Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit f88c36c

Browse files
Release v3 (#205)
* v3 release * updating documentation links * updating documentation links * updating documentation links * updating documentation links * updating documentation links * updating documentation links * updating documentation * updating documentation
1 parent 43bb2c2 commit f88c36c

File tree

99 files changed

+725
-9783
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

99 files changed

+725
-9783
lines changed

‎CHANGELOG.md‎

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@
33
## Table of Contents<!-- omit in toc -->
44

55
- [Introduction](#introduction)
6+
- [2024年02月12日](#2024年02月12日)
7+
- [2024年02月09日](#2024年02月09日)
8+
- [2024年01月29日](#2024年01月29日)
69
- [2023年11月06日](#2023年11月06日)
710
- [2023年10月23日](#2023年10月23日)
811
- [2023年10月10日](#2023年10月10日)
@@ -48,6 +51,19 @@
4851
All notable changes to this project will be documented in this file.
4952

5053
---
54+
## 2024年02月12日
55+
56+
- Added [AMI Bakery](aws_sra_examples/solutions/ami_bakery/ami_bakery_org) solution for AMI image management.
57+
58+
## 2024年02月09日
59+
60+
- Added [Terraform edition](aws_sra_examples/terraform) for additional deployment option.
61+
- Added [AWS Shield Advanced](aws_sra_examples/solutions/shield_advanced/shield_advanced) solution.
62+
63+
## 2024年01月29日
64+
65+
- Added [AWS Config](aws_sra_examples/solutions/config/config_org) solution for environments without AWS Control Tower.
66+
5167
## 2023年11月06日
5268

5369
- Updated [Account Alternate Contacts](aws_sra_examples/solutions/account/account_alternate_contacts) solution to make AWS Control Tower optional.
@@ -89,12 +105,12 @@ Updated [Firewall Manager](https://github.com/aws-samples/aws-security-reference
89105

90106
## 2023年07月01日
91107

92-
- Added [Detective Organization](aws_sra_examples/solutions/detective/detective_org) solution to [Easy Setup](aws_sra_examples/easy_setup) and [Quick Setup](aws_sra_examples/quick_setup/)
108+
- Added [Detective Organization](aws_sra_examples/solutions/detective/detective_org) solution to [Easy Setup](aws_sra_examples/easy_setup) and Quick Setup (deprecated)
93109

94110
## 2023年06月21日
95111

96-
- Added [GuardDuty Organization](aws_sra_examples/solutions/guardduty/guardduty_org) EKS, Malware, RDS, and Lambda protections to [Easy Setup](aws_sra_examples/easy_setup) and [Quick Setup](aws_sra_examples/quick_setup/) deployment options
97-
- Added [Inspector Organization](aws_sra_examples/solutions/inspector/inspector_org) solution to [Quick Setup](aws_sra_examples/quick_setup/) deployment option
112+
- Added [GuardDuty Organization](aws_sra_examples/solutions/guardduty/guardduty_org) EKS, Malware, RDS, and Lambda protections to [Easy Setup](aws_sra_examples/easy_setup) and Quick Setup (deprecated) deployment options
113+
- Added [Inspector Organization](aws_sra_examples/solutions/inspector/inspector_org) solution to Quick Setup (deprecated) deployment option
98114

99115
## 2023年06月20日
100116

@@ -150,13 +166,13 @@ Updated [Firewall Manager](https://github.com/aws-samples/aws-security-reference
150166

151167
### Added<!-- omit in toc -->
152168

153-
- Added [Quick Setup](aws_sra_examples/quick_setup/) which provides the ability to deploy all the solutions from a single centralized CloudFormation template.
169+
- Added Quick Setup (deprecated) which provides the ability to deploy all the solutions from a single centralized CloudFormation template.
154170

155171
### Changed<!-- omit in toc -->
156172

157173
- Updated all the solution main templates to use a consistent naming convention for solution parameter labels.
158174
- Added pSourceStackName parameter to the [AWS Config Conformance Pack](aws_sra_examples/solutions/config/config_conformance_pack_org) and [Security Hub Organization](aws_sra_examples/solutions/securityhub/securityhub_org) solutions to handle the
159-
DependsOn requirement for the Config Management Account solution within the Quick Setup solution.
175+
DependsOn requirement for the Config Management Account solution within the Quick Setup (deprecated) solution.
160176
- Updated the [Firewall Manager](aws_sra_examples/solutions/firewall_manager/firewall_manager_org), [Macie](aws_sra_examples/solutions/macie/macie_org), [GuardDuty](aws_sra_examples/solutions/guardduty/guardduty_org), and
161177
[IAM Password Policy](aws_sra_examples/solutions/iam/iam_password_policy) solutions to remove default parameters from the CFCT configuration and main templates.
162178
- Updated the [CFCT-DEPLOYMENT-INSTRUCTIONS.md](aws_sra_examples/docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md) to include instructions for disabling solutions within all accounts before deletion.

‎CONTRIBUTORS‎

Lines changed: 0 additions & 7 deletions
This file was deleted.

‎README.md‎

Lines changed: 75 additions & 61 deletions
Large diffs are not rendered by default.

