From 181c1b1eb3c49190c84941a8fde81ea7416c9968 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomas=20Sj=C3=B6berg?= <tomas.sjoberg@cloud2.net>
Date: Tue, 16 Sep 2025 14:56:57 +0200
Subject: [PATCH] Make default value for pControlTowerRegionsOnly consistent

---
 aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml     | 2 +-
 .../templates/sra-guardduty-org-module-main.yaml              | 4 ++--
 .../templates/sra-guardduty-org-solution.yaml                 | 4 ++--
 .../guardduty_org/templates/sra-guardduty-org-main-ssm.yaml   | 2 +-
 .../templates/sra-security-lake-org-configuration.yaml        | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml b/aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml
index 103be485..ae533060 100644
--- a/aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml
+++ b/aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml
@@ -1177,7 +1177,7 @@ Parameters:
     Type: String
   pGuardDutyCustomerGovernedRegionsOnly:
     AllowedValues: ["true", "false"]
-    Default: "false"
+    Default: "true"
     Description: Indicates whether to enable GuardDuty in the customer's Goverened Regions only. Example - Control Tower regions, or Common Prerequisites regions.
     Type: String
   pGuardDutyEnabledRegions:
diff --git a/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml b/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml
index d2be8cb4..a8cafb04 100644
--- a/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml
+++ b/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml
@@ -271,8 +271,8 @@ Parameters:
     Type: String
   pControlTowerRegionsOnly:
     Type: String
-    Description: Only enable in the Control Tower governed regions (set to true for environments without AWS Control Tower)
-    Default: 'false'
+    Description: Only enable in the Control Tower governed regions (set to false for environments without AWS Control Tower)
+    Default: 'true'
     AllowedValues: ['true', 'false']
   pEnabledRegions:
     AllowedPattern: '^$|^([a-z0-9-]{1,64})$|^(([a-z0-9-]{1,64},)*[a-z0-9-]{1,64})$'
diff --git a/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml b/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml
index 5cfebdbe..9615e27b 100644
--- a/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml
+++ b/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml
@@ -358,8 +358,8 @@ Parameters:
     Type: String
   pControlTowerRegionsOnly:
     Type: String
-    Description: Only enable in the Control Tower governed regions (set to true for environments without AWS Control Tower)
-    Default: 'false'
+    Description: Only enable in the Control Tower governed regions (set to false for environments without AWS Control Tower)
+    Default: 'true'
     AllowedValues: ['true', 'false']
   pEnabledRegions:
     AllowedPattern: '^$|^([a-z0-9-]{1,64})$|^(([a-z0-9-]{1,64},)*[a-z0-9-]{1,64})$'
diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-main-ssm.yaml b/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-main-ssm.yaml
index 40b1eb82..78b80b23 100644
--- a/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-main-ssm.yaml
+++ b/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-main-ssm.yaml
@@ -190,7 +190,7 @@ Parameters:
   pControlTowerRegionsOnly:
     Type: String
     Description: Only enable in the Control Tower governed regions (set to true for environments without AWS Control Tower)
-    Default: 'true' # TODO: best practice is to set this to false, however, there is a bug that prevents this from working
+    Default: 'true' # TODO: best practice is to set this to false, however, there is a bug (insert bug id) that prevents this from working
     AllowedValues: ['true', 'false']
   pCreateLambdaLogGroup:
     AllowedValues: ['true', 'false']
diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml
index 02406605..1cdabde0 100644
--- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml
+++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml
@@ -236,7 +236,7 @@ Parameters:
     Default: 'ALL'
   pControlTowerRegionsOnly:
     AllowedValues: ['true', 'false']
-    Default: 'false'
+    Default: 'true'
     Description: Only enable in the customer governed regions specified in Control Tower or Common Prerequisites solution
     Type: String
   pComplianceFrequency: