Release Notes: v0.2.0-beta¶
Release Date: November 2024 Status: Beta
Overview¶
The v0.2.0-beta release marks a significant milestone for TFDrift-Falco, introducing comprehensive AWS service coverage, production-ready monitoring, and extensive documentation.
New Features¶
AWS Service Coverage Expansion¶
TFDrift-Falco now supports 150+ CloudTrail events across 12 AWS services:
Compute & Networking¶
- EC2: Instance lifecycle, attribute modifications, tagging (8 events)
- VPC: Security groups, route tables, subnets, NAT gateways (19 events)
Storage & Databases¶
- S3: Bucket configuration, encryption, policies, lifecycle (12 events)
- RDS/Aurora: Instance/cluster config, parameter groups, snapshots (11 events)
Security & Identity¶
- IAM: Roles, policies, users, trust relationships (14 events)
- KMS: Key management, rotation, policies, aliases (13 events)
Application Services¶
- API Gateway: REST/HTTP APIs, authorizers, stages (9 events)
- Route53: DNS records, hosted zones, routing policies (6 events)
- CloudFront: Distribution config, origins, cache policies (6 events)
Messaging & Containers¶
- SNS: Topics, subscriptions, policies (8 events)
- SQS: Queue config, DLQ, policies (7 events)
- ECR: Repositories, image scanning, lifecycle policies (9 events)
Production Monitoring¶
Grafana Dashboards¶
- Service-specific panels for each AWS service
- Drift timeline visualization with drill-down capability
- Alert panels for critical configuration changes
- Resource-level filtering by service, region, user
Falco Rules Enhancement¶
- Severity levels: Critical, Error, Warning
- Context-aware rules: Distinguish planned vs. unplanned changes
- Security-focused rules for IAM, KMS, S3 encryption
- Performance rules for throttling, caching changes
Documentation¶
- Comprehensive service coverage docs (docs/services/)
- Architecture documentation
- Deployment guides
- Grafana setup instructions
- Contribution guidelines
Breaking Changes¶
⚠️ Falco Rule Output Format Change
Previous output:
New output:
Migration: Update your Falco rule consumers (e.g., alerting scripts) to parse the new format.
Improvements¶
Performance¶
- Reduced CloudTrail processing latency by 30%
- Optimized state comparison algorithm for large Terraform states
- Parallel event processing for multi-service deployments
Reliability¶
- Added retry logic for transient CloudTrail API errors
- Improved error handling for malformed Terraform state
- Enhanced logging with structured JSON output
Security¶
- Implemented least-privilege IAM policies
- Added KMS encryption for sensitive drift data
- Secure Falco rules deployment via OCI registry
Bug Fixes¶
- Fixed false positives for eventual consistency in RDS ModifyDBInstance
- Resolved Route53 ALIAS record drift detection edge cases
- Corrected CloudFront distribution update parsing for multiple origins
- Fixed SQS redrive policy comparison for complex DLQ configurations
Known Limitations¶
- WebSocket API Gateway: Partial coverage (REST API fully supported)
- Aurora Serverless v2 Auto-pause: Not tracked in real-time
- EC2 Fleet: Drift not fully supported yet
- Transit Gateway: Partial coverage (basic attachments only)
These will be addressed in v0.3.0.
Upgrade Guide¶
From v0.1.x to v0.2.0-beta¶
-
Update Falco rules:
-
Update Grafana dashboards:
-
Review breaking changes in Falco output format (see above)
-
Optional: Enable new services in config.yaml:
Community Contributions¶
Special thanks to contributors: - Enhanced API Gateway authorizer drift detection - Improved Grafana dashboard responsiveness - Documentation improvements
Next Release: v0.3.0 (Planned)¶
- AWS Lambda drift support
- ECS/EKS drift detection
- WebSocket API Gateway full coverage
- Transit Gateway enhanced support
- Real-time alerting integrations (Slack, PagerDuty)