Skip to content

Easy setup CfCT parameters fix #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 1, 2024
Merged

Easy setup CfCT parameters fix #266

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
127 changes: 21 additions & 106 deletions aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ resources:
parameter_value: "No"
- parameter_key: pDeployPatchMgrSolution
parameter_value: "No"

# Account Alternate Contacts Solution Parameters
- parameter_key: pExcludeAlternateContactAccountTags
parameter_value: ""
Expand Down Expand Up @@ -118,7 +119,7 @@ resources:
parameter_value: ""
- parameter_key: pConformancePackExcludedAccounts
parameter_value: ""

# Detective Solution
- parameter_key: pDatasourcePackages
parameter_value: "ASFF_SECURITYHUB_FINDING, EKS_AUDIT"
Expand All @@ -144,6 +145,10 @@ resources:
# GuardDuty Solution
- parameter_key: pDisableGuardDuty
parameter_value: "No"
- parameter_key: pGuardDutyCustomerGovernedRegionsOnly
parameter_value: "true"
- parameter_key: pGuardDutyEnabledRegions
parameter_value: ""
- parameter_key: pAutoEnableS3Logs
parameter_value: "true"
- parameter_key: pAutoEnableKubernetesAuditLogs
Expand All @@ -152,10 +157,14 @@ resources:
parameter_value: "true"
- parameter_key: pEnableRdsLoginEvents
parameter_value: "true"
- parameter_key: pEnableEksRuntimeMonitoring
- parameter_key: pEnableRuntimeMonitoring
parameter_value: "true"
- parameter_key: pEnableEksAddonManagement
parameter_value: "true"
- parameter_key: pEnableEcsFargateAgentManagement
parameter_value: "true"
- parameter_key: pEnableEc2AgentManagement
parameter_value: "true"
- parameter_key: pEnableLambdaNetworkLogs
parameter_value: "true"
- parameter_key: pGuardDutyFindingPublishingFrequency
Expand Down Expand Up @@ -238,141 +247,47 @@ resources:
parameter_value: "SPECIFIED_REGIONS"

# Patch Manager Solution
- parameter_key: pPatchMgmtRoleName
parameter_value: "sra-patch-mgmt-configuration"
# Window 1
- parameter_key: pPatchMgmtMaintWindow1Name
parameter_value: "Update_SSM"
- parameter_key: pPatchMgmtMaintWindow1Desc
parameter_value: "Maintenance Window update the SSM Agent on managed Instances"
- parameter_key: pDisablePatchMgmt
parameter_value: "false"
- parameter_key: pPatchMgmtMaintWindow1Schedule
parameter_value: "cron(0 0 1 ? * WED *)"
parameter_value: "cron(0 0 1 ? * THU *)"
- parameter_key: pPatchMgmtMaintWindow1Duration
parameter_value: "6"
- parameter_key: pPatchMgmtMaintWindow1Cutoff
parameter_value: "1"
- parameter_key: pPatchMgmtMaintWindow1TZ
parameter_value: "America/New_York"
- parameter_key: pPatchMgmtTask1Name
parameter_value: "Update_SSM"
- parameter_key: pPatchMgmtTask1Desc
parameter_value: "Task to update SSM Agent"
- parameter_key: pPatchMgmtTask1RunCmd
parameter_value: "AWS-UpdateSSMAgent"
- parameter_key: pPatchMgmtTask1Operation
parameter_value: "Scan"
- parameter_key: pPatchMgmtTask1RebootOption
parameter_value: "RebootIfNeeded"
- parameter_key: pPatchMgmtTarget1Name
parameter_value: "Update_SSM"
- parameter_key: pPatchMgmtTarget1Desc
parameter_value: "Targets to update SSM Agent on"
- parameter_key: pPatchMgmtTarget1Value1
parameter_value: "Linux"
- parameter_key: pPatchMgmtTarget1Value2
parameter_value: "Windows"
# Window 2
- parameter_key: pPatchMgmtMaintWindow2Name
parameter_value: "Windows_Scan"
- parameter_key: pPatchMgmtMaintWindow2Desc
parameter_value: "Maintenance Window to scan Windows Instances"
- parameter_key: pPatchMgmtMaintWindow2Schedule
parameter_value: "cron(0 0 1 ? * THU *)"
parameter_value: "cron(0 0 1 ? * WED *)"
- parameter_key: pPatchMgmtMaintWindow2Duration
parameter_value: "6"
- parameter_key: pPatchMgmtMaintWindow2Cutoff
parameter_value: "1"
- parameter_key: pPatchMgmtMaintWindow2TZ
- parameter_key: pPatchMgmtMaintWindowTZ
parameter_value: "America/New_York"
- parameter_key: pPatchMgmtTask2Name
parameter_value: "Windows_Scan"
- parameter_key: pPatchMgmtTask2Desc
parameter_value: "Task to scan Windows Instances"
- parameter_key: pPatchMgmtTaskRebootOption
parameter_value: "RebootIfNeeded"
- parameter_key: pPatchMgmtTask2RunCmd
parameter_value: "AWS-RunPatchBaseline"
- parameter_key: pPatchMgmtTask2Operation
parameter_value: "Scan"
- parameter_key: pPatchMgmtTask2RebootOption
parameter_value: "RebootIfNeeded"
- parameter_key: pPatchMgmtTarget2Name
parameter_value: "Windows_Scan"
- parameter_key: pPatchMgmtTarget2Desc
parameter_value: "Targets to run the command to scan for Windows updates"
- parameter_key: pPatchMgmtTarget2Value1
parameter_value: "Windows"
# Window 3
- parameter_key: pPatchMgmtMaintWindow3Name
parameter_value: "Linux_Scan"
- parameter_key: pPatchMgmtMaintWindow3Desc
parameter_value: "Maintenance Window scan Linux Instances"
- parameter_key: pPatchMgmtTaskOperation
parameter_value: "Scan"
- parameter_key: pPatchMgmtMaintWindow3Schedule
parameter_value: "cron(0 0 1 ? * FRI *)"
- parameter_key: pPatchMgmtMaintWindow3Duration
parameter_value: "6"
- parameter_key: pPatchMgmtMaintWindow3utoff
- parameter_key: pPatchMgmtMaintWindow3Cutoff
parameter_value: "1"
- parameter_key: pPatchMgmtMaintWindow3TZ
parameter_value: "America/New_York"
- parameter_key: pPatchMgmtTask3Name
parameter_value: "Linux_Scan"
- parameter_key: pPatchMgmtTask3Desc
parameter_value: "Task to scan Linux Instances"
- parameter_key: pPatchMgmtTask3RunCmd
parameter_value: "AWS-RunPatchBaseline"
- parameter_key: pPatchMgmtTask3Operation
parameter_value: "Scan"
- parameter_key: pPatchMgmtTask3RebootOption
parameter_value: "RebootIfNeeded"
- parameter_key: pPatchMgmtTarget3Name
parameter_value: "Linux_Scan"
- parameter_key: pPatchMgmtTarget3Desc
parameter_value: "Targets to run the command to scan for Linux updates"
- parameter_key: pPatchMgmtTarget3Value1
parameter_value: "Linux"

