Things to know
This section provides information on things that you need to know about AWS Built-in before you start building. Expect this section to get updated constantly as we learn more about the requirements from our customers and partners.
The following steps are applicable for both partners and customers. Partners who are building the solution should follow guidelines when deploying an ABI package in any AWS environment. In addition, include these in the repository documentation.
-
[Updated Dec 2023]
For the current release, the existing modules are expected to operate only in AWS Control Tower environments. The modules provided as part of ABI package should be deployed only in the Management Account (within the Home Region of AWS Control Tower when it is used). -
Follow the instructions in this link to enable trusted access for AWS CloudFormation StackSets with AWS Organizations via AWS CloudFormation StackSets console.
The guidelines below don’t apply to customers; they only apply to the partners who are building the solution.
-
Granting write permissions to GitHub repository is disabled for external contributors (non-AWS builders). This is required by AWS Security. Hence, the external contributors will not be able to create branches or merge the code to the main branch. Instead, fork the repo and submit the PR. Work with your AWS PSA contact to get additional support if needed.
-
The GitHub repositories remain private until completion of the initial release. The GitHub IDs need to added manually to get access to the repository. Work with your AWS PSA contact to get access to the repository.
List of available ABI / SRA modules
| AWS Service Name | Repository |
|---|---|
| SRA Modules (MOD_ROOT) | aws-security-reference-architecture-examples/aws-sra-examples/modules |
| AWS Security Hub | ${MOD_ROOT}/securityhub-org-module |
| AWS GuardDuty | ${MOD_ROOT}/guardduty-org-module |
| AWS Control Tower | ${MOD_ROOT}/cloudtrail-org-module |
Next: Choose Common Patterns.