aws-solutions · jangidms · Sep 29, 2025 · Sep 24, 2025 · Sep 29, 2025 · Sep 29, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.4] - 2025-09-29
+
+### Security
+
+- Removed deprecated NPM package "fs" has been identified as potentially vulnerable to package takeover
+- Updated brace-expansion to >=1.1.12 to mitigate [CVE-2025-5889](https://nvd.nist.gov/vuln/detail/CVE-2025-5889)
+
 ## [2.1.3] - 2025-04-24
 
 ### Changed

diff --git a/NOTICE.txt b/NOTICE.txt
@@ -625,6 +625,19 @@ fast-uri under the BSD-3-Clause license
 @babel/plugin-syntax-class-static-block under the MIT license.
 @babel/plugin-syntax-import-attributes under the MIT license.
 @babel/plugin-syntax-private-property-in-object under the MIT license.
+@jridgewell/remapping under the MIT license.
+@aws-sdk/nested-clients under the Apache-2.0 license.
+@babel/helper-globals under the MIT license.
+@ungap/structured-clone under the ISC license.
+@aws/lambda-invoke-store under the ISC license.
+word-wrap under the MIT license.
+baseline-browser-mapping under the MIT license.
+neo-async under the MIT license.
+wordwrap under the MIT license.
+minimist under the MIT license.
+handlebars under the MIT license.
+uglify-js under the BSD-2-Clause license.
+
 
 ********************
 OPEN SOURCE LICENSES

diff --git a/README.md b/README.md
@@ -1,6 +1,3 @@
-⚠️🚨⚠️ __Important: The Automations for [AWS Firewall Manager solution](https://aws.amazon.com/solutions/implementations/automations-for-aws-firewall-manager/) will retire in November 2025. Deployments (via CloudFormation or GitHub) will remain operational, but customers will assume responsibility for maintenance and API-related updates post retirement. Customers can explore using the latest deployment, multi-account management, and compliance features in [AWS Firewall Manager](https://aws.amazon.com/firewall-manager/) for management and enforcement of firewall rules.__ ⚠️🚨⚠️
-
-
 # Automations for AWS Firewall Manager
 
 |-----------------------------------------|

diff --git a/deployment/add-license-header.sh b/deployment/add-license-header.sh
@@ -1,10 +1,14 @@
 #!/bin/bash
-for i in $(find $1 -type d \( -name node_modules \) -prune -false -o -name '*.ts');
+echo "Starting license header addition for directory: $1"
+files_found=$(find $1 -type d \( -name node_modules \) -prune -o -name '*.ts' -print)
+echo "Found $(echo "$files_found" | wc -l) TypeScript files"
+for i in $files_found;
 do
   if ! grep -q Copyright $i
   then
-    echo $i
+    echo "Adding license header to: $i"
     cat license-header $i >$i.new && mv $i.new $i
   fi
 done
+echo "License header addition completed"
 
