• Adapt CopySnapshot policy to latest IAM changes requiring both source and destination statements
• Use t4g.medium instance type for Agentless ec2 instances
• Remove unnecessary ec2:CopyImage permission

Version 0.11.10 - 2025-02-23

• AWS: Add support for AutoScaling.
• Documentation improvements

Full Changelog: 0.11.9...0.11.10

Version 0.11.9 - 2025-02-14

• Azure: expose vnet_cidr parameter in main module

Full Changelog: 0.11.8...0.11.9

Version 0.11.8 - 2025-02-12

• Use Ubuntu 24.04 Minimal Server image on AWS and Azure
• Run unattended upgrade on deployment on AWS and Azure
• Remove semgrep dependency
• Fix delegate role assignment on Azure Resource Manager
• Fix hostname on Azure Resource Manager

Version 0.11.7 - 2024-12-10

• Add support for AWS ECR registry scanning
• Add support for scanning AWS RDS databases
• Add sensitive_data_scanning_rds_enabled parameter to opt-in to AWS RDS databases scanning
• Add S3 module to create a bucket used by the scanner to store temporary files (example: RDS exports)

• Prevent Datadog Agent from starting before its configuration has been changed.

• Scanner role delegations based on a account_id wildcard by default: variable account_roles is now optional and defaults to allowing all accounts. This was done to simplify the cross-account setups.
• Scanner role delegations can be limited to a specific list of organizational unit paths via the account_org_paths variable. This can be used to restrict the scanner to only scan resources in specific organizational units.

• Add parameters instance_type and instance_count to configure the auto-scaling group properties
• Fix allowing overriding conflicting parameters (hostname, api_key, site) from agent_configuration variable

• Add permissions to copy AMIs (ec2:CopyImage) to improve coverage of cross-account AMI scanning
• Fix permissions to be able to scan for volumes encrypted with a customer-managed key

What's Changed

• Improving CloudFormation capabilities by @jinroh in #53
• Add missing CopySnapshot permissions for scanning AMIs by @jinroh in #56
• Update repo name by @Bit-Doctor in #60
• CloudFormation: fix using public subnet instead of private for security-group by @jinroh in #57
• CloudFormation: fix deployment with VPC creation by @jinroh in #63
• Terraform: fix policies creation (using same name) by @jinroh in #64
• TF: remove the agent_version and scanner_version parameters by @jinroh in #62
• Terraform: avoid using default security-group for scanner by @jinroh in #58
• Restrict scanner role trust policy to instance with the scanner tags by @Bit-Doctor in #65
• CloudFormation & Terraform: always rely on SecretsManager to store API key by @jinroh in #59
• Add subnets per AZ by @Bit-Doctor in #67
• Force an instance shutdown on cloud-init error by @jinroh in #68
• Update documentation by @Bit-Doctor in #69
• CF: add a lambda function for product activation by @jinroh in #72
• Add IAM permission to allow decrypting snapshots using CMK by @Bit-Doctor in #71
• Update examples and add one for cross account by @Bit-Doctor in #70
• Bump agentless-scanner version to 7.53.0-agentless-scanner-2024032202 by @0intro in #73

Full Changelog: 0.9.1...0.10.0