release v1.0.1

Author: aws-khargita

.env.example

@@ -15,6 +15,9 @@ AWS_REGIONS="us-east-1,us-west-2" # The regions enabled in the sandbox accounts.
 # IDC Stack CFN Parameters
 IDENTITY_STORE_ID="d-0000000000" # The Identity Store Id of the Identity Source in IAM Identity Center.
 SSO_INSTANCE_ARN="arn:aws:sso:::instance/ssoins-0000000000000000" # The ARN of the SSO instance in IAM Identity Center.
+ADMIN_GROUP_NAME="" # Custom admin group name for IAM Identity Center instance, defaults to <namespace>_IsbAdmins if left empty.
+MANAGER_GROUP_NAME="" # Custom manager group name for IAM Identity Center instance, defaults to <namespace>_IsbManagers if left empty.
+USER_GROUP_NAME="" # Custom user group name for IAM Identity Center instance, defaults to <namespace>_IsbUsers if left empty.
 
 # Compute Stack CFN Parameters
 ORG_MGT_ACCOUNT_ID=000000000000 # The AWS account that the AccountPool stack is deployed to.

CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.1] - 2025-06-19
+
+### Added
+
+- Optional CloudFormation parameters to the IDC stack for mapping user groups from external identity providers ([#2](https://github.com/aws-solutions/innovation-sandbox-on-aws/issues/2))
+
+### Fixed
+
+- High latency on APIs that consume the idc service layer code (idc-service.ts) due to dynamic lookup of user groups and permission sets ([#3](https://github.com/aws-solutions/innovation-sandbox-on-aws/issues/3))
+- IDC Configuration custom resource failing deployment due to large number of groups and permission sets causing timeout ([#6](https://github.com/aws-solutions/innovation-sandbox-on-aws/issues/6))
+
+### Security
+
+- Upgraded `aws-nuke` to mitigate:
+  - [CVE-2025-22874](https://nvd.nist.gov/vuln/detail/cve-2025-22874)
+  - [CVE-2025-0913](https://nvd.nist.gov/vuln/detail/cve-2025-0913)
+  - [CVE-2025-4673](https://nvd.nist.gov/vuln/detail/cve-2025-4673)
+- Upgraded `brace-expansion` to mitigate [CVE-2025-5889](https://nvd.nist.gov/vuln/detail/CVE-2025-5889)
+
 ## [1.0.0] - 2025-05-22
 
