Tools to Automate your AWS Account
-
AccountAlertTopics will create three SNS Topics (Critical, Error, Info) and stack export them to be used in other templates. It can optionally deploy a lambda that will push the published messages to a slack channel
-
AuditRole creates a generic security auditor role for an account. QuickLink Deploy
-
BillingBucket creates a bucket in your payer account for billing reports and applies the appropriate Bucket Policy. QuickLink Deploy
-
CloudTrailTemplate creates a CloudTrail following industry best practices. It creates the S3 bucket, a Customer Managed Key for the events, enables log validation and multi-region support and will send events to CloudWatch Logs. QuickLink Deploy
-
CloudWatchAlarmsForCloudTrailAPIActivity Deploys multiple CloudWatch Alarms for CloudTrail events that happen in your account. Requires CloudTrail to be feeding a LogGroup and the AccountAlertTopics stack to be deployed. QuickLink Deploy
-
EBSAutomatedTagging - probably not useful since AWS will autotag EBS volumes now
-
IAM-ExpireUsers - Work in progress to automatically handle users that have not changed their password or rotated access keys
-
requireMFA will deploy a IAM User Group and Lambda that will prevent users without MFA from doing anything in the account
-
SESRuleToSlack Creates and SES Email receiving rule/rulset to accept all email for a domain, invoke a lambda function that sends a summary of the email to Slack. Useful for when you might get an important notice, but you don't really need to interact from a domain.
โ Also check out the aws-fast-fixes python scripts for manual security fixes for your account! โ
The most recent version of all these templates are hosted in S3 for Easy Deployment.
Directly callable URLS:
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/AWSCloudFormationStackSetRoles-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/AWSConfigAggregator-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/AWSConfigRecorder-StackSetTemplate.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/AWSConfigRecorder-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/AccountAlertTopics-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/AuditRole-StackSetTemplate.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/AuditRole-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/BillingBucket-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/BillingMetrics-Template-Transformed.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/BillingMetrics-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/CloudTrail-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/CloudTrailConfigBucket-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/CloudWatchAlarmsForCloudTrailAPIActivity-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/EBSAutomatedTagging.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/GuardDuty-to-Slack-StackSetTemplate.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/GuardDuty-to-Slack-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/IAM-ExpireUsers-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/OrgCloudTrail-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/requireMFA-Template.yaml
- https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/SESRuleToSlack-Template.yaml
S3 Paths:
- s3://pht-cloudformation/aws-account-automation/AWSCloudFormationStackSetRoles-Template.yaml
- s3://pht-cloudformation/aws-account-automation/AWSConfigAggregator-Template.yaml
- s3://pht-cloudformation/aws-account-automation/AWSConfigRecorder-StackSetTemplate.yaml
- s3://pht-cloudformation/aws-account-automation/AWSConfigRecorder-Template.yaml
- s3://pht-cloudformation/aws-account-automation/AccountAlertTopics-Template.yaml
- s3://pht-cloudformation/aws-account-automation/AuditRole-StackSetTemplate.yaml
- s3://pht-cloudformation/aws-account-automation/AuditRole-Template.yaml
- s3://pht-cloudformation/aws-account-automation/BillingBucket-Template.yaml
- s3://pht-cloudformation/aws-account-automation/BillingMetrics-Template-Transformed.yaml
- s3://pht-cloudformation/aws-account-automation/BillingMetrics-Template.yaml
- s3://pht-cloudformation/aws-account-automation/CloudTrail-Template.yaml
- s3://pht-cloudformation/aws-account-automation/CloudTrailConfigBucket-Template.yaml
- s3://pht-cloudformation/aws-account-automation/CloudWatchAlarmsForCloudTrailAPIActivity-Template.yaml
- s3://pht-cloudformation/aws-account-automation/EBSAutomatedTagging.yaml
- s3://pht-cloudformation/aws-account-automation/GuardDuty-to-Slack-StackSetTemplate.yaml
- s3://pht-cloudformation/aws-account-automation/GuardDuty-to-Slack-Template.yaml
- s3://pht-cloudformation/aws-account-automation/IAM-ExpireUsers-Template.yaml
- s3://pht-cloudformation/aws-account-automation/OrgCloudTrail-Template.yaml
- s3://pht-cloudformation/aws-account-automation/requireMFA-Template.yaml
- s3://pht-cloudformation/aws-account-automation/SESRuleToSlack-Template.yaml