Last active
May 4, 2021 06:51
-
-
Save adamcousins/92451d963e0e3612eade4a2435937dd9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: "Security: Creates an AWS Security Hub in all accounts in the Control Tower" | |
| Parameters: | |
| Regions: | |
| Type: CommaDelimitedList | |
| Description: Regions to deploy Stack Set into | |
| Default: "ap-southeast-2" | |
| OrganizationalUnitIds: | |
| Type: CommaDelimitedList | |
| Description: OrganizationalUnitIds to deploy Stack Set into. | |
| Default: '' | |
| Resources: | |
| StackSet: | |
| Type: AWS::CloudFormation::StackSet | |
| Properties: | |
| Capabilities: | |
| - CAPABILITY_IAM | |
| - CAPABILITY_NAMED_IAM | |
| StackSetName: !Ref AWS::StackName | |
| PermissionModel: SERVICE_MANAGED | |
| AutoDeployment: | |
| Enabled: true | |
| RetainStacksOnAccountRemoval: true | |
| StackInstancesGroup: | |
| - Regions: !Ref Regions | |
| DeploymentTargets: | |
| OrganizationalUnitIds: !Ref OrganizationalUnitIds | |
| TemplateBody: | | |
| --- | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: "Security: Deploys a Security Hub Resource." | |
| Parameters: {} | |
| Resources: | |
| SecHub: | |
| Type: 'AWS::SecurityHub::Hub' | |
| Properties: {} | |
| Outputs: | |
| HubArn: | |
| Value: !Ref SecHub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment