Skip to content

Commit

Permalink
Merge branch 'aws-samples:main' into macie-jobs
Browse files Browse the repository at this point in the history
  • Loading branch information
@IevIe
IevIe authored Oct 3, 2024
2 parents 96c5b13 + 313ea9d commit 9d3635a
Showing 1 changed file with 21 additions and 106 deletions.
127 changes: 21 additions & 106 deletions aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ resources:
parameter_value: "No"
- parameter_key: pDeployPatchMgrSolution
parameter_value: "No"

# Account Alternate Contacts Solution Parameters
- parameter_key: pExcludeAlternateContactAccountTags
parameter_value: ""
Expand Down Expand Up @@ -118,7 +119,7 @@ resources:
parameter_value: ""
- parameter_key: pConformancePackExcludedAccounts
parameter_value: ""

# Detective Solution
- parameter_key: pDatasourcePackages
parameter_value: "ASFF_SECURITYHUB_FINDING, EKS_AUDIT"
Expand All @@ -144,6 +145,10 @@ resources:
# GuardDuty Solution
- parameter_key: pDisableGuardDuty
parameter_value: "No"
- parameter_key: pGuardDutyCustomerGovernedRegionsOnly
parameter_value: "true"
- parameter_key: pGuardDutyEnabledRegions
parameter_value: ""
- parameter_key: pAutoEnableS3Logs
parameter_value: "true"
- parameter_key: pAutoEnableKubernetesAuditLogs
Expand All @@ -152,10 +157,14 @@ resources:
parameter_value: "true"
- parameter_key: pEnableRdsLoginEvents
parameter_value: "true"
- parameter_key: pEnableEksRuntimeMonitoring
- parameter_key: pEnableRuntimeMonitoring
parameter_value: "true"
- parameter_key: pEnableEksAddonManagement
parameter_value: "true"
- parameter_key: pEnableEcsFargateAgentManagement
parameter_value: "true"
- parameter_key: pEnableEc2AgentManagement
parameter_value: "true"
- parameter_key: pEnableLambdaNetworkLogs
parameter_value: "true"
- parameter_key: pGuardDutyFindingPublishingFrequency
Expand Down Expand Up @@ -238,141 +247,47 @@ resources:
parameter_value: "SPECIFIED_REGIONS"

