Updated to version v4.0.0

Updated to version v4.0.0

Author: knihit

.github/ISSUE_TEMPLATE/bug_report.md

@@ -19,7 +19,7 @@ A clear and concise description of what you expected to happen.
 **Please complete the following information about the solution:**
 - [ ] Version: [e.g. v3.1]
 
-To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "AWS WAF Security Automations v3.1: This AWS CloudFormation template helps you provision the AWS WAF Security Automations stack without worrying about creating and configuring the underlying AWS infrastructure". If the description does not contain the version information, you can look at the mappings section of the template:
+To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "Security Automations for AWS WAF v3.1: This AWS CloudFormation template helps you provision the Security Automations for AWS WAF stack without worrying about creating and configuring the underlying AWS infrastructure". If the description does not contain the version information, you can look at the mappings section of the template:
 
 ```yaml
 Mappings:
@@ -33,7 +33,7 @@ Mappings:
 - [ ] Region: [e.g. us-east-1]
 - [ ] Was the solution modified from the version published on this repository?
 - [ ] If the answer to the previous question was yes, are the changes available on GitHub?
-- [ ] Have you checked your [service quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) for the sevices this solution uses?
+- [ ] Have you checked your [service quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) for the services this solution uses?
 - [ ] Were there any errors in the CloudWatch Logs?
 
 **Screenshots**

.gitignore

@@ -10,8 +10,47 @@ source/tests/__pycache__/
 source/log_parser/__pycache__/
 deployment/global-s3-assets/
 deployment/regional-s3-assets/
+source/**/idna**
+source/**/certifi**
+source/**/urllib**
+source/**/requests**
+source/**/backoff**
+source/**/charset**
+source/**/bin
+source/**/__pycache__
+source/**/.venv**
+source/**/test/__pycache__
+source/**/test/.pytest**
 
-# coverage
+
+
+
+
+# Unit test / coverage reports
 **/coverage
 **/package
-*coverage*
+*coverage
+source/test/coverage-reports/
+**/.venv-test
+
+# linting, scanning configurations, sonarqube
+.scannerwork/
+
+# Third-party dependencies
+backoff*
+bin
+boto3*
+botocore*
+certifi*
+charset*
+dateutil*
+idna*
+jmespath*
+python_*
+requests*
+s3transfer*
+six*
+urllib*
+
+# Ignore lib folder within each lambada folder. Only include lib folder at upper level
+/source/**/lib

CHANGELOG.md

@@ -1,55 +1,113 @@
 # Changelog
+
 All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.0.0] - 2023-05-11
+
+### Added
+
+- Added support for 10 new AWS Managed Rules rule groups (AMR)
+- Added support for country and URI configurations in HTTP Flood Athena log parser
+- Added support for user-defined S3 prefix for application access log bucket
+- Added support for CloudWatch log retention period configuration 
+- Added support for multiple solution deployments in the same account and region
+- Added support for exporting CloudFormation stack output values
+- Replaced the hard coded amazonaws.com with {AWS::URLSuffix} in BadBotHoneypot API endpoint
+
+### Fixed
+
+- Avoid account-wide API Gateway logging setting change by deleting the solution stack [GitHub issue 213](https://github.com/aws-solutions/aws-waf-security-automations/issues/213)
+- Avoid creating a new logging bucket for an existing app access log bucket that already has logging enabled
+
 ## [3.2.5] - 2023-04-18
+
 ### Patched
+
 - Patch s3 logging bucket settings
 - Updated the timeout for requests
+
 ## [3.2.4] - 2023-02-06
+
 ### Changed
+
 - Upgraded pytest to mitigate CVE-2022-42969
 - Upgraded requests and subsequently certifi to mitigate CVE-2022-23491
+
 ## [3.2.3] - 2022-12-13
+
 ### Changed
+
 - Add region as prefix to application attribute group name to avoid conflict with name starting with AWS.
+
 ## [3.2.2] - 2022-12-05
+
 ### Added
+
 - Added AppRegistry integration
+
 ## [3.2.1] - 2022-08-30
+
 ### Added
+
 - Added support for configuring oversize handling for requests components
 - Added support for configuring sensitivity level for SQL injection rule 
+
 ## [3.2] - 2021-09-22
+
 ### Added
+
 - Added IP retention support on Allowed and Denied IP Sets
+
 ### Changed
+
 - Bug fixes
+
 ## [3.1] - 2020-10-22
+
 ### Changed
+
 - Replaced s3 path-style with virtual-hosted style
 - Added partition variable to all ARNs
 - Updated bug report
+
 ## [3.0] - 2020-07-08
+
 ### Added
+
