[Suggested additions]

[jmoldan]

Is your feature request related to a problem? Please describe

Various alternative methods to adding security enhancements to Control Tower/Organizations exists. Here are a couple that would be nice to have built out as sample solutions here (Centralize under this framework)

Describe the solution you'd like

Centralized Flow Logs - Similar to https://aws.amazon.com/blogs/mt/vpc-flow-log-with-aws-control-tower-lifecycle/ Automatic Alternate Contact configuration - Similar to https://aws.amazon.com/blogs/mt/automatically-update-alternate-contacts-for-newly-created-aws-accounts/

Describe alternatives you've considered

Just use the blogs (although it would be nice to have a single place to access all of these)

Additional context

Add any other context or screenshots about the feature request here. e.g. link to a new AWS feature

[tekdj7]

Thanks for putting in a feature request. Both of these solutions are at the top of our backlog, to be included in a near-term release. On that note, we would love to get feedback from you on the specific features you'd like to see in these solutions. For example, would having an input parameter (e.g., tags) to distinguish which VPC's should Flow Logs be enabled for be helpful?

[andywick-aws]

Automatic Alternate Contact configuration is now available via the new Account Alternate Contacts solution

[wellsiau-aws]

Two main feature that I'd like to see for VPC Flow Logs:

1. Option to configure flow logs settings : type of traffic, format, destination. Perhaps via tags if its available on VPC or subnet level.
2. Option to specify default behavior, for example: always create flow logs when no tags available or only create flow logs if tags available.