Skip to content

Commit 3c9e48b

Browse files
Brian969Brian969
authored
minor doc tweaks (#664)
1 parent bcf2c13 commit 3c9e48b

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ Specifically the accelerator deploys and manages the following functionality, bo
4949
- Managed Active Directory sharing, including R53 DNS resolver rule creation/sharing
5050
- Automated TGW inter-region peering
5151
- Populate Parameter Store with all `user` objects to be used by customers' IaC
52-
- Deploy and share SSM documents (3 provided out-of-box, ELB Logging, S3 Encryption, and Instance Profile remediation)
52+
- Deploy and share SSM documents (4 provided out-of-box, ELB Logging, S3 Encryption, Instance Profile remediation, Role remediation)
5353
- customer can provide their own SSM documents for automated deployment and sharing
5454

5555
### Identity
@@ -70,7 +70,7 @@ Specifically the accelerator deploys and manages the following functionality, bo
7070
- Firewall Manager
7171
- CloudTrail w/Insights and S3 data plane logging
7272
- Config Recorders/Aggregator
73-
- Conformance Packs and Config rules (95 out-of-box NIST 800-53 rules, customizable per OU)
73+
- Conformance Packs and Config rules (95 out-of-box NIST 800-53 rules, 2 custom rules, customizable per OU)
7474
- Macie
7575
- IAM Access Analyzer
7676
- CloudWatch access from central designated admin account (and setting Log group retentions)

docs/installation/what-we-do-where.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,9 +53,9 @@
5353
| - Macie | enabled all regions, admin account per region |
5454
| - IAM Access Analyzer | enabled once per account (global scope), single admin account |
5555
| - Enables CloudWatch access from central specified admin account | enabled once per account (global scope), two admin accounts (Ops & Security) |
56-
| - Deploys customer provided SSM remediation documents (three provided out-of-box today, more in progress) | customized per OU, defined regions, defined accounts |
56+
| - Deploys customer provided SSM remediation documents (four provided out-of-box today) | customized per OU, defined regions, defined accounts |
5757
| ...remediates S3 buckets without KMS CMK encryption and ALB's without centralized logging | customized per OU, all regions, integrated w/SSM remediation, when desired |
58-
| - Deploys AWS Config rules (managed and custom) including AWS Conformance packs (NIST 800-53 deployed by default) | customized per OU, all regions, all accounts integrated w/SSM remediation, when desired |
58+
| - Deploys AWS Config rules (managed and custom) including AWS Conformance packs (NIST 800-53 deployed by default + 2 custom) | customized per OU, all regions, all accounts integrated w/SSM remediation, when desired |
5959
| **Other Security Capabilities** | |
6060
| - Creates, deploys and applies Service Control Policies | at the top OU level only, sub-ou's managed directly through AWS Organizations |
6161
| - Creates Customer Managed KMS Keys w/automatic key rotation (SSM, EBS, S3) | SSM and EBS keys are created if a VPC exists in the region, S3 if we need an Accelerator bucket in the region, per account |

0 commit comments

Comments
 (0)