github aws-samples/aws-security-reference-architecture-examples v2.1.4
SRA v2.1.4
on GitHub

latest releases: v3.1.0, v3.0.4
2 years ago

Contributions

  • Thank you to @tekdj7 for his contributions with getting the Quick Setup completed

What was added?

  • Added Quick Setup which provides the ability to deploy all the SRA solutions from a single centralized CloudFormation template either directly within the CloudFormation console or via the Customizations for AWS Control Tower (CFCT) solution.
    • Since the solutions are deployed in parallel, our testing resulted in the Quick Setup completing the deployment of all solutions in under 20 minutes (Environment = 3 accounts, 1 region).
    • SRA Example Solutions included in the Quick Setup are:
      • Account Alternate Contacts
      • CloudTrail
      • Config Management Account
      • Config Organization Conformance Pack
      • EC2 Default EBS Encryption
      • Firewall Manager
      • GuardDuty
      • IAM Access Analyzer
      • IAM Account Password Policy
      • Macie
      • S3 Block Account Public Access
      • Security Hub

What was changed?

  • Updated all the solution main templates to use a consistent naming convention for solution parameter labels.
  • Added pSourceStackName parameter to the AWS Config Conformance Pack and Security Hub Organization solutions to handle the DependsOn requirement for the Config Management Account solution within the Quick Setup solution.
  • Updated the Firewall Manager, Macie, GuardDuty, and IAM Password Policy solutions to remove default parameters from the CFCT configuration and main templates.
  • Updated the CFCT-DEPLOYMENT-INSTRUCTIONS.md to include instructions for disabling solutions within all accounts before deletion.
  • Updated the Common Prerequisites solution to fix a spelling error.
  • Updated all StackSet resources to use the Managed Execution setting, which allows queuing of operations.
  • Updated all Stack resources in the main templates to include the DeletionPolicy and UpdateReplacePolicy with a value of Delete to resolve cfn-lint findings.
  • Updated all the python boto3 clients to include configuration setting the max_attempts to 10 increasing from the default of 5. This prevents retry errors that we have started to see from some of the API calls.
Check out latest releases or
releases around aws-samples/aws-security-reference-architecture-examples v2.1.4

Don't miss a new aws-security-reference-architecture-examples release

NewReleases is sending notifications on new releases.

Get notifications