├── .gitignore
├── .gitlab-ci.yml
├── .viperlightignore
├── .viperlightrc
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE.txt
├── NOTICE.txt
├── README.md
├── SECURITY.md
├── docs
    ├── 01-Overview
    │   └── index.adoc
    ├── 02-Getting-Started
    │   └── index.adoc
    ├── 03-Management-Governance
    │   ├── assets
    │   │   └── organization-and-account-structure.png
    │   └── index.adoc
    ├── 04-Security-Identity-Compliance
    │   └── index.adoc
    ├── 05-Networking
    │   ├── assets
    │   │   ├── network-base-hubspoke.png
    │   │   ├── network-base-sharedvpc.png
    │   │   └── network-overview-base.png
    │   └── index.adoc
    ├── 06-Logging-Monitoring
    │   └── index.adoc
    ├── 07-Operations
    │   ├── 07-01-Adding-OUs.adoc
    │   ├── 07-02-Adding-Accounts.adoc
    │   ├── 07-03-Managing-EC2-Instances.adoc
    │   ├── 07-04-Log-Analysis.adoc
    │   ├── 07-05-Creating-Managing-Alarms.adoc
    │   ├── 07-06-Managing-SCPs.adoc
    │   ├── 07-07-Control-Tower-Regional-Deny.adoc
    │   ├── 07-08-Integrating-Active-Directory.adoc
    │   ├── 07-09-Integrating-Third-Party-Solutions.adoc
    │   └── index.adoc
    ├── 08-Region-and-Industry-Guidance
    │   ├── index.adoc
    │   └── us-federal
    │   │   ├── assets
    │   │       └── govcloud-hub-and-spoke-networking-data-flow-diagram.png
    │   │   └── index.adoc
    ├── assets
    │   └── images
    │   │   └── lza-uc-architecture.png
    └── index.adoc
├── modules
    ├── base
    │   └── default
    │   │   ├── accounts-config.yaml
    │   │   ├── backup-policies
    │   │       └── primary-backup-plan.json
    │   │   ├── declarative-policies
    │   │       └── lza-core-vpc-block-public-access.json
    │   │   ├── dynamic-partitioning
    │   │       └── log-filters.json
    │   │   ├── event-bus-policies
    │   │       └── event-bus-policy.json
    │   │   ├── global-config.yaml
    │   │   ├── iam-config.yaml
    │   │   ├── iam-policies
    │   │       ├── sample-end-user-policy.json
    │   │       └── ssm-s3-policy.json
    │   │   ├── organization-config.yaml
    │   │   ├── rcp-policies
    │   │       └── lza-core-rcp-guardrails-1.json
    │   │   ├── replacements-config.yaml
    │   │   ├── security-config.yaml
    │   │   ├── service-control-policies
    │   │       ├── lza-core-guardrails-1.json
    │   │       ├── lza-core-guardrails-2.json
    │   │       ├── lza-core-sandbox-guardrails-1.json
    │   │       ├── lza-core-security-guardrails-1.json
    │   │       ├── lza-core-workloads-guardrails-1.json
    │   │       ├── lza-infrastructure-guardrails-1.json
    │   │       ├── lza-quarantine.json
    │   │       └── lza-suspended-guardrails.json
    │   │   ├── ssm-documents
    │   │       ├── attach-iam-instance-profile.yaml
    │   │       └── enable-elb-logging.yaml
    │   │   ├── ssm-remediation-roles
    │   │       ├── attach-ec2-instance-profile-remediation-role.json
    │   │       └── elb-logging-enabled-remediation-role.json
    │   │   ├── tagging-policies
    │   │       ├── org-tag-policy.json
    │   │       └── s3-tag-policy.json
    │   │   └── vpc-endpoint-policies
    │   │       └── default.json
    └── network
    │   ├── hub-and-spoke
    │       ├── firewall-rules
    │       │   └── rules.txt
    │       └── network-config.yaml
    │   └── shared-vpc
    │       ├── firewall-rules
    │           └── rules.txt
    │       └── network-config.yaml
├── replacements
    └── replacements-for-aws-govcloud-us.yaml
└── scripts
    ├── config-replacer.js
    ├── index.js
    ├── package-lock.json
    ├── package.json
    └── release-package.js


/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | node_modules
3 | temp


--------------------------------------------------------------------------------
/.gitlab-ci.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/.gitlab-ci.yml


--------------------------------------------------------------------------------
/.viperlightignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/.viperlightignore


--------------------------------------------------------------------------------
/.viperlightrc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/.viperlightrc


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/CHANGELOG.md


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/CODE_OF_CONDUCT.md


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/CONTRIBUTING.md


--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/LICENSE.txt


--------------------------------------------------------------------------------
/NOTICE.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/NOTICE.txt


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/README.md


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/SECURITY.md


--------------------------------------------------------------------------------
/docs/01-Overview/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/01-Overview/index.adoc


--------------------------------------------------------------------------------
/docs/02-Getting-Started/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/02-Getting-Started/index.adoc


--------------------------------------------------------------------------------
/docs/03-Management-Governance/assets/organization-and-account-structure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/03-Management-Governance/assets/organization-and-account-structure.png


--------------------------------------------------------------------------------
/docs/03-Management-Governance/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/03-Management-Governance/index.adoc


--------------------------------------------------------------------------------
/docs/04-Security-Identity-Compliance/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/04-Security-Identity-Compliance/index.adoc


--------------------------------------------------------------------------------
/docs/05-Networking/assets/network-base-hubspoke.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/05-Networking/assets/network-base-hubspoke.png


--------------------------------------------------------------------------------
/docs/05-Networking/assets/network-base-sharedvpc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/05-Networking/assets/network-base-sharedvpc.png


--------------------------------------------------------------------------------
/docs/05-Networking/assets/network-overview-base.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/05-Networking/assets/network-overview-base.png


--------------------------------------------------------------------------------
/docs/05-Networking/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/05-Networking/index.adoc


--------------------------------------------------------------------------------
/docs/06-Logging-Monitoring/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/06-Logging-Monitoring/index.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-01-Adding-OUs.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-01-Adding-OUs.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-02-Adding-Accounts.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-02-Adding-Accounts.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-03-Managing-EC2-Instances.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-03-Managing-EC2-Instances.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-04-Log-Analysis.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-04-Log-Analysis.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-05-Creating-Managing-Alarms.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-05-Creating-Managing-Alarms.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-06-Managing-SCPs.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-06-Managing-SCPs.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-07-Control-Tower-Regional-Deny.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-07-Control-Tower-Regional-Deny.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-08-Integrating-Active-Directory.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-08-Integrating-Active-Directory.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/07-09-Integrating-Third-Party-Solutions.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/07-09-Integrating-Third-Party-Solutions.adoc


--------------------------------------------------------------------------------
/docs/07-Operations/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/07-Operations/index.adoc


--------------------------------------------------------------------------------
/docs/08-Region-and-Industry-Guidance/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/08-Region-and-Industry-Guidance/index.adoc


--------------------------------------------------------------------------------
/docs/08-Region-and-Industry-Guidance/us-federal/assets/govcloud-hub-and-spoke-networking-data-flow-diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/08-Region-and-Industry-Guidance/us-federal/assets/govcloud-hub-and-spoke-networking-data-flow-diagram.png


--------------------------------------------------------------------------------
/docs/08-Region-and-Industry-Guidance/us-federal/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/08-Region-and-Industry-Guidance/us-federal/index.adoc


--------------------------------------------------------------------------------
/docs/assets/images/lza-uc-architecture.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/assets/images/lza-uc-architecture.png


--------------------------------------------------------------------------------
/docs/index.adoc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/docs/index.adoc


--------------------------------------------------------------------------------
/modules/base/default/accounts-config.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/accounts-config.yaml


--------------------------------------------------------------------------------
/modules/base/default/backup-policies/primary-backup-plan.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/backup-policies/primary-backup-plan.json


--------------------------------------------------------------------------------
/modules/base/default/declarative-policies/lza-core-vpc-block-public-access.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/declarative-policies/lza-core-vpc-block-public-access.json


--------------------------------------------------------------------------------
/modules/base/default/dynamic-partitioning/log-filters.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/dynamic-partitioning/log-filters.json


--------------------------------------------------------------------------------
/modules/base/default/event-bus-policies/event-bus-policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/event-bus-policies/event-bus-policy.json


--------------------------------------------------------------------------------
/modules/base/default/global-config.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/global-config.yaml


--------------------------------------------------------------------------------
/modules/base/default/iam-config.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/iam-config.yaml


--------------------------------------------------------------------------------
/modules/base/default/iam-policies/sample-end-user-policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/iam-policies/sample-end-user-policy.json


