Updates to conform to AWS Built-in.

lacework-alliances · May 9, 2023 · 8678895 · 8678895
1 parent aa5c098
commit 8678895
Show file tree

Hide file tree

Showing 7 changed files with 552 additions and 31 deletions.
diff --git a/DEV_README.md b/DEV_README.md
@@ -33,10 +33,10 @@
 │           ├── requirements.txt 
 │           └── setup.py 
 ├── templates (cloudformation templates)
-│   ├── control-tower-integration.template.yml
-│   ├── lacework-aws-cfg-member.template.yml
-│   ├── lacework-aws-ct-audit.template.yml
-│   └── lacework-aws-ct-log.template.yml
+│   ├── control-tower-integration.template.yaml
+│   ├── lacework-aws-cfg-member.template.yaml
+│   ├── lacework-aws-ct-audit.template.yaml
+│   └── lacework-aws-ct-log.template.yaml
 └── Makefile (master makefile)
 
 ```
@@ -47,21 +47,21 @@ Follow these instructions to set up an AWS Control Tower Landing Zone. You must
 [AWS Control Tower Landing Zone Set Up](https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-with-control-tower.html#step-two)
 
 ## Lambda Functions
-- **Setup** - The Setup function is run when the control-tower-integration.template.yml stack is created. It does the following:
+- **Setup** - The Setup function is run when the control-tower-integration.template.yaml stack is created. It does the following:
     * Sets up the initial access token and stores it using AWS secrets manager.
-    * Creates the lacework-aws-cfg-member.template.yml, lacework-aws-ct-audit.template.yml and lacework-aws-ct-log.template.yml stacksets.
-    * Executes lacework-aws-ct-audit.template.yml and lacework-aws-ct-log.template.yml stack instances for the Audit and Log Archive account respectively.
+    * Creates the lacework-aws-cfg-member.template.yaml, lacework-aws-ct-audit.template.yaml and lacework-aws-ct-log.template.yaml stacksets.
+    * Executes lacework-aws-ct-audit.template.yaml and lacework-aws-ct-log.template.yaml stack instances for the Audit and Log Archive account respectively.
     * Adds the Lacework CloudTrail cloud account using the AWS Control Tower centralized CloudTrail S3 bucket.
-    * If "Monitor existing accounts" is chosen, executes lacework-aws-cfg-member.template.yml stack instances for all existing AWS accounts. This adds Lacework Config cloud account for each AWS Account.
+    * If "Monitor existing accounts" is chosen, executes lacework-aws-cfg-member.template.yaml stack instances for all existing AWS accounts. This adds Lacework Config cloud account for each AWS Account.
     * Sends Honeycomb telemetry.
-- **Account** - The Account function is executed when an AWS Control Tower lifecycle event for a new AWS Account enrollment. This executes a lacework-aws-cfg-member.template.yml stack instance for the enrolled AWS account. This adds a Lacework Config cloud account for this AWS Account.
+- **Account** - The Account function is executed when an AWS Control Tower lifecycle event for a new AWS Account enrollment. This executes a lacework-aws-cfg-member.template.yaml stack instance for the enrolled AWS account. This adds a Lacework Config cloud account for this AWS Account.
 - **Auth** - This function periodically checks the Lacework access token for expiration and refreshes it if necessary.
 
 ## CloudFormation Templates
-- **control-tower-integration.template.yml** - This is the master CloudFormation template and sets up all the initial resources: Lambda functions, roles, policies, SNS and event rules.
-- **lacework-aws-cfg-member.template.yml** - This template closely resembles the standard Lacework configuration template and enables a Lacework Config type cloud account.
-- **lacework-aws-ct-audit.template.yml** - This template sets up an SQS queue in the Audit AWS account where the AWS Control Tower CloudTrail SNS topic resides. Lacework receives CloudTrail update messages from the SQS queue.
-- **lacework-aws-ct-log.template.yml** - This template configures CloudTrail S3 bucket access in the Log Archive account where this bucket resides.
+- **control-tower-integration.template.yaml** - This is the master CloudFormation template and sets up all the initial resources: Lambda functions, roles, policies, SNS and event rules.
+- **lacework-aws-cfg-member.template.yaml** - This template closely resembles the standard Lacework configuration template and enables a Lacework Config type cloud account.
+- **lacework-aws-ct-audit.template.yaml** - This template sets up an SQS queue in the Audit AWS account where the AWS Control Tower CloudTrail SNS topic resides. Lacework receives CloudTrail update messages from the SQS queue.
+- **lacework-aws-ct-log.template.yaml** - This template configures CloudTrail S3 bucket access in the Log Archive account where this bucket resides.
 
 ## Lacework Control Tower Public S3 Buckets
 Released Lambda packages and templates are placed in the following S3 bucket. Customers deploy the solution from this bucket.
@@ -73,10 +73,10 @@ s3://lacework-alliances/lacework-control-tower-cfn/
    │   ├── LaceworkCTAuth.zip
    │   └── LaceworkCTSetup.zip
    └── templates/
-       ├── control-tower-integration.template.yml
-       ├── lacework-aws-cfg-member.template.yml
-       ├── lacework-aws-ct-audit.template.yml
-       └── lacework-aws-ct-log.template.yml
+       ├── control-tower-integration.template.yaml
+       ├── lacework-aws-cfg-member.template.yaml
+       ├── lacework-aws-ct-audit.template.yaml
+       └── lacework-aws-ct-log.template.yaml
 ```
 
 ## Honeycomb Telemetry
@@ -119,7 +119,7 @@ DATASET := lacework-alliances-dev
 make HONEY_KEY=xxxxx
 make upload
 ```
-4. Go to your CloudFormation console using the [AWS Control Tower Management Account](https://docs.aws.amazon.com/controltower/latest/userguide/accounts.html#special-accounts) and specify the control-tower-integration.template.yml in your S3 test folder location. The [AWS Control Tower Management Account](https://docs.aws.amazon.com/controltower/latest/userguide/accounts.html#special-accounts) maybe be different than your AWS development account.
+4. Go to your CloudFormation console using the [AWS Control Tower Management Account](https://docs.aws.amazon.com/controltower/latest/userguide/accounts.html#special-accounts) and specify the control-tower-integration.template.yaml in your S3 test folder location. The [AWS Control Tower Management Account](https://docs.aws.amazon.com/controltower/latest/userguide/accounts.html#special-accounts) maybe be different than your AWS development account.
 5. When entering the CloudFormation stack parameters, ensure **that the _Cloudformation S3 Key Prefix_ parameter is updated for the same test folder**.
 6. Execute the stack.
 7. Verify that the Lacework CloudTrail cloud account is created.

diff --git a/README.md b/README.md
@@ -69,7 +69,7 @@ If using Lacework and AWS Organization Support, ensure that you are generating a
 
 1. Click on the following Launch Stack button to go to your CloudFormation console and launch the AWS Control Integration template.
 
-   [![Launch](https://user-images.githubusercontent.com/6440106/153987820-e1f32423-1e69-416d-8bca-2ee3a1e85df1.png)](https://console.aws.amazon.com/cloudformation/home?#/stacks/create/review?templateURL=https://lacework-alliances.s3.us-west-2.amazonaws.com/lacework-control-tower-cfn/templates/control-tower-integration.template.yml)
+   [![Launch](https://user-images.githubusercontent.com/6440106/153987820-e1f32423-1e69-416d-8bca-2ee3a1e85df1.png)](https://console.aws.amazon.com/cloudformation/home?#/stacks/create/review?templateURL=https://lacework-alliances.s3.us-west-2.amazonaws.com/lacework-control-tower-cfn/templates/control-tower-integration.template.yaml)
 
    For most deployments, you only need the Basic Configuration parameters.
    ![basic_configuration](https://user-images.githubusercontent.com/6440106/154780415-dba58c69-aec2-49ee-b8e9-d98d7a8f9efc.png)
@@ -150,14 +150,14 @@ The following sections provide guidance for resolving issues with deploying the
 You can monitor the CloudFormation events for the Lacework AWS Control Tower integration stack. Events may reveal issues with resource creation. The Lacework AWS Control Tower integration stack launches a main stack and three stacksets:
 
 **Main Deployment Stack:**
-* **control-tower-integration.template.yml** - Main stack that deploys all resources: IAM roles, access token credentials, IAM roles, SQS queues, Lambda functions and the stacksets below.
+* **control-tower-integration.template.yaml** - Main stack that deploys all resources: IAM roles, access token credentials, IAM roles, SQS queues, Lambda functions and the stacksets below.
 
 **Centralized CloudTrail Cloud Account in Lacework:** (Applied once during initial deployment)
-* **lacework-aws-ct-audit.template.yml** -> **Lacework-Control-Tower-CloudTrail-Audit-Account-**_Lacework account_ - Creates a stack instance in the Audit account.
-* **lacework-aws-ct-log.template.yml** -> **Lacework-Control-Tower-CloudTrail-Log-Account-**_Lacework account_ - Creates a stack instance in the Log account.
+* **lacework-aws-ct-audit.template.yaml** -> **Lacework-Control-Tower-CloudTrail-Audit-Account-**_Lacework account_ - Creates a stack instance in the Audit account.
+* **lacework-aws-ct-log.template.yaml** -> **Lacework-Control-Tower-CloudTrail-Log-Account-**_Lacework account_ - Creates a stack instance in the Log account.
 
 **Config Cloud Account in Lacework:** (Applied for each AWS account)
-* **lacework-aws-cfg-member.template.yml** -> **Lacework-Control-Tower-Config-Member-**_Lacework account_ - Creates a stack instance in each AWS account.
+* **lacework-aws-cfg-member.template.yaml** -> **Lacework-Control-Tower-Config-Member-**_Lacework account_ - Creates a stack instance in each AWS account.
 
 Examining these stacksets for operation results, stack instance results and parameters may also provide debug information.