|
1 | 1 | { |
| 2 | + "replacements": { |
| 3 | + "addl_regions": { |
| 4 | + "a": ["${HOME_REGION}"], |
| 5 | + "b": ["${HOME_REGION}, ${GBL_REGION}"], |
| 6 | + "c": ["${HOME_REGION}, ${GBL_REGION}"] |
| 7 | + } |
| 8 | + }, |
2 | 9 | "global-options": { |
3 | 10 | "alz-baseline": false, |
4 | 11 | "ct-baseline": false, |
|
11 | 18 | "workloadaccounts-param-filename": "config.json", |
12 | 19 | "ignored-ous": [], |
13 | 20 | "additional-global-output-regions": [], |
14 | | - "supported-regions": ["ca-central-1", "us-east-1"], |
| 21 | + "supported-regions": ["${HOME_REGION}", "${GBL_REGION}"], |
15 | 22 | "keep-default-vpc-regions": [], |
16 | 23 | "aws-org-master": { |
17 | 24 | "account": "master", |
18 | | - "region": "ca-central-1" |
| 25 | + "region": "${HOME_REGION}" |
19 | 26 | }, |
20 | 27 | "central-security-services": { |
21 | 28 | "account": "security", |
22 | | - "region": "ca-central-1", |
| 29 | + "region": "${HOME_REGION}", |
23 | 30 | "security-hub-excl-regions": [], |
24 | 31 | "guardduty": true, |
25 | 32 | "guardduty-excl-regions": [], |
|
36 | 43 | }, |
37 | 44 | "central-operations-services": { |
38 | 45 | "account": "operations", |
39 | | - "region": "ca-central-1", |
| 46 | + "region": "${HOME_REGION}", |
40 | 47 | "cwl": true |
41 | 48 | }, |
42 | 49 | "central-log-services": { |
43 | 50 | "account": "log-archive", |
44 | | - "region": "ca-central-1", |
| 51 | + "region": "${HOME_REGION}", |
45 | 52 | "s3-retention": 730, |
46 | 53 | "cwl-glbl-exclusions": [], |
47 | 54 | "cwl-exclusions": [], |
|
163 | 170 | { |
164 | 171 | "filter-name": "SecurityGroupChangeMetric", |
165 | 172 | "accounts": ["master"], |
166 | | - "regions": ["ca-central-1"], |
| 173 | + "regions": ["${HOME_REGION}"], |
167 | 174 | "loggroup-name": "/PBMMAccel/CloudTrail", |
168 | 175 | "filter-pattern": "{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup) }", |
169 | 176 | "metric-namespace": "CloudTrailMetrics", |
|
173 | 180 | { |
174 | 181 | "filter-name": "NetworkAclChangeMetric", |
175 | 182 | "accounts": ["master"], |
176 | | - "regions": ["ca-central-1"], |
| 183 | + "regions": ["${HOME_REGION}"], |
177 | 184 | "loggroup-name": "/PBMMAccel/CloudTrail", |
178 | 185 | "filter-pattern": "{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation)}", |
179 | 186 | "metric-namespace": "CloudTrailMetrics", |
|
183 | 190 | { |
184 | 191 | "filter-name": "GatewayChangeMetric", |
185 | 192 | "accounts": ["master"], |
186 | | - "regions": ["ca-central-1"], |
| 193 | + "regions": ["${HOME_REGION}"], |
187 | 194 | "loggroup-name": "/PBMMAccel/CloudTrail", |
188 | 195 | "filter-pattern": "{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway)}", |
189 | 196 | "metric-namespace": "CloudTrailMetrics", |
|
193 | 200 | { |
194 | 201 | "filter-name": "VpcChangeMetric", |
195 | 202 | "accounts": ["master"], |
196 | | - "regions": ["ca-central-1"], |
| 203 | + "regions": ["${HOME_REGION}"], |
197 | 204 | "loggroup-name": "/PBMMAccel/CloudTrail", |
198 | 205 | "filter-pattern": "{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }", |
199 | 206 | "metric-namespace": "CloudTrailMetrics", |
|
203 | 210 | { |
204 | 211 | "filter-name": "Ec2InstanceChangeMetric", |
205 | 212 | "accounts": ["master"], |
