-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
examples: include README and more comments on the org-config
- Loading branch information
Showing
2 changed files
with
14 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # Examples | ||
| The examples directory contains example Cloudformation, terraform and CDK code that can be referenced in an organization.yml | ||
|
|
||
| ## organization-config-everywhere.yml | ||
| `organization-config-everywhere.yml` stands up an example Org structure where: | ||
| - Applies delegated admin to the Audit account. | ||
| - Provisions an organization-wide config aggregator in the Audit account. | ||
| - AWS Config is enabled in every region of every telophase managed Account. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,15 @@ | ||
| Organization: | ||
|
|
||
| # All OUs/accounts will inherit these stacks. | ||
| # All OUs/accounts will inherit these stacks and apply to every account. | ||
| Stacks: | ||
| # This stack creates an S3 bucket and dynamo DB table in every account. | ||
| - Type: "Cloudformation" | ||
| Path: "cloudformation/s3/bucket.yml" | ||
| Name: "s3-remote-state-terraform" | ||
| CloudformationCapabilities: | ||
| - "CAPABILITY_NAMED_IAM" | ||
|
|
||
| # This stack enables AWS config in every region in every account. | ||
| - Type: "Cloudformation" | ||
| - Type: "Terraform" | ||
| Path: "tf/awsconfig" | ||
| Name: "AWS-Config-Every-Region" | ||
|
|
@@ -17,10 +19,12 @@ Organization: | |
| Accounts: | ||
| - Email: [email protected] | ||
| AccountName: Audit | ||
| # This account will have config and config-multiaccountsetup delegated. | ||
| DelegatedAdministratorServices: | ||
| - "config.amazonaws.com" | ||
| - "config-multiaccountsetup.amazonaws.com" | ||
| Stacks: | ||
| # This stack creates the aggregator for the organization in the delegated admin account. | ||
| - Type: "Terraform" | ||
| Path: "tf/configaggregator" | ||
| Name: "aggregator" | ||
|
|
||