diff --git a/aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml b/aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml index 22148262..9318afdd 100644 --- a/aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml +++ b/aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml @@ -43,6 +43,7 @@ resources: parameter_value: "No" - parameter_key: pDeployPatchMgrSolution parameter_value: "No" + # Account Alternate Contacts Solution Parameters - parameter_key: pExcludeAlternateContactAccountTags parameter_value: "" @@ -118,7 +119,7 @@ resources: parameter_value: "" - parameter_key: pConformancePackExcludedAccounts parameter_value: "" - + # Detective Solution - parameter_key: pDatasourcePackages parameter_value: "ASFF_SECURITYHUB_FINDING, EKS_AUDIT" @@ -144,6 +145,10 @@ resources: # GuardDuty Solution - parameter_key: pDisableGuardDuty parameter_value: "No" + - parameter_key: pGuardDutyCustomerGovernedRegionsOnly + parameter_value: "true" + - parameter_key: pGuardDutyEnabledRegions + parameter_value: "" - parameter_key: pAutoEnableS3Logs parameter_value: "true" - parameter_key: pAutoEnableKubernetesAuditLogs @@ -152,10 +157,14 @@ resources: parameter_value: "true" - parameter_key: pEnableRdsLoginEvents parameter_value: "true" - - parameter_key: pEnableEksRuntimeMonitoring + - parameter_key: pEnableRuntimeMonitoring parameter_value: "true" - parameter_key: pEnableEksAddonManagement parameter_value: "true" + - parameter_key: pEnableEcsFargateAgentManagement + parameter_value: "true" + - parameter_key: pEnableEc2AgentManagement + parameter_value: "true" - parameter_key: pEnableLambdaNetworkLogs parameter_value: "true" - parameter_key: pGuardDutyFindingPublishingFrequency @@ -238,141 +247,47 @@ resources: parameter_value: "SPECIFIED_REGIONS" # Patch Manager Solution - - parameter_key: pPatchMgmtRoleName - parameter_value: "sra-patch-mgmt-configuration" - # Window 1 - - parameter_key: pPatchMgmtMaintWindow1Name - parameter_value: "Update_SSM" - - parameter_key: pPatchMgmtMaintWindow1Desc - parameter_value: "Maintenance Window update the SSM Agent on managed Instances" + - parameter_key: pDisablePatchMgmt + parameter_value: "false" - parameter_key: pPatchMgmtMaintWindow1Schedule - parameter_value: "cron(0 0 1 ? * WED *)" + parameter_value: "cron(0 0 1 ? * THU *)" - parameter_key: pPatchMgmtMaintWindow1Duration parameter_value: "6" - parameter_key: pPatchMgmtMaintWindow1Cutoff parameter_value: "1" - - parameter_key: pPatchMgmtMaintWindow1TZ - parameter_value: "America/New_York" - - parameter_key: pPatchMgmtTask1Name - parameter_value: "Update_SSM" - - parameter_key: pPatchMgmtTask1Desc - parameter_value: "Task to update SSM Agent" - parameter_key: pPatchMgmtTask1RunCmd parameter_value: "AWS-UpdateSSMAgent" - - parameter_key: pPatchMgmtTask1Operation - parameter_value: "Scan" - - parameter_key: pPatchMgmtTask1RebootOption - parameter_value: "RebootIfNeeded" - - parameter_key: pPatchMgmtTarget1Name - parameter_value: "Update_SSM" - - parameter_key: pPatchMgmtTarget1Desc - parameter_value: "Targets to update SSM Agent on" - parameter_key: pPatchMgmtTarget1Value1 parameter_value: "Linux" - parameter_key: pPatchMgmtTarget1Value2 parameter_value: "Windows" - # Window 2 - - parameter_key: pPatchMgmtMaintWindow2Name - parameter_value: "Windows_Scan" - - parameter_key: pPatchMgmtMaintWindow2Desc - parameter_value: "Maintenance Window to scan Windows Instances" - parameter_key: pPatchMgmtMaintWindow2Schedule - parameter_value: "cron(0 0 1 ? * THU *)" + parameter_value: "cron(0 0 1 ? * WED *)" - parameter_key: pPatchMgmtMaintWindow2Duration parameter_value: "6" - parameter_key: pPatchMgmtMaintWindow2Cutoff parameter_value: "1" - - parameter_key: pPatchMgmtMaintWindow2TZ + - parameter_key: pPatchMgmtMaintWindowTZ parameter_value: "America/New_York" - - parameter_key: pPatchMgmtTask2Name - parameter_value: "Windows_Scan" - - parameter_key: pPatchMgmtTask2Desc - parameter_value: "Task to scan Windows Instances" + - parameter_key: pPatchMgmtTaskRebootOption + parameter_value: "RebootIfNeeded" - parameter_key: pPatchMgmtTask2RunCmd parameter_value: "AWS-RunPatchBaseline" - - parameter_key: pPatchMgmtTask2Operation - parameter_value: "Scan" - - parameter_key: pPatchMgmtTask2RebootOption - parameter_value: "RebootIfNeeded" - - parameter_key: pPatchMgmtTarget2Name - parameter_value: "Windows_Scan" - - parameter_key: pPatchMgmtTarget2Desc - parameter_value: "Targets to run the command to scan for Windows updates" - parameter_key: pPatchMgmtTarget2Value1 parameter_value: "Windows" - # Window 3 - - parameter_key: pPatchMgmtMaintWindow3Name - parameter_value: "Linux_Scan" - - parameter_key: pPatchMgmtMaintWindow3Desc - parameter_value: "Maintenance Window scan Linux Instances" + - parameter_key: pPatchMgmtTaskOperation + parameter_value: "Scan" - parameter_key: pPatchMgmtMaintWindow3Schedule parameter_value: "cron(0 0 1 ? * FRI *)" - parameter_key: pPatchMgmtMaintWindow3Duration parameter_value: "6" - - parameter_key: pPatchMgmtMaintWindow3utoff + - parameter_key: pPatchMgmtMaintWindow3Cutoff parameter_value: "1" - - parameter_key: pPatchMgmtMaintWindow3TZ - parameter_value: "America/New_York" - - parameter_key: pPatchMgmtTask3Name - parameter_value: "Linux_Scan" - - parameter_key: pPatchMgmtTask3Desc - parameter_value: "Task to scan Linux Instances" - parameter_key: pPatchMgmtTask3RunCmd parameter_value: "AWS-RunPatchBaseline" - - parameter_key: pPatchMgmtTask3Operation - parameter_value: "Scan" - - parameter_key: pPatchMgmtTask3RebootOption - parameter_value: "RebootIfNeeded" - - parameter_key: pPatchMgmtTarget3Name - parameter_value: "Linux_Scan" - - parameter_key: pPatchMgmtTarget3Desc - parameter_value: "Targets to run the command to scan for Linux updates" - parameter_key: pPatchMgmtTarget3Value1 parameter_value: "Linux" - # Patch Manager Solution - - parameter_key: pDisablePatchMgmt - parameter_value: 'false' - # Window 1 - - parameter_key: pPatchMgmtMaintWindow1Schedule - parameter_value: 'cron(0 0 1 ? * THU *)' - - parameter_key: pPatchMgmtMaintWindow1Duration - parameter_value: '6' - - parameter_key: pPatchMgmtMaintWindow1Cutoff - parameter_value: '1' - - parameter_key: pPatchMgmtTask1RunCmd - parameter_value: 'AWS-UpdateSSMAgent' - - parameter_key: pPatchMgmtTarget1Value1 - parameter_value: 'Linux' - - parameter_key: pPatchMgmtTarget1Value2 - parameter_value: 'Windows' - - parameter_key: pPatchMgmtMaintWindow2Schedule - parameter_value: 'cron(0 0 1 ? * WED *)' - - parameter_key: pPatchMgmtMaintWindow2Duration - parameter_value: '6' - - parameter_key: pPatchMgmtMaintWindow2Cutoff - parameter_value: '1' - - parameter_key: pPatchMgmtMaintWindowTZ - parameter_value: 'America/New_York' - - parameter_key: pPatchMgmtTaskRebootOption - parameter_value: 'RebootIfNeeded' - - parameter_key: pPatchMgmtTask2RunCmd - parameter_value: 'AWS-RunPatchBaseline' - - parameter_key: pPatchMgmtTarget2Value1 - parameter_value: 'Windows' - - parameter_key: pPatchMgmtTaskOperation - parameter_value: 'Scan' - - parameter_key: pPatchMgmtMaintWindow3Schedule - parameter_value: 'cron(0 0 1 ? * FRI *)' - - parameter_key: pPatchMgmtMaintWindow3Duration - parameter_value: '6' - - parameter_key: pPatchMgmtMaintWindow3Cutoff - parameter_value: '1' - - parameter_key: pPatchMgmtTask3RunCmd - parameter_value: 'AWS-RunPatchBaseline' - - parameter_key: pPatchMgmtTarget3Value1 - parameter_value: 'Linux' - # Common Properties - parameter_key: pSRAAlarmEmail parameter_value: ""