Skip to content

Commit 4210e63

Browse files
committed
update readme
1 parent 8ab30b0 commit 4210e63

File tree

1 file changed

+10
-10
lines changed
  • aws_sra_examples/solutions/genai/bedrock_org

1 file changed

+10
-10
lines changed

aws_sra_examples/solutions/genai/bedrock_org/README.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010

1111
## Introduction
1212

13-
This solution provides an automated framework for deploying Bedrock organizational controls using AWS CloudFormation. It leverages a Lambda function to configure and deploy AWS Config rules, CloudWatch metrics, and other resources necessary to monitor and enforce governance policies across multiple AWS accounts and regions in an organization.
13+
This solution provides an automated framework for deploying Bedrock organizational security controls using AWS CloudFormation. It leverages a Lambda function to configure and deploy AWS Config rules, CloudWatch metrics, and other resources necessary to monitor and enforce governance policies across multiple AWS accounts and regions in an organization.
1414

1515
The architecture follows best practices for security and scalability and is designed for easy extensibility.
1616

@@ -23,27 +23,27 @@ The architecture follows best practices for security and scalability and is desi
2323
This section provides a detailed explanation of the resources shown in the updated architecture diagram:
2424

2525
### Organization Management Account
26-
1. **AWS CloudFormation (1.1)**: Used to define and deploy all resources in the solution.
26+
1. **AWS CloudFormation (1.1)**: Used to define and deploy resources in the solution.
2727
2. **CloudWatch Lambda Role (1.2)**: Role for enabling CloudWatch access by the Lambda function in the global region.
28-
3. **SNS Topic (1.3)**: Publishes notifications for alarms and other configured events.
28+
3. **SNS Topic (1.3)**: SNS publish to Lambda. Handles fanout configuration of the solution.
2929
4. **Bedrock Lambda Function (1.4)**: Core function responsible for deploying resources and managing configurations across accounts and regions.
3030
5. **CloudWatch Log Group (1.5)**: Logs for monitoring the execution of the Lambda function.
3131
6. **Dead-Letter Queue (DLQ) (1.6)**: Handles failed Lambda invocations.
3232
7. **CloudWatch Filters (1.7)**: Filters specific log events to track relevant activities.
3333
8. **CloudWatch Alarms (1.8)**: Triggers notifications based on preconfigured thresholds.
34-
9. **SNS Topic (1.9)**: Handles notifications for region-specific monitoring.
34+
9. **SNS Topic (1.9)**: Publishes notifications for alarms and events.
3535
10. **CloudWatch Link (1.10)**: Links CloudWatch metrics across accounts and regions for centralized observability.
36-
11. **KMS Key (1.11)**: Encrypts sensitive resources such as SNS topics and log data.
36+
11. **KMS Key (1.11)**: Encrypts SNS topic.
3737

3838
### All Bedrock Accounts
39-
1. **CloudWatch Sharing Role (2.1)**: Role enabling CloudWatch metrics sharing in the global region.
39+
1. **CloudWatch Sharing Role (2.1)**: Role enabling CloudWatch metrics sharing.
4040
2. **CloudWatch Filters (2.2)**: Region-specific filters to monitor log events for compliance and security.
41-
3. **CloudWatch Alarms (2.3)**: Configured to trigger notifications for specific metric thresholds in each region.
41+
3. **CloudWatch Alarms (2.3)**: Configured to trigger notifications for specific metric thresholds.
4242
4. **SNS Topic (2.4)**: Publishes notifications for alarms and events in the respective regions.
4343
5. **CloudWatch Link (2.5)**: Links metrics from regional accounts back to the Organization Management Account.
44-
6. **KMS Key (2.6)**: Encrypts region-specific resources such as SNS topics and logs.
45-
7. **Rule Lambda Roles (2.7)**: Lambda execution roles for AWS Config rules in the global region.
46-
8. **Config Rules (2.8)**: Enforces governance and compliance policies in each region.
44+
6. **KMS Key (2.6)**: Encrypts SNS topic.
45+
7. **Rule Lambda Roles (2.7)**: Lambda execution roles for AWS Config rules.
46+
8. **Config Rules (2.8)**: Enforces governance and compliance policies.
4747
9. **Config Lambdas (2.9)**: Evaluates and remediates non-compliance with governance policies.
4848

4949
### Audit (Security Tooling) Account

0 commit comments

Comments
 (0)