├── source ├── .yarnrc ├── packages │ ├── @aws-accelerator │ │ ├── accelerator │ │ │ ├── test.ts │ │ │ ├── .npmignore │ │ │ ├── README.md │ │ │ ├── test │ │ │ │ ├── configs │ │ │ │ │ ├── replacements │ │ │ │ │ │ ├── certificates │ │ │ │ │ │ │ └── certA │ │ │ │ │ │ │ │ ├── cert.crt │ │ │ │ │ │ │ │ └── privKey.key │ │ │ │ │ │ ├── dns-firewall-domain-lists │ │ │ │ │ │ │ ├── domain-list-1.txt │ │ │ │ │ │ │ └── domain-list-2.txt │ │ │ │ │ │ ├── dynamic-partitioning │ │ │ │ │ │ │ └── log-filters.json │ │ │ │ │ │ ├── vpc-endpoint-policies │ │ │ │ │ │ │ ├── ec2.json │ │ │ │ │ │ │ └── default.json │ │ │ │ │ │ ├── service-control-policies │ │ │ │ │ │ │ ├── allow-ec2-only.json │ │ │ │ │ │ │ ├── quarantine.json │ │ │ │ │ │ │ └── data-perimeter.json │ │ │ │ │ │ ├── kms │ │ │ │ │ │ │ └── kms-policy-01.json │ │ │ │ │ │ ├── appConfigs │ │ │ │ │ │ │ └── appA │ │ │ │ │ │ │ │ └── launchTemplate │ │ │ │ │ │ │ │ └── userData.sh │ │ │ │ │ │ ├── iam-policies │ │ │ │ │ │ │ └── sso-permissionSet1-inline-policy.json │ │ │ │ │ │ ├── tagging-policies │ │ │ │ │ │ │ └── org-tag-policy.json │ │ │ │ │ │ ├── backup-vault-policies │ │ │ │ │ │ │ └── infrastructure-vault-policy.json │ │ │ │ │ │ ├── ad-config-scripts │ │ │ │ │ │ │ ├── AD-group-grant-permissions-setup.ps1 │ │ │ │ │ │ │ ├── AD-connector-permissions-setup.ps1 │ │ │ │ │ │ │ ├── AD-user-group-setup.ps1 │ │ │ │ │ │ │ └── Join-Domain.ps1 │ │ │ │ │ │ ├── ssm-documents │ │ │ │ │ │ │ └── attach-iam-instance-profile.yaml │ │ │ │ │ │ ├── test-configuration │ │ │ │ │ │ │ └── config.yaml │ │ │ │ │ │ ├── chatbot-policies │ │ │ │ │ │ │ └── default-chatbot-policy.json │ │ │ │ │ │ └── bucket-policies │ │ │ │ │ │ │ ├── access-logs-bucket.json │ │ │ │ │ │ │ └── elb-logs-bucket.json │ │ │ │ │ ├── snapshot-only │ │ │ │ │ │ ├── certificates │ │ │ │ │ │ │ └── certA │ │ │ │ │ │ │ │ ├── cert.crt │ │ │ │ │ │ │ │ └── privKey.key │ │ │ │ │ │ ├── dns-firewall-domain-lists │ │ │ │ │ │ │ ├── domain-list-1.txt │ │ │ │ │ │ │ └── domain-list-2.txt │ │ │ │ │ │ ├── dynamic-partitioning │ │ │ │ │ │ │ └── log-filters.json │ │ │ │ │ │ ├── vpc-endpoint-policies │ │ │ │ │ │ │ ├── ec2.json │ │ │ │ │ │ │ └── default.json │ │ │ │ │ │ ├── custom-config-rules │ │ │ │ │ │ │ ├── targetDocumentLambda.zip │ │ │ │ │ │ │ ├── waf-logging-enabled.zip │ │ │ │ │ │ │ ├── attach-ec2-instance-profile.zip │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions.zip │ │ │ │ │ │ │ ├── enable-s3-encryption.json │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions-detection-role.json │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions-remediation-role.json │ │ │ │ │ │ │ ├── attach-ec2-instance-profile-remediation-role.json │ │ │ │ │ │ │ ├── attach-ec2-instance-profile-detection-role.json │ │ │ │ │ │ │ ├── elb-logging-enabled-remediation-role.json │ │ │ │ │ │ │ ├── bucket-sse-enabled-remediation-role.json │ │ │ │ │ │ │ ├── waf-logging-enabled-detection-role.json │ │ │ │ │ │ │ └── waf-logging-enabled-remediation-role.json │ │ │ │ │ │ ├── include │ │ │ │ │ │ │ ├── account-config-workload-nested.yaml │ │ │ │ │ │ │ └── account-config-workloads.yaml │ │ │ │ │ │ ├── service-control-policies │ │ │ │ │ │ │ ├── allow-ec2-only.json │ │ │ │ │ │ │ ├── quarantine.json │ │ │ │ │ │ │ └── data-perimeter.json │ │ │ │ │ │ ├── kms │ │ │ │ │ │ │ └── kms-policy-01.json │ │ │ │ │ │ ├── appConfigs │ │ │ │ │ │ │ └── appA │ │ │ │ │ │ │ │ └── launchTemplate │ │ │ │ │ │ │ │ └── userData.sh │ │ │ │ │ │ ├── iam-policies │ │ │ │ │ │ │ └── sso-permissionSet1-inline-policy.json │ │ │ │ │ │ ├── tagging-policies │ │ │ │ │ │ │ └── org-tag-policy.json │ │ │ │ │ │ ├── backup-vault-policies │ │ │ │ │ │ │ └── infrastructure-vault-policy.json │ │ │ │ │ │ ├── declarative-policies │ │ │ │ │ │ │ └── ec2-access.json │ │ │ │ │ │ ├── ad-config-scripts │ │ │ │ │ │ │ ├── AD-group-grant-permissions-setup.ps1 │ │ │ │ │ │ │ └── AD-connector-permissions-setup.ps1 │ │ │ │ │ │ ├── replacements-config.yaml │ │ │ │ │ │ ├── ssm-documents │ │ │ │ │ │ │ └── attach-iam-instance-profile.yaml │ │ │ │ │ │ ├── test-configuration │ │ │ │ │ │ │ └── config.yaml │ │ │ │ │ │ ├── chatbot-policies │ │ │ │ │ │ │ └── default-chatbot-policy.json │ │ │ │ │ │ └── bucket-policies │ │ │ │ │ │ │ ├── access-logs-bucket.json │ │ │ │ │ │ │ └── elb-logs-bucket.json │ │ │ │ │ ├── all-enabled │ │ │ │ │ │ ├── dns-firewall-domain-lists │ │ │ │ │ │ │ ├── domain-list-1.txt │ │ │ │ │ │ │ └── domain-list-2.txt │ │ │ │ │ │ ├── dynamic-partitioning │ │ │ │ │ │ │ └── log-filters.json │ │ │ │ │ │ ├── vpc-endpoint-policies │ │ │ │ │ │ │ ├── default.json │ │ │ │ │ │ │ └── ec2.json │ │ │ │ │ │ ├── custom-config-rules │ │ │ │ │ │ │ ├── targetDocumentLambda.zip │ │ │ │ │ │ │ ├── waf-logging-enabled.zip │ │ │ │ │ │ │ ├── attach-ec2-instance-profile.zip │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions.zip │ │ │ │ │ │ │ ├── enable-s3-encryption.json │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions-detection-role.json │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions-remediation-role.json │ │ │ │ │ │ │ ├── attach-ec2-instance-profile-remediation-role.json │ │ │ │ │ │ │ ├── attach-ec2-instance-profile-detection-role.json │ │ │ │ │ │ │ ├── elb-logging-enabled-remediation-role.json │ │ │ │ │ │ │ ├── bucket-sse-enabled-remediation-role.json │ │ │ │ │ │ │ ├── waf-logging-enabled-detection-role.json │ │ │ │ │ │ │ └── waf-logging-enabled-remediation-role.json │ │ │ │ │ │ ├── service-control-policies │ │ │ │ │ │ │ ├── allow-ec2-only.json │ │ │ │ │ │ │ └── quarantine.json │ │ │ │ │ │ ├── kms │ │ │ │ │ │ │ ├── kms-policy-01.json │ │ │ │ │ │ │ ├── central-logs-bucket-key-policy.json │ │ │ │ │ │ │ └── elb-logs-bucket.json │ │ │ │ │ │ ├── appConfigs │ │ │ │ │ │ │ └── appA │ │ │ │ │ │ │ │ └── launchTemplate │ │ │ │ │ │ │ │ └── userData.sh │ │ │ │ │ │ ├── iam-policies │ │ │ │ │ │ │ └── sso-permissionSet1-inline-policy.json │ │ │ │ │ │ ├── tagging-policies │ │ │ │ │ │ │ └── org-tag-policy.json │ │ │ │ │ │ ├── backup-vault-policies │ │ │ │ │ │ │ └── infrastructure-vault-policy.json │ │ │ │ │ │ ├── replacements-config.yaml │ │ │ │ │ │ ├── declarative-policies │ │ │ │ │ │ │ └── ec2-access.json │ │ │ │ │ │ ├── ad-config-scripts │ │ │ │ │ │ │ ├── AD-group-grant-permissions-setup.ps1 │ │ │ │ │ │ │ ├── AD-connector-permissions-setup.ps1 │ │ │ │ │ │ │ ├── AD-user-group-setup.ps1 │ │ │ │ │ │ │ └── Join-Domain.ps1 │ │ │ │ │ │ ├── ssm-documents │ │ │ │ │ │ │ └── attach-iam-instance-profile.yaml │ │ │ │ │ │ ├── bucket-policies │ │ │ │ │ │ │ ├── assets-bucket.json │ │ │ │ │ │ │ ├── access-logs-bucket.json │ │ │ │ │ │ │ └── elb-logs-bucket.json │ │ │ │ │ │ ├── chatbot-policies │ │ │ │ │ │ │ └── default-chatbot-policy.json │ │ │ │ │ │ └── test-configuration │ │ │ │ │ │ │ └── config.yaml │ │ │ │ │ ├── network-refactor │ │ │ │ │ │ ├── dns-firewall-domain-lists │ │ │ │ │ │ │ ├── domain-list-1.txt │ │ │ │ │ │ │ └── domain-list-2.txt │ │ │ │ │ │ ├── iam-config.yaml │ │ │ │ │ │ ├── vpc-endpoint-policies │ │ │ │ │ │ │ └── default.json │ │ │ │ │ │ └── organization-config.yaml │ │ │ │ │ ├── all-enabled-ou-targets │ │ │ │ │ │ ├── dns-firewall-domain-lists │ │ │ │ │ │ │ └── domain-list-1.txt │ │ │ │ │ │ ├── dynamic-partitioning │ │ │ │ │ │ │ └── log-filters.json │ │ │ │ │ │ ├── vpc-endpoint-policies │ │ │ │ │ │ │ ├── default.json │ │ │ │ │ │ │ └── ec2.json │ │ │ │ │ │ ├── custom-config-rules │ │ │ │ │ │ │ ├── attach-ec2-instance-profile.zip │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions.zip │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions-detection-role.json │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions-remediation-role.json │ │ │ │ │ │ │ ├── attach-ec2-instance-profile-remediation-role.json │ │ │ │ │ │ │ ├── attach-ec2-instance-profile-detection-role.json │ │ │ │ │ │ │ ├── elb-logging-enabled-remediation-role.json │ │ │ │ │ │ │ └── bucket-sse-enabled-remediation-role.json │ │ │ │ │ │ ├── kms │ │ │ │ │ │ │ └── kms-policy-01.json │ │ │ │ │ │ ├── appConfigs │ │ │ │ │ │ │ └── appA │ │ │ │ │ │ │ │ └── launchTemplate │ │ │ │ │ │ │ │ └── userData.sh │ │ │ │ │ │ ├── tagging-policies │ │ │ │ │ │ │ └── org-tag-policy.json │ │ │ │ │ │ ├── ssm-documents │ │ │ │ │ │ │ └── attach-iam-instance-profile.yaml │ │ │ │ │ │ ├── service-control-policies │ │ │ │ │ │ │ └── quarantine.json │ │ │ │ │ │ └── test-configuration │ │ │ │ │ │ │ └── config.yaml │ │ │ │ │ ├── all-enabled-delegated-admin │ │ │ │ │ │ ├── dns-firewall-domain-lists │ │ │ │ │ │ │ └── domain-list-1.txt │ │ │ │ │ │ ├── dynamic-partitioning │ │ │ │ │ │ │ └── log-filters.json │ │ │ │ │ │ ├── vpc-endpoint-policies │ │ │ │ │ │ │ ├── default.json │ │ │ │ │ │ │ └── ec2.json │ │ │ │ │ │ ├── custom-config-rules │ │ │ │ │ │ │ ├── attach-ec2-instance-profile.zip │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions.zip │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions-detection-role.json │ │ │ │ │ │ │ ├── ec2-instance-profile-permissions-remediation-role.json │ │ │ │ │ │ │ ├── attach-ec2-instance-profile-remediation-role.json │ │ │ │ │ │ │ ├── attach-ec2-instance-profile-detection-role.json │ │ │ │ │ │ │ ├── elb-logging-enabled-remediation-role.json │ │ │ │ │ │ │ └── bucket-sse-enabled-remediation-role.json │ │ │ │ │ │ ├── kms │ │ │ │ │ │ │ └── kms-policy-01.json │ │ │ │ │ │ ├── appConfigs │ │ │ │ │ │ │ └── appA │ │ │ │ │ │ │ │ └── launchTemplate │ │ │ │ │ │ │ │ └── userData.sh │ │ │ │ │ │ ├── tagging-policies │ │ │ │ │ │ │ └── org-tag-policy.json │ │ │ │ │ │ ├── ad-config-scripts │ │ │ │ │ │ │ ├── AD-group-grant-permissions-setup.ps1 │ │ │ │ │ │ │ └── AD-connector-permissions-setup.ps1 │ │ │ │ │ │ ├── ssm-documents │ │ │ │ │ │ │ └── attach-iam-instance-profile.yaml │ │ │ │ │ │ ├── service-control-policies │ │ │ │ │ │ │ └── quarantine.json │ │ │ │ │ │ └── test-configuration │ │ │ │ │ │ │ └── config.yaml │ │ │ │ │ └── no-org-config │ │ │ │ │ │ ├── iam-config.yaml │ │ │ │ │ │ ├── organization-config.yaml │ │ │ │ │ │ ├── vpc-endpoint-policies │ │ │ │ │ │ ├── default.json │ │ │ │ │ │ └── ec2.json │ │ │ │ │ │ └── global-config.yaml │ │ │ │ └── cfn-templates │ │ │ │ │ └── 111111111111 │ │ │ │ │ └── us-east-1 │ │ │ │ │ └── lza-resource-lookup-test.json │ │ │ ├── utils │ │ │ │ └── index.ts │ │ │ ├── lza-lookup.ts │ │ │ ├── lib │ │ │ │ ├── stacks │ │ │ │ │ └── index.ts │ │ │ │ └── lambdas │ │ │ │ │ ├── diagnostic-pack │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── sns-topic-forwarder │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── validate-environment │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── attach-quarantine-scp │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── detach-quarantine-scp │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── load-config-table │ │ │ │ │ └── tsconfig.json │ │ │ ├── vitest.setup.ts │ │ │ ├── tsconfig.json │ │ │ └── cdk.json │ │ ├── utils │ │ │ ├── README.md │ │ │ ├── tsconfig.json │ │ │ ├── lib │ │ │ │ └── is-arn.ts │ │ │ └── vitest.config.ts │ │ ├── tester │ │ │ ├── README.md │ │ │ ├── .npmignore │ │ │ ├── cdk.json │ │ │ ├── tsconfig.json │ │ │ ├── lambdas │ │ │ │ └── tsconfig.json │ │ │ ├── vitest.config.ts │ │ │ ├── index.ts │ │ │ └── test │ │ │ │ └── configs │ │ │ │ └── config.yaml │ │ ├── constructs │ │ │ ├── README.md │ │ │ ├── .npmignore │ │ │ ├── test │ │ │ │ ├── aws-ec2 │ │ │ │ │ ├── launchTemplateFiles │ │ │ │ │ │ ├── firewallUserData.txt │ │ │ │ │ │ └── testUserData.sh │ │ │ │ │ └── __snapshots__ │ │ │ │ │ │ ├── ipam-scope.test.ts.snap │ │ │ │ │ │ ├── ipam.test.ts.snap │ │ │ │ │ │ ├── prefix-list.test.ts.snap │ │ │ │ │ │ ├── transit-gateway-route-table.test.ts.snap │ │ │ │ │ │ ├── transit-gateway-connect.test.ts.snap │ │ │ │ │ │ ├── dhcp-options.test.ts.snap │ │ │ │ │ │ └── ipam-pool.test.ts.snap │ │ │ │ ├── aws-firehose │ │ │ │ │ └── firehose-record-processing │ │ │ │ │ │ ├── dynamicPartition3.json │ │ │ │ │ │ ├── dynamicPartition2.json │ │ │ │ │ │ ├── dynamicPartition1.json │ │ │ │ │ │ └── dynamicPartition4.json │ │ │ │ └── aws-networkfirewall │ │ │ │ │ └── includedStacks │ │ │ │ │ └── firewall-stack.json │ │ │ ├── vitest.setup.ts │ │ │ ├── .gitignore │ │ │ ├── tsconfig.json │ │ │ ├── lib │ │ │ │ ├── aws-ec2 │ │ │ │ │ ├── get-vpc-id │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── ipam-subnet │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── account-warming │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── get-subnet-id │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── cross-account-route │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── delete-default-vpc │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── ebs-default-encryption │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── prefix-list-route │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── account-warming-status │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── enable-ipam-organization-admin │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── get-transit-gateway-attachment │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── custom-vpn-connection │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── firewall-config-replacements │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── transit-gateway-association │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── transit-gateway-propagation │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── accept-transit-gateway-peering-attachment │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── transit-gateway-prefix-list-reference │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── cross-account-customer-gateway │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── cross-account-transit-gateway-route │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-macie │ │ │ │ │ ├── create-member │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── enable-macie │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── enable-organization-admin-account │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── vitest.config.ts │ │ │ │ │ └── put-export-config-classification │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── test │ │ │ │ │ │ └── fixtures.ts │ │ │ │ ├── aws-ssm │ │ │ │ │ ├── get-param-value │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── test │ │ │ │ │ │ │ └── static-input.ts │ │ │ │ │ ├── put-param-value │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── share-document │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── session-manager-settings │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-events │ │ │ │ │ ├── move-account │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── revert-scp-changes │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── put-subscription-policy │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── security-hub-event-log │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── test │ │ │ │ │ │ └── static-input.ts │ │ │ │ ├── aws-guardduty │ │ │ │ │ ├── create-members │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── update-detector-config │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── create-publishing-destination │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── enable-organization-admin-account │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── vitest.config.ts │ │ │ │ ├── aws-kms │ │ │ │ │ └── put-key-policy │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-s3 │ │ │ │ │ ├── put-bucket-policy │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── put-bucket-prefix │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── put-bucket-encryption │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── put-bucket-replication │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── validate-bucket-config │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── put-public-access-block │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-budgets │ │ │ │ │ └── cross-region-budget │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-configservice │ │ │ │ │ ├── update-tags │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── config-recorder │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-detective │ │ │ │ │ ├── create-members │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── update-graph-config │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── enable-organization-admin-account │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── vitest.config.ts │ │ │ │ ├── aws-ram │ │ │ │ │ ├── get-resource-share │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── share-subnet-tags │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── get-resource-share-item │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── enable-sharing-with-aws-organization │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-securityhub │ │ │ │ │ ├── create-members │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── region-aggregation │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── batch-enable-standards │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── enable-organization-admin-account │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-controltower │ │ │ │ │ ├── create-accounts │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── create-accounts-status │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-directory-service │ │ │ │ │ ├── share-directory │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── update-resolver-role │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── create-log-subscription │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-iam │ │ │ │ │ ├── create-service-linked-role │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── update-account-password-policy │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-organizations │ │ │ │ │ ├── attach-policy │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── create-accounts │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── create-policy │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── move-account │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── enable-policy-type │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── create-accounts-status │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── enable-aws-service-access │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── list-policy-for-target │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── create-organizational-units │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── invite-account-to-organization │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── register-delegated-administrator │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── data-perimeter │ │ │ │ │ ├── lambda-handler │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── attach-resource-based-policy.yaml │ │ │ │ ├── aws-auditmanager │ │ │ │ │ ├── create-reports-destination │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── enable-organization-admin-account │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── vitest.config.ts │ │ │ │ ├── aws-certificate-manager │ │ │ │ │ └── create-certificates │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-cloudformation │ │ │ │ │ └── get-resource-type │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-cur │ │ │ │ │ └── cross-region-report-definition │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-directconnect │ │ │ │ │ ├── gateway-association │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── virtual-interface │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── direct-connect-gateway │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── vitest.config.ts │ │ │ │ │ ├── gateway-association-proposal │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── virtual-interface-allocation │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-elasticloadbalancingv2 │ │ │ │ │ └── nlb-ip-lookup │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-firehose │ │ │ │ │ └── firehose-record-processing │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-fms │ │ │ │ │ └── enable-organization-admin-account │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-route-53-resolver │ │ │ │ │ ├── get-domain-lists │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── get-endpoint-addresses │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── log-resource-policy │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── query-logging-config │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── query-logging-config-association │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-route-53 │ │ │ │ │ └── associate-hosted-zones │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-servicecatalog │ │ │ │ │ ├── get-portfolio-id │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── test │ │ │ │ │ │ │ └── static-input.ts │ │ │ │ │ ├── share-portfolio-with-org │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── test │ │ │ │ │ │ │ └── static-input.ts │ │ │ │ │ └── propagate-portfolio-associations │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-accelerator │ │ │ │ │ └── get-accelerator-metadata │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-opt-in-regions │ │ │ │ │ ├── enable-opt-in-regions │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── enable-opt-in-regions-status │ │ │ │ │ │ ├── tsconfig.json │ │ │ │ │ │ └── test │ │ │ │ │ │ └── static-input.ts │ │ │ │ ├── aws-service-quota │ │ │ │ │ └── create-limits │ │ │ │ │ │ ├── test │ │ │ │ │ │ └── static-input.ts │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-cloudwatch-logs │ │ │ │ │ └── update-subscription-filter │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-networkfirewall │ │ │ │ │ └── get-network-firewall-endpoint │ │ │ │ │ │ └── tsconfig.json │ │ │ │ ├── aws-identity-center │ │ │ │ │ ├── build-identity-center-assignments │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── get-permission-set-role-arn │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ ├── enable-organization-admin-account │ │ │ │ │ │ └── tsconfig.json │ │ │ │ │ └── get-identity-center-instance-metadata │ │ │ │ │ │ └── tsconfig.json │ │ │ │ └── common-functions.ts │ │ │ └── vitest.config.ts │ │ ├── installer │ │ │ ├── README.md │ │ │ ├── .npmignore │ │ │ ├── cdk.json │ │ │ ├── tsconfig.json │ │ │ ├── vitest.config.ts │ │ │ └── index.ts │ │ ├── config │ │ │ ├── test │ │ │ │ ├── validation │ │ │ │ │ ├── organization-config │ │ │ │ │ │ └── scp-config │ │ │ │ │ │ │ └── boguspolicy.yaml │ │ │ │ │ ├── replacements │ │ │ │ │ │ ├── invalid-config │ │ │ │ │ │ │ ├── iam-config.yaml │ │ │ │ │ │ │ ├── network-config.yaml │ │ │ │ │ │ │ ├── organization-config.yaml │ │ │ │ │ │ │ ├── replacements-config.yaml │ │ │ │ │ │ │ ├── accounts-config.yaml │ │ │ │ │ │ │ └── global-config.yaml │ │ │ │ │ │ └── valid-config │ │ │ │ │ │ │ ├── iam-config.yaml │ │ │ │ │ │ │ ├── network-config.yaml │ │ │ │ │ │ │ ├── organization-config.yaml │ │ │ │ │ │ │ ├── replacements-config.yaml │ │ │ │ │ │ │ ├── accounts-config.yaml │ │ │ │ │ │ │ └── global-config.yaml │ │ │ │ │ ├── global-config │ │ │ │ │ │ └── regional-deploy │ │ │ │ │ │ │ └── config │ │ │ │ │ │ │ ├── iam-config.yaml │ │ │ │ │ │ │ ├── network-config.yaml │ │ │ │ │ │ │ ├── organization-config.yaml │ │ │ │ │ │ │ ├── global-config.yaml │ │ │ │ │ │ │ └── accounts-config.yaml │ │ │ │ │ └── accounts-config │ │ │ │ │ │ ├── duplicate-emails │ │ │ │ │ │ └── no-org-config │ │ │ │ │ │ │ ├── iam-config.yaml │ │ │ │ │ │ │ ├── organization-config.yaml │ │ │ │ │ │ │ ├── vpc-endpoint-policies │ │ │ │ │ │ │ ├── default.json │ │ │ │ │ │ │ └── ec2.json │ │ │ │ │ │ │ └── global-config.yaml │ │ │ │ │ │ └── account-aliases │ │ │ │ │ │ └── duplicate-config │ │ │ │ │ │ └── organization-config.yaml │ │ │ │ └── config-test-helper.ts │ │ │ ├── tsconfig.json │ │ │ ├── validator │ │ │ │ ├── common │ │ │ │ │ └── ip-address-validation.ts │ │ │ │ └── utils │ │ │ │ │ └── common-validator-functions.ts │ │ │ ├── vitest.config.ts │ │ │ └── lib │ │ │ │ └── common │ │ │ │ └── index.ts │ │ ├── govcloud-account-vending │ │ │ ├── .npmignore │ │ │ ├── .gitignore │ │ │ ├── tsconfig.json │ │ │ └── vitest.config.ts │ │ ├── tools │ │ │ ├── tsconfig.json │ │ │ ├── vitest.config.ts │ │ │ └── index.ts │ │ └── modules │ │ │ ├── tsconfig.json │ │ │ └── vitest.config.ts │ ├── @aws-lza │ │ ├── bin │ │ │ └── lza │ │ ├── tsconfig.json │ │ ├── vitest.integration.config.ts │ │ ├── README.md │ │ ├── vitest.config.ts │ │ └── common │ │ │ ├── constants.ts │ │ │ └── types.ts │ └── @aws-cdk-extensions │ │ └── cdk-extensions │ │ ├── README.md │ │ ├── .npmignore │ │ ├── .gitignore │ │ ├── tsconfig.json │ │ ├── vitest.config.ts │ │ ├── test │ │ └── __snapshots__ │ │ │ ├── repository.test.ts.snap │ │ │ └── repository-snapshot.test.ts.snap │ │ └── index.ts ├── .prettierrc.json ├── mkdocs │ └── docs │ │ ├── developer-guide │ │ ├── img │ │ │ ├── auto-completion-example.png │ │ │ └── discoverability-example.png │ │ └── index.md │ │ ├── sample-configurations │ │ ├── govcloud-us │ │ │ ├── images │ │ │ │ ├── image1.png │ │ │ │ └── image2.png │ │ │ └── index.md │ │ ├── standard │ │ │ ├── images │ │ │ │ ├── cloudwatch_logs.jpg │ │ │ │ ├── scp_inheritance.jpg │ │ │ │ ├── mandatory_accounts.jpg │ │ │ │ ├── standard_network.jpg │ │ │ │ ├── default_ou_structure.jpg │ │ │ │ ├── organization_legend.jpg │ │ │ │ ├── lza-centralized-logging.png │ │ │ │ └── organization_structure.png │ │ │ └── index.md │ │ └── index.md │ │ ├── faq │ │ └── index.md │ │ └── user-guide │ │ └── index.md ├── commitlint.config.js ├── .husky │ ├── commit-msg │ └── pre-commit ├── log-scanner.sh ├── vitest.setup.ts ├── .eslintrc.json ├── tsconfig.json └── lerna.json ├── .viperlightrc ├── deployment ├── solution_config ├── cdk-solution-helper │ └── package.json └── container │ └── build │ └── al2023 ├── .github ├── PULL_REQUEST_TEMPLATE.md ├── ISSUE_TEMPLATE │ └── feature_request.md └── workflows │ └── automated-tests.yml ├── FAQ.md ├── solution-manifest.yaml ├── DEVELOPING.md ├── CODE_OF_CONDUCT.md ├── .gitignore ├── SECURITY.md └── Config /source/.yarnrc: -------------------------------------------------------------------------------- 1 | ignore-engines pnpm -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test.ts: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.viperlightrc: -------------------------------------------------------------------------------- 1 | { 2 | "all": true, 3 | "failOn": "medium" 4 | } 5 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/.npmignore: -------------------------------------------------------------------------------- 1 | *.ts 2 | !