Skip to content

Latest commit

 

History

History
129 lines (119 loc) · 2.72 KB

VISION.md

File metadata and controls

129 lines (119 loc) · 2.72 KB

References

https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/welcome.html https://github.com/aws-samples/aws-security-reference-architecture-examples

LandingZone Structure

Root
├── Infrastructure
│   └── p6m7g8-shared
│   └── p6m7g8-network
├── Security
│   ├── p6m7g8-logarchive
│   └── p6m7g8-audit
│   └── p6m7g8-forensics
├── Suspended
├── Sandbox
│   └── p6m7g8-sandbox
└── Workloads
    ├── SDLC
    │   └── p6m7g8-dev
    │   └── p6m7g8-qa
    └── Production
        └── p6m7g8-prod

Order

Break Glass

  • p6-lz-management-1-organization
    • Set IAM Account Alias
    • Make Org
  • p6-lz-management-1-avm
    • Make OU
    • Make accounts
  • p6-lz-logarchive-1
    • Set IAM Account Alias
    • Central Bucket
    • Security Lake
  • p6-lz-management-2-cloudtrail
    • Enable CloudTrail for Org
    • Delegate CloudTrail to Audit
  • p6-lz-management-2-config
    • Enable Config for Org
    • Delegate Config to Audit
  • p6-lz-management-2-securityhub
    • Enable SecurityHub for Org
    • Delegate SecurityHub to Audit
  • p6-lz-management-2-inspector
    • Enable Inspector for Org
    • Delegate Inspector to Audit
  • p6-lz-logarchive-2
    • Setup Config to go to Central Bucket
  • p6-lz-audit-1
    • Set IAM Account Alias
    • CloudWatch Logs for CloudTrail
    • Org CloudTrail
  • CLI:
    • Start CloudTrail Logging [cdk bug]
  • p6-lz-audit-2
    • Config for Aggregator
    • Config Aggregator
    • Security Hub
    • Inspector
    • [n] Artifact
    • Audit Manager
    • Event Bridge
    • Firewall Manager
    • Lambda (response)
    • Detective
    • Private CA
  • p6-lz-audit-3
    • Security Hub
    • GuardDuty
    • Macie
    • Config
    • Access Analyzer
  • p6-lz-network-1
    • Set IAM Account Alias
    • Route53
    • CloudFront
    • Verified Access
    • Shield
    • WAF
    • VPC Lattice [not transit gw]
    • Cert Manager
    • RAM
    • Resolver DNS
    • Network Access Analyzer
  • p6-lz-network-2
    • Security Hub
    • GuardDuty
    • Macie
    • Config
    • Access Analyzer
  • p6-lz-shared-1
    • Set IAM Account Alias
    • Identity Center
    • Systems Manager
  • p6-lz-shared-2
    • Security Hub
    • GuardDuty
    • Macie
    • Config
    • Access Analyzer
  • p6-lz-management-3
    • Security Hub
    • GuardDuty
    • Macie
    • Config
    • Access Analyzer
  • p6-lz-sandbox
    • VPC
  • p6-lz-dev
    • VPC
  • p6-lz-qa
    • VPC
  • p6-lz-prod
    • VPC

Setup SCP

Connect Github Actions for LZ

Operate

  • Individual Repo PRs