Skip to content

Latest commit

 

History

History
82 lines (63 loc) · 2.88 KB

README.md

File metadata and controls

82 lines (63 loc) · 2.88 KB
Raw

Org-Formation Overview

We use org-formation to deploy CloudFormation stacks to various accounts within our organization.

The various directories here group the stacks logically, and are prefixed with numbers to enforce the order they are deployed in.

Run First

FinOps

  • 040 AWS Budgets
    Configure budget alerts in AWS Budgets for tagged accounts.
  • 050 AWS Cost Explorer
    Configure anomaly detection, cost categories, and deploy related Lambdas.

Security

  • 070 GuardDuty
    Configure GuardDuty for all accounts.
  • 075 Security Hub
    Configure Security Hub for all accounts.
  • 077 Macie
    Configure AWS Macie for all accounts.
  • 080 AWS Config
    Configure AWS Config for all accounts.
  • 090 Systems Manager
    Configure Systems Manager for all accounts.
  • 725 vpc flow logs
    Use AWS config to enable VPC flow logs
  • AWS Config service was manually setup and configured using the AWS console. because cloudformation does not support setting up in an organization configuration. Cloudformation only supports setting up in an invitation/authorization configuration which is not the preferred approach. Detailed info can be found in issue https://sagebionetworks.jira.com/browse/IT-3619

Shared Application Infrastructure

  • 100 Shared DNS
    Manage DNS zones and related wildcard ACM certificates for infrastructure shared with CDK applications.

Global Account Configuration

  • 200 Baseline
    Set global password policy and bootstrap all accounts for CDK.
  • 300 Account Defaults
    Configure all accounts via custom CloudFormation types, deploy miscellaneous infrastructure expected in all accounts.

Access and Connectivity

CloudWatch Persistence

Application Redirects

  • 800 Redirects
    Create S3 buckets used for HTTP 3xx redirects, and DNS CNAME records used by CDK applications.