|
11 | 11 | - Sample config files can be found in [this](../../reference-artifacts/SAMPLE_CONFIGS/) folder |
12 | 12 | - Unsure where to start, use the [config.lite-example.json](../../reference-artifacts/SAMPLE_CONFIGS/config.lite-example.json) file |
13 | 13 |
|
14 | | -Descriptions: |
| 14 | +Samples with Descriptions: |
15 | 15 |
|
16 | 16 | 1. Full PBMM configuration [file](../../reference-artifacts/SAMPLE_CONFIGS/config.example.json) (`config.example.json`) |
17 | 17 | - The full PBMM configuration file was based on feedback from customers moving into AWS at scale and at a rapid pace. Customers of this nature have indicated that they do not want to have to upsize their perimeter firewalls or add Interface endpoints as their developers start to use new AWS services. These are the two most expensive components of the deployed architecture solution. |
@@ -46,16 +46,22 @@ Descriptions: |
46 | 46 |
|
47 | 47 | ## 1.2. **Deployment Customizations** |
48 | 48 |
|
49 | | -- The sample configuration files are provided as single, all encompassing, json files. The Accelerator also supports both splitting the config file into multiple component files and configuration files built using YAML instead of json. This is documented [here](./multi-file-config-capabilities.md) |
| 49 | +- Multi-file config file and YAML formatting [option](./multi-file-config-capabilities.md): |
50 | 50 |
|
51 | | -- The sample configuration files do not include the full range of supported configuration file parameters and values, additional configuration file parameters and values can be found [here](../../reference-artifacts/SAMPLE_CONFIGS/sample_snippets.md) |
| 51 | + - The sample configuration files are provided as single, all encompassing, json files. The Accelerator also supports both splitting the config file into multiple component files and configuration files built using YAML instead of json. This is documented |
52 | 52 |
|
53 | | -- The Accelerator is provided with a sample 3rd party configuration file to demonstrate automated deployment of 3rd party firewall technologies. Given the code is vendor agnostic, this process should be able to be leveraged to deploy other vendors firewall appliances. When and if other options become available, we will add them here as well. |
54 | | - - Automated firewall configuration [customization](../../reference-artifacts/SAMPLE_CONFIGS/firewall_file_available_variables.md) possibilities |
55 | | - - Sample Fortinet Fortigate firewall config [file](../../reference-artifacts/Third-Party/firewall-example.txt) |
| 53 | +- Sample Snippets: |
| 54 | + |
| 55 | + - The sample configuration files do not include the full range of supported configuration file parameters and values, additional configuration file parameters and values can be found [here](../../reference-artifacts/SAMPLE_CONFIGS/sample_snippets.md) |
| 56 | + |
| 57 | +- Third Party Firewall example configs: |
| 58 | + - The Accelerator is provided with a sample 3rd party configuration file to demonstrate automated deployment of 3rd party firewall technologies. Given the code is vendor agnostic, this process should be able to be leveraged to deploy other vendors firewall appliances. When and if other options become available, we will add them here as well. |
| 59 | + - Automated firewall configuration [customization](../../reference-artifacts/SAMPLE_CONFIGS/firewall_file_available_variables.md) possibilities |
| 60 | + - Sample Fortinet Fortigate firewall config [file](../../reference-artifacts/Third-Party/firewall-example.txt) |
56 | 61 |
|
57 | 62 | ## 1.3. Other Configuration File Hints and Tips |
58 | 63 |
|
| 64 | +- It is critical that all accounts that are leveraged by other accounts (i.e. accounts that any workload accounts are dependant on), are included in the mandatory-accounts section of the config file (i.e. shared-network, log-archive, operations) |
59 | 65 | - You cannot supply (or change) configuration file values to something not supported by the AWS platform |
60 | 66 | - For example, CWL retention only supports specific retention values (not any number) |
61 | 67 | - Shard count - can only increase/reduce by half the current limit. i.e. you can change from `1`-`2`, `2`-`3`, `4`-`6` |
|
0 commit comments