Modify Future Configuration and Links sections #215
Conversation
| @@ -59,10 +59,70 @@ module.config.data.template_file.splunk_configrules | |||
| We will centralize the AWS Config setup to send all Config events to the organization's logging account (see [main](README.md)). | |||
| This involves: | |||
|
|
|||
| * delegation from the org management account to the logging account of the config service | |||
| * other things | |||
| * Delegation from the org management account to the logging account of the config service (each organization sectools account i.e. ent-ew-sectools : 282958839025) | |||
There was a problem hiding this comment.
not the logging account, but the security account (my original mistake), and it is for the config service
Delegation from the org management account to the security account for the config service (each organization sectools account i.e. ent-ew-sectools : 282958839025)
| # Proposed Resources | ||
| ## Infrastructure | ||
| aws_config_configuration_aggregator.organization - "OIS-Config-Organizations-Aggregator" | ||
| aws_config_configuration_recorder.ois_config_recorder | ||
| aws_config_delivery_channel.config_ois_tools | ||
| aws_config_configuration_recorder_status.config_ois_tools |
There was a problem hiding this comment.
no need for an "ois"prefix, these woudl be an 'inf" prefix as they are part of the infrastructure (or INF in the name). Use inf_config for the resource name for all 4 of these. No need to have diff names.
| * Need to remove configuration recorders and Config Delivery Channels in each account and each region as they will no longer be leveraged in this configuration | ||
| * Should only include Global Config resource types in one region per organizational structure, this will pull in a vast amount of data and should not be included across all regions (will incur large data costs unnecessarily) |
There was a problem hiding this comment.
What will this mean for each account/region? Look over the config module used as part of the baseline ("git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//config?ref=tf-upgrade").
Does this mean we will not be able to look at Config in a per account basis?
| [AWS Organizations, AWS Config, and Terraform | AWS Cloud Operations & Migrations Blog](https://aws.amazon.com/blogs/mt/aws-organizations-aws-config-and-terraform/) | ||
|
|
||
| [Moving from a single account AWS Config deployment to an Organization wide deployment | AWS Cloud Operations & Migrations Blog](https://aws.amazon.com/blogs/mt/moving-from-a-single-account-aws-config-deployment-to-an-organization-wide-deployment/) | ||
|
|
||
| [aws_config_organization_managed_rule | Resources | hashicorp/aws | Terraform | Terraform Registry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_organization_managed_rule.html) | ||
|
|
||
| [multi-region-org-config-rules-terraform/administrator_account/config/config.tf at master · aws-samples/multi-region-org-config-rules-terraform](https://github.com/aws-samples/multi-region-org-config-rules-terraform/blob/master/administrator_account/config/config.tf) | ||
|
|
||
| [terraform-modules/aws-inf-setup: AWS Infrastructure Setup](https://github.e.it.census.gov/terraform-modules/aws-inf-setup) |
There was a problem hiding this comment.
Make these a list (prefix with - or *).
No description provided.