diff --git a/deployment/aws-fms-automations.template b/deployment/aws-fms-automations.template
@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.3",
+  "Description": "(SO0134) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager. Version v2.1.4",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -58,130 +58,148 @@
       "Solution": {
         "SolutionId": "SO0134",
         "SolutionName": "automations-for-aws-firewall-manager",
-        "SolutionVersion": "v2.1.3",
+        "SolutionVersion": "v2.1.4",
         "UserAgentPrefix": "AwsSolution"
       }
     },
     "LatestNodeRuntimeMap": {
       "af-south-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-east-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
+      },
+      "ap-east-2": {
+        "value": "nodejs22.x"
       },
       "ap-northeast-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-northeast-2": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-northeast-3": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-south-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-south-2": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-southeast-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-southeast-2": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-southeast-3": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-southeast-4": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ap-southeast-5": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
+      },
+      "ap-southeast-6": {
+        "value": "nodejs22.x"
       },
       "ap-southeast-7": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ca-central-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "ca-west-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "cn-north-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "cn-northwest-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "eu-central-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "eu-central-2": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "eu-isoe-west-1": {
-        "value": "nodejs18.x"
+        "value": "nodejs22.x"
       },
       "eu-north-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "eu-south-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "eu-south-2": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "eu-west-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "eu-west-2": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "eu-west-3": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
+      },
+      "eusc-de-east-1": {
+        "value": "nodejs22.x"
       },
       "il-central-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "me-central-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "me-south-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "mx-central-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "sa-east-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "us-east-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "us-east-2": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "us-gov-east-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "us-gov-west-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "us-iso-east-1": {
-        "value": "nodejs18.x"
+        "value": "nodejs22.x"
       },
       "us-iso-west-1": {
-        "value": "nodejs18.x"
+        "value": "nodejs22.x"
       },
       "us-isob-east-1": {
         "value": "nodejs18.x"
       },
+      "us-isob-west-1": {
+        "value": "nodejs18.x"
+      },
+      "us-isof-east-1": {
+        "value": "nodejs22.x"
+      },
+      "us-isof-south-1": {
+        "value": "nodejs22.x"
+      },
       "us-west-1": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       },
       "us-west-2": {
-        "value": "nodejs20.x"
+        "value": "nodejs22.x"
       }
     }
   },
@@ -204,15 +222,15 @@
         ],
         "Content": {
           "S3Bucket": {
-            "Fn::Sub": "solutions-${AWS::Region}"
+            "Fn::Sub": "639493421477-solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.3/asset37ddc85bd79d0dc79c7021b40a147ee8701cfc96d02aa9f73cbe50921d780e1f.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.4/asset73430bf435f80582ef823e1a354a71f75af61d65fd58950fa4e07c7a2345183f.zip"
         },
         "LayerName": "AFM-UtilsLayer"
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/AFM-UtilsLayer/AFM-UtilsLayer-Layer/Resource",
-        "aws:asset:path": "asset.37ddc85bd79d0dc79c7021b40a147ee8701cfc96d02aa9f73cbe50921d780e1f.zip",
+        "aws:asset:path": "asset.73430bf435f80582ef823e1a354a71f75af61d65fd58950fa4e07c7a2345183f.zip",
         "aws:asset:is-bundled": false,
         "aws:asset:property": "Content"
       }
@@ -256,9 +274,9 @@
       "Properties": {
         "Code": {
           "S3Bucket": {
-            "Fn::Sub": "solutions-${AWS::Region}"
+            "Fn::Sub": "639493421477-solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.3/asset096fe45058dc918c0d5c37508ed7c373643fc8c62c3ef0522c269e1a02d48335.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.4/assetfd6b60252b2925ecc957b656ae6c38aba060a2745573fdbfb0bb98fba83f7375.zip"
         },
         "Description": {
           "Fn::Join": [
@@ -460,9 +478,9 @@
       "Properties": {
         "Code": {
           "S3Bucket": {
-            "Fn::Sub": "solutions-${AWS::Region}"
+            "Fn::Sub": "639493421477-solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.3/assetbdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.4/assetbdc104ed9cab1b5b6421713c8155f0b753380595356f710400609664d3635eca.zip"
         },
         "Description": "AWS CDK resource provider framework - onEvent (CommonResourceStack/HelperProvider)",
         "Environment": {
@@ -476,6 +494,10 @@
           }
         },
         "Handler": "framework.onEvent",
+        "LoggingConfig": {
+          "ApplicationLogLevel": "FATAL",
+          "LogFormat": "JSON"
+        },
         "Role": {
           "Fn::GetAtt": [
             "HelperProviderframeworkonEventServiceRole1962DD43",
@@ -640,7 +662,7 @@
             ]
           }
         },
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/automations-for-aws-firewall-manager/v2.1.3/aws-fms-compliance.template"
+        "TemplateURL": "https://639493421477-solutions-reference.s3.amazonaws.com/automations-for-aws-firewall-manager/v2.1.4/aws-fms-compliance.template"
       },
       "UpdateReplacePolicy": "Delete",
       "DeletionPolicy": "Delete",
@@ -669,7 +691,7 @@
             "Ref": "EmailAddress"
           }
         },
-        "TemplateURL": "https://solutions-reference.s3.amazonaws.com/automations-for-aws-firewall-manager/v2.1.3/aws-fms-policy.template"
+        "TemplateURL": "https://639493421477-solutions-reference.s3.amazonaws.com/automations-for-aws-firewall-manager/v2.1.4/aws-fms-policy.template"
       },
       "UpdateReplacePolicy": "Delete",
       "DeletionPolicy": "Delete",

