From d706c6b646c36021e6fa0e623648e4d5cbdf3cd1 Mon Sep 17 00:00:00 2001 From: badra001 Date: Wed, 31 Dec 2025 12:34:39 -0500 Subject: [PATCH] refien --- aws/whats-new/README.md | 31 ++++------------------- aws/whats-new/architecture/README.md | 28 ++++++++++++++++++++ aws/whats-new/terraform-modules/README.md | 12 +++++++++ 3 files changed, 45 insertions(+), 26 deletions(-) create mode 100644 aws/whats-new/architecture/README.md create mode 100644 aws/whats-new/terraform-modules/README.md diff --git a/aws/whats-new/README.md b/aws/whats-new/README.md index e1650902..a3041c45 100644 --- a/aws/whats-new/README.md +++ b/aws/whats-new/README.md @@ -1,28 +1,7 @@ -# What's New on our AWS +# What's New -## 2025-12-31: Test script for cross-account roles +Details on what's new within our enviroment. We've got a few sections for you to check out. -In order to validate the cross account roles work, we created a script to use it. This script can be replicated to perform per-account tasks within -the organization. We perhaps will make this into a python module so it becomes easier to plug in one's own script without copy/paste of the tool. -See it at [test-cross-org.py](https://github.e.it.census.gov/terraform/support/tree/master/local-app/python-tools/test-cross-organization). - -## 2025-12-30: New Stackset implementing cross-account roles - -A new stackset in all organizations (ent-gov, ent-ew, lab-gov) which implements two cross-account roles, -one for adminsitration so we can query organizations and crawl across the accounts, and the other for emergency -access driven through a service account with MFA and a user/password. Currently documented in the `instractructure/global/stacksets/inf-org-crossaccount/` -directory but will get copied elsewhere: - -* [ent-gov](https://github.e.it.census.gov/terraform/252903981224-ma5-gov/tree/master/infrastructure/global/stacksets/inf-org-crossaccount) -* [ent-ew](https://github.e.it.census.gov/terraform/109223337795-censusaws/tree/master/infrastructure/global/stacksets/inf-org-crossaccount) -* [lab-gov](https://github.e.it.census.gov/terraform/243219719746-lab-gov-management-nonprod/tree/master/infrastructure/global/stacksets/inf-org-crossaccount) - -## 2025-12-30: Proposal to remove CloudTrail and reduce costs - -A proposal is in place to strip out all non-organization cloudtrail from all organizations and all accounts. It is available [here](https://github.e.it.census.gov/terraform/cloud-information/tree/master/aws/proposals/cloudtrail). -The first step of disabling the Cloudtrail for non-organization trail (inf-org-cloudtrail) has bee done in the EDL accounts. It will -be done accross all organizations. Current non-organization cloudtrail counts: - -* ent-gov: 545 -* ent-ew: 983 -* lab-gov: 54 +* [Architecture](architecture) +* [Terraform](terraform) +* [Terraform Modules](terraform-modules) diff --git a/aws/whats-new/architecture/README.md b/aws/whats-new/architecture/README.md new file mode 100644 index 00000000..b10952c9 --- /dev/null +++ b/aws/whats-new/architecture/README.md @@ -0,0 +1,28 @@ +# What's New with our AWS Architecture + +## 2025-12-31: Test script for cross-account roles + +In order to validate the cross account roles work, we created a script to use it. This script can be replicated to perform per-account tasks within +the organization. We perhaps will make this into a python module so it becomes easier to plug in one's own script without copy/paste of the tool. +See it at [test-cross-org.py](https://github.e.it.census.gov/terraform/support/tree/master/local-app/python-tools/test-cross-organization). + +## 2025-12-30: New Stackset implementing cross-account roles + +A new stackset in all organizations (ent-gov, ent-ew, lab-gov) which implements two cross-account roles, +one for adminsitration so we can query organizations and crawl across the accounts, and the other for emergency +access driven through a service account with MFA and a user/password. Currently documented in the `instractructure/global/stacksets/inf-org-crossaccount/` +directory but will get copied elsewhere: + +* [ent-gov](https://github.e.it.census.gov/terraform/252903981224-ma5-gov/tree/master/infrastructure/global/stacksets/inf-org-crossaccount) +* [ent-ew](https://github.e.it.census.gov/terraform/109223337795-censusaws/tree/master/infrastructure/global/stacksets/inf-org-crossaccount) +* [lab-gov](https://github.e.it.census.gov/terraform/243219719746-lab-gov-management-nonprod/tree/master/infrastructure/global/stacksets/inf-org-crossaccount) + +## 2025-12-30: Proposal to remove CloudTrail and reduce costs + +A proposal is in place to strip out all non-organization cloudtrail from all organizations and all accounts. It is available [here](https://github.e.it.census.gov/terraform/cloud-information/tree/master/aws/proposals/cloudtrail). +The first step of disabling the Cloudtrail for non-organization trail (inf-org-cloudtrail) has bee done in the EDL accounts. It will +be done accross all organizations. Current non-organization cloudtrail counts: + +* ent-gov: 545 +* ent-ew: 983 +* lab-gov: 54 diff --git a/aws/whats-new/terraform-modules/README.md b/aws/whats-new/terraform-modules/README.md new file mode 100644 index 00000000..6e266555 --- /dev/null +++ b/aws/whats-new/terraform-modules/README.md @@ -0,0 +1,12 @@ +# What's New with [Terraform Modules](https://github.e.it.census.gov/terraform-modules/) + +## 2025-12-31: [aws-inf-setup//config](https://github.e.it.census.gov/terraform-modules/aws-inf-setup/tree/2.13.0/config) + +* 2.13.0 -- 2025-12-31 + - config + - disable global iam things in non-east regions + - allow for other resources to be excluded completely + +The impetus behind this is that we are double-counting global resources for AWS Config in multiple regions. This is +not likely the driver of higher costs, however. We also enabled the use of an additional variable for disabling +recording for resources entirely, to go along with the resource which get limited to daily checks vs continous.