Merge branch 'aws-samples:main' into cfct-fix

CHANGELOG.md

@@ -3,6 +3,9 @@
 ## Table of Contents<!-- omit in toc -->
 
 - [Introduction](#introduction)
+- [2024-02-12](#2024-02-12)
+- [2024-02-09](#2024-02-09)
+- [2024-01-29](#2024-01-29)
 - [2023-11-06](#2023-11-06)
 - [2023-10-23](#2023-10-23)
 - [2023-10-10](#2023-10-10)
@@ -48,6 +51,19 @@
 All notable changes to this project will be documented in this file.
 
 ---
+## 2024-02-12
+
+- Added [AMI Bakery](aws_sra_examples/solutions/ami_bakery/ami_bakery_org) solution for AMI image management.
+
+## 2024-02-09
+
+- Added [Terraform edition](aws_sra_examples/terraform) for additional deployment option.
+- Added [AWS Shield Advanced](aws_sra_examples/solutions/shield_advanced/shield_advanced) solution.
+
+## 2024-01-29
+
+- Added [AWS Config](aws_sra_examples/solutions/config/config_org) solution for environments without AWS Control Tower.
+
 ## 2023-11-06
 
 - Updated [Account Alternate Contacts](aws_sra_examples/solutions/account/account_alternate_contacts) solution to make AWS Control Tower optional.
@@ -89,12 +105,12 @@ Updated [Firewall Manager](https://github.com/aws-samples/aws-security-reference
 
 ## 2023-07-01
 
-- Added [Detective Organization](aws_sra_examples/solutions/detective/detective_org) solution to [Easy Setup](aws_sra_examples/easy_setup) and [Quick Setup](aws_sra_examples/quick_setup/)
+- Added [Detective Organization](aws_sra_examples/solutions/detective/detective_org) solution to [Easy Setup](aws_sra_examples/easy_setup) and Quick Setup (deprecated)
 
 ## 2023-06-21
 
-- Added [GuardDuty Organization](aws_sra_examples/solutions/guardduty/guardduty_org) EKS, Malware, RDS, and Lambda protections to [Easy Setup](aws_sra_examples/easy_setup) and [Quick Setup](aws_sra_examples/quick_setup/) deployment options
-- Added [Inspector Organization](aws_sra_examples/solutions/inspector/inspector_org) solution to [Quick Setup](aws_sra_examples/quick_setup/) deployment option
+- Added [GuardDuty Organization](aws_sra_examples/solutions/guardduty/guardduty_org) EKS, Malware, RDS, and Lambda protections to [Easy Setup](aws_sra_examples/easy_setup) and Quick Setup (deprecated) deployment options
+- Added [Inspector Organization](aws_sra_examples/solutions/inspector/inspector_org) solution to Quick Setup (deprecated) deployment option
 
 ## 2023-06-20
 
@@ -150,13 +166,13 @@ Updated [Firewall Manager](https://github.com/aws-samples/aws-security-reference
 
 ### Added<!-- omit in toc -->
 
-- Added [Quick Setup](aws_sra_examples/quick_setup/) which provides the ability to deploy all the solutions from a single centralized CloudFormation template.
+- Added Quick Setup (deprecated) which provides the ability to deploy all the solutions from a single centralized CloudFormation template.
 
 ### Changed<!-- omit in toc -->
 
 - Updated all the solution main templates to use a consistent naming convention for solution parameter labels.
 - Added pSourceStackName parameter to the [AWS Config Conformance Pack](aws_sra_examples/solutions/config/config_conformance_pack_org) and [Security Hub Organization](aws_sra_examples/solutions/securityhub/securityhub_org) solutions to handle the
-  DependsOn requirement for the Config Management Account solution within the Quick Setup solution.
+  DependsOn requirement for the Config Management Account solution within the Quick Setup (deprecated) solution.
 - Updated the [Firewall Manager](aws_sra_examples/solutions/firewall_manager/firewall_manager_org), [Macie](aws_sra_examples/solutions/macie/macie_org), [GuardDuty](aws_sra_examples/solutions/guardduty/guardduty_org), and
   [IAM Password Policy](aws_sra_examples/solutions/iam/iam_password_policy) solutions to remove default parameters from the CFCT configuration and main templates.
 - Updated the [CFCT-DEPLOYMENT-INSTRUCTIONS.md](aws_sra_examples/docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md) to include instructions for disabling solutions within all accounts before deletion.

aws_sra_examples/docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md

@@ -7,16 +7,19 @@ Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-
 ## Table of Contents<!-- omit in toc -->
 
 - [Prerequisites](#prerequisites)
+  - [Create the AWSControlTowerExecution IAM Role](#create-the-awscontroltowerexecution-iam-role)
+  - [Deploy Customizations for AWS Control Tower (CFCT) Solution](#deploy-customizations-for-aws-control-tower-cfct-solution)
+  - [AWS CodeCommit Repo](#aws-codecommit-repo)
 - [References](#references)
 
 ## Prerequisites
 
-### Create the AWSControlTowerExecution IAM Role<!-- omit in toc -->
+### Create the AWSControlTowerExecution IAM Role
 
 - The `AWSControlTowerExecution` Role provides the support needed to deploy solutions to the `management account` across regions as CloudFormation `StackSets` and it is required for the SRA CFCT solution deployments.
 - This role is created as part of the [common_prerequisites](../solutions/common/common_prerequisites) solution deployment.
 
