Merge pull request #251 from aws-solutions/release/v3.0.2

RELEASE 3.0.2

Author: jangidms

CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.0.2] - 2025-12-09
+
+### Changed
+
+- Enable lambda code updates with stack update
+- Python updated packages urllib3 (2.5.0 to 2.6.0), boto3 (1.40.39→1.40.76), botocore (1.40.39→1.40.76), AWS type stubs, cryptography (45.0.6→46.0.3), pydantic (2.11.7→2.12.5), werkzeug (3.1.3→3.1.4)
+- Npm updated packages in deployment
+
+### Added
+
+- Batch invite users
+- [SSM adaptive concurrency](https://docs.aws.amazon.com/systems-manager/latest/userguide/adaptive-concurrency.html) enabled for new accounts. Existing accounts are unaffected. Use CDK parameter `ENABLE_ADAPTIVE_CONCURRENCY` to toggle this feature
+- New runbook for SSM.7
+- Export CSV action to findings table
+
+### Fixed
+
+- New remediations are not updated in RemediationConfigurationDynamoDBTable
+
 ## [3.0.1] - 2025-11-20
 
 ### Changed

NOTICE.txt

@@ -74,6 +74,7 @@ This software includes third party software subject to the following copyrights:
 @aws-sdk/credential-provider-env under the Apache-2.0 license.
 @aws-sdk/credential-provider-http under the Apache-2.0 license.
 @aws-sdk/credential-provider-ini under the Apache-2.0 license.
+@aws-sdk/credential-provider-login under the Apache-2.0 license.
 @aws-sdk/credential-provider-node under the Apache-2.0 license.
 @aws-sdk/credential-provider-process under the Apache-2.0 license.
 @aws-sdk/credential-provider-sso under the Apache-2.0 license.
@@ -1008,6 +1009,7 @@ mypy under the MIT license.
 mypy-boto3-cloudformation under the MIT license.
 mypy-boto3-cloudfront under the MIT license.
 mypy-boto3-cloudwatch under the MIT license.
+mypy-boto3-dynamodb under the MIT license.
 mypy-boto3-ec2 under the MIT license.
 mypy-boto3-iam under the MIT license.
 mypy-boto3-s3 under the MIT license.

deployment/build-s3-dist.sh

@@ -99,7 +99,8 @@ main() {
         if [[ "${BUILD_ENV:-}" != "development" ]]; then
             echo -e "\033[1;33m===============================================================================\033[0m"
             echo -e "\033[1;33m⚠️  WARNING: BUILD_ENV is not set to 'development'. Localhost URLs will not be included in Cognito UserPoolClient configuration.\033[0m"
-            echo -e "\033[1;33mTo include localhost URLs for development, run: BUILD_ENV=development $0 $*\033[0m"
+            echo -e "\033[1;33mTo include localhost URLs for development, run: export BUILD_ENV=development\033[0m"
+            echo -e "\033[1;33mThen run: $0 $*\033[0m"
             echo -e "\033[1;33m===============================================================================\033[0m"
             echo ""
             sleep 2
@@ -162,18 +163,24 @@ main() {
     zip -q ${build_dist_dir}/lambda/remediation_config_provider.zip remediation_config_provider.py cfnresponse.py
     popd
 
+    header "[Pack] Enable Adaptive Concurrency Custom Action Lambda"
+
+    pushd "$source_dir"/solution_deploy/source
+    zip -q ${build_dist_dir}/lambda/enable_adaptive_concurrency.zip enable_adaptive_concurrency.py cfnresponse.py
+    popd
 
     header "[Pack] Wait Provider Lambda"
 
     pushd "$source_dir"/solution_deploy/source
     zip -q ${build_dist_dir}/lambda/wait_provider.zip wait_provider.py cfnresponse.py
+    popd
 
     header "[Pack] Orchestrator Lambdas"
 
     pushd "$source_dir"/Orchestrator
     ls | while read file; do
         if [ ! -d $file ]; then
-            zip -q "$build_dist_dir"/lambda/"$file".zip "$file"
+            zip -q "$build_dist_dir"/lambda/"${file%.*}".zip "$file"
         fi
     done
     popd
@@ -201,7 +208,7 @@ main() {
         pushd $dir/ticket_generator
         ls | while read file; do
             if [ ! -d $file ]; then
-                zip -q "$build_dist_dir"/lambda/blueprints/"$file".zip "$file"
+                zip -q "$build_dist_dir"/lambda/blueprints/"${file%.*}".zip "$file"
             fi
         done
         popd
@@ -253,6 +260,49 @@ main() {
     node app.js --target "$build_dist_dir/webui" --output webui-manifest.json
     mv webui-manifest.json $build_dist_dir/webui/webui-manifest.json
 
+    # IMPORTANT: Pack all lambda assets before this line
+
+    header "[Generate] Lambda Content Hashes"
+
+    # Generate content hashes for all Lambda zip files recursively
+    temp_mappings="$temp_work_dir/lambda_mappings.txt"
+    > "$temp_mappings"
+
+    find "$build_dist_dir"/lambda -type f -name "*.zip" | while read -r zip_file; do
+        relative_path="${zip_file#$build_dist_dir/lambda/}"
+        dir_path=$(dirname "$relative_path")
+        filename=$(basename "$zip_file")
+        hash=$(sha256sum "$zip_file" | cut -d' ' -f1 | cut -c1-8)
+        hashed_filename="${filename%.zip}-${hash}.zip"
+        
+        if [ "$dir_path" = "." ]; then
+            mv "$zip_file" "$build_dist_dir"/lambda/"$hashed_filename"
+            echo "$filename|$hashed_filename" >> "$temp_mappings"
+            echo "Generated hash for $filename: $hash"
+        else
+            mv "$zip_file" "$build_dist_dir"/lambda/"$dir_path"/"$hashed_filename"
+            echo "$dir_path/$filename|$dir_path/$hashed_filename" >> "$temp_mappings"
+            echo "Generated hash for $dir_path/$filename: $hash"
+        fi
+    done
+
+    # Create hash manifest file for CDK to read
+    echo "{" > "$build_dist_dir"/lambda/lambda-hashes.json
+
+    # Add each hash mapping to the JSON file
+    first=true
+    while IFS='|' read -r original hashed; do
+        if [ "$first" = true ]; then
+            first=false
+        else
+            echo "," >> "$build_dist_dir"/lambda/lambda-hashes.json
+        fi
+        echo -n "  \"$original\": \"$hashed\"" >> "$build_dist_dir"/lambda/lambda-hashes.json
+    done < "$temp_mappings"
+
+    echo "" >> "$build_dist_dir"/lambda/lambda-hashes.json
+    echo "}" >> "$build_dist_dir"/lambda/lambda-hashes.json
+
     header "[Create] Playbooks"
 
     for playbook in $(ls "$source_dir"/playbooks); do