Skip to content

Commit

Permalink
minor doc tweaks (#664)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Brian969
Brian969 authored Mar 13, 2021
1 parent bcf2c13 commit 3c9e48b
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ Specifically the accelerator deploys and manages the following functionality, bo
- Managed Active Directory sharing, including R53 DNS resolver rule creation/sharing
- Automated TGW inter-region peering
- Populate Parameter Store with all `user` objects to be used by customers' IaC
- Deploy and share SSM documents (3 provided out-of-box, ELB Logging, S3 Encryption, and Instance Profile remediation)
- Deploy and share SSM documents (4 provided out-of-box, ELB Logging, S3 Encryption, Instance Profile remediation, Role remediation)
- customer can provide their own SSM documents for automated deployment and sharing

### Identity
Expand All @@ -70,7 +70,7 @@ Specifically the accelerator deploys and manages the following functionality, bo
- Firewall Manager
- CloudTrail w/Insights and S3 data plane logging
- Config Recorders/Aggregator
- Conformance Packs and Config rules (95 out-of-box NIST 800-53 rules, customizable per OU)
- Conformance Packs and Config rules (95 out-of-box NIST 800-53 rules, 2 custom rules, customizable per OU)
- Macie
- IAM Access Analyzer
- CloudWatch access from central designated admin account (and setting Log group retentions)
Expand Down
4 changes: 2 additions & 2 deletions docs/installation/what-we-do-where.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,9 @@
| - Macie | enabled all regions, admin account per region |
| - IAM Access Analyzer | enabled once per account (global scope), single admin account |
| - Enables CloudWatch access from central specified admin account | enabled once per account (global scope), two admin accounts (Ops & Security) |
| - Deploys customer provided SSM remediation documents (three provided out-of-box today, more in progress) | customized per OU, defined regions, defined accounts |
| - Deploys customer provided SSM remediation documents (four provided out-of-box today) | customized per OU, defined regions, defined accounts |
| ...remediates S3 buckets without KMS CMK encryption and ALB's without centralized logging | customized per OU, all regions, integrated w/SSM remediation, when desired |
| - Deploys AWS Config rules (managed and custom) including AWS Conformance packs (NIST 800-53 deployed by default) | customized per OU, all regions, all accounts integrated w/SSM remediation, when desired |
| - Deploys AWS Config rules (managed and custom) including AWS Conformance packs (NIST 800-53 deployed by default + 2 custom) | customized per OU, all regions, all accounts integrated w/SSM remediation, when desired |
| **Other Security Capabilities** | |
| - Creates, deploys and applies Service Control Policies | at the top OU level only, sub-ou's managed directly through AWS Organizations |
| - Creates Customer Managed KMS Keys w/automatic key rotation (SSM, EBS, S3) | SSM and EBS keys are created if a VPC exists in the region, S3 if we need an Accelerator bucket in the region, per account |
Expand Down

0 comments on commit 3c9e48b

Please sign in to comment.