manifest update (#266)

IevIe · ievgeniia ieromenko · web-flow · commit 313ea9d549fa · 2024-10-01T14:35:23.000-04:00
Co-authored-by: ievgeniia ieromenko &lt;ieviero@amazon.com&gt;
diff --git a/aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml b/aws_sra_examples/easy_setup/customizations_for_aws_control_tower/manifest.yaml
@@ -43,6 +43,7 @@ resources:
         parameter_value: "No"
       - parameter_key: pDeployPatchMgrSolution
         parameter_value: "No"
+
       # Account Alternate Contacts Solution Parameters
       - parameter_key: pExcludeAlternateContactAccountTags
         parameter_value: ""
@@ -118,7 +119,7 @@ resources:
         parameter_value: ""
       - parameter_key: pConformancePackExcludedAccounts
         parameter_value: ""
-
+      
       # Detective Solution
       - parameter_key: pDatasourcePackages
         parameter_value: "ASFF_SECURITYHUB_FINDING, EKS_AUDIT"
@@ -144,6 +145,10 @@ resources:
       # GuardDuty Solution
       - parameter_key: pDisableGuardDuty
         parameter_value: "No"
+      - parameter_key: pGuardDutyCustomerGovernedRegionsOnly
+        parameter_value: "true"
+      - parameter_key: pGuardDutyEnabledRegions
+        parameter_value: ""
       - parameter_key: pAutoEnableS3Logs
         parameter_value: "true"
       - parameter_key: pAutoEnableKubernetesAuditLogs
@@ -152,10 +157,14 @@ resources:
         parameter_value: "true"
       - parameter_key: pEnableRdsLoginEvents
         parameter_value: "true"
-      - parameter_key: pEnableEksRuntimeMonitoring
+      - parameter_key: pEnableRuntimeMonitoring
         parameter_value: "true"
       - parameter_key: pEnableEksAddonManagement
         parameter_value: "true"
+      - parameter_key: pEnableEcsFargateAgentManagement
+        parameter_value: "true"
+      - parameter_key: pEnableEc2AgentManagement
+        parameter_value: "true"
       - parameter_key: pEnableLambdaNetworkLogs
         parameter_value: "true"
       - parameter_key: pGuardDutyFindingPublishingFrequency
@@ -238,141 +247,47 @@ resources:
         parameter_value: "SPECIFIED_REGIONS"
 
       # Patch Manager Solution
-      - parameter_key: pPatchMgmtRoleName
-        parameter_value: "sra-patch-mgmt-configuration"
-      # Window 1
-      - parameter_key: pPatchMgmtMaintWindow1Name
-        parameter_value: "Update_SSM"
-      - parameter_key: pPatchMgmtMaintWindow1Desc
-        parameter_value: "Maintenance Window update the SSM Agent on managed Instances"
+      - parameter_key: pDisablePatchMgmt
+        parameter_value: "false"
       - parameter_key: pPatchMgmtMaintWindow1Schedule
-        parameter_value: "cron(0 0 1 ? * WED *)"
+        parameter_value: "cron(0 0 1 ? * THU *)"
       - parameter_key: pPatchMgmtMaintWindow1Duration
         parameter_value: "6"
       - parameter_key: pPatchMgmtMaintWindow1Cutoff
         parameter_value: "1"
-      - parameter_key: pPatchMgmtMaintWindow1TZ
-        parameter_value: "America/New_York"
-      - parameter_key: pPatchMgmtTask1Name
-        parameter_value: "Update_SSM"
-      - parameter_key: pPatchMgmtTask1Desc
-        parameter_value: "Task to update SSM Agent"
       - parameter_key: pPatchMgmtTask1RunCmd
         parameter_value: "AWS-UpdateSSMAgent"
-      - parameter_key: pPatchMgmtTask1Operation
-        parameter_value: "Scan"
-      - parameter_key: pPatchMgmtTask1RebootOption
-        parameter_value: "RebootIfNeeded"
-      - parameter_key: pPatchMgmtTarget1Name
-        parameter_value: "Update_SSM"
-      - parameter_key: pPatchMgmtTarget1Desc
-        parameter_value: "Targets to update SSM Agent on"
       - parameter_key: pPatchMgmtTarget1Value1
         parameter_value: "Linux"
       - parameter_key: pPatchMgmtTarget1Value2
         parameter_value: "Windows"
-      # Window 2
-      - parameter_key: pPatchMgmtMaintWindow2Name
-        parameter_value: "Windows_Scan"
-      - parameter_key: pPatchMgmtMaintWindow2Desc
-        parameter_value: "Maintenance Window to scan Windows Instances"
       - parameter_key: pPatchMgmtMaintWindow2Schedule
-        parameter_value: "cron(0 0 1 ? * THU *)"
+        parameter_value: "cron(0 0 1 ? * WED *)"
       - parameter_key: pPatchMgmtMaintWindow2Duration
         parameter_value: "6"
       - parameter_key: pPatchMgmtMaintWindow2Cutoff
         parameter_value: "1"
-      - parameter_key: pPatchMgmtMaintWindow2TZ
+      - parameter_key: pPatchMgmtMaintWindowTZ
         parameter_value: "America/New_York"
-      - parameter_key: pPatchMgmtTask2Name
-        parameter_value: "Windows_Scan"
-      - parameter_key: pPatchMgmtTask2Desc
-        parameter_value: "Task to scan Windows Instances"
+      - parameter_key: pPatchMgmtTaskRebootOption
+        parameter_value: "RebootIfNeeded"
       - parameter_key: pPatchMgmtTask2RunCmd
         parameter_value: "AWS-RunPatchBaseline"
-      - parameter_key: pPatchMgmtTask2Operation
-        parameter_value: "Scan"
-      - parameter_key: pPatchMgmtTask2RebootOption
-        parameter_value: "RebootIfNeeded"
-      - parameter_key: pPatchMgmtTarget2Name
-        parameter_value: "Windows_Scan"
-      - parameter_key: pPatchMgmtTarget2Desc
-        parameter_value: "Targets to run the command to scan for Windows updates"
       - parameter_key: pPatchMgmtTarget2Value1
         parameter_value: "Windows"
-      # Window 3
-      - parameter_key: pPatchMgmtMaintWindow3Name
-        parameter_value: "Linux_Scan"
-      - parameter_key: pPatchMgmtMaintWindow3Desc
-        parameter_value: "Maintenance Window scan Linux Instances"
+      - parameter_key: pPatchMgmtTaskOperation
+        parameter_value: "Scan"
       - parameter_key: pPatchMgmtMaintWindow3Schedule
         parameter_value: "cron(0 0 1 ? * FRI *)"
       - parameter_key: pPatchMgmtMaintWindow3Duration
         parameter_value: "6"
-      - parameter_key: pPatchMgmtMaintWindow3utoff
+      - parameter_key: pPatchMgmtMaintWindow3Cutoff
         parameter_value: "1"
-      - parameter_key: pPatchMgmtMaintWindow3TZ
-        parameter_value: "America/New_York"
-      - parameter_key: pPatchMgmtTask3Name
-        parameter_value: "Linux_Scan"
-      - parameter_key: pPatchMgmtTask3Desc
-        parameter_value: "Task to scan Linux Instances"
       - parameter_key: pPatchMgmtTask3RunCmd
         parameter_value: "AWS-RunPatchBaseline"
-      - parameter_key: pPatchMgmtTask3Operation
-        parameter_value: "Scan"
-      - parameter_key: pPatchMgmtTask3RebootOption
-        parameter_value: "RebootIfNeeded"
-      - parameter_key: pPatchMgmtTarget3Name
-        parameter_value: "Linux_Scan"
-      - parameter_key: pPatchMgmtTarget3Desc
-        parameter_value: "Targets to run the command to scan for Linux updates"
       - parameter_key: pPatchMgmtTarget3Value1
         parameter_value: "Linux"
 
-      # Patch Manager Solution
-      - parameter_key: pDisablePatchMgmt
-        parameter_value: 'false'
-        # Window 1
-      - parameter_key: pPatchMgmtMaintWindow1Schedule
-        parameter_value: 'cron(0 0 1 ? * THU *)'
-      - parameter_key: pPatchMgmtMaintWindow1Duration
-        parameter_value: '6'
-      - parameter_key: pPatchMgmtMaintWindow1Cutoff
-        parameter_value: '1'
-      - parameter_key: pPatchMgmtTask1RunCmd
-        parameter_value: 'AWS-UpdateSSMAgent'
-      - parameter_key: pPatchMgmtTarget1Value1
-        parameter_value: 'Linux'
-      - parameter_key: pPatchMgmtTarget1Value2
-        parameter_value: 'Windows'
-      - parameter_key: pPatchMgmtMaintWindow2Schedule
-        parameter_value: 'cron(0 0 1 ? * WED *)'
-      - parameter_key: pPatchMgmtMaintWindow2Duration
-        parameter_value: '6'
-      - parameter_key: pPatchMgmtMaintWindow2Cutoff
-        parameter_value: '1'
-      - parameter_key: pPatchMgmtMaintWindowTZ
-        parameter_value: 'America/New_York'
-      - parameter_key: pPatchMgmtTaskRebootOption
-        parameter_value: 'RebootIfNeeded'
-      - parameter_key: pPatchMgmtTask2RunCmd
-        parameter_value: 'AWS-RunPatchBaseline'
-      - parameter_key: pPatchMgmtTarget2Value1
-        parameter_value: 'Windows'
-      - parameter_key: pPatchMgmtTaskOperation
-        parameter_value: 'Scan'
-      - parameter_key: pPatchMgmtMaintWindow3Schedule
-        parameter_value: 'cron(0 0 1 ? * FRI *)'
-      - parameter_key: pPatchMgmtMaintWindow3Duration
-        parameter_value: '6'
-      - parameter_key: pPatchMgmtMaintWindow3Cutoff
-        parameter_value: '1'
-      - parameter_key: pPatchMgmtTask3RunCmd
-        parameter_value: 'AWS-RunPatchBaseline'
-      - parameter_key: pPatchMgmtTarget3Value1
-        parameter_value: 'Linux'
-
       # Common Properties
       - parameter_key: pSRAAlarmEmail
         parameter_value: ""