206 | | - "regions": ["ca-central-1"], |
| 213 | + "regions": ["${HOME_REGION}"], |
207 | 214 | "loggroup-name": "/PBMMAccel/CloudTrail", |
208 | 215 | "filter-pattern": "{ ($.eventName = RunInstances) || ($.eventName = RebootInstances)|| ($.eventName = StartInstances) || ($.eventName = StopInstances) || ($.eventName= TerminateInstances) }", |
209 | 216 | "metric-namespace": "CloudTrailMetrics", |
|
213 | 220 | { |
214 | 221 | "filter-name": "Ec2LargeInstanceChangeMetric", |
215 | 222 | "accounts": ["master"], |
216 | | - "regions": ["ca-central-1"], |
| 223 | + "regions": ["${HOME_REGION}"], |
217 | 224 | "loggroup-name": "/PBMMAccel/CloudTrail", |
218 | 225 | "filter-pattern": "{ (($.eventName = RunInstances) || ($.eventName = RebootInstances)|| ($.eventName = StartInstances) || ($.eventName = StopInstances) || ($.eventName= TerminateInstances)) && (($.requestParameters.instanceType= *.32xlarge) || ($.requestParameters.instanceType= *.24xlarge) || ($.requestParameters.instanceType= *.18xlarge) || ($.requestParameters.instanceType= *.16xlarge) || ($.requestParameters.instanceType= *.12xlarge) || ($.requestParameters.instanceType= *.10xlarge) || ($.requestParameters.instanceType= *.9xlarge) || ($.requestParameters.instanceType= *.8xlarge) || ($.requestParameters.instanceType = *.4xlarge)) }", |
219 | 226 | "metric-namespace": "CloudTrailMetrics", |
|
223 | 230 | { |
224 | 231 | "filter-name": "CloudTrailChangeMetric", |
225 | 232 | "accounts": ["master"], |
226 | | - "regions": ["ca-central-1"], |
| 233 | + "regions": ["${HOME_REGION}"], |
227 | 234 | "loggroup-name": "/PBMMAccel/CloudTrail", |
228 | 235 | "filter-pattern": "{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail)|| ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName= StopLogging) }", |
229 | 236 | "metric-namespace": "CloudTrailMetrics", |
|
233 | 240 | { |
234 | 241 | "filter-name": "ConsoleSignInFailureMetric", |
235 | 242 | "accounts": ["master"], |
236 | | - "regions": ["ca-central-1"], |
| 243 | + "regions": ["${HOME_REGION}"], |
237 | 244 | "loggroup-name": "/PBMMAccel/CloudTrail", |
238 | 245 | "filter-pattern": "{ ($.eventName = ConsoleLogin) && ($.errorMessage = \"Failedauthentication\") }", |
239 | 246 | "metric-namespace": "CloudTrailMetrics", |
|
243 | 250 | { |
244 | 251 | "filter-name": "AuthorizationFailureMetric", |
245 | 252 | "accounts": ["master"], |
246 | | - "regions": ["ca-central-1"], |
| 253 | + "regions": ["${HOME_REGION}"], |
247 | 254 | "loggroup-name": "/PBMMAccel/CloudTrail", |
248 | 255 | "filter-pattern": "{ ($.errorCode = \"*UnauthorizedOperation\") || ($.errorCode =\"AccessDenied*\") }", |
249 | 256 | "metric-namespace": "CloudTrailMetrics", |
|
253 | 260 | { |
254 | 261 | "filter-name": "IamPolicyChangesMetric", |
255 | 262 | "accounts": ["master"], |
256 | | - "regions": ["ca-central-1"], |
| 263 | + "regions": ["${HOME_REGION}"], |
257 | 264 | "loggroup-name": "/PBMMAccel/CloudTrail", |
258 | 265 | "filter-pattern": "{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=DeleteUserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=PutUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=CreatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)||($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUserPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}", |