# Patch Manager Solution
- parameter_key: pPatchMgmtRoleName
parameter_value: "sra-patch-mgmt-configuration"
# Window 1
- parameter_key: pPatchMgmtMaintWindow1Name
parameter_value: "Update_SSM"
- parameter_key: pPatchMgmtMaintWindow1Desc
parameter_value: "Maintenance Window update the SSM Agent on managed Instances"
- parameter_key: pDisablePatchMgmt
parameter_value: "false"
- parameter_key: pPatchMgmtMaintWindow1Schedule
parameter_value: "cron(0 0 1 ? * WED *)"
parameter_value: "cron(0 0 1 ? * THU *)"
- parameter_key: pPatchMgmtMaintWindow1Duration
parameter_value: "6"
- parameter_key: pPatchMgmtMaintWindow1Cutoff
parameter_value: "1"
- parameter_key: pPatchMgmtMaintWindow1TZ
parameter_value: "America/New_York"
- parameter_key: pPatchMgmtTask1Name
parameter_value: "Update_SSM"
- parameter_key: pPatchMgmtTask1Desc
parameter_value: "Task to update SSM Agent"
- parameter_key: pPatchMgmtTask1RunCmd
parameter_value: "AWS-UpdateSSMAgent"
- parameter_key: pPatchMgmtTask1Operation
parameter_value: "Scan"
- parameter_key: pPatchMgmtTask1RebootOption
parameter_value: "RebootIfNeeded"
- parameter_key: pPatchMgmtTarget1Name
parameter_value: "Update_SSM"
- parameter_key: pPatchMgmtTarget1Desc
parameter_value: "Targets to update SSM Agent on"
- parameter_key: pPatchMgmtTarget1Value1
parameter_value: "Linux"
- parameter_key: pPatchMgmtTarget1Value2
parameter_value: "Windows"
# Window 2
- parameter_key: pPatchMgmtMaintWindow2Name
parameter_value: "Windows_Scan"
- parameter_key: pPatchMgmtMaintWindow2Desc
parameter_value: "Maintenance Window to scan Windows Instances"
- parameter_key: pPatchMgmtMaintWindow2Schedule
parameter_value: "cron(0 0 1 ? * THU *)"
parameter_value: "cron(0 0 1 ? * WED *)"
- parameter_key: pPatchMgmtMaintWindow2Duration
parameter_value: "6"
- parameter_key: pPatchMgmtMaintWindow2Cutoff
parameter_value: "1"
- parameter_key: pPatchMgmtMaintWindow2TZ
- parameter_key: pPatchMgmtMaintWindowTZ
parameter_value: "America/New_York"
- parameter_key: pPatchMgmtTask2Name
parameter_value: "Windows_Scan"
- parameter_key: pPatchMgmtTask2Desc
parameter_value: "Task to scan Windows Instances"
- parameter_key: pPatchMgmtTaskRebootOption
parameter_value: "RebootIfNeeded"
- parameter_key: pPatchMgmtTask2RunCmd
parameter_value: "AWS-RunPatchBaseline"
- parameter_key: pPatchMgmtTask2Operation
parameter_value: "Scan"
- parameter_key: pPatchMgmtTask2RebootOption
parameter_value: "RebootIfNeeded"
- parameter_key: pPatchMgmtTarget2Name
parameter_value: "Windows_Scan"
- parameter_key: pPatchMgmtTarget2Desc
parameter_value: "Targets to run the command to scan for Windows updates"
- parameter_key: pPatchMgmtTarget2Value1
parameter_value: "Windows"
# Window 3
- parameter_key: pPatchMgmtMaintWindow3Name
parameter_value: "Linux_Scan"
- parameter_key: pPatchMgmtMaintWindow3Desc
parameter_value: "Maintenance Window scan Linux Instances"
- parameter_key: pPatchMgmtTaskOperation
parameter_value: "Scan"
- parameter_key: pPatchMgmtMaintWindow3Schedule
parameter_value: "cron(0 0 1 ? * FRI *)"
- parameter_key: pPatchMgmtMaintWindow3Duration
parameter_value: "6"
- parameter_key: pPatchMgmtMaintWindow3utoff
- parameter_key: pPatchMgmtMaintWindow3Cutoff
parameter_value: "1"
- parameter_key: pPatchMgmtMaintWindow3TZ
parameter_value: "America/New_York"
- parameter_key: pPatchMgmtTask3Name
parameter_value: "Linux_Scan"
- parameter_key: pPatchMgmtTask3Desc
parameter_value: "Task to scan Linux Instances"
- parameter_key: pPatchMgmtTask3RunCmd
parameter_value: "AWS-RunPatchBaseline"
- parameter_key: pPatchMgmtTask3Operation
parameter_value: "Scan"
- parameter_key: pPatchMgmtTask3RebootOption
parameter_value: "RebootIfNeeded"
- parameter_key: pPatchMgmtTarget3Name
parameter_value: "Linux_Scan"
- parameter_key: pPatchMgmtTarget3Desc
parameter_value: "Targets to run the command to scan for Linux updates"
- parameter_key: pPatchMgmtTarget3Value1
parameter_value: "Linux"

# Patch Manager Solution
- parameter_key: pDisablePatchMgmt
parameter_value: 'false'
# Window 1
- parameter_key: pPatchMgmtMaintWindow1Schedule
parameter_value: 'cron(0 0 1 ? * THU *)'
- parameter_key: pPatchMgmtMaintWindow1Duration
parameter_value: '6'
- parameter_key: pPatchMgmtMaintWindow1Cutoff
parameter_value: '1'
- parameter_key: pPatchMgmtTask1RunCmd
parameter_value: 'AWS-UpdateSSMAgent'
- parameter_key: pPatchMgmtTarget1Value1
parameter_value: 'Linux'
- parameter_key: pPatchMgmtTarget1Value2
parameter_value: 'Windows'
- parameter_key: pPatchMgmtMaintWindow2Schedule
parameter_value: 'cron(0 0 1 ? * WED *)'
- parameter_key: pPatchMgmtMaintWindow2Duration
parameter_value: '6'
- parameter_key: pPatchMgmtMaintWindow2Cutoff
parameter_value: '1'
- parameter_key: pPatchMgmtMaintWindowTZ
parameter_value: 'America/New_York'
- parameter_key: pPatchMgmtTaskRebootOption
parameter_value: 'RebootIfNeeded'
- parameter_key: pPatchMgmtTask2RunCmd
parameter_value: 'AWS-RunPatchBaseline'
- parameter_key: pPatchMgmtTarget2Value1
parameter_value: 'Windows'
- parameter_key: pPatchMgmtTaskOperation
parameter_value: 'Scan'
- parameter_key: pPatchMgmtMaintWindow3Schedule
parameter_value: 'cron(0 0 1 ? * FRI *)'
- parameter_key: pPatchMgmtMaintWindow3Duration
parameter_value: '6'
- parameter_key: pPatchMgmtMaintWindow3Cutoff
parameter_value: '1'
- parameter_key: pPatchMgmtTask3RunCmd
parameter_value: 'AWS-RunPatchBaseline'
- parameter_key: pPatchMgmtTarget3Value1
parameter_value: 'Linux'

# Common Properties
- parameter_key: pSRAAlarmEmail
parameter_value: ""
Expand Down

0 comments on commit 9d3635a

Please sign in to comment.