AWS - Baseline
Fernando Honig
Last Update 2 jaar geleden
StackZone Baseline Setup includes the necessary components for you to choose after it's been built.
Components Created:
- Shared Services Account:
- Amazon VPC including Private and Public Subnets distributed in 2 availability zones in the primary region
- Log-Archive Account:
- Shared Amazon S3 Bucket with a lifecycle policy to store logs up to 7 years
- Primary Account: Security Services Delegation to the Security Account
- AWS Security Hub (if enabled)
- Amazon S3 Storage Lens
- AWS License Manager
- AWS Systems Manager
- Amazon Macie
- AWS IAM Access Analyzer
- Service Control Policies
- Core OU Mandatory Preventive GuardRails
- Workloads OU Mandatory Preventive GuardRails
- StackZone Deny Preventive GuardRails
- Baseline Services (Applied to every account managed by StackZone)
- Lambda Helper (required Lambda functions for StackZone to operate)
- SNS Helper (required to forward Security SNS Notifications from all accounts to the Security Account)
- Key Management Service: Creates AWS KMS Keys for Amazon EBS Volumes, CloudWatch Logs and SNS Topics to be encrypted to maintain compliance.
- AWS Config:
- Creates an AWS IAM Role to run AWS Config Rules and Remediations.
Average Time to deploy: 75 minutes (including the creation of all AWS accounts)
