From 2c5790004303b7590d093ad5cb5b7a0bb09ce8f2 Mon Sep 17 00:00:00 2001 From: "Wickersham, Andy" Date: Mon, 22 Nov 2021 08:00:38 -0600 Subject: [PATCH 1/2] README updates to explain delete better, removed redundant sra in SSM parameter, added SSM parameter for organization id --- .../solutions/s3/s3_block_account_public_access/README.md | 5 +++-- .../parameters/sra-s3-block-account-public-access.json | 2 +- .../templates/sra-s3-block-account-public-access.yaml | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/README.md b/aws_sra_examples/solutions/s3/s3_block_account_public_access/README.md index 934fc5da0..934ae6947 100644 --- a/aws_sra_examples/solutions/s3/s3_block_account_public_access/README.md +++ b/aws_sra_examples/solutions/s3/s3_block_account_public_access/README.md @@ -174,10 +174,11 @@ sh "$SRA_REPO"/aws_sra_examples/utils/packaging_scripts/package-lambda.sh \ #### Solution Delete Instructions -1. In the `management account (home region)`, delete the AWS CloudFormation **Stack** created in step 3 of the solution deployment. +1. In the `management account (home region)`, delete the AWS CloudFormation **Stack** created in step 3 of the solution deployment. **Note:** The solution will not modify the S3 block account public access settings on a `Delete` event. Only the SSM + configuration parameter is deleted in this step. 2. In the `management account (home region)`, delete the AWS CloudFormation **Stack** created in step 2 of the solution deployment. 3. In the `management account (home region)`, delete the AWS CloudFormation **StackSet** created in step 1 of the solution deployment. **Note:** there should not be any `stack instances` associated with this StackSet. -4. In the `management account (home region)`, delete the AWS CloudWatch **Log Group** (e.g. /aws/lambda/sra-s3-block-account-public-access) for the Lambda function deployed in step 2 of the solution deployment. +4. In the `management account (home region)`, delete the AWS CloudWatch **Log Group** (e.g. /aws/lambda/sra-s3-block-account-public-access) for the Lambda function deployed in step 3 of the solution deployment. --- diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/customizations_for_aws_control_tower/parameters/sra-s3-block-account-public-access.json b/aws_sra_examples/solutions/s3/s3_block_account_public_access/customizations_for_aws_control_tower/parameters/sra-s3-block-account-public-access.json index f8a17c553..bd80c749c 100644 --- a/aws_sra_examples/solutions/s3/s3_block_account_public_access/customizations_for_aws_control_tower/parameters/sra-s3-block-account-public-access.json +++ b/aws_sra_examples/solutions/s3/s3_block_account_public_access/customizations_for_aws_control_tower/parameters/sra-s3-block-account-public-access.json @@ -25,7 +25,7 @@ }, { "ParameterKey": "pOrganizationId", - "ParameterValue": "" + "ParameterValue": "$[alfred_ssm_/org/primary/organization_id]" }, { "ParameterKey": "pS3BlockAccountPublicAccessLambdaFunctionName", diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml b/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml index 9d4359adf..28399e1bf 100644 --- a/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml +++ b/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml @@ -199,8 +199,8 @@ Parameters: Type: String pSRASSMParameterPrefix: - AllowedValues: ['/sra/sra-s3-block-account-public-access'] - Default: '/sra/sra-s3-block-account-public-access' + AllowedValues: ['/sra/s3-block-account-public-access'] + Default: '/sra/s3-block-account-public-access' Description: SRA SSM parameter prefix to use for storing the configuration properties needed when a new account is created. Type: String From c60b008a68f120dd5ad802f9302cddb1621d50b6 Mon Sep 17 00:00:00 2001 From: "Wickersham, Andy" Date: Mon, 22 Nov 2021 08:01:34 -0600 Subject: [PATCH 2/2] updated version number for the bug fix --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index f2204b4f8..2e0c0d56e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "aws_sra_examples" -version = "1.2.0" +version = "1.2.1" description = "AWS Security Reference Architecture Examples" authors = ["Amazon Web Services "]