aws-account-automation

Tools to Automate your AWS Account

AccountAlertTopics will create three SNS Topics (Critical, Error, Info) and stack export them to be used in other templates. It can optionally deploy a lambda that will push the published messages to a slack channel
AuditRole creates a generic security auditor role for an account. QuickLink Deploy
BillingBucket creates a bucket in your payer account for billing reports and applies the appropriate Bucket Policy. QuickLink Deploy
CloudTrailTemplate creates a CloudTrail following industry best practices. It creates the S3 bucket, a Customer Managed Key for the events, enables log validation and multi-region support and will send events to CloudWatch Logs. QuickLink Deploy
CloudWatchAlarmsForCloudTrailAPIActivity Deploys multiple CloudWatch Alarms for CloudTrail events that happen in your account. Requires CloudTrail to be feeding a LogGroup and the AccountAlertTopics stack to be deployed. QuickLink Deploy
EBSAutomatedTagging - probably not useful since AWS will autotag EBS volumes now
IAM-ExpireUsers - Work in progress to automatically handle users that have not changed their password or rotated access keys
requireMFA will deploy a IAM User Group and Lambda that will prevent users without MFA from doing anything in the account

❗ Also check out the aws-fast-fixes python scripts for manual security fixes for your account! ❗

Hosting

The most recent version of all these templates are hosted in S3 for Easy Deployment.

Directly callable URLS:

Name		Name	Last commit message	Last commit date
Latest commit History 42 Commits
.github/workflows		.github/workflows
cloudformation		cloudformation
lambda		lambda
sample-events/requireMFA		sample-events/requireMFA
terraform/EBSAutomatedTagging		terraform/EBSAutomatedTagging
.gitignore		.gitignore
AccountAlertTopics.md		AccountAlertTopics.md
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md