Merge pull request #69 from aws-samples/bug/s3-block-public-account-a…

…ccess Bug/s3 block public account access
aws-samples · Nov 22, 2021 · 23406b9 · 23406b9
2 parents 62e24ee + c60b008
commit 23406b9
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 6 deletions.
diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/README.md b/aws_sra_examples/solutions/s3/s3_block_account_public_access/README.md
@@ -174,10 +174,11 @@ sh "$SRA_REPO"/aws_sra_examples/utils/packaging_scripts/package-lambda.sh \
 
 #### Solution Delete Instructions <!-- omit in toc -->
 
-1. In the `management account (home region)`, delete the AWS CloudFormation **Stack** created in step 3 of the solution deployment.
+1. In the `management account (home region)`, delete the AWS CloudFormation **Stack** created in step 3 of the solution deployment. **Note:** The solution will not modify the S3 block account public access settings on a `Delete` event. Only the SSM
+   configuration parameter is deleted in this step.
 2. In the `management account (home region)`, delete the AWS CloudFormation **Stack** created in step 2 of the solution deployment.
 3. In the `management account (home region)`, delete the AWS CloudFormation **StackSet** created in step 1 of the solution deployment. **Note:** there should not be any `stack instances` associated with this StackSet.
-4. In the `management account (home region)`, delete the AWS CloudWatch **Log Group** (e.g. /aws/lambda/sra-s3-block-account-public-access) for the Lambda function deployed in step 2 of the solution deployment.
+4. In the `management account (home region)`, delete the AWS CloudWatch **Log Group** (e.g. /aws/lambda/sra-s3-block-account-public-access) for the Lambda function deployed in step 3 of the solution deployment.
 
 ---
 

diff --git a/...s/customizations_for_aws_control_tower/parameters/sra-s3-block-account-public-access.json b/...s/customizations_for_aws_control_tower/parameters/sra-s3-block-account-public-access.json
@@ -25,7 +25,7 @@
     },
     {
         "ParameterKey": "pOrganizationId",
-        "ParameterValue": ""
+        "ParameterValue": "$[alfred_ssm_/org/primary/organization_id]"
     },
     {
         "ParameterKey": "pS3BlockAccountPublicAccessLambdaFunctionName",

diff --git a/...tions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml b/...tions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml
@@ -199,8 +199,8 @@ Parameters:
     Type: String
 
   pSRASSMParameterPrefix:
-    AllowedValues: ['/sra/sra-s3-block-account-public-access']
-    Default: '/sra/sra-s3-block-account-public-access'
+    AllowedValues: ['/sra/s3-block-account-public-access']
+    Default: '/sra/s3-block-account-public-access'
     Description: SRA SSM parameter prefix to use for storing the configuration properties needed when a new account is created.
     Type: String
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "aws_sra_examples"
-version = "1.2.0"
+version = "1.2.1"
 description = "AWS Security Reference Architecture Examples"
 authors = ["Amazon Web Services <no_reply@amazon.com>"]