*.d.ts -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/utils/README.md: -------------------------------------------------------------------------------- 1 | # @aws-accelerator/utils 2 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tester/README.md: -------------------------------------------------------------------------------- 1 | # @aws-accelerator/tester 2 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/README.md: -------------------------------------------------------------------------------- 1 | # @aws-accelerator/constructs 2 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/installer/README.md: -------------------------------------------------------------------------------- 1 | # @aws-accelerator/installer 2 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/README.md: -------------------------------------------------------------------------------- 1 | # @aws-accelerator/accelerator 2 | -------------------------------------------------------------------------------- /source/packages/@aws-lza/bin/lza: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | require('../dist/bin/lza.js'); 3 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/certificates/certA/cert.crt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/certificates/certA/privKey.key: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/certificates/certA/cert.crt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/certificates/certA/privKey.key: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/utils/index.ts: -------------------------------------------------------------------------------- 1 | export * from './lza-resource-lookup'; 2 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/organization-config/scp-config/boguspolicy.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/packages/@aws-cdk-extensions/cdk-extensions/README.md: -------------------------------------------------------------------------------- 1 | # @aws-cdk-extensions/cdk-extensions 2 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/lza-lookup.ts: -------------------------------------------------------------------------------- 1 | export * from './utils/lza-resource-lookup'; 2 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/lib/stacks/index.ts: -------------------------------------------------------------------------------- 1 | export { AcceleratorStack } from './accelerator-stack'; 2 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/dns-firewall-domain-lists/domain-list-1.txt: -------------------------------------------------------------------------------- 1 | badactor.com 2 | virus.net -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/dns-firewall-domain-lists/domain-list-2.txt: -------------------------------------------------------------------------------- 1 | badactor.net 2 | virus.com -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/dns-firewall-domain-lists/domain-list-1.txt: -------------------------------------------------------------------------------- 1 | badactor.com 2 | virus.net -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/dns-firewall-domain-lists/domain-list-2.txt: -------------------------------------------------------------------------------- 1 | badactor.net 2 | virus.com -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/dns-firewall-domain-lists/domain-list-1.txt: -------------------------------------------------------------------------------- 1 | badactor.com 2 | virus.net -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/dns-firewall-domain-lists/domain-list-2.txt: -------------------------------------------------------------------------------- 1 | badactor.net 2 | virus.com -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/.npmignore: -------------------------------------------------------------------------------- 1 | *.ts 2 | !*.d.ts 3 | 4 | # CDK asset staging directory 5 | .cdk.staging 6 | cdk.out 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/installer/.npmignore: -------------------------------------------------------------------------------- 1 | *.ts 2 | !*.d.ts 3 | 4 | # CDK asset staging directory 5 | .cdk.staging 6 | cdk.out 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tester/.npmignore: -------------------------------------------------------------------------------- 1 | *.ts 2 | !*.d.ts 3 | 4 | # CDK asset staging directory 5 | .cdk.staging 6 | cdk.out 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/network-refactor/dns-firewall-domain-lists/domain-list-1.txt: -------------------------------------------------------------------------------- 1 | badactor.com 2 | virus.net -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/network-refactor/dns-firewall-domain-lists/domain-list-2.txt: -------------------------------------------------------------------------------- 1 | badactor.net 2 | virus.com -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/dns-firewall-domain-lists/domain-list-1.txt: -------------------------------------------------------------------------------- 1 | badactor.com 2 | virus.net -------------------------------------------------------------------------------- /source/packages/@aws-cdk-extensions/cdk-extensions/.npmignore: -------------------------------------------------------------------------------- 1 | *.ts 2 | !*.d.ts 3 | 4 | # CDK asset staging directory 5 | .cdk.staging 6 | cdk.out 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/dns-firewall-domain-lists/domain-list-1.txt: -------------------------------------------------------------------------------- 1 | badactor.com 2 | virus.net -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/launchTemplateFiles/firewallUserData.txt: -------------------------------------------------------------------------------- 1 | S3 bucket name: ${ACCEL_LOOKUP::S3:BUCKET:firewall-config} -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/govcloud-account-vending/.npmignore: -------------------------------------------------------------------------------- 1 | *.ts 2 | !*.d.ts 3 | 4 | # CDK asset staging directory 5 | .cdk.staging 6 | cdk.out 7 | -------------------------------------------------------------------------------- /deployment/solution_config: -------------------------------------------------------------------------------- 1 | SOLUTION_ID='SO0199' 2 | SOLUTION_NAME='Landing Zone Accelerator on AWS' 3 | SOLUTION_TRADEMARKEDNAME='landing-zone-accelerator-on-aws' -------------------------------------------------------------------------------- /source/.prettierrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "tabWidth": 2, 3 | "printWidth": 120, 4 | "singleQuote": true, 5 | "trailingComma": "all", 6 | "arrowParens": "avoid" 7 | } 8 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/vitest.setup.ts: -------------------------------------------------------------------------------- 1 | process.env['CONFIG_COMMIT_ID'] = 'e3cdaecaa6073ad9e4721344cd109eb6de351cfb'; 2 | process.setMaxListeners(50); 3 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/network-refactor/iam-config.yaml: -------------------------------------------------------------------------------- 1 | providers: [] 2 | policySets: [] 3 | roleSets: [] 4 | groupSets: [] 5 | userSets: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/no-org-config/iam-config.yaml: -------------------------------------------------------------------------------- 1 | providers: [] 2 | policySets: [] 3 | roleSets: [] 4 | groupSets: [] 5 | userSets: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/invalid-config/iam-config.yaml: -------------------------------------------------------------------------------- 1 | providers: [] 2 | policySets: [] 3 | roleSets: [] 4 | groupSets: [] 5 | userSets: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/valid-config/iam-config.yaml: -------------------------------------------------------------------------------- 1 | providers: [] 2 | policySets: [] 3 | roleSets: [] 4 | groupSets: [] 5 | userSets: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-firehose/firehose-record-processing/dynamicPartition3.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "sandbox*", "s3Prefix": "sandbox" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/packages/@aws-cdk-extensions/cdk-extensions/.gitignore: -------------------------------------------------------------------------------- 1 | *.js 2 | !jest.config.js 3 | *.d.ts 4 | node_modules 5 | 6 | # CDK asset staging directory 7 | .cdk.staging 8 | cdk.out 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/vitest.setup.ts: -------------------------------------------------------------------------------- 1 | process.setMaxListeners(50); 2 | process.env['ORGANIZATIONAL_UNIT_SCP_LIMIT'] = '5'; 3 | process.env['ACCOUNT_SCP_LIMIT'] = '6'; 4 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/global-config/regional-deploy/config/iam-config.yaml: -------------------------------------------------------------------------------- 1 | providers: [] 2 | policySets: [] 3 | roleSets: [] 4 | groupSets: [] 5 | userSets: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-firehose/firehose-record-processing/dynamicPartition2.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "appA*region", "s3Prefix": "app-a-region" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/.gitignore: -------------------------------------------------------------------------------- 1 | *.js 2 | *.js.map 3 | !jest.config.js 4 | *.d.ts 5 | node_modules 6 | 7 | # CDK asset staging directory 8 | .cdk.staging 9 | cdk.out 10 | -------------------------------------------------------------------------------- /source/mkdocs/docs/developer-guide/img/auto-completion-example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/developer-guide/img/auto-completion-example.png -------------------------------------------------------------------------------- /source/mkdocs/docs/developer-guide/img/discoverability-example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/developer-guide/img/discoverability-example.png -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/dynamic-partitioning/log-filters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "/AWSAccelerator-SecurityHub", "s3Prefix": "security-hub" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/dynamic-partitioning/log-filters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "/AWSAccelerator-SecurityHub", "s3Prefix": "security-hub" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/dynamic-partitioning/log-filters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "/AWSAccelerator-SecurityHub", "s3Prefix": "security-hub" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/accounts-config/duplicate-emails/no-org-config/iam-config.yaml: -------------------------------------------------------------------------------- 1 | providers: [] 2 | policySets: [] 3 | roleSets: [] 4 | groupSets: [] 5 | userSets: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-firehose/firehose-record-processing/dynamicPartition1.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "/AWSAccelerator-SecurityHub", "s3Prefix": "security-hub" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/govcloud-us/images/image1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/govcloud-us/images/image1.png -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/govcloud-us/images/image2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/govcloud-us/images/image2.png -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/dynamic-partitioning/log-filters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "/AWSAccelerator-SecurityHub", "s3Prefix": "security-hub" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": {}, 4 | "include": ["lib/*/*.ts", "index.ts"], 5 | "exclude": ["test/**/*"] 6 | } 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/installer/cdk.json: -------------------------------------------------------------------------------- 1 | { 2 | "app": "npx ts-node --prefer-ts-exts bin/installer.ts", 3 | "versionReporting": false, 4 | "context": { 5 | "cli-telemetry": "false" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /source/commitlint.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | extends: ['@commitlint/config-conventional'], 3 | rules: { 4 | 'type-enum': [2, 'always', ['feat', 'fix', 'docs', 'test', 'chore', 'enhance']], 5 | }, 6 | }; 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/dynamic-partitioning/log-filters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "/AWSAccelerator-SecurityHub", "s3Prefix": "security-hub" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/images/cloudwatch_logs.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/standard/images/cloudwatch_logs.jpg -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/images/scp_inheritance.