le-tf-infra-aws icon indicating copy to clipboard operation
le-tf-infra-aws copied to clipboard

Published 20 hours ago verified publisher icon binbashar

Enable AWS Config in management account

Open martingaleano opened this issue 9 months ago • 2 comments

What?

  • Upgrade AWS Config Module version for all accounts
  • Enable AWS Config in management account
  • Remove unsupported attribute (check_instances_in_vpc)
  • Add policy to DevOps permissionSet to allow the creation of organization-wide config (organizations:ListDelegatedAdministrators)

Why?

  • We need to monitor the compliance in mgmt account

References

  • https://github.com/binbashar/terraform-aws-config/commit/9b162d1b19e6999ce55109a477411026896b3b5d#diff-05b5a57c136b6ff596500bcbfdcff145ef6cddea2a0e86d184d9daa9a65a288e
  • https://aws.amazon.com/blogs/mt/org-aggregator-delegated-admin/

martingaleano avatar May 25 '24 14:05 martingaleano