fengyueyuzhe in #8
• Update api by @ashmeetp in #11

Full Changelog: 2.0.0...2.1.0

---

2.1.0

• Bug fix: Added the missing InstanceArn=ic_instance_arn to allow proper functioning of list_accounts_for_provisioned_permission_set API for more than 100 items in response.
• Bug fix: S3 Object versions are now referenced in the Lambda configuration to allow subsequent updates to lambda package code.
• Updated the list_groups API to get_group_id API and removed the use of deprecated filter method to obtain group Id by name in the auto-assignment.py.
• Updated the Lambda runtime to the latest python3.12.
• Updated SNS subscription protocol to email in the identity-center-automation.template to send formatted and prettier JSON message for better readability.
• Updated the Identity Center automation pipeline to the recommended event-driven pipeline.
• Updated pipeline stage names to better reflect their purpose.

Feel free to refer to the CHANGELOG for more details.

Support delegated administration and AWS Control Tower enabled accounts

A big shout out to Ashmeet for his contributions to the repository in this release!

New Feature

• Updated identity-center-stacks-parameters.json to get additional parameters from users to support delegated administration for Identity Center and AWS Control Tower enabled accounts.
• Updated codepipeline-stack.template to support delegated administration for Identity Center and AWS Control Tower enabled accounts.
• Added IC-Delegate-Admin.yml to allow delegating administration for IAM Identity Center to a Organization member account.
• Updated architecture_diagram.png to reflect new features in the architecture diagram.
• Updated identity-center-automation.template to support delegated administration for Identity Center and AWS Control Tower enabled accounts.
• Updated identity-center-s3-bucket.template to support delegated administration for Identity Center and AWS Control Tower enabled accounts.
• Updated buildspec-param.yml to support delegated administration for Identity Center and AWS Control Tower enabled accounts.
• Updated auto-assignment.py to support delegated administration for Identity Center and AWS Control Tower enabled accounts.
• Updated auto-permissionsets.py to support delegated administration for Identity Center and AWS Control Tower enabled accounts.

Feel free to refer to the CHANGELOG for more details.

1.1.0

1.1.0

• Updated auto-permissionsets.py file to support customer managed policy in permission set.
  • Updated the permission set example 5-example-sec-readonly.json.
• Updated auto-permissionsets.py and identity-center-automation.template to support custom permission set session duration.
  • Default session duration is set to 1 hour.
  • Updated the permission set example 1-example-admin.json.

1.0.0

• Initial release after service rebranding.