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/standard/images/scp_inheritance.jpg -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/no-org-config/organization-config.yaml: -------------------------------------------------------------------------------- 1 | enable: false 2 | organizationalUnits: [] 3 | serviceControlPolicies: [] 4 | taggingPolicies: [] 5 | backupPolicies: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/invalid-config/network-config.yaml: -------------------------------------------------------------------------------- 1 | defaultVpc: 2 | delete: false 3 | excludeAccounts: [] 4 | transitGateways: [] 5 | endpointPolicies: [] 6 | vpcs: [] 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/valid-config/network-config.yaml: -------------------------------------------------------------------------------- 1 | defaultVpc: 2 | delete: false 3 | excludeAccounts: [] 4 | transitGateways: [] 5 | endpointPolicies: [] 6 | vpcs: [] 7 | -------------------------------------------------------------------------------- /source/.husky/commit-msg: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Fail if any command fails. 4 | set -e 5 | 6 | . "$(dirname "$0")/_/husky.sh" 7 | 8 | cd source 9 | 10 | # Perform conventional commit check 11 | yarn commitlint --edit $1 12 | -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/images/mandatory_accounts.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/standard/images/mandatory_accounts.jpg -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/images/standard_network.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/standard/images/standard_network.jpg -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/images/default_ou_structure.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/standard/images/default_ou_structure.jpg -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/images/organization_legend.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/standard/images/organization_legend.jpg -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/global-config/regional-deploy/config/network-config.yaml: -------------------------------------------------------------------------------- 1 | defaultVpc: 2 | delete: false 3 | excludeAccounts: [] 4 | transitGateways: [] 5 | endpointPolicies: [] 6 | vpcs: [] 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-firehose/firehose-record-processing/dynamicPartition4.json: -------------------------------------------------------------------------------- 1 | [ 2 | { "logGroupPattern": "AWSAccelerator*VpcFlowLog*region", "s3Prefix": "accelerator-vpc-flow-logs-region" } 3 | ] 4 | -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/images/lza-centralized-logging.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/standard/images/lza-centralized-logging.png -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/images/organization_structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/mkdocs/docs/sample-configurations/standard/images/organization_structure.png -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/utils/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["lib/**/*", "index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | *Issue #, if available:* 2 | 3 | *Description of changes:* 4 | 5 | By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/govcloud-account-vending/.gitignore: -------------------------------------------------------------------------------- 1 | *.js 2 | !jest.config.js 3 | *.d.ts 4 | node_modules 5 | 6 | # CDK asset staging directory 7 | .cdk.staging 8 | cdk.out 9 | 10 | !**/create-govcloud-account/index.js -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tools/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist", 5 | "lib": ["dom"] 6 | }, 7 | "include": ["lib/**/*", "index.ts", "uninstaller.ts"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/accounts-config/account-aliases/duplicate-config/organization-config.yaml: -------------------------------------------------------------------------------- 1 | enable: false 2 | organizationalUnits: [] 3 | serviceControlPolicies: [] 4 | taggingPolicies: [] 5 | backupPolicies: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/accounts-config/duplicate-emails/no-org-config/organization-config.yaml: -------------------------------------------------------------------------------- 1 | enable: false 2 | organizationalUnits: [] 3 | serviceControlPolicies: [] 4 | taggingPolicies: [] 5 | backupPolicies: [] 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/utils/lib/is-arn.ts: -------------------------------------------------------------------------------- 1 | const arnPattern = /^arn:aws[a-z-]*:[a-z0-9-]+:[a-z0-9-]*:[0-9]{12}:[a-zA-Z0-9-_:/]+/; 2 | 3 | export const isArn = (value: unknown): boolean => typeof value === 'string' && arnPattern.test(value); 4 | -------------------------------------------------------------------------------- /source/packages/@aws-cdk-extensions/cdk-extensions/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["lib/**/*", "index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tester/cdk.json: -------------------------------------------------------------------------------- 1 | { 2 | "app": "npx ts-node --prefer-ts-exts bin/app.ts", 3 | "versionReporting": false, 4 | "context": { 5 | "@aws-cdk/core:bootstrapQualifier": "accel", 6 | "cli-telemetry": "false" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/get-vpc-id/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/ipam-subnet/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-macie/create-member/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-macie/enable-macie/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ssm/get-param-value/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ssm/put-param-value/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/lib/lambdas/diagnostic-pack/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/account-warming/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/get-subnet-id/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-events/move-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-guardduty/create-members/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-kms/put-key-policy/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-s3/put-bucket-policy/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-s3/put-bucket-prefix/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ssm/share-document/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /FAQ.md: -------------------------------------------------------------------------------- 1 | # Frequently Asked Questions (FAQ) 2 | 3 | The solution's FAQ topics have been moved to the [FAQ](https://awslabs.github.io/landing-zone-accelerator-on-aws/latest/faq) section of our [GitHub Pages website](https://awslabs.github.io/landing-zone-accelerator-on-aws). 4 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/lib/lambdas/sns-topic-forwarder/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/lib/lambdas/validate-environment/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/valid-config/organization-config.yaml: -------------------------------------------------------------------------------- 1 | enable: true 2 | organizationalUnits: 3 | - name: Security 4 | - name: Infrastructure 5 | serviceControlPolicies: [] 6 | taggingPolicies: [] 7 | backupPolicies: [] 8 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-budgets/cross-region-budget/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-configservice/update-tags/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-detective/create-members/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-detective/update-graph-config/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/cross-account-route/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/delete-default-vpc/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/ebs-default-encryption/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/prefix-list-route/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-events/revert-scp-changes/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ram/get-resource-share/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ram/share-subnet-tags/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-s3/put-bucket-encryption/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-s3/put-bucket-replication/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-s3/validate-bucket-config/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-securityhub/create-members/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-securityhub/region-aggregation/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/installer/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["lib/**/*", "bin/**/*", "index.ts"], 7 | "exclude": ["cdk.out/**/*", "test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/lib/lambdas/attach-quarantine-scp/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/lib/lambdas/detach-quarantine-scp/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/invalid-config/organization-config.yaml: -------------------------------------------------------------------------------- 1 | enable: true 2 | organizationalUnits: 3 | - name: Security 4 | - name: Infrastructure 5 | serviceControlPolicies: [] 6 | taggingPolicies: [] 7 | backupPolicies: [] 8 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-configservice/config-recorder/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-controltower/create-accounts/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directory-service/share-directory/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/account-warming-status/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/enable-ipam-organization-admin/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-events/put-subscription-policy/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-events/security-hub-event-log/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-guardduty/update-detector-config/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-iam/create-service-linked-role/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/attach-policy/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/create-accounts/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/create-policy/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/move-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ram/get-resource-share-item/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-s3/put-public-access-block/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-securityhub/batch-enable-standards/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ssm/session-manager-settings/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/data-perimeter/lambda-handler/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["src/**/*.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-auditmanager/create-reports-destination/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-certificate-manager/create-certificates/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-cloudformation/get-resource-type/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-controltower/create-accounts-status/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-cur/cross-region-report-definition/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directconnect/gateway-association/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directconnect/virtual-interface/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directory-service/update-resolver-role/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/get-transit-gateway-attachment/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-elasticloadbalancingv2/nlb-ip-lookup/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-firehose/firehose-record-processing/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-fms/enable-organization-admin-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-guardduty/create-publishing-destination/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-iam/update-account-password-policy/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-macie/enable-organization-admin-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-macie/put-export-config-classification/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/enable-policy-type/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-route-53-resolver/get-domain-lists/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-route-53/associate-hosted-zones/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-servicecatalog/get-portfolio-id/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/global-config/regional-deploy/config/organization-config.yaml: -------------------------------------------------------------------------------- 1 | enable: true 2 | organizationalUnits: 3 | - name: Security 4 | - name: Infrastructure 5 | serviceControlPolicies: [] 6 | taggingPolicies: [] 7 | backupPolicies: [] 8 