259 | 266 | "metric-namespace": "CloudTrailMetrics", |
|
263 | 270 | { |
264 | 271 | "filter-name": "ConsoleSignInWithoutMfaMetric", |
265 | 272 | "accounts": ["master"], |
266 | | - "regions": ["ca-central-1"], |
| 273 | + "regions": ["${HOME_REGION}"], |
267 | 274 | "loggroup-name": "/PBMMAccel/CloudTrail", |
268 | 275 | "filter-pattern": "{($.eventName=\"ConsoleLogin\") && ($.additionalEventData.MFAUsed !=\"Yes\") && ($.userIdentity.type != \"AssumedRole\")}", |
269 | 276 | "metric-namespace": "CloudTrailMetrics", |
|
273 | 280 | { |
274 | 281 | "filter-name": "RootLoginMetric", |
275 | 282 | "accounts": ["master"], |
276 | | - "regions": ["ca-central-1"], |
| 283 | + "regions": ["${HOME_REGION}"], |
277 | 284 | "loggroup-name": "/PBMMAccel/CloudTrail", |
278 | 285 | "filter-pattern": "{ $.userIdentity.type = \"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" }", |
279 | 286 | "metric-namespace": "CloudTrailMetrics", |
|
283 | 290 | { |
284 | 291 | "filter-name": "DisableOrDeleteCMKMetric", |
285 | 292 | "accounts": ["master"], |
286 | | - "regions": ["ca-central-1"], |
| 293 | + "regions": ["${HOME_REGION}"], |
287 | 294 | "loggroup-name": "/PBMMAccel/CloudTrail", |
288 | 295 | "filter-pattern": "{($.eventSource=kms.amazonaws.com) && (($.eventName=DisableKey) || ($.eventName=ScheduleKeyDeletion))}", |
289 | 296 | "metric-namespace": "CloudTrailMetrics", |
|
293 | 300 | { |
294 | 301 | "filter-name": "AWSConfigChangesMetric", |
295 | 302 | "accounts": ["master"], |
296 | | - "regions": ["ca-central-1"], |
| 303 | + "regions": ["${HOME_REGION}"], |
297 | 304 | "loggroup-name": "/PBMMAccel/CloudTrail", |
298 | 305 | "filter-pattern": "{($.eventSource=config.amazonaws.com) && (($.eventName=StopConfigurationRecorder) || ($.eventName=DeleteDeliveryChannel) || ($.eventName=PutDeliveryChannel) || ($.eventName=PutConfigurationRecorder))}", |
299 | 306 | "metric-namespace": "CloudTrailMetrics", |
|
303 | 310 | { |
304 | 311 | "filter-name": "RouteTableChangesMetric", |
305 | 312 | "accounts": ["master"], |
306 | | - "regions": ["ca-central-1"], |
| 313 | + "regions": ["${HOME_REGION}"], |
307 | 314 | "loggroup-name": "/PBMMAccel/CloudTrail", |
308 | 315 | "filter-pattern": "{($.eventName=CreateRoute) || ($.eventName=CreateRouteTable) || ($.eventName=ReplaceRoute) || ($.eventName=ReplaceRouteTableAssociation) || ($.eventName=DeleteRouteTable) || ($.eventName=DeleteRoute) || ($.eventName=DisassociateRouteTable)}", |
309 | 316 | "metric-namespace": "CloudTrailMetrics", |
|
313 | 320 | { |
314 | 321 | "filter-name": "S3BucketPolicyChangesMetric", |
315 | 322 | "accounts": ["master"], |
316 | | - "regions": ["ca-central-1"], |
| 323 | + "regions": ["${HOME_REGION}"], |
317 | 324 | "loggroup-name": "/PBMMAccel/CloudTrail", |
318 | 325 | "filter-pattern": "{($.eventSource=s3.amazonaws.com) && (($.eventName=PutBucketAcl) || ($.eventName=PutBucketPolicy) || ($.eventName=PutBucketCors) || ($.eventName=PutBucketLifecycle) || ($.eventName=PutBucketReplication) || ($.eventName=DeleteBucketPolicy) || ($.eventName=DeleteBucketCors) || ($.eventName=DeleteBucketLifecycle) || ($.eventName=DeleteBucketReplication))}", |
