From 8758861612013ad4aca643e0719e3872a62fa856 Mon Sep 17 00:00:00 2001
From: Danny Schofield <dannyschofield28@gmail.com>
Date: Wed, 5 Jun 2024 09:40:12 -0400
Subject: [PATCH] examples: include README and more comments on the org-config

---
 examples/README.md                          | 8 ++++++++
 examples/organization-config-everywhere.yml | 8 ++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 examples/README.md

diff --git a/examples/README.md b/examples/README.md
new file mode 100644
index 0000000..f2070f1
--- /dev/null
+++ b/examples/README.md
@@ -0,0 +1,8 @@
+# Examples
+The examples directory contains example Cloudformation, terraform and CDK code that can be referenced in an organization.yml
+
+## organization-config-everywhere.yml
+`organization-config-everywhere.yml` stands up an example Org structure where:
+- Applies delegated admin to the Audit account.
+- Provisions an organization-wide config aggregator in the Audit account. 
+- AWS Config is enabled in every region of every telophase managed Account.
diff --git a/examples/organization-config-everywhere.yml b/examples/organization-config-everywhere.yml
index e83f4fc..1f2a575 100644
--- a/examples/organization-config-everywhere.yml
+++ b/examples/organization-config-everywhere.yml
@@ -1,13 +1,15 @@
 Organization:
-
-  # All OUs/accounts will inherit these stacks.
+  # All OUs/accounts will inherit these stacks and apply to every account.
   Stacks:
+    # This stack creates an S3 bucket and dynamo DB table in every account.
     - Type: "Cloudformation"
       Path: "cloudformation/s3/bucket.yml"
       Name: "s3-remote-state-terraform"
       CloudformationCapabilities:
         - "CAPABILITY_NAMED_IAM"
 
+    # This stack enables AWS config in every region in every account.
+    - Type: "Cloudformation"
     - Type: "Terraform"
       Path: "tf/awsconfig"
       Name: "AWS-Config-Every-Region"
@@ -17,10 +19,12 @@ Organization:
       Accounts:
         - Email: example+audit@example.com
           AccountName: Audit
+          # This account will have config and config-multiaccountsetup delegated.
           DelegatedAdministratorServices:
             - "config.amazonaws.com"
             - "config-multiaccountsetup.amazonaws.com"
           Stacks:
+            # This stack creates the aggregator for the organization in the delegated admin account.
             - Type: "Terraform"
               Path: "tf/configaggregator"
               Name: "aggregator"