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-accelerator/get-accelerator-metadata/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-detective/enable-organization-admin-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directconnect/direct-connect-gateway/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directory-service/create-log-subscription/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/custom-vpn-connection/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/firewall-config-replacements/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/transit-gateway-association/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/transit-gateway-propagation/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-guardduty/enable-organization-admin-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-opt-in-regions/enable-opt-in-regions/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/create-accounts-status/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/enable-aws-service-access/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/list-policy-for-target/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ram/enable-sharing-with-aws-organization/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-route-53-resolver/get-endpoint-addresses/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-route-53-resolver/log-resource-policy/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-route-53-resolver/query-logging-config/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-securityhub/enable-organization-admin-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-service-quota/create-limits/test/static-input.ts: -------------------------------------------------------------------------------- 1 | export abstract class StaticInput { 2 | public static readonly newProps = { 3 | serviceCode: 'serviceCode', 4 | quotaCode: 'quotaCode', 5 | desiredValue: '10', 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-service-quota/create-limits/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-servicecatalog/share-portfolio-with-org/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/vpc-endpoint-policies/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/vpc-endpoint-policies/ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "ec2:*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-cloudwatch-logs/update-subscription-filter/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directconnect/gateway-association-proposal/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directconnect/virtual-interface-allocation/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/accept-transit-gateway-peering-attachment/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/transit-gateway-prefix-list-reference/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-networkfirewall/get-network-firewall-endpoint/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-opt-in-regions/enable-opt-in-regions-status/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/create-organizational-units/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/invite-account-to-organization/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tester/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist", 5 | }, 6 | "include": ["lib/*.ts", 7 | "bin/**/*","index.ts" 8 | ], 9 | "exclude": ["cdk.out/**/*", "test/**/*"] 10 | } 11 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/targetDocumentLambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/targetDocumentLambda.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/waf-logging-enabled.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/waf-logging-enabled.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/network-refactor/vpc-endpoint-policies/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/no-org-config/vpc-endpoint-policies/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/no-org-config/vpc-endpoint-policies/ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "ec2:*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/vpc-endpoint-policies/ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "ec2:*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/vpc-endpoint-policies/ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "ec2:*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/cross-account-customer-gateway/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-identity-center/build-identity-center-assignments/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-identity-center/get-permission-set-role-arn/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-organizations/register-delegated-administrator/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-route-53-resolver/query-logging-config-association/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-servicecatalog/propagate-portfolio-associations/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/govcloud-account-vending/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["lib/**/*", "bin/**/*", "cdk.ts", "index.ts"], 7 | "exclude": ["cdk.out/**/*", "test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/modules/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist", 5 | "allowJs": true 6 | }, 7 | "include": ["bin/**/*", "lib/**/*", "index.ts", "models"], 8 | "exclude": [ "test/**/*"] 9 | } 10 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tester/lambdas/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist", 5 | "noImplicitAny": false 6 | }, 7 | "include": [ 8 | "index.ts" 9 | ], 10 | "exclude": ["test/**/*"] 11 | } 12 | -------------------------------------------------------------------------------- /solution-manifest.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | id: SO0199 3 | name: landing-zone-accelerator-on-aws 4 | version: v1.14.2 5 | cloudformation_templates: 6 | - template: AWSAccelerator-InstallerStack.template 7 | main_template: true 8 | build_environment: 9 | build_image: "aws/codebuild/standard:7.0" 10 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/targetDocumentLambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/targetDocumentLambda.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/waf-logging-enabled.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/waf-logging-enabled.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["lib/**/*", "index.ts", "validator/network-config-validator.ts", "lib/schemas/*.json"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ec2/cross-account-transit-gateway-route/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/vpc-endpoint-policies/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/vpc-endpoint-policies/ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "ec2:*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-identity-center/enable-organization-admin-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-identity-center/get-identity-center-instance-metadata/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/vpc-endpoint-policies/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/vpc-endpoint-policies/ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "ec2:*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/attach-ec2-instance-profile.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/attach-ec2-instance-profile.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/include/account-config-workload-nested.yaml: -------------------------------------------------------------------------------- 1 | name: GovCloudWorkloadAccount01 2 | description: Sample govCloud workload account 3 | email: all-enabled-govcloud-workload-account01@example.com 4 | organizationalUnit: GovCloud 5 | enableGovCloud: true -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["lib/**/*", "bin/**/*", "utils/**/*", "cdk.ts", "index.ts", "lza-lookup.ts"], 7 | "exclude": ["cdk.out/**/*", "test/**/*"] 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-auditmanager/enable-organization-admin-account/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist" 5 | }, 6 | "include": ["index.ts"], 7 | "exclude": ["test/**/*"] 8 | } 9 | 10 | -------------------------------------------------------------------------------- /DEVELOPING.md: -------------------------------------------------------------------------------- 1 | # Developing 2 | 3 | Details for contributing to the development of the solution have been moved to the [Developer Guide](https://awslabs.github.io/landing-zone-accelerator-on-aws/latest/developer-guide) section of our [GitHub Pages website](https://awslabs.github.io/landing-zone-accelerator-on-aws). 4 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/lib/lambdas/load-config-table/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../../../../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist", 5 | "moduleResolution": "node", 6 | }, 7 | "include": ["index.ts"], 8 | "exclude": ["test/**/*"] 9 | } 10 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/attach-ec2-instance-profile.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/attach-ec2-instance-profile.zip -------------------------------------------------------------------------------- /source/packages/@aws-lza/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../tsconfig.json", 3 | "compilerOptions": { 4 | "outDir": "dist", 5 | "allowJs": true 6 | }, 7 | "include": [ 8 | "lib/**/*", 9 | "bin/**/*", 10 | "index.ts", 11 | ], 12 | "exclude": [ 13 | "test/**/*" 14 | ] 15 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/ec2-instance-profile-permissions.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/ec2-instance-profile-permissions.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-events/security-hub-event-log/test/static-input.ts: -------------------------------------------------------------------------------- 1 | export abstract class StaticInput { 2 | public static readonly newProps = { 3 | logGroupName: '/AWSAccelerator-SecurityHub', 4 | logGroupArn: 'arn:aws:logs:us-east-1:123456789012:log-group:/*:*', 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/service-control-policies/allow-ec2-only.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "AllowEC2", 6 | "Effect": "Allow", 7 | "Action": "ec2:*", 8 | "Resource": "*" 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/service-control-policies/allow-ec2-only.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "AllowEC2", 6 | "Effect": "Allow", 7 | "Action": "ec2:*", 8 | "Resource": "*" 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/ec2-instance-profile-permissions.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/ec2-instance-profile-permissions.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/service-control-policies/allow-ec2-only.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "AllowEC2", 6 | "Effect": "Allow", 7 | "Action": "ec2:*", 8 | "Resource": "*" 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/accounts-config/duplicate-emails/no-org-config/vpc-endpoint-policies/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/accounts-config/duplicate-emails/no-org-config/vpc-endpoint-policies/ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Effect": "Allow", 5 | "Principal": "*", 6 | "Action": "ec2:*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/cfn-templates/111111111111/us-east-1/lza-resource-lookup-test.json: -------------------------------------------------------------------------------- 1 | { 2 | "Resources": { 3 | "MyTopic": { 4 | "Type": "AWS::SNS::Topic", 5 | "Properties": { 6 | "TopicName": "my-topic" 7 | } 8 | } 9 | } 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/attach-ec2-instance-profile.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/attach-ec2-instance-profile.zip -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | 3 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 4 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 5 | opensource-codeofconduct@amazon.com with any additional questions or comments. 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/enable-s3-encryption.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "s3:PutBucketEncryption" 8 | ], 9 | "Resource": "*" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/attach-ec2-instance-profile.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/attach-ec2-instance-profile.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/ec2-instance-profile-permissions.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/ec2-instance-profile-permissions.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/enable-s3-encryption.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "s3:PutBucketEncryption" 8 | ], 9 | "Resource": "*" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/modules/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | include: ['**/*.test.unit.ts'], 6 | passWithNoTests: true, 7 | reporters: ['default', 'junit'], 8 | outputFile: './test-reports/test-results.xml', 9 | }, 10 | }); 11 | -------------------------------------------------------------------------------- /source/packages/@aws-lza/vitest.integration.