319 | 326 | "metric-namespace": "CloudTrailMetrics", |
|
323 | 330 | { |
324 | 331 | "filter-name": "SSOAuthUnapprovedIPMetric", |
325 | 332 | "accounts": ["master"], |
326 | | - "regions": ["ca-central-1"], |
| 333 | + "regions": ["${HOME_REGION}"], |
327 | 334 | "loggroup-name": "/PBMMAccel/CloudTrail", |
328 | 335 | "filter-pattern": "{ ($.eventSource=sso.amazonaws.com) && ($.eventName=Authenticate) && ($.sourceIPAddress != 10.10.10.*) }", |
329 | 336 | "metric-namespace": "CloudTrailMetrics", |
|
333 | 340 | { |
334 | 341 | "filter-name": "IAMAuthUnapprovedIPMetric", |
335 | 342 | "accounts": ["master"], |
336 | | - "regions": ["ca-central-1"], |
| 343 | + "regions": ["${HOME_REGION}"], |
337 | 344 | "loggroup-name": "/PBMMAccel/CloudTrail", |
338 | 345 | "filter-pattern": "{ ($.eventName=ConsoleLogin) && ($.userIdentity.type=IAMUser) && ($.sourceIPAddress != 10.10.10.*) }", |
339 | 346 | "metric-namespace": "CloudTrailMetrics", |
|
343 | 350 | { |
344 | 351 | "filter-name": "UnencryptedFilesystemCreatedMetric", |
345 | 352 | "accounts": ["master"], |
346 | | - "regions": ["ca-central-1"], |
| 353 | + "regions": ["${HOME_REGION}"], |
347 | 354 | "loggroup-name": "/PBMMAccel/CloudTrail", |
348 | 355 | "filter-pattern": "{ ($.eventName = CreateFileSystem) && ($.responseElements.encrypted IS FALSE) } ", |
349 | 356 | "metric-namespace": "CloudTrailMetrics", |
|
353 | 360 | ], |
354 | 361 | "alarms": { |
355 | 362 | "default-accounts": ["master"], |
356 | | - "default-regions": ["ca-central-1"], |
| 363 | + "default-regions": ["${HOME_REGION}"], |
357 | 364 | "default-namespace": "CloudTrailMetrics", |
358 | 365 | "default-statistic": "Sum", |
359 | 366 | "default-period": 300, |
|
484 | 491 | "ssm-automation": [ |
485 | 492 | { |
486 | 493 | "accounts": ["operations"], |
487 | | - "regions": ["ca-central-1"], |
| 494 | + "regions": ["${HOME_REGION}"], |
488 | 495 | "documents": [ |
489 | 496 | { |
490 | 497 | "name": "SSM-ELB-Enable-Logging", |
|
643 | 650 | "ssm-automation": [ |
644 | 651 | { |
645 | 652 | "account": "operations", |
646 | | - "regions": ["ca-central-1"], |
| 653 | + "regions": ["${HOME_REGION}"], |
647 | 654 | "documents": ["SSM-ELB-Enable-Logging", "Put-S3-Encryption"] |
648 | 655 | } |
649 | 656 | ], |
650 | 657 | "aws-config": [ |
651 | 658 | { |
652 | 659 | "excl-regions": [], |
653 | 660 | "rules": ["ELB_LOGGING_ENABLED", "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED"], |
654 | | - "remediate-regions": ["ca-central-1"] |
| 661 | + "remediate-regions": ["${HOME_REGION}"] |
655 | 662 | } |
656 | 663 | ] |
657 | 664 | }, |
|
691 | 698 | "ssm-automation": [ |
692 | 699 | { |
693 | 700 | "account": "operations", |
694 | | - "regions": ["ca-central-1"], |
| 701 | + "regions": ["${HOME_REGION}"], |
695 | 702 | "documents": ["SSM-ELB-Enable-Logging", "Put-S3-Encryption"] |
696 | | - } |
| 703 | + } |
697 | 704 | ], |
698 | 705 | "aws-config": [ |
699 | 706 | { |
700 | 707 | "excl-regions": [], |
701 | 708 | "rules": ["ELB_LOGGING_ENABLED", "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED"], |
702 | | - "remediate-regions": ["ca-central-1"] |
| 709 | + "remediate-regions": ["${HOME_REGION}"] |
703 | 710 | } |
704 | 711 | ] |
705 | 712 | } |
|
0 commit comments