Backup Vaults Configuration
To generate vaults, you need to provide below value for this parameter.
To indicate workload accounts should utilize the cdk-assets S3 buckets in the managemenet account, you need to provide below value for this parameter.
CloudWatchLogs retention in days, accelerator's custom resource lambda function logs retention period is configured based on this value.
AWS ControlTower configuration
To indicate environment has control tower enabled, you need to provide below value for this parameter.
List of AWS Region names where accelerator will be deployed. Home region must be part of this list.
To add us-west-2 along with home region for accelerator deployment, you need to provide below value for this parameter.
Accelerator home region name. The region where accelerator pipeline deployed.
To use us-east-1 as home region for the accelerator, you need to provide below value for this parameter. Note: Variable HOME_REGION created for future usage of home region in the file
AWS Service Quota - Limit configuration
To enable limits within service quota, you need to provide below value for this parameter.
Accelerator logging configuration
To enable organization trail and session manager logs sending to S3, you need to provide below value for this parameter.
This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account.
Examples:
Report configuration
To enable budget report along with cost and usage report, you need to provide below value for this parameter.
SNS Topics Configuration
To send CloudWatch Alarms and SecurityHub notifications you will need to configure at least one SNS Topic For SecurityHub notification you will need to set the deployment target to Root in order to receive notifications from all accounts
SSM Inventory Configuration
Whether to enable termination protection for this stack.
Global configuration file name, this file must be present in accelerator config repository
Prepare list of Account names from account config file
Prepare list of OU ids from organization config file
Function to validate existence of budget deployment target OUs Make sure deployment target OUs are part of Organization config file
Function to validate budget notification email address
Function to validate existence of central logs bucket region in enabled region list CentralLogs bucket region name must part of pipeline enabled region
Validate s3 resource policy file existence
Validate s3 resource policy file existence
Validate CloudWatch Logs replication
Function to validate CloudWatch Logs Dynamic Partition and enforce format, key-value provided
Validate Cloudwatch logs exclusion inputs
Function to validate S3 lifecycle rules Central Log Bucket
Function to validate S3 lifecycle rules for Cost Reporting
Function to validate existence of logging target account name Make sure deployment target accounts are part of account config file
Load from file in given directory
Load from string content
Generated using TypeDoc
Accelerator global configuration