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | include: ['**/index.test.integration.ts'], 6 | passWithNoTests: true, 7 | reporters: ['default'], 8 | testTimeout: 300000, 9 | hookTimeout: 300000, 10 | }, 11 | }); 12 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/ec2-instance-profile-permissions.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/awslabs/landing-zone-accelerator-on-aws/HEAD/source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/ec2-instance-profile-permissions.zip -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/validator/common/ip-address-validation.ts: -------------------------------------------------------------------------------- 1 | import { Validator } from 'ip-num/Validator'; 2 | 3 | export const isIpV4 = (value: unknown) => typeof value === 'string' && Validator.isValidIPv4String(value)[0]; 4 | 5 | export const isIpV6 = (value: unknown) => typeof value === 'string' && Validator.isValidIPv6String(value)[0]; 6 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/ec2-instance-profile-permissions-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:Get*", 8 | "iam:List*" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/ec2-instance-profile-permissions-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:Get*", 8 | "iam:List*" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /deployment/cdk-solution-helper/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cdk-solution-helper", 3 | "version": "0.1.0", 4 | "description": "CDK solution helper", 5 | "license": "Apache-2.0", 6 | "author": { 7 | "name": "Amazon Web Services", 8 | "url": "https://aws.amazon.com/solutions" 9 | }, 10 | "dependencies": { 11 | }, 12 | "devDependencies": { 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/ec2-instance-profile-permissions-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:Get*", 8 | "iam:List*" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /source/.husky/pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Fail if any command fails. 4 | set -e 5 | 6 | . "$(dirname "$0")/_/husky.sh" 7 | 8 | cd source 9 | # lint staged files only, command defined in package.json 10 | npx lint-staged 11 | # ensure package.json and yarn.lock are in sync 12 | yarn check --integrity 13 | 14 | # Display Console logs from changed files 15 | yarn run scan-logging 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/cdk.json: -------------------------------------------------------------------------------- 1 | { 2 | "app": "npx ts-node --prefer-ts-exts bin/app.ts", 3 | "context": { 4 | "@aws-cdk/core:bootstrapQualifier": "accel", 5 | "@aws-cdk/core:newStyleStackSynthesis": "true", 6 | "@aws-cdk/toolkit:requireApproval": "never", 7 | "@aws-cdk/aws-iam:minimizePolicies": "true", 8 | "cli-telemetry": "false" 9 | } 10 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/ec2-instance-profile-permissions-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:Get*", 8 | "iam:List*" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/launchTemplateFiles/testUserData.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | yum update -y 3 | yum install -y httpd 4 | systemctl start httpd 5 | systemctl enable httpd 6 | usermod -a -G apache ec2-user 7 | chown -R ec2-user:apache /var/www 8 | chmod 2775 /var/www 9 | find /var/www -type d -exec chmod 2775 {} \; 10 | find /var/www -type f -exec chmod 0664 {} \; -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/kms/kms-policy-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "AWS": "arn:aws:iam::111111111111:root" 8 | }, 9 | "Action": "kms:*", 10 | "Resource": "*" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/config-test-helper.ts: -------------------------------------------------------------------------------- 1 | import path from 'path'; 2 | 3 | export const CONFIG_DIR = path.resolve(__dirname, '../../accelerator/test/configs'); 4 | export const REPLACEMENT_CONFIG = path.join(CONFIG_DIR, 'replacements'); 5 | export const SNAPSHOT_CONFIG = path.join(CONFIG_DIR, 'snapshot-only'); 6 | export const ALL_ENABLED_CONFIG = path.join(CONFIG_DIR, 'all-enabled'); 7 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/appConfigs/appA/launchTemplate/userData.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | yum update -y 3 | yum install -y httpd 4 | systemctl start httpd 5 | systemctl enable httpd 6 | usermod -a -G apache ec2-user 7 | chown -R ec2-user:apache /var/www 8 | chmod 2775 /var/www 9 | find /var/www -type d -exec chmod 2775 {} \; 10 | find /var/www -type f -exec chmod 0664 {} \; -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/kms/kms-policy-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "AWS": "arn:aws:iam::111111111111:root" 8 | }, 9 | "Action": "kms:*", 10 | "Resource": "*" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/kms/kms-policy-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "AWS": "arn:aws:iam::111111111111:root" 8 | }, 9 | "Action": "kms:*", 10 | "Resource": "*" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/ec2-instance-profile-permissions-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "config:BatchGetResourceConfig", 8 | "iam:AttachRolePolicy" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/appConfigs/appA/launchTemplate/userData.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | yum update -y 3 | yum install -y httpd 4 | systemctl start httpd 5 | systemctl enable httpd 6 | usermod -a -G apache ec2-user 7 | chown -R ec2-user:apache /var/www 8 | chmod 2775 /var/www 9 | find /var/www -type d -exec chmod 2775 {} \; 10 | find /var/www -type f -exec chmod 0664 {} \; -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/appConfigs/appA/launchTemplate/userData.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | yum update -y 3 | yum install -y httpd 4 | systemctl start httpd 5 | systemctl enable httpd 6 | usermod -a -G apache ec2-user 7 | chown -R ec2-user:apache /var/www 8 | chmod 2775 /var/www 9 | find /var/www -type d -exec chmod 2775 {} \; 10 | find /var/www -type f -exec chmod 0664 {} \; -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/ec2-instance-profile-permissions-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "config:BatchGetResourceConfig", 8 | "iam:AttachRolePolicy" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/kms/kms-policy-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "AWS": "arn:aws:iam::111111111111:root" 8 | }, 9 | "Action": "kms:*", 10 | "Resource": "*" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /source/packages/@aws-lza/README.md: -------------------------------------------------------------------------------- 1 | # Landing Zone Accelerator on AWS - Modules 2 | 3 | This package manages the various modules of the LandingZone Accelerator. 4 | 5 | ## AWS Control Tower 6 | 7 | Using the Landing Zone Accelerator on AWS (LZA) solution will allow customers to create, update, or reset an AWS Control Tower Landing Zone. The LZA solution takes care of the prerequisites for AWS Control Tower Landing Zone. 8 | -------------------------------------------------------------------------------- /deployment/container/build/al2023: -------------------------------------------------------------------------------- 1 | FROM public.ecr.aws/amazonlinux/amazonlinux:minimal 2 | ENV NODE_OPTIONS=--max-old-space-size=16384 3 | 4 | ADD ./ /landing-zone-accelerator-on-aws 5 | RUN dnf update -y 6 | RUN dnf install -y nodejs20 awscli 7 | RUN npm -g install yarn 8 | RUN cd /landing-zone-accelerator-on-aws/source \ 9 | && yarn install && yarn build 10 | RUN chmod +x /landing-zone-accelerator-on-aws/scripts/*.sh -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/kms/kms-policy-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "AWS": "arn:aws:iam::111111111111:root" 8 | }, 9 | "Action": "kms:*", 10 | "Resource": "*" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/appConfigs/appA/launchTemplate/userData.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | yum update -y 3 | yum install -y httpd 4 | systemctl start httpd 5 | systemctl enable httpd 6 | usermod -a -G apache ec2-user 7 | chown -R ec2-user:apache /var/www 8 | chmod 2775 /var/www 9 | find /var/www -type d -exec chmod 2775 {} \; 10 | find /var/www -type f -exec chmod 0664 {} \; -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/ec2-instance-profile-permissions-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "config:BatchGetResourceConfig", 8 | "iam:AttachRolePolicy" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/appConfigs/appA/launchTemplate/userData.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | yum update -y 3 | yum install -y httpd 4 | systemctl start httpd 5 | systemctl enable httpd 6 | usermod -a -G apache ec2-user 7 | chown -R ec2-user:apache /var/www 8 | chmod 2775 /var/www 9 | find /var/www -type d -exec chmod 2775 {} \; 10 | find /var/www -type f -exec chmod 0664 {} \; -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/ec2-instance-profile-permissions-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "config:BatchGetResourceConfig", 8 | "iam:AttachRolePolicy" 9 | ], 10 | "Resource": "*" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/attach-ec2-instance-profile-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:AssociateIamInstanceProfile", 8 | "ec2:ReplaceIamInstanceProfileAssociation", 9 | "iam:PassRole" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/iam-policies/sso-permissionSet1-inline-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Statement1", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "s3:ListBucket" 9 | ], 10 | "Resource": [ 11 | "*" 12 | ] 13 | } 14 | ] 15 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/tagging-policies/org-tag-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "tags": { 3 | "costcenter": { 4 | "tag_key": { 5 | "@@assign": "CostCenter" 6 | }, 7 | "tag_value": { 8 | "@@assign": [ 9 | "100", 10 | "200" 11 | ] 12 | } 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/attach-ec2-instance-profile-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:AssociateIamInstanceProfile", 8 | "ec2:ReplaceIamInstanceProfileAssociation", 9 | "iam:PassRole" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/iam-policies/sso-permissionSet1-inline-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Statement1", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "s3:ListBucket" 9 | ], 10 | "Resource": [ 11 | "*" 12 | ] 13 | } 14 | ] 15 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/tagging-policies/org-tag-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "tags": { 3 | "costcenter": { 4 | "tag_key": { 5 | "@@assign": "CostCenter" 6 | }, 7 | "tag_value": { 8 | "@@assign": [ 9 | "100", 10 | "200" 11 | ] 12 | } 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/iam-policies/sso-permissionSet1-inline-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Statement1", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "s3:ListBucket" 9 | ], 10 | "Resource": [ 11 | "*" 12 | ] 13 | } 14 | ] 15 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/include/account-config-workloads.yaml: -------------------------------------------------------------------------------- 1 | - name: SharedServices 2 | description: The SharedServices account 3 | email: all-enabled-shared-services@example.com 4 | organizationalUnit: Infrastructure 5 | - name: Network 6 | description: The Network account 7 | email: all-enabled-network@example.com 8 | organizationalUnit: Infrastructure 9 | - !include account-config-workload-nested.yaml -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/tagging-policies/org-tag-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "tags": { 3 | "costcenter": { 4 | "tag_key": { 5 | "@@assign": "CostCenter" 6 | }, 7 | "tag_value": { 8 | "@@assign": [ 9 | "100", 10 | "200" 11 | ] 12 | } 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/installer/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | reporters: ['default', 'junit'], 6 | outputFile: './test-reports/test-results.xml', 7 | coverage: { 8 | thresholds: { 9 | branches: 70, 10 | functions: 88, 11 | lines: 85, 12 | statements: 85, 13 | }, 14 | }, 15 | }, 16 | }); 17 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/attach-ec2-instance-profile-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:AssociateIamInstanceProfile", 8 | "ec2:ReplaceIamInstanceProfileAssociation", 9 | "iam:PassRole" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /source/packages/@aws-cdk-extensions/cdk-extensions/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | reporters: ['default', 'junit'], 6 | outputFile: './test-reports/test-results.xml', 7 | coverage: { 8 | thresholds: { 9 | branches: 65, 10 | functions: 92, 11 | lines: 85, 12 | statements: 85, 13 | }, 14 | }, 15 | }, 16 | }); 17 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/attach-ec2-instance-profile-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:AssociateIamInstanceProfile", 8 | "ec2:ReplaceIamInstanceProfileAssociation", 9 | "iam:PassRole" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/tagging-policies/org-tag-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "tags": { 3 | "costcenter": { 4 | "tag_key": { 5 | "@@assign": "CostCenter" 6 | }, 7 | "tag_value": { 8 | "@@assign": [ 9 | "100", 10 | "200" 11 | ] 12 | } 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/tagging-policies/org-tag-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "tags": { 3 | "costcenter": { 4 | "tag_key": { 5 | "@@assign": "CostCenter" 6 | }, 7 | "tag_value": { 8 | "@@assign": [ 9 | "100", 10 | "200" 11 | ] 12 | } 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/govcloud-account-vending/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | reporters: ['default', 'junit'], 6 | outputFile: './test-reports/test-results.xml', 7 | coverage: { 8 | thresholds: { 9 | branches: 70, 10 | functions: 70, 11 | lines: 55, 12 | statements: 55, 13 | }, 14 | }, 15 | }, 16 | }); 17 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/utils/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | reporters: ['default', 'junit'], 6 | outputFile: './test-reports/test-results.xml', 7 | silent: true, 8 | coverage: { 9 | thresholds: { 10 | branches: 70, 11 | functions: 66, 12 | lines: 40, 13 | statements: 40, 14 | }, 15 | }, 16 | }, 17 | }); 18 | -------------------------------------------------------------------------------- /source/log-scanner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | BRed='\033[1;31m' 4 | RED='\033[0;31m' 5 | BLUE='\033[0;34m' 6 | NC='\033[0m' 7 | cd ../ 8 | files=$(git diff --staged --diff-filter=AM --name-only) 9 | for file in $files; do 10 | lines=$(awk '/console.log\(/{ print NR; }' $file) 11 | for line in $lines; do 12 | echo -e "${BRed}Warning!!! - ${NC}${RED}${file}${NC} has ${BLUE}console logging${NC} in line ${RED}${line}${NC}, review the logging statement." 