digitc1/AWSLandingZone

Issues

• Change custom cloudwatch log gorup name to subscription filter name

  #204 opened 6 months ago by silavjy
  0

• Bug on script EC-Enable-SecurityHub-Controls-All-Regions.sh - CIS AWS Foundations Benchmark v1.2.0 control 1.14 is not disabled on all regions

  #205 opened 6 months ago by silavjy
  0

• Role SECLZ-LogShipper-Lambdas-LogShipperLambdaExecution has too wide kms permissions

  #206 opened 6 months ago by tutunal
  0

• AWS Config child account authorizations do not include future AWS regions

  #203 opened 8 months ago by tutunal
  0

• GD logs from regions other thatn eu-west-1 not being shipped to splunk

  #201 opened 10 months ago by silavjy
  0

• HW token on root account CIS control not disable - fix

  #200 opened a year ago by silavjy
  0

• Fix issue with provisioning S3 buckets, LZ deployment failing

  #197 opened 2 years ago by silavjy
  1

• Implement Lambda function to report the status of the LZ on each account

  #186 opened 2 years ago by silavjy
  0

• Activate Malware GuardDuty Feature

  #182 opened 2 years ago by silavjy
  2

• LZ accounts have a cf-templates S3 bucket set to 'objects can be public'

  #138 opened 2 years ago by chouma
  6

• Guardduty inconsistent permissions

  #139 opened 4 years ago by barrjam
  0

• Set a more sane default retention delay on CloudTrailBucket

  #185 opened 2 years ago by ajoga
  2

• refactor CIS updates with CDK , step functions and lambda

  #148 opened 2 years ago by neisije
  1

• Update Readme file and replace link to CITNET

  #181 opened 2 years ago by silavjy
  0

• update runtime engine for lambda LandingZoneLocalSNSNotificationForwarder

  #178 opened 2 years ago by silavjy
  0

• Implement lZ deletion script - linked accounts

  #184 opened 2 years ago by silavjy
  0

• implement SECLOG switch script

  #183 opened 2 years ago by silavjy
  0

• Remove non SSL access on artefacts bucket

  #192 opened 2 years ago by silavjy
  0

• Update AWSCloudFormationStackSetExecutionRole to include itself as principal

  #190 opened 2 years ago by silavjy
  0

• Enhance pre-flight check on EC-Switch-SECLOG.py script

  #191 opened 2 years ago by silavjy
  0

• Check EventBrige implementation on AWS LZ

  #189 opened 2 years ago by silavjy
  0

• Fix SECLZ-StackSetExecutionRole deployment (self referencing) issue when installing the stack the 1st time

  #196 opened 2 years ago by silavjy
  0

• Fix dependency on linked_status variable for update script

  #195 opened 2 years ago by silavjy
  0

• Remove action from lambda code bucket policy PutObjectAcl

  #177 opened 3 years ago by silavjy
  0

• AWS Lambda end of support for Python 3.6

  #171 opened 3 years ago by silavjy
  1

• Fix S3 buckets issue - S3 buckets should require requests to use Secure Socket Layer

  #173 opened 3 years ago by silavjy
  1

• Replace AWSConfigRole managed policy with AWS_ConfigRole on CFN where applicable

  #174 opened 3 years ago by silavjy
  0

• Explore enhancements from currently used services and see how to implement them on current LZ.

  #172 opened 3 years ago by silavjy
  0

• Investigate how to implement log integrity validation for all AWS accounts

  #157 opened 3 years ago by silavjy
  0

• Update script on SRV4DEV seclog fails due to hard limit on the number of stackset instances that can run at a given time

  #158 opened 3 years ago by silavjy
  0

• Refactor Update script - consolidate code

  #147 opened 3 years ago by silavjy
  0

• Allow access to delete guardduty detector and publishing location

  #163 opened 3 years ago by barrjam
  3

• CIS1.11 can be disabled - this control is not compliant with the password policy set by the LZ

  #149 opened 3 years ago by neisije
  2

• Issue when applying the securityhub standards - fails to execute two consecutive calls (rarely)

  #156 opened 3 years ago by silavjy
  1

• AWS Security Hub adds support for cross-Region aggregation of findings to simplify how you evaluate and improve your AWS security posture

  #162 opened 3 years ago by neisije
  2

• Update the code of the LZ to enable CloudTrail error rate Insights

  #164 opened 3 years ago by neisije
  1

• Explicit tagging of all the AWS resources created by the AWS CLI

  #140 opened 3 years ago by neisije
  0

• VA 3.3 enable encryption on config-logs and access-logs S3 buckets

  #160 opened 3 years ago by neisije
  4

• VA 3.2 : Enable encryption on the SNS topic

  #159 opened 3 years ago by neisije
  0

• Enable Guardduty for Kubernetes

  #166 opened 3 years ago by silavjy
  1

• Update AWS config to use aggregation on SECLOG

  #165 opened 3 years ago by silavjy
  1

• Add a script to delete the default VPC in all regions in a new AWS account

  #161 opened 3 years ago by neisije
  1

• Implement C2 optimisations to the Linked Account installation script

  #151 opened 3 years ago by silavjy
  0

• Set SSM parameter for LZ version at the end of the script run for EC-Update-LZ.py

  #152 opened 3 years ago by silavjy
  0

• Update WIKI documentation to cater for issue #151

  #153 opened 3 years ago by silavjy
  0

• seclog : automate log destinations to the SOC by coupling AWS EventBridge events with CloudWatch

  #150 opened 3 years ago by neisije
  0

• Lambda LogShippers : SecLog account noise with create_log_stream() function

  #137 opened 3 years ago by chouma
  4

• The tags defined in EC-lz-TAGS-params.json are not compliant with the naming convention

  #134 opened 3 years ago by neisije
  2

• Email subscriptions on SNS topic EC-Landing-Zone-Security-Notification disabled by AWS

  #136 opened 3 years ago by neisije
  12

• Not all resources created by the Landing Zones are tagged

  #135 opened 4 years ago by neisije
  2