diff --git a/deployment/aws-fms-compliance.template b/deployment/aws-fms-compliance.template
@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager compliance reporter resources. Version v2.1.3",
+  "Description": "(SO0134-cr) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager compliance reporter resources. Version v2.1.4",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Metadata": {
     "AWS::CloudFormation::Interface": {
@@ -34,7 +34,7 @@
       },
       "Solution": {
         "SolutionId": "SO0134",
-        "SolutionVersion": "v2.1.3",
+        "SolutionVersion": "v2.1.4",
         "UserAgentPrefix": "AwsSolution"
       },
       "Compliance": {
@@ -51,15 +51,15 @@
         ],
         "Content": {
           "S3Bucket": {
-            "Fn::Sub": "solutions-${AWS::Region}"
+            "Fn::Sub": "639493421477-solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.3/asset37ddc85bd79d0dc79c7021b40a147ee8701cfc96d02aa9f73cbe50921d780e1f.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.4/asset73430bf435f80582ef823e1a354a71f75af61d65fd58950fa4e07c7a2345183f.zip"
         },
         "LayerName": "AFM-UtilsLayer"
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/ComplianceGeneratorStack/AFM-UtilsLayer/AFM-UtilsLayer-Layer/Resource",
-        "aws:asset:path": "asset.37ddc85bd79d0dc79c7021b40a147ee8701cfc96d02aa9f73cbe50921d780e1f.zip",
+        "aws:asset:path": "asset.73430bf435f80582ef823e1a354a71f75af61d65fd58950fa4e07c7a2345183f.zip",
         "aws:asset:is-bundled": false,
         "aws:asset:property": "Content"
       }
@@ -498,9 +498,9 @@
       "Properties": {
         "Code": {
           "S3Bucket": {
-            "Fn::Sub": "solutions-${AWS::Region}"
+            "Fn::Sub": "639493421477-solutions-${AWS::Region}"
           },
-          "S3Key": "automations-for-aws-firewall-manager/v2.1.3/assetd3199e8ab55dde6fb3368f14bab0b2b4fcdeaef6e62d9a8e71dbc87911e7d9c5.zip"
+          "S3Key": "automations-for-aws-firewall-manager/v2.1.4/assete698ead589889678580e62e4d6036c895831f4f6ea82941c9491e69063a1e4c1.zip"
         },
         "DeadLetterConfig": {
           "TargetArn": {
@@ -784,7 +784,7 @@
     "CDKMetadata": {
       "Type": "AWS::CDK::Metadata",
       "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/1WQzW7DIBCEnyV3sq0TqUqPTaWe+uPaVa/RGm8jYhu7LCSKEO9egR3ZvTDzMbMI2EC2e4RshRdey7pZt6oC/05sqS4tykY8/+gcDXZkyUR4w2FQ+ijwwgffYlfVCP4Vr2S+ybDqdSz94xenpZ2Cpc/JdIpjJQjeHpCZLMNTFMFb8HsnG7J7ZBKjjUOTGyXvWyWv8/bIQbBm8F/9oGTMRpPWeWCJpatYGjXcLrbkIPiXwX86chSz0aR1PmyBQSjswBd9m+pJ5+KtQ2fSlsEXbqq5lkIQ6e2lxWP84IK4d0am/MPZwdkgdF8TnPjunO1gcw8PqxMrtTZOW9URFKP+AfmC05TTAQAA"
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/1WQzW7DIBCEnyV3sk2cQ3NtKvXUH9eueo3WeBsR2+CykChCvHuF7cjuhZmPmUVABtn2ETYrvPJa1s26VRWEd2JHdelQNuL5R+dosSNHNsEb9r3SJ4FXPoYWu6pGCK94I/tNlpXRqfSPX7yWbgqWPifbKU6VKHh3RGZyDE9JBO8gHLxsyB2QSYw2DU1ulNy0St7m7ZGjYM0QvkyvZMpGM6zzwBJLX7G0qr9fbMlR8C9D+PTkKWWjGdb5sAVGobCDUJh2qA86F+8dupB2DKHwU823FKMY3l46PKUPLoiNt3LIP7zrvYtCm5rgzA+X7R6yDexXZ1Zqbb12qiMoRv0D/MgLh9MBAAA="
       },
       "Metadata": {
         "aws:cdk:path": "CommonResourceStack/ComplianceGeneratorStack/CDKMetadata/Default"

diff --git a/deployment/aws-fms-demo.template b/deployment/aws-fms-demo.template
@@ -1,5 +1,5 @@
 {
-  "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager demo resources. Version v2.1.3",
+  "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the automations-for-aws-firewall-manager demo resources. Version v2.1.4",
   "AWSTemplateFormatVersion": "2010-09-09",
   "Resources": {
     "testcloudfronts3S3LoggingBucket90D239DD": {
@@ -966,7 +966,7 @@
     "CDKMetadata": {
       "Type": "AWS::CDK::Metadata",
       "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/3VRy27CQAz8Fu6b5RGpglspLYhLGxHEtdo4pjWEXbT2glCUf682oaSXnmY8tkZje6Lr8XSmxwNz5QTKY1JRoetcDByVufJnzamuXwIcUdRib++sg8xVBLde7upGQeVCuffOiq6XwYKQs3HqwV+JxVMR2uLD0xfZOQAyr0u0QtJ6LqLLMrr8N/HXplEIE13vzhA7u2yhslBUBHkobBe9ZxsXBLemqLDXe23O7IDMb+i2EcnbOovwbmRlBK/mpjJPFyPYG6+toLf4GOiS3Ku5iIHvE1pROULwJLeVd+HcZvgrNI3aILvgARuVzvRo8Byfw65qN+UEnGXxAYSH7dce50441f3Zti5PG2VdifrAw8t4qicj/TQ4MFHigxU6od50+APRh/AlBgIAAA=="
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/3VRQW7CQAx8C/fNAsmh9FaaFsSljQjiWm0c0xrCLlp7QSjK36sklHDpacZjazS2Y13H0yc9GZkLR1AeoooKXedi4KDMhb9qTnT9GuCAotKdvbEeMlcRXAe5rxsFlQvlzjsrul4EC0LOtlN3/kYsnorQFZ+evsnOAZB5VaIVks4zbV0Wrct/E482jUKIdb09QdvZZqnKQlER5KGwffSBrV0Q3JiiwkEftDmzAzJ/obtGS95XWQsfRpZG8GKuKvN0NoKD8coKeov3gT7JrZqLGPg5ohWVIwRPcl16F05dhkehadQa2QUP2KjkWU9GL+1z2FXdphyBsyw+gPC4+9r93BEnejjbxuVJo6wrUe95fJ7OdDzRs9GeiSIfrNAR9brHX/a7kCoGAgAA"
       },
       "Metadata": {
         "aws:cdk:path": "DemoStack/CDKMetadata/Default"