13 | done 14 | done 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/attach-ec2-instance-profile-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:Describe*", 8 | "ec2:Get*", 9 | "ec2:ListSnapshotsInRecycleBin", 10 | "ec2:SearchLocalGatewayRoutes", 11 | "ec2:SearchTransitGatewayRoutes" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-opt-in-regions/enable-opt-in-regions-status/test/static-input.ts: -------------------------------------------------------------------------------- 1 | export abstract class StaticInput { 2 | public static readonly input = { 3 | props: { 4 | managementAccountId: '111111111111', 5 | accountIds: ['111111111111', '222222222222', '333333333333', '444444444444', '555555555555'], 6 | homeRegion: 'us-east-1', 7 | enabledRegions: ['ca-west-1'], 8 | globalRegion: 'us-east-1', 9 | }, 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/attach-ec2-instance-profile-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:Describe*", 8 | "ec2:Get*", 9 | "ec2:ListSnapshotsInRecycleBin", 10 | "ec2:SearchLocalGatewayRoutes", 11 | "ec2:SearchTransitGatewayRoutes" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/invalid-config/replacements-config.yaml: -------------------------------------------------------------------------------- 1 | globalReplacements: 2 | - key: DEFINED_PLACEHOLDER 3 | type: String 4 | value: 'TagReplacementValue' 5 | - key: AcceleratorPrefix 6 | type: String 7 | value: accelerator 8 | - key: AcceleratorHomeRegion 9 | type: String 10 | value: us-east-1 11 | - key: NonHomeEnabledRegions 12 | type: StringList 13 | value: 14 | - us-west-2 15 | - ca-central-1 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/valid-config/replacements-config.yaml: -------------------------------------------------------------------------------- 1 | globalReplacements: 2 | - key: DEFINED_PLACEHOLDER 3 | type: String 4 | value: 'TagReplacementValue' 5 | - key: AcceleratorPrefix 6 | type: String 7 | value: accelerator 8 | - key: AcceleratorHomeRegion 9 | type: String 10 | value: us-east-1 11 | - key: NonHomeEnabledRegions 12 | type: StringList 13 | value: 14 | - us-west-2 15 | - ca-central-1 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-macie/put-export-config-classification/test/fixtures.ts: -------------------------------------------------------------------------------- 1 | export const NEW_PROPS = { 2 | bucketName: 'aws-accelerator-central-logs-123456789012-eu-west-1', 3 | kmsKeyArn: 'arn:aws:kms:eu-west-1:123456789012:key/2e329f92-7387-4818-ae74-5d467700296d', 4 | region: 'eu-west-1', 5 | keyPrefix: 'macie/123456789012/', 6 | findingPublishingFrequency: 'SIX_HOURS', 7 | publishPolicyFindings: 'true', 8 | publishClassificationFindings: 'true', 9 | }; 10 | -------------------------------------------------------------------------------- /source/packages/@aws-lza/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | include: ['**/*.test.unit.ts'], 6 | passWithNoTests: true, 7 | reporters: ['default', 'junit'], 8 | outputFile: './test-reports/test-results.xml', 9 | coverage: { 10 | thresholds: { 11 | branches: 70, 12 | functions: 92, 13 | lines: 85, 14 | statements: 85, 15 | }, 16 | }, 17 | }, 18 | }); 19 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/attach-ec2-instance-profile-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:Describe*", 8 | "ec2:Get*", 9 | "ec2:ListSnapshotsInRecycleBin", 10 | "ec2:SearchLocalGatewayRoutes", 11 | "ec2:SearchTransitGatewayRoutes" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/elb-logging-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "elasticloadbalancing:DescribeLoadBalancers", 8 | "elasticloadbalancing:DescribeLoadBalancerAttributes", 9 | "elasticloadbalancing:ModifyLoadBalancerAttributes" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/elb-logging-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "elasticloadbalancing:DescribeLoadBalancers", 8 | "elasticloadbalancing:DescribeLoadBalancerAttributes", 9 | "elasticloadbalancing:ModifyLoadBalancerAttributes" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ### jest coverage folder 2 | coverage/ 3 | 4 | ### VisualStudioCode ### 5 | .vscode/* 6 | 7 | ### macOS ### 8 | .DS_Store 9 | 10 | ### IntelliJ ### 11 | .idea 12 | *.iml 13 | 14 | ### Exclude Jest test report directory 15 | test-reports 16 | source/lerna-debug.log 17 | 18 | ### Debugging 19 | development 20 | .vscode 21 | 22 | ### Viperlight 23 | viperlight*.zip 24 | /.idea/ 25 | 26 | ### Sonarqube 27 | .scannerwork 28 | 29 | ### Unit test 30 | source/packages/@aws-lza/custom-resource-templates/ 31 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/attach-ec2-instance-profile-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:Describe*", 8 | "ec2:Get*", 9 | "ec2:ListSnapshotsInRecycleBin", 10 | "ec2:SearchLocalGatewayRoutes", 11 | "ec2:SearchTransitGatewayRoutes" 12 | ], 13 | "Resource": "*" 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/elb-logging-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "elasticloadbalancing:DescribeLoadBalancers", 8 | "elasticloadbalancing:DescribeLoadBalancerAttributes", 9 | "elasticloadbalancing:ModifyLoadBalancerAttributes" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/backup-vault-policies/infrastructure-vault-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "DenyDeleteRecoveryPoint", 6 | "Effect": "Deny", 7 | "Principal": "*", 8 | "Action": "backup:DeleteRecoveryPoint", 9 | "Resource": "*", 10 | "Condition": { 11 | "Bool": { 12 | "aws:MultiFactorAuthPresent": "false" 13 | } 14 | } 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/backup-vault-policies/infrastructure-vault-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "DenyDeleteRecoveryPoint", 6 | "Effect": "Deny", 7 | "Principal": "*", 8 | "Action": "backup:DeleteRecoveryPoint", 9 | "Resource": "*", 10 | "Condition": { 11 | "Bool": { 12 | "aws:MultiFactorAuthPresent": "false" 13 | } 14 | } 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/backup-vault-policies/infrastructure-vault-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "DenyDeleteRecoveryPoint", 6 | "Effect": "Deny", 7 | "Principal": "*", 8 | "Action": "backup:DeleteRecoveryPoint", 9 | "Resource": "*", 10 | "Condition": { 11 | "Bool": { 12 | "aws:MultiFactorAuthPresent": "false" 13 | } 14 | } 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/elb-logging-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "elasticloadbalancing:DescribeLoadBalancers", 8 | "elasticloadbalancing:DescribeLoadBalancerAttributes", 9 | "elasticloadbalancing:ModifyLoadBalancerAttributes" 10 | ], 11 | "Resource": "*" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/bucket-sse-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": ["s3:GetEncryptionConfiguration", "s3:PutEncryptionConfiguration"], 7 | "Resource": "*", 8 | "Condition": { 9 | "ArnLike": { 10 | "aws:PrincipalArn": ["arn:aws:iam::*:role/AWSAccelerator-SecuritySt-*"] 11 | } 12 | } 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/bucket-sse-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": ["s3:GetEncryptionConfiguration", "s3:PutEncryptionConfiguration"], 7 | "Resource": "*", 8 | "Condition": { 9 | "ArnLike": { 10 | "aws:PrincipalArn": ["arn:aws:iam::*:role/AWSAccelerator-SecuritySt-*"] 11 | } 12 | } 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/custom-config-rules/bucket-sse-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": ["s3:GetEncryptionConfiguration", "s3:PutEncryptionConfiguration"], 7 | "Resource": "*", 8 | "Condition": { 9 | "ArnLike": { 10 | "aws:PrincipalArn": ["arn:aws:iam::*:role/AWSAccelerator-SecuritySt-*"] 11 | } 12 | } 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/custom-config-rules/bucket-sse-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": ["s3:GetEncryptionConfiguration", "s3:PutEncryptionConfiguration"], 7 | "Resource": "*", 8 | "Condition": { 9 | "ArnLike": { 10 | "aws:PrincipalArn": ["arn:aws:iam::*:role/AWSAccelerator-SecuritySt-*"] 11 | } 12 | } 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/no-org-config/global-config.yaml: -------------------------------------------------------------------------------- 1 | homeRegion: &HOME_REGION us-gov-west-1 2 | enabledRegions: 3 | - *HOME_REGION 4 | managementAccountAccessRole: OrganizationAccountAccessRole 5 | cloudwatchLogRetentionInDays: 365 6 | terminationProtection: false 7 | controlTower: 8 | enable: false 9 | logging: 10 | account: LogArchive 11 | cloudtrail: 12 | enable: false 13 | organizationTrail: false 14 | sessionManager: 15 | sendToCloudWatchLogs: false 16 | sendToS3: false -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-directconnect/direct-connect-gateway/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | exclude: ['**/dist/*', '**/node_modules/**'], 6 | include: ['test/*.ts'], 7 | passWithNoTests: true, 8 | reporters: ['default', 'junit'], 9 | outputFile: `./test-reports/${process.env['ENV_NAME']}/${process.env['AWS_DEFAULT_REGION']}/test-results.xml`, 10 | hookTimeout: 120000, 11 | testTimeout: 120000, 12 | }, 13 | }); 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-macie/enable-organization-admin-account/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | exclude: ['**/dist/*', '**/node_modules/**'], 6 | include: ['test/*.ts'], 7 | passWithNoTests: true, 8 | reporters: ['default', 'junit'], 9 | outputFile: `./test-reports/${process.env['ENV_NAME']}/${process.env['AWS_DEFAULT_REGION']}/test-results.xml`, 10 | hookTimeout: 120000, 11 | testTimeout: 120000, 12 | }, 13 | }); 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-detective/enable-organization-admin-account/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | exclude: ['**/dist/*', '**/node_modules/**'], 6 | include: ['test/*.ts'], 7 | passWithNoTests: true, 8 | reporters: ['default', 'junit'], 9 | outputFile: `./test-reports/${process.env['ENV_NAME']}/${process.env['AWS_DEFAULT_REGION']}/test-results.xml`, 10 | hookTimeout: 120000, 11 | testTimeout: 120000, 12 | }, 13 | }); 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-guardduty/enable-organization-admin-account/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | exclude: ['**/dist/*', '**/node_modules/**'], 6 | include: ['test/*.ts'], 7 | passWithNoTests: true, 8 | reporters: ['default', 'junit'], 9 | outputFile: `./test-reports/${process.env['ENV_NAME']}/${process.env['AWS_DEFAULT_REGION']}/test-results.xml`, 10 | hookTimeout: 120000, 11 | testTimeout: 120000, 12 | }, 13 | }); 14 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/replacements-config.yaml: -------------------------------------------------------------------------------- 1 | globalReplacements: 2 | - key: ALLOWED_CORPORATE_CIDRS 3 | type: StringList 4 | value: 5 | - 10.0.1.0/24 6 | - 10.0.2.0/24 7 | - key: ALLOWED_PRINCIPAL_ARNS 8 | type: StringList 9 | value: 10 | - arn:aws:iam::*:role/cdk-accel-* 11 | - arn:aws:iam::*:role/AWSA* 12 | - arn:aws:iam::*:role/OrganizationAccountAccessRole 13 | - key: ALLOWED_EXTERNAL_ACCOUNTS 14 | type: StringList 15 | value: 16 | - '123456789012' 17 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-auditmanager/enable-organization-admin-account/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | exclude: ['**/dist/*', '**/node_modules/**'], 6 | include: ['test/*.ts'], 7 | passWithNoTests: true, 8 | reporters: ['default', 'junit'], 9 | outputFile: `./test-reports/${process.env['ENV_NAME']}/${process.env['AWS_DEFAULT_REGION']}/test-results.xml`, 10 | hookTimeout: 120000, 11 | testTimeout: 120000, 12 | }, 13 | }); 14 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Reporting Security Issues 2 | 3 | We take all security reports seriously. 