DOC: updated readme
This commit is contained in:
parent
b5d64b0af4
commit
4181b5488f
@ -7,3 +7,6 @@
|
||||
- enable securityhub
|
||||
- disable s3 public access
|
||||
- require EBS encryption
|
||||
|
||||
## If AWS organisation is in use
|
||||
If you are using AWS organisation, setup delegated admin for guardduty and securityhub. This allows centralised management.
|
||||
|
@ -20,20 +20,28 @@ module "delete-default-vpcs" {
|
||||
}
|
||||
|
||||
module "enable-aws-config" {
|
||||
# enable aws config in all regions
|
||||
# enable aws config in all regions and setup aggregation
|
||||
source = "../../modules/security_identity_compliance/aws_config"
|
||||
resource-prefix = local.resource-prefix
|
||||
default-tags = local.default-tags
|
||||
}
|
||||
|
||||
module "enable-guardduty" {
|
||||
# enable guardduty
|
||||
/* enable guardduty
|
||||
If you are using AWS organisation, GD delegated admin should be configured
|
||||
on the landing zone security account. This allows centralised management.
|
||||
See https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html
|
||||
*/
|
||||
source = "../../modules/security_identity_compliance/guardduty"
|
||||
default-tags = local.default-tags
|
||||
}
|
||||
|
||||
module "enable-securityhub" {
|
||||
# enable security hub
|
||||
/* enable security hub
|
||||
If you are using AWS organisation, SH deleted admin should be configured
|
||||
on the landing zone security account. This allows centralised management.
|
||||
https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html
|
||||
*/
|
||||
source = "../../modules/security_identity_compliance/security_hub"
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user