This repository has been archived by the owner on Dec 8, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy path.taskcat.yml
72 lines (67 loc) · 3.45 KB
/
.taskcat.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
project:
name: cfn-ps-sumo-logic-cloudsiem
shorten_stack_name: true
s3_regional_buckets: true
regions:
- us-east-1
artifact_regions:
- us-east-1
tests:
default:
template: ./templates/main-org.template.yaml
regions:
- us-east-1
parameters:
QSS3KeyPrefix: "cfn-ps-sumo-logic-cloudsiem/"
QSS3BucketName: "tcat-cfn-ps-sumo-logic-cloudsiem"
QSS3BucketRegion: "us-east-1"
QSVersion: "2"
Section1SumoLogicDeployment: "us2"
Section1SumoLogicAccessID: $[taskcat_ssm_/sumologic/Section1SumoLogicAccessID]
Section1SumoLogicAccessKey: $[taskcat_ssm_/sumologic/Section1SumoLogicAccessKey]
Section1SumoLogicOrganizationId: $[taskcat_ssm_/sumologic/Section1SumoLogicOrganizationId]
Section1SecurityToolingAccountId: $[taskcat_ssm_/sumologic/Section1SecurityToolingAccountId]
Section1ToolingAndLoggingRegion: "us-east-1"
Section1LogArchivingAccountId: $[taskcat_ssm_/sumologic/Section1LogArchivingAccountId]
Section1OrganizationRootID: $[taskcat_ssm_/sumologic/Section1OrganizationRootID]
Section1DeliveryBucketPrefix: logs-delivery
Section1SumoLogicResourceRemoveOnDeleteStack: "true"
Section2InstallSumoGlobalGuardDutyApp: "Yes"
Section2InstallSumoCloudSecurityMonitoringandAnalyticsGuardDutyApp: "Yes"
Section2GuardDutyRegions: "us-east-1"
Section2AdditionalConfigurationFeatures: "MalwareProtection,S3Logs"
Section2GuardDutyCreateHttpLogsSource: "Yes"
Section2GuardDutyHttpLogsSourceCategoryName: "aws/quickstart/guardduty/logs"
Section3CloudTrailRegion: "us-east-1"
Section3EnableAWSCloudTrail: "Yes"
# Section3CloudTrailExistsS3BucketName: "" not required if Section3CreateCloudTrailS3Bucket: "Yes"
Section3InstallPCICloudTrailApp: "Yes"
Section3InstallCISFoundationApp: "Yes"
Section3InstallCloudTrailMonitoringAnalyticsApp: "Yes"
Section3InstallCloudTrailSecOpsApp: "Yes"
Section3CloudTrailCreateS3LogsSource: "Yes"
Section3CreateCloudTrailS3Bucket: "Yes"
Section3DisassociateAdminAccountOnDeleteStack: "false"
Section3CloudTrailLogsSourceCategoryName: "aws/quickstart/cloudtrail/logs"
Section3CloudTrailBucketPathExpression: "CloudTrail/AWSLogs/*"
Section4SecurityHubEnableSecurityHub: "Yes"
Section4SecurityHubAggregationRegion: "us-east-1"
Section4SecurityHubRegionLinkingMode: "SPECIFIED_REGIONS"
Section4SecurityHubLinkedRegions: "us-east-2"
Section4SecurityHubInstallSumoSecurityHubCloudSecurityMonitoringandAnalyticsApp: "Yes"
Section4SecurityHubCreateHttpLogsSource: "Yes"
Section4SecurityHubHttpLogsSourceCategoryName: "aws/quickstart/securityhub/logs"
Section4SecurityHubSecurityStandards: "FSBP_v1.0.0,CIS_v1.2.0,PCI_DSS_v3.2.1,NIST_v5.0.0,CIS_v1.4.0"
Section6EnableFirewallManager: "Yes"
Section6DisassociateAdminAccountOnDeleteStack: "false"
Section6InstallSumoAWSWAFCloudSecurityMonitoringAndAnalyticsApp: "Yes"
Section6InstallSumoAWSNetworkFirewallApp: "Yes"
Section6FirewallManagerPolicyRegions: "us-east-1"
Section6CreateDeliveryStreamSource: "Yes"
Section6DeliveryStreamName: sumo-kinesis
Section6CreateS3Source: "Yes"
Section6CreateS3Bucket: "Yes"
Section6DeliveryBucketPrefix: nw-logs-delivery
Section6S3SourceCategoryName: "aws/quickstart/nfw/logs"
Section6DeliveryStreamSourceCategoryName: "aws/quickstart/waf/logs"
Section6CreateVpcForSG: "true"