 ### Added

NOTICE

@@ -149,16 +149,17 @@ react-router under the MIT license.
 @aws-crypto/supports-web-crypto under the Apache-2.0 license.
 @aws-sdk/util-locate-window under the Apache-2.0 license.
 @aws-sdk/core under the Apache-2.0 license.
+@aws-sdk/xml-builder under the Apache-2.0 license.
 @smithy/core under the Apache-2.0 license.
 @smithy/middleware-serde under the Apache-2.0 license.
 @smithy/protocol-http under the Apache-2.0 license.
+@smithy/util-base64 under the Apache-2.0 license.
 @smithy/util-body-length-browser under the Apache-2.0 license.
 @smithy/util-middleware under the Apache-2.0 license.
 @smithy/util-stream under the Apache-2.0 license.
 @smithy/fetch-http-handler under the Apache-2.0 license.
 @smithy/querystring-builder under the Apache-2.0 license.
 @smithy/util-uri-escape under the Apache-2.0 license.
-@smithy/util-base64 under the Apache-2.0 license.
 @smithy/node-http-handler under the Apache-2.0 license.
 @smithy/abort-controller under the Apache-2.0 license.
 @smithy/util-hex-encoding under the Apache-2.0 license.
@@ -483,6 +484,8 @@ typescript under the Apache-2.0 license.
 @typescript-eslint/types under the MIT license.
 @typescript-eslint/visitor-keys under the MIT license.
 @typescript-eslint/typescript-estree under the MIT license.
+@typescript-eslint/project-service under the MIT license.
+@typescript-eslint/tsconfig-utils under the MIT license.
 fast-glob under the MIT license.
 merge2 under the MIT license.
 micromatch under the MIT license.
@@ -595,6 +598,7 @@ gensync under the MIT license.
 @babel/plugin-transform-react-jsx-self under the MIT license.
 @babel/helper-plugin-utils under the MIT license.
 @babel/plugin-transform-react-jsx-source under the MIT license.
+@rolldown/pluginutils under the MIT license.
 @types/babel__core under the MIT license.
 @types/babel__generator under the MIT license.
 to-fast-properties under the MIT license.
@@ -635,11 +639,11 @@ call-bind under the MIT license.
 set-function-length under the MIT license.
 define-data-property under the MIT license.
 has-property-descriptors under the MIT license.
+call-bound under the MIT license.
 define-properties under the MIT license.
 object-keys under the MIT license.
 es-abstract under the MIT license.
 array-buffer-byte-length under the MIT license.
-call-bound under the MIT license.
 is-array-buffer under the MIT license.
 arraybuffer.prototype.slice under the MIT license.
 available-typed-arrays under the MIT license.
@@ -668,6 +672,8 @@ object-inspect under the MIT license.
 side-channel-list under the MIT license.
 side-channel-map under the MIT license.
 side-channel-weakmap under the MIT license.
+is-negative-zero under the MIT license.
+is-set under the MIT license.
 is-shared-array-buffer under the MIT license.
 is-string under the MIT license.
 is-weakref under the MIT license.
@@ -678,6 +684,7 @@ regexp.prototype.flags under the MIT license.
 set-function-name under the MIT license.
 safe-array-concat under the MIT license.
 set-proto under the MIT license.
+stop-iteration-iterator under the MIT license.
 string.prototype.trim under the MIT license.
 string.prototype.trimend under the MIT license.
 string.prototype.trimstart under the MIT license.
@@ -697,7 +704,6 @@ is-boolean-object under the MIT license.
 is-number-object under the MIT license.
 which-collection under the MIT license.
 is-map under the MIT license.
-is-set under the MIT license.
 is-weakmap under the MIT license.
 is-weakset under the MIT license.
 typed-array-length under the MIT license.
@@ -944,7 +950,6 @@ shimmer under the BSD-2-Clause license.
 @aws-crypto/crc32c under the Apache-2.0 license.
 @aws-sdk/middleware-location-constraint under the Apache-2.0 license.
 @aws-sdk/middleware-ssec under the Apache-2.0 license.
-@aws-sdk/xml-builder under the Apache-2.0 license.
 @smithy/hash-blob-browser under the Apache-2.0 license.
 @smithy/chunked-blob-reader under the Apache-2.0 license.
 @smithy/chunked-blob-reader-native under the Apache-2.0 license.
@@ -1042,6 +1047,7 @@ send under the MIT license.
 mime under the MIT license.
 serve-static under the MIT license.
 json-diff-ts under the MIT license.
+es-toolkit under the MIT license.
 jsonwebtoken under the MIT license.
 jws under the MIT license.
 jwa under the MIT license.
@@ -1089,6 +1095,8 @@ javascript-natural-sort under the MIT license.
 @types/cookiejar under the MIT license.
 @vitest/coverage-v8 under the MIT license.
 vitest under the MIT license.
+@types/chai under the MIT license.
+@types/deep-eql under the MIT license.
 @vitest/expect under the MIT license.
 @vitest/spy under the MIT license.
 tinyspy under the MIT license.
@@ -1106,6 +1114,7 @@ estree-walker under the MIT license.
 magic-string under the MIT license.
 @vitest/runner under the MIT license.
 pathe under the MIT license.
+strip-literal under the MIT license.
 @vitest/snapshot under the MIT license.
 expect-type under the Apache-2.0 license.
 std-env under the MIT license.
@@ -1118,6 +1127,7 @@ why-is-node-running under the MIT license.
 siginfo under the ISC license.
 stackback under the MIT license.
 @bcoe/v8-coverage under the MIT license.
+ast-v8-to-istanbul under the MIT license.
 istanbul-lib-coverage under the BSD-3-Clause license.
 istanbul-lib-report under the BSD-3-Clause license.
 make-dir under the MIT license.

docs/openapi/innovation-sandbox-api.yaml

@@ -2,7 +2,7 @@ openapi: 3.0.0
 info:
   title: Innovation Sandbox on AWS
   description: API documentation for the Innovation Sandbox on AWS solution.
-  version: 1.0.0
+  version: 1.0.1
   license:
     name: Apache 2.0
     url: "http://www.apache.org/licenses/LICENSE-2.0.html"