‎aws_sra_examples/docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md‎

Lines changed: 16 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -7,16 +7,19 @@ Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-
77
## Table of Contents<!-- omit in toc -->
88

99
- [Prerequisites](#prerequisites)
10+
- [Create the AWSControlTowerExecution IAM Role](#create-the-awscontroltowerexecution-iam-role)
11+
- [Deploy Customizations for AWS Control Tower (CFCT) Solution](#deploy-customizations-for-aws-control-tower-cfct-solution)
12+
- [AWS CodeCommit Repo](#aws-codecommit-repo)
1013
- [References](#references)
1114

1215
## Prerequisites
1316

14-
### Create the AWSControlTowerExecution IAM Role<!-- omit in toc -->
17+
### Create the AWSControlTowerExecution IAM Role
1518

1619
- The `AWSControlTowerExecution` Role provides the support needed to deploy solutions to the `management account` across regions as CloudFormation `StackSets` and it is required for the SRA CFCT solution deployments.
1720
- This role is created as part of the [common_prerequisites](../solutions/common/common_prerequisites) solution deployment.
1821

19-
## Deploy Customizations for AWS Control Tower (CFCT) Solution<!-- omit in toc -->
22+
### Deploy Customizations for AWS Control Tower (CFCT) Solution
2023

2124
- Option 1 (Recommended) Deploy the [Common CFCT Setup](../solutions/common/common_cfct_setup/) solution.
2225
- Option 2 Manually deploy the [Customizations for AWS Control Tower](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/) solution following the below instructions.
@@ -28,51 +31,35 @@ Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-
2831
- `Failure Tolerance Percentage` = 0
2932
- Acknowledge that AWS CloudFormation might create IAM resources with custom names
3033

31-
### AWS CodeCommit Repo<!-- omit in toc -->
34+
Note: Version 2 or higher of CfCT is expected.
35+
36+
### AWS CodeCommit Repo
3237

3338
1. On the local machine install [git](https://git-scm.com/downloads) and [git-remote-codecommit](https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-connect.html).
3439
2. Clone the AWS CodeCommit repository via `git clone codecommit::<HOME REGION>://custom-control-tower-configuration custom-control-tower-configuration`
3540

36-
### Deployment Instructions<!-- omit in toc -->
41+
## Deployment Instructions<!-- omit in toc -->
3742

3843
1. Determine which version of the [Customizations for AWS Control Tower](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/) solution you have deployed:
3944
1. Within the `management account (home region)` find the **CloudFormation Stack** for the Customizations for Control Tower (e.g. `custom-control-tower-initiation`)
4045
2. Select the `Outputs` tab
4146
3. The `CustomControlTowerSolutionVersion` **Value** is the version running in the environment
4247
1. Version 1 = v1.x.x = manifest.yaml version 2020年01月01日
4348
2. Version 2 = v2.x.x = manifest.yaml version 2021年03月15日
44-
2. Follow the instructions for the cooresponding version:
45-
- [Version 1 Deployment Instructions](#version-1-deployment-instructions)
46-
- [Version 2 Deployment Instructions](#version-2-deployment-instructions)
47-
48-
#### Version 1 Deployment Instructions<!-- omit in toc -->
49+
2. If version 2 is installed, continue to the deployment instructions below. If not, you will need to update your version of CfCT.
4950

50-
1. Copy the files to the Customizations for AWS Control Tower configuration `custom-control-tower-configuration`
51-
- parameters [**required for manifest version 2020年01月01日**]
52-
- Copy the parameter files from the `parameters` folder
53-
- Only one of the main parameter files is required. We recommend using the `main-ssm` file.
54-
- policies [optional]
55-
- service control policies files (\*.json)
56-
- templates [**required**]
57-
- Copy the template files from the `templates` folder that are referenced in the `manifest.yaml`
58-
- Only one of the main template files is required. We recommend using the `main-ssm` file.
59-
- `manifest.yaml` [**required**]
60-
2. Verify and update the parameters within each of the parameter json files to match the target environment
61-
3. Update the manifest.yaml file with the `organizational unit names`, `account names` and `SSM parameters` for the target environment
62-
4. Deploy the Customizations for AWS Control Tower configuration by pushing the code to the `AWS CodeCommit` repository or uploading to the `AWS S3 Bucket`
51+
#### Deployment Instructions<!-- omit in toc -->
6352

64-
#### Version 2 Deployment Instructions<!-- omit in toc -->
53+
Note: these instructions assume version 2 or higher of the CfCT solution has been installed.
6554

6655
1. Copy the files to the Customizations for AWS Control Tower configuration `custom-control-tower-configuration`
6756
- policies [optional]
6857
- service control policies files (\*.json)
6958
- templates [**required**]
70-
- Copy the template files from the `templates` folder that are referenced in the `manifest-v2.yaml`
71-
- Only one of the main template files is required. We recommend using the `main-ssm` file.
72-
- `manifest-v2.yaml` [**required**]
73-
2. Rename the `manifest-v2.yaml` to `manifest.yaml`
74-
3. Update the manifest.yaml file with the `parameters`, `organizational unit names`, `account names` and `SSM parameters` for the target environment
75-
4. Deploy the Customizations for AWS Control Tower configuration by pushing the code to the `AWS CodeCommit` repository or uploading to the `AWS S3 Bucket`
59+
- Copy the template files from the `templates` folder that are referenced in the `manifest.yaml`
60+
2. Update the manifest.yaml file with the `parameters`, `organizational unit names`, `account names` and `SSM parameters` for the target environment
61+
- *Be sure to update `deployment_targets` `accounts` with your management account information*
62+
3. Deploy the Customizations for AWS Control Tower configuration by pushing the code to the `AWS CodeCommit` repository or uploading to the `AWS S3 Bucket`
7663

7764
### Delete Instructions<!-- omit in toc -->
7865

‎aws_sra_examples/quick_setup/README.md‎

Lines changed: 0 additions & 79 deletions
This file was deleted.

‎aws_sra_examples/quick_setup/customizations_for_aws_control_tower/README.md‎

Lines changed: 0 additions & 7 deletions
This file was deleted.

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /