Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Config solution #199

Closed
wants to merge 11 commits into from
Closed

Added Config solution #199

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
a40b235
adding config_org solution
Dec 4, 2023
02ff35a
adding config solution to easy setup
Dec 27, 2023
695833f
updated main README.md
Dec 28, 2023
c7e5ae3
updated metadata
Jan 2, 2024
183761a
Merge branch 'main' into config-org
Jan 2, 2024
02e8fc0
linting fix
Jan 2, 2024
b354401
Merge branch 'main' into config-org
Jan 8, 2024
c3d8e63
added SNS topic to fanout the Lambda function
Jan 17, 2024
e47e815
linting fixes
Jan 17, 2024
a4027c3
flake8 fixes
Jan 18, 2024
3867bab
more flake8 fixes
Jan 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,13 +133,14 @@ _Note: The `Quick Setup` is not designed to be used with the `Easy Setup` proced
| [Account Alternate Contacts](aws_sra_examples/solutions/account/account_alternate_contacts) | Sets the billing, operations, and security alternate contacts for all accounts within the organization. | | |
| [CloudTrail](aws_sra_examples/solutions/cloudtrail/cloudtrail_org) | Organization trail with defaults set to configure data events (e.g. S3 and Lambda) to avoid duplicating the Control Tower configured CloudTrail. Options for configuring management events. | CloudTrail enabled in each account with management events only. | |
| [Config Management Account](aws_sra_examples/solutions/config/config_management_account) | Enables AWS Config in the Management account to allow resource compliance monitoring. | Configures AWS Config in all accounts except for the Management account in each governed region. | <ul><li>AWS Control Tower</li></ul> |
| [Config Organization Conformance Pack](aws_sra_examples/solutions/config/config_conformance_pack_org) | Deploys a conformance pack to all accounts and provided regions within an organization. | | <ul><li>[Common Register Delegated Administrator](aws_sra_examples/solutions/common/common_register_delegated_administrator)</li><li>[Config Management Account](aws_sra_examples/solutions/config/config_management_account)</li></ul> |
| [Config Organization](aws_sra_examples/solutions/config/config_org) | Configures AWS Config in all accounts in each governed region. Deploys an Organization Config Aggregator to a delegated admin account. **This solution is incompatible with the AWS Control Tower environment**. | | <ul><li>AWS Organization</li><li>[Common Register Delegated Administrator](aws_sra_examples/solutions/common/common_register_delegated_administrator)</li> |
| [Config Organization Conformance Pack](aws_sra_examples/solutions/config/config_conformance_pack_org) | Deploys a conformance pack to all accounts and provided regions within an organization. | | <ul><li>AWS Config in all Org Accounts</li><li>[Common Register Delegated Administrator](aws_sra_examples/solutions/common/common_register_delegated_administrator)</li><li>[Config Management Account](aws_sra_examples/solutions/config/config_management_account) in Control Tower environment</li></ul> |
| [Config Organization Aggregator](aws_sra_examples/solutions/config/config_aggregator_org) | **Not required for most Control Tower environments.** Deploy an Organization Config Aggregator to a delegated admin other than the Audit account. | Organization Config Aggregator in the Management account and Account Config Aggregator in the Audit account. | <ul><li>AWS Control Tower</li><li>[Common Register Delegated Administrator](aws_sra_examples/solutions/common/common_register_delegated_administrator)</li></ul> |
| [EC2 Default EBS Encryption](aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption) | Configures the EC2 default EBS encryption to use the default KMS key within all provided regions. | | |
| [Firewall Manager](aws_sra_examples/solutions/firewall_manager/firewall_manager_org) | Demonstrates configuring a security group policy and WAF policies for all accounts within an organization. | | |
| [GuardDuty](aws_sra_examples/solutions/guardduty/guardduty_org) | Configures GuardDuty within a delegated admin account for all accounts within an organization. | | |
| [IAM Access Analyzer](aws_sra_examples/solutions/iam/iam_access_analyzer) | Configures an organization analyzer within a delegated admin account and account level analyzer within each account. | | [Common Register Delegated Administrator](aws_sra_examples/solutions/common/common_register_delegated_administrator)</li></ul> |
| [IAM Account Password Policy](aws_sra_examples/solutions/iam/iam_password_policy) | Sets the account password policy for users to align with common compliance standards. | | <ul><li>AWS Control Tower</li></ul> |
| [IAM Account Password Policy](aws_sra_examples/solutions/iam/iam_password_policy) | Sets the account password policy for users to align with common compliance standards. | | |
| [Macie](aws_sra_examples/solutions/macie/macie_org) | Configures Macie within a delegated admin account for all accounts within the organization. | |
| [S3 Block Account Public Access](aws_sra_examples/solutions/s3/s3_block_account_public_access) | Configures the account-level S3 BPA settings for all accounts within the organization. | Configures S3 BPA settings on buckets created by Control Tower only. | <ul><li>AWS Control Tower</li></ul> |
| [Security Hub](aws_sra_examples/solutions/securityhub/securityhub_org) | Configures Security Hub within a delegated admin account for all accounts and governed regions within the organization. | | <ul><li>AWS Config in all Org Accounts</li><li>[Config Management Account](aws_sra_examples/solutions/config/config_management_account) (_if using AWS Control Tower_)</li></ul> |
Expand Down Expand Up @@ -202,7 +203,7 @@ Q. Why didn't the solutions use inline Lambda functions within the CloudFormatio
- You should control the dependencies in your function's deployment package as stated in the [best practices for working with AWS Lambda functions](https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html).
- The [AWS Lambda runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) might not be the latest version, which contains a feature that is needed for the solution.

Q. I have ideas to improve this repository. What should I do? A. Please create an issue or submit a pull request.
Q. I have ideas to improve this repository. What should I do? A. Please create an issue or submit a pull request.Sets the account password policy for users to align with common compliance standards.

## Contributors

Expand Down
Loading