DOC: updated readme
This commit is contained in:
parent
b5d64b0af4
commit
4181b5488f
@ -6,4 +6,7 @@
|
|||||||
- enable guardduty
|
- enable guardduty
|
||||||
- enable securityhub
|
- enable securityhub
|
||||||
- disable s3 public access
|
- disable s3 public access
|
||||||
- require EBS encryption
|
- require EBS encryption
|
||||||
|
|
||||||
|
## If AWS organisation is in use
|
||||||
|
If you are using AWS organisation, setup delegated admin for guardduty and securityhub. This allows centralised management.
|
||||||
|
@ -20,20 +20,28 @@ module "delete-default-vpcs" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
module "enable-aws-config" {
|
module "enable-aws-config" {
|
||||||
# enable aws config in all regions
|
# enable aws config in all regions and setup aggregation
|
||||||
source = "../../modules/security_identity_compliance/aws_config"
|
source = "../../modules/security_identity_compliance/aws_config"
|
||||||
resource-prefix = local.resource-prefix
|
resource-prefix = local.resource-prefix
|
||||||
default-tags = local.default-tags
|
default-tags = local.default-tags
|
||||||
}
|
}
|
||||||
|
|
||||||
module "enable-guardduty" {
|
module "enable-guardduty" {
|
||||||
# enable guardduty
|
/* enable guardduty
|
||||||
|
If you are using AWS organisation, GD delegated admin should be configured
|
||||||
|
on the landing zone security account. This allows centralised management.
|
||||||
|
See https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html
|
||||||
|
*/
|
||||||
source = "../../modules/security_identity_compliance/guardduty"
|
source = "../../modules/security_identity_compliance/guardduty"
|
||||||
default-tags = local.default-tags
|
default-tags = local.default-tags
|
||||||
}
|
}
|
||||||
|
|
||||||
module "enable-securityhub" {
|
module "enable-securityhub" {
|
||||||
# enable security hub
|
/* enable security hub
|
||||||
|
If you are using AWS organisation, SH deleted admin should be configured
|
||||||
|
on the landing zone security account. This allows centralised management.
|
||||||
|
https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html
|
||||||
|
*/
|
||||||
source = "../../modules/security_identity_compliance/security_hub"
|
source = "../../modules/security_identity_compliance/security_hub"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user