DOC: updated readme

This commit is contained in:
xpk 2022-09-05 14:58:03 +08:00
parent b5d64b0af4
commit 4181b5488f
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
2 changed files with 15 additions and 4 deletions

View File

@ -6,4 +6,7 @@
- enable guardduty - enable guardduty
- enable securityhub - enable securityhub
- disable s3 public access - disable s3 public access
- require EBS encryption - require EBS encryption
## If AWS organisation is in use
If you are using AWS organisation, setup delegated admin for guardduty and securityhub. This allows centralised management.

View File

@ -20,20 +20,28 @@ module "delete-default-vpcs" {
} }
module "enable-aws-config" { module "enable-aws-config" {
# enable aws config in all regions # enable aws config in all regions and setup aggregation
source = "../../modules/security_identity_compliance/aws_config" source = "../../modules/security_identity_compliance/aws_config"
resource-prefix = local.resource-prefix resource-prefix = local.resource-prefix
default-tags = local.default-tags default-tags = local.default-tags
} }
module "enable-guardduty" { module "enable-guardduty" {
# enable guardduty /* enable guardduty
If you are using AWS organisation, GD delegated admin should be configured
on the landing zone security account. This allows centralised management.
See https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html
*/
source = "../../modules/security_identity_compliance/guardduty" source = "../../modules/security_identity_compliance/guardduty"
default-tags = local.default-tags default-tags = local.default-tags
} }
module "enable-securityhub" { module "enable-securityhub" {
# enable security hub /* enable security hub
If you are using AWS organisation, SH deleted admin should be configured
on the landing zone security account. This allows centralised management.
https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html
*/
source = "../../modules/security_identity_compliance/security_hub" source = "../../modules/security_identity_compliance/security_hub"
} }