# Patch Manager Solution
- parameter_key: pDisablePatchMgmt
parameter_value: 'false'
# Window 1
- parameter_key: pPatchMgmtMaintWindow1Schedule
parameter_value: 'cron(0 0 1 ? * THU *)'
- parameter_key: pPatchMgmtMaintWindow1Duration
parameter_value: '6'
- parameter_key: pPatchMgmtMaintWindow1Cutoff
parameter_value: '1'
- parameter_key: pPatchMgmtTask1RunCmd
parameter_value: 'AWS-UpdateSSMAgent'
- parameter_key: pPatchMgmtTarget1Value1
parameter_value: 'Linux'
- parameter_key: pPatchMgmtTarget1Value2
parameter_value: 'Windows'
- parameter_key: pPatchMgmtMaintWindow2Schedule
parameter_value: 'cron(0 0 1 ? * WED *)'
- parameter_key: pPatchMgmtMaintWindow2Duration
parameter_value: '6'
- parameter_key: pPatchMgmtMaintWindow2Cutoff
parameter_value: '1'
- parameter_key: pPatchMgmtMaintWindowTZ
parameter_value: 'America/New_York'
- parameter_key: pPatchMgmtTaskRebootOption
parameter_value: 'RebootIfNeeded'
- parameter_key: pPatchMgmtTask2RunCmd
parameter_value: 'AWS-RunPatchBaseline'
- parameter_key: pPatchMgmtTarget2Value1
parameter_value: 'Windows'
- parameter_key: pPatchMgmtTaskOperation
parameter_value: 'Scan'
- parameter_key: pPatchMgmtMaintWindow3Schedule
parameter_value: 'cron(0 0 1 ? * FRI *)'
- parameter_key: pPatchMgmtMaintWindow3Duration
parameter_value: '6'
- parameter_key: pPatchMgmtMaintWindow3Cutoff
parameter_value: '1'
- parameter_key: pPatchMgmtTask3RunCmd
parameter_value: 'AWS-RunPatchBaseline'
- parameter_key: pPatchMgmtTarget3Value1
parameter_value: 'Linux'

# Common Properties
- parameter_key: pSRAAlarmEmail
parameter_value: ""
Expand Down
Loading