-## Deploy Customizations for AWS Control Tower (CFCT) Solution<!-- omit in toc -->
+### Deploy Customizations for AWS Control Tower (CFCT) Solution
 
 - Option 1 (Recommended) Deploy the [Common CFCT Setup](../solutions/common/common_cfct_setup/) solution.
 - Option 2 Manually deploy the [Customizations for AWS Control Tower](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/) solution following the below instructions.
@@ -28,51 +31,35 @@ Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-
     - `Failure Tolerance Percentage` = 0
     - Acknowledge that AWS CloudFormation might create IAM resources with custom names
 
-### AWS CodeCommit Repo<!-- omit in toc -->
+Note: Version 2 or higher of CfCT is expected.
+
+### AWS CodeCommit Repo
 
 1. On the local machine install [git](https://git-scm.com/downloads) and [git-remote-codecommit](https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-connect.html).
 2. Clone the AWS CodeCommit repository via `git clone codecommit::<HOME REGION>://custom-control-tower-configuration custom-control-tower-configuration`
 
-### Deployment Instructions<!-- omit in toc -->
+## Deployment Instructions<!-- omit in toc -->
 
 1. Determine which version of the [Customizations for AWS Control Tower](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/) solution you have deployed:
    1. Within the `management account (home region)` find the **CloudFormation Stack** for the Customizations for Control Tower (e.g. `custom-control-tower-initiation`)
    2. Select the `Outputs` tab
    3. The `CustomControlTowerSolutionVersion` **Value** is the version running in the environment
       1. Version 1 = v1.x.x = manifest.yaml version 2020-01-01
       2. Version 2 = v2.x.x = manifest.yaml version 2021-03-15
-2. Follow the instructions for the cooresponding version:
-   - [Version 1 Deployment Instructions](#version-1-deployment-instructions)
-   - [Version 2 Deployment Instructions](#version-2-deployment-instructions)
-
-#### Version 1 Deployment Instructions<!-- omit in toc -->
+2. If version 2 is installed, continue to the deployment instructions below.  If not, you will need to update your version of CfCT.
 
-1. Copy the files to the Customizations for AWS Control Tower configuration `custom-control-tower-configuration`
-   - parameters [**required for manifest version 2020-01-01**]
-     - Copy the parameter files from the `parameters` folder
-     - Only one of the main parameter files is required. We recommend using the `main-ssm` file.
-   - policies [optional]
-     - service control policies files (\*.json)
-   - templates [**required**]
-     - Copy the template files from the `templates` folder that are referenced in the `manifest.yaml`
-     - Only one of the main template files is required. We recommend using the `main-ssm` file.
-   - `manifest.yaml` [**required**]
-2. Verify and update the parameters within each of the parameter json files to match the target environment
-3. Update the manifest.yaml file with the `organizational unit names`, `account names` and `SSM parameters` for the target environment
-4. Deploy the Customizations for AWS Control Tower configuration by pushing the code to the `AWS CodeCommit` repository or uploading to the `AWS S3 Bucket`
+#### Deployment Instructions<!-- omit in toc -->
 
-#### Version 2 Deployment Instructions<!-- omit in toc -->
+Note: these instructions assume version 2 or higher of the CfCT solution has been installed.
 
 1. Copy the files to the Customizations for AWS Control Tower configuration `custom-control-tower-configuration`
    - policies [optional]
      - service control policies files (\*.json)
    - templates [**required**]
-     - Copy the template files from the `templates` folder that are referenced in the `manifest-v2.yaml`
-     - Only one of the main template files is required. We recommend using the `main-ssm` file.
-   - `manifest-v2.yaml` [**required**]
-2. Rename the `manifest-v2.yaml` to `manifest.yaml`
-3. Update the manifest.yaml file with the `parameters`, `organizational unit names`, `account names` and `SSM parameters` for the target environment
-4. Deploy the Customizations for AWS Control Tower configuration by pushing the code to the `AWS CodeCommit` repository or uploading to the `AWS S3 Bucket`
+     - Copy the template files from the `templates` folder that are referenced in the `manifest.yaml`
+2. Update the manifest.yaml file with the `parameters`, `organizational unit names`, `account names` and `SSM parameters` for the target environment
+   - *Be sure to update `deployment_targets` `accounts` with your management account information*
+3. Deploy the Customizations for AWS Control Tower configuration by pushing the code to the `AWS CodeCommit` repository or uploading to the `AWS S3 Bucket`
 
 ### Delete Instructions<!-- omit in toc -->