--------------------------------------------------------------------------------
/modules/base/default/iam-policies/ssm-s3-policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/iam-policies/ssm-s3-policy.json


--------------------------------------------------------------------------------
/modules/base/default/organization-config.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/organization-config.yaml


--------------------------------------------------------------------------------
/modules/base/default/rcp-policies/lza-core-rcp-guardrails-1.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/rcp-policies/lza-core-rcp-guardrails-1.json


--------------------------------------------------------------------------------
/modules/base/default/replacements-config.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/replacements-config.yaml


--------------------------------------------------------------------------------
/modules/base/default/security-config.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/security-config.yaml


--------------------------------------------------------------------------------
/modules/base/default/service-control-policies/lza-core-guardrails-1.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/service-control-policies/lza-core-guardrails-1.json


--------------------------------------------------------------------------------
/modules/base/default/service-control-policies/lza-core-guardrails-2.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/service-control-policies/lza-core-guardrails-2.json


--------------------------------------------------------------------------------
/modules/base/default/service-control-policies/lza-core-sandbox-guardrails-1.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/service-control-policies/lza-core-sandbox-guardrails-1.json


--------------------------------------------------------------------------------
/modules/base/default/service-control-policies/lza-core-security-guardrails-1.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/service-control-policies/lza-core-security-guardrails-1.json


--------------------------------------------------------------------------------
/modules/base/default/service-control-policies/lza-core-workloads-guardrails-1.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/service-control-policies/lza-core-workloads-guardrails-1.json


--------------------------------------------------------------------------------
/modules/base/default/service-control-policies/lza-infrastructure-guardrails-1.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/service-control-policies/lza-infrastructure-guardrails-1.json


--------------------------------------------------------------------------------
/modules/base/default/service-control-policies/lza-quarantine.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/service-control-policies/lza-quarantine.json


--------------------------------------------------------------------------------
/modules/base/default/service-control-policies/lza-suspended-guardrails.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/service-control-policies/lza-suspended-guardrails.json


--------------------------------------------------------------------------------
/modules/base/default/ssm-documents/attach-iam-instance-profile.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/ssm-documents/attach-iam-instance-profile.yaml


--------------------------------------------------------------------------------
/modules/base/default/ssm-documents/enable-elb-logging.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/ssm-documents/enable-elb-logging.yaml


--------------------------------------------------------------------------------
/modules/base/default/ssm-remediation-roles/attach-ec2-instance-profile-remediation-role.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/ssm-remediation-roles/attach-ec2-instance-profile-remediation-role.json


--------------------------------------------------------------------------------
/modules/base/default/ssm-remediation-roles/elb-logging-enabled-remediation-role.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/ssm-remediation-roles/elb-logging-enabled-remediation-role.json


--------------------------------------------------------------------------------
/modules/base/default/tagging-policies/org-tag-policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/tagging-policies/org-tag-policy.json


--------------------------------------------------------------------------------
/modules/base/default/tagging-policies/s3-tag-policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/tagging-policies/s3-tag-policy.json


--------------------------------------------------------------------------------
/modules/base/default/vpc-endpoint-policies/default.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/base/default/vpc-endpoint-policies/default.json


--------------------------------------------------------------------------------
/modules/network/hub-and-spoke/firewall-rules/rules.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/network/hub-and-spoke/firewall-rules/rules.txt


--------------------------------------------------------------------------------
/modules/network/hub-and-spoke/network-config.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/network/hub-and-spoke/network-config.yaml


--------------------------------------------------------------------------------
/modules/network/shared-vpc/firewall-rules/rules.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/network/shared-vpc/firewall-rules/rules.txt


--------------------------------------------------------------------------------
/modules/network/shared-vpc/network-config.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/modules/network/shared-vpc/network-config.yaml


--------------------------------------------------------------------------------
/replacements/replacements-for-aws-govcloud-us.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/replacements/replacements-for-aws-govcloud-us.yaml


--------------------------------------------------------------------------------
/scripts/config-replacer.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/scripts/config-replacer.js


--------------------------------------------------------------------------------
/scripts/index.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/scripts/index.js


--------------------------------------------------------------------------------
/scripts/package-lock.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/scripts/package-lock.json


--------------------------------------------------------------------------------
/scripts/package.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/scripts/package.json


--------------------------------------------------------------------------------
/scripts/release-package.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws/lza-universal-configuration/HEAD/scripts/release-package.js


--------------------------------------------------------------------------------