-
Notifications
You must be signed in to change notification settings - Fork 0
/
organization-parameters.yml
109 lines (85 loc) · 2.95 KB
/
organization-parameters.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
###################
#### Organization Structure
###################
# you can exclude accounts from being deployed to by adding them to this list
excludedAccounts:
Type: List<String>
Default: [] # example: ["123412341234", "123412341234"]
# replace the value below with the AWS Account Id within your organization that should contain all the security related tooling.
# this is an account where you do want people to log into and review their AWS Accounts security posture
securityAccountId:
Type: String
Default: "123412341234"
# replace the value below with the AWS Account Id within your organization that should be used as to archive (security related) logs.
# this is typically a separate account that you do not want people to frequently log into as the logs might contain privacy sensitive information
logArchiveAccountId:
Type: String
Default: "123412341234"
# this is region you use as your primary region
primaryRegion:
Type: String
Default: us-east-1
# this is a list of all regions you use (including your primary region)
allRegions:
Type: String
Default:
- us-east-1
- eu-central-1
# this is a list of all regions you use (except your primary region)
nonPrimaryRegions:
Type: String
Default:
- eu-central-1
###################
#### Security Hub Configuration
###################
# When set to false, this quickstart will deploy an account-wide Public Access Block to ensure no S3 buckets can be made public
# The default is true as this will/might inadvertently deny access to any purposefully public buckets
# Prior to setting this to false, ensure you do not have any S3 buckets that should be publicly accessible
SkipAccountWidePublicAccessBlock:
Type: String
Default: true # change to false to ensure no S3 buckets can publicly be accessed
# When set to false, the quickstart will configure alternate contact details in all of your AWS acounts.
# Prior to setting this to false, review the Account Contact Details section below
SkipAlternateContacts:
Type: String
Default: true
###################
#### Account Contact Details
###################
OperationsContactName:
Type: String
Default: "${AWSAccount.AccountName} Operations Team"
OperationsContactEmail:
Type: String
Default: operations@yourcompany.com
OperationsContactTitle:
Type: String
Default: Operations Team
OperationsContactPhoneNumber:
Type: String
Default: +123 123 123 123
BillingContactName:
Type: String
Default: "${AWSAccount.AccountName} Billing Team"
BillingContactEmail:
Type: String
Default: billing@yourcompany.com
BillingContactTitle:
Type: String
Default: Billing Team
BillingContactPhoneNumber:
Type: String
Default: +123 123 123 123
SecurityContactName:
Type: String
Default: "${AWSAccount.AccountName} Security Team"
SecurityContactEmail:
Type: String
Default: Security@yourcompany.com
SecurityContactTitle:
Type: String
Default: Security Team
SecurityContactPhoneNumber:
Type: String
Default: +123 123 123 123