 - Added an option to deploy AWS Managed Rules for WebACL on installation
+
 ### Changed
+
 - Upgraded from WAF classic to WAFV2 API
 - Eliminated dependency on NodeJS and use Python as the standardized programming language
+
 ## [2.3.3] - 2020-06-15
+
 ### Added
+
 - Implemented Athena optimization: added partitioning for CloudFront, ALB and WAF logs and Athena queries
+
 ### Changed
+
 - Fixed potential DoS vector within Bad Bots X-Forward-For header
+
 ## [2.3.2] - 2020-02-05
+
 ### Added
+
 ### Changed
+
 - Fixed README file to accurately reflect script params
 - Upgraded from Python 3.7 to 3.8
 - Changed RequestThreshold min limit from 2000 to 100
+
 ## [2.3.1] - 2019-10-30
+
 ### Added
+
 ### Changed
+
 - Fixed error handling of intermittent issue: (WAFStaleDataException) when calling the UpdateWebACL
 - Upgrade from Node 8 to Node 10 for Lambda function

CONTRIBUTING.md

@@ -11,7 +11,7 @@ information to effectively respond to your bug report or contribution.
 
 We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
-When filing an issue, please check [existing open](https://github.com/awslabs/aws-waf-security-automations/issues), or [recently closed](https://github.com/awslabs/aws-waf-security-automations/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
+When filing an issue, please check [existing open](https://github.com/aws-solutions/aws-waf-security-automations/issues), or [recently closed](https://github.com/aws-solutions/aws-waf-security-automations/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
 reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
 
 * A reproducible test case or series of steps
@@ -41,8 +41,7 @@ GitHub provides additional document on [forking a repository](https://help.githu
 
 
 ## Finding contributions to work on
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/awslabs/aws-waf-security-automations/labels/help%20wanted) issues is a great place to start.
-
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/aws-waf-security-automations/labels/help%20wanted) issues is a great place to start.
 
 ## Code of Conduct
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
@@ -56,6 +55,6 @@ If you discover a potential security issue in this project we ask that you notif
 
 ## Licensing
 
-See the [LICENSE](https://github.com/awslabs/aws-waf-security-automations/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+See the [LICENSE](https://github.com/aws-solutions/aws-waf-security-automations/blob/master/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
 We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

NOTICE.txt

@@ -12,9 +12,52 @@ THIRD PARTY COMPONENTS
 **********************
 This software includes third party software subject to the following copyrights:
 
-async under the Massachusetts Institute of Technology (MIT) license
-sax under the Internet Systems Consortium (ISC) license
-xml2js under the Massachusetts Institute of Technology (MIT) license
-xmlbuilder under the Massachusetts Institute of Technology (MIT) license
-requests under the Apache Software License
 freezegun under the Apache Software License
+boto3 under the Apache Software License
+botocore under the Apache Software License
+Mock under the BDS License
+moto under the Apache Software License
+pytest under the MIT License
+pytest-mock under the MIT License
+pytest-cov under the MIT License
+pytest-env under the MIT License
+pyparsing under the MIT License
+pytest-runner under the MIT License
+uuid under the MIT License
+backoff under the MIT License
+requests under the Apache Software License
+certifi under the Mozilla Public License
+charset_normalizer under the Apache Software License
+python-dateutil under the Apache Software License and BSD License
+inda under the BSD License
+urllib3 under the MIT License
+jmespath under the MIT License
+s3transfer under the Apache Software License
+cryptography under the Apache Software License and BSD License
+Werkzeug under the BSD-3-Clause
+xmltodict under the MIT License
+responses under the Apache-2.0
+Jinja2 under the BSD License
+pycparser under the BSD License
+pyyaml under the MIT License
+attrs under the MIT License
+pluggy under the MIT License
+iniconfig under the MIT License
+exceptiongroup under the MIT License
+packaging under the Apache Software License and BSD License
+tomli under the MIT License
+coverage under the Apache Software License
+cffi under the MIT License
+six under the MIT License
+types-PyYAML under the Apache Software License 
+MarkupSafe under the BSD-3-Clause
+
+
+
+
+
+
+
+
+
+