4 | When we receive such reports, 5 | we will investigate and subsequently address 6 | any potential vulnerabilities as quickly as possible. 7 | If you discover a potential security issue in this project, 8 | please notify AWS/Amazon Security via our 9 | [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) 10 | or directly via email to [AWS Security](mailto:aws-security@amazon.com). 11 | Please do *not* create a public GitHub issue in this project. 12 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tester/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | reporters: ['default', 'junit'], 6 | outputFile: './test-reports/test-results.xml', 7 | coverage: { 8 | include: ['**/*.ts'], 9 | exclude: ['**/*.js', '**/*.json', '**/*.d.ts', '**/node_modules/**', '**/test/**'], 10 | thresholds: { 11 | branches: 70, 12 | functions: 80, 13 | lines: 15, 14 | statements: 15, 15 | }, 16 | }, 17 | }, 18 | }); 19 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this solution 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the feature you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Additional context** 17 | Add any other context or screenshots about the feature request here. 18 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/accounts-config/duplicate-emails/no-org-config/global-config.yaml: -------------------------------------------------------------------------------- 1 | homeRegion: &HOME_REGION us-gov-west-1 2 | enabledRegions: 3 | - *HOME_REGION 4 | managementAccountAccessRole: OrganizationAccountAccessRole 5 | cloudwatchLogRetentionInDays: 365 6 | terminationProtection: false 7 | controlTower: 8 | enable: false 9 | logging: 10 | account: LogArchive 11 | cloudtrail: 12 | enable: false 13 | organizationTrail: false 14 | sessionManager: 15 | sendToCloudWatchLogs: false 16 | sendToS3: false -------------------------------------------------------------------------------- /source/vitest.setup.ts: -------------------------------------------------------------------------------- 1 | import { beforeAll, vi } from 'vitest'; 2 | import * as throttleModule from '@aws-accelerator/utils/lib/throttle'; 3 | 4 | process.setMaxListeners(50); 5 | 6 | beforeAll(() => { 7 | vi.spyOn(global, 'setTimeout').mockImplementation((fn: () => void) => { 8 | fn(); 9 | return 0 as unknown as NodeJS.Timeout; 10 | }); 11 | // eslint-disable-next-line @typescript-eslint/no-explicit-any 12 | vi.spyOn(throttleModule, 'throttlingBackOff').mockImplementation(async (wrappedFunction: () => any) => { 13 | return wrappedFunction(); 14 | }); 15 | }); 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | reporters: ['default', 'junit'], 6 | outputFile: './test-reports/test-results.xml', 7 | pool: 'threads', 8 | silent: true, 9 | testTimeout: 300000, 10 | hookTimeout: 300000, 11 | teardownTimeout: 300000, 12 | coverage: { 13 | thresholds: { 14 | branches: 64, 15 | functions: 76, 16 | lines: 60, 17 | statements: 60, 18 | }, 19 | }, 20 | }, 21 | }); 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/declarative-policies/ec2-access.json: -------------------------------------------------------------------------------- 1 | { 2 | "ec2_attributes": { 3 | "serial_console_access": { 4 | "status": { 5 | "@@assign": "enabled" 6 | } 7 | }, 8 | "allowed_images_settings": { 9 | "state": { 10 | "@@assign": "disabled" 11 | }, 12 | "image_criteria": { 13 | "criteria_1": { 14 | "allowed_image_providers": { 15 | "@@assign": [] 16 | } 17 | } 18 | } 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-servicecatalog/get-portfolio-id/test/static-input.ts: -------------------------------------------------------------------------------- 1 | export abstract class StaticInput { 2 | public static readonly newProps = { 3 | displayName: 'displayName', 4 | providerName: 'providerName', 5 | }; 6 | public static readonly noPortfolioFoundError = `No portfolio ID was found for ${this.newProps.displayName} ${this.newProps.providerName} in the account`; 7 | public static readonly multiplePortfolioFoundError = `Multiple portfolio IDs were found for ${this.newProps.displayName} ${this.newProps.providerName} in the account`; 8 | } 9 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/declarative-policies/ec2-access.json: -------------------------------------------------------------------------------- 1 | { 2 | "ec2_attributes": { 3 | "serial_console_access": { 4 | "status": { 5 | "@@assign": "enabled" 6 | } 7 | }, 8 | "allowed_images_settings": { 9 | "state": { 10 | "@@assign": "disabled" 11 | }, 12 | "image_criteria": { 13 | "criteria_1": { 14 | "allowed_image_providers": { 15 | "@@assign": [] 16 | } 17 | } 18 | } 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/global-config/regional-deploy/config/global-config.yaml: -------------------------------------------------------------------------------- 1 | homeRegion: &HOME_REGION eu-central-1 2 | enabledRegions: 3 | - *HOME_REGION 4 | - us-east-1 5 | - us-west-1 6 | managementAccountAccessRole: OrganizationAccountAccessRole 7 | cloudwatchLogRetentionInDays: 365 8 | terminationProtection: false 9 | controlTower: 10 | enable: false 11 | logging: 12 | account: LogArchive 13 | cloudtrail: 14 | enable: false 15 | organizationTrail: false 16 | sessionManager: 17 | sendToCloudWatchLogs: false 18 | sendToS3: false -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/__snapshots__/ipam-scope.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`IpamScope > Construct(IpamScope): Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "TestIpamScope20AAB890": { 7 | "Properties": { 8 | "Description": "Test IPAM scope", 9 | "IpamId": "test-ipam", 10 | "Tags": [ 11 | { 12 | "Key": "Name", 13 | "Value": "Test", 14 | }, 15 | ], 16 | }, 17 | "Type": "AWS::EC2::IPAMScope", 18 | }, 19 | }, 20 | } 21 | `; 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tools/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | globals: true, 6 | include: ['**/*.test.ts'], 7 | exclude: ['**/node_modules/**', '**/dist/**', '**/build/**'], 8 | testTimeout: 300000, 9 | teardownTimeout: 60000, 10 | hookTimeout: 60000, 11 | // No setupFiles for this package 12 | reporters: ['default', 'junit'], 13 | outputFile: './test-reports/test-results.xml', 14 | coverage: { 15 | provider: 'v8', 16 | reporter: ['text', 'lcov'], 17 | }, 18 | }, 19 | }); 20 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/invalid-config/accounts-config.yaml: -------------------------------------------------------------------------------- 1 | mandatoryAccounts: 2 | - name: Management 3 | description: The management (primary) account 4 | email: alias+no-org-root@example.com 5 | organizationalUnit: Root 6 | - name: LogArchive 7 | description: The log archive account 8 | email: alias+no-org-log@example.com 9 | organizationalUnit: Root 10 | - name: Audit 11 | description: The security audit account (also referred to as the audit account) 12 | email: alias+no-org-audit@example.com 13 | organizationalUnit: Root 14 | workloadAccounts: [] 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/valid-config/accounts-config.yaml: -------------------------------------------------------------------------------- 1 | mandatoryAccounts: 2 | - name: Management 3 | description: The management (primary) account 4 | email: alias+no-org-root@example.com 5 | organizationalUnit: Root 6 | - name: LogArchive 7 | description: The log archive account 8 | email: alias+no-org-log@example.com 9 | organizationalUnit: Root 10 | - name: Audit 11 | description: The security audit account (also referred to as the audit account) 12 | email: alias+no-org-audit@example.com 13 | organizationalUnit: Root 14 | workloadAccounts: [] 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/global-config/regional-deploy/config/accounts-config.yaml: -------------------------------------------------------------------------------- 1 | mandatoryAccounts: 2 | - name: Management 3 | description: The management (primary) account 4 | email: alias+no-org-root@example.com 5 | organizationalUnit: Root 6 | - name: LogArchive 7 | description: The log archive account 8 | email: alias+no-org-log@example.com 9 | organizationalUnit: Root 10 | - name: Audit 11 | description: The security audit account (also referred to as the audit account) 12 | email: alias+no-org-audit@example.com 13 | organizationalUnit: Root 14 | workloadAccounts: [] 15 | -------------------------------------------------------------------------------- /source/packages/@aws-cdk-extensions/cdk-extensions/test/__snapshots__/repository.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`Initialized CodeCommit Repository > Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "SnapshotTest4B1F0CC8": { 7 | "Properties": { 8 | "Code": { 9 | "BranchName": "main", 10 | "S3": { 11 | "Bucket": "Testbucket", 12 | "Key": "testkey", 13 | }, 14 | }, 15 | "RepositoryName": "AWS-accelerator", 16 | }, 17 | "Type": "AWS::CodeCommit::Repository", 18 | }, 19 | }, 20 | } 21 | `; 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/ad-config-scripts/AD-group-grant-permissions-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupName 5 | ) 6 | 7 | # Turned off logging; 8 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 9 | 10 | #This part of the code gets the domain name and splits it 11 | $fdn=(Get-WmiObject Win32_ComputerSystem).Domain 12 | $dom,$ext=$fdn.split('.') 13 | 14 | #Delegate Control 15 | dsacls "CN=$GroupName,OU=Users,OU=$dom,DC=$dom,DC=$ext" /I:T /G "$dom\$GroupName`:CCDC;computer" 16 | dsacls "CN=$GroupName,OU=Users,OU=$dom,DC=$dom,DC=$ext" /I:T /G "$dom\$GroupName`:CCDC;user" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/ad-config-scripts/AD-group-grant-permissions-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupName 5 | ) 6 | 7 | # Turned off logging; 8 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 9 | 10 | #This part of the code gets the domain name and splits it 11 | $fdn=(Get-WmiObject Win32_ComputerSystem).Domain 12 | $dom,$ext=$fdn.split('.') 13 | 14 | #Delegate Control 15 | dsacls "CN=$GroupName,OU=Users,OU=$dom,DC=$dom,DC=$ext" /I:T /G "$dom\$GroupName`:CCDC;computer" 16 | dsacls "CN=$GroupName,OU=Users,OU=$dom,DC=$dom,DC=$ext" /I:T /G "$dom\$GroupName`:CCDC;user" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/ad-config-scripts/AD-group-grant-permissions-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupName 5 | ) 6 | 7 | # Turned off logging; 8 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 9 | 10 | #This part of the code gets the domain name and splits it 11 | $fdn=(Get-WmiObject Win32_ComputerSystem).Domain 12 | $dom,$ext=$fdn.split('.') 13 | 14 | #Delegate Control 15 | dsacls "CN=$GroupName,OU=Users,OU=$dom,DC=$dom,DC=$ext" /I:T /G "$dom\$GroupName`:CCDC;computer" 16 | dsacls "CN=$GroupName,OU=Users,OU=$dom,DC=$dom,DC=$ext" /I:T /G "$dom\$GroupName`:CCDC;user" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/replacements-config.yaml: -------------------------------------------------------------------------------- 1 | globalReplacements: 2 | - key: ALLOWED_CORPORATE_CIDRS 3 | type: StringList 4 | value: 5 | - 10.0.1.0/24 6 | - 10.0.2.0/24 7 | - key: ALLOWED_PRINCIPAL_ARNS 8 | type: StringList 9 | value: 10 | - arn:aws:iam::*:role/cdk-accel-* 11 | - arn:aws:iam::*:role/AWSA* 12 | - arn:aws:iam::*:role/OrganizationAccountAccessRole 13 | - key: ALLOWED_EXTERNAL_ACCOUNTS 14 | type: StringList 15 | value: 16 | - '123456789012' 17 | - key: DEFINED_PLACEHOLDER 18 | type: String 19 | value: 'TagReplacementValue' 20 | -------------------------------------------------------------------------------- /source/packages/@aws-cdk-extensions/cdk-extensions/test/__snapshots__/repository-snapshot.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`Initialized CodeCommit Repository > Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "SnapshotTest4B1F0CC8": { 7 | "Properties": { 8 | "Code": { 9 | "BranchName": "main", 10 | "S3": { 11 | "Bucket": "Testbucket", 12 | "Key": "testkey", 13 | }, 14 | }, 15 | "RepositoryName": "AWS-accelerator", 16 | }, 17 | "Type": "AWS::CodeCommit::Repository", 18 | }, 19 | }, 20 | } 21 | `; 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/kms/central-logs-bucket-key-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Policy statement 1 from file", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "Service": "macie.amazonaws.com" 9 | }, 10 | "Action": [ 11 | "kms:Decrypt", 12 | "kms:DescribeKey", 13 | "kms:Encrypt", 14 | "kms:ReEncrypt*", 15 | "kms:GenerateDataKey*" 16 | ], 17 | "Resource": "*" 18 | } 19 | ] 20 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/vitest.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config'; 2 | 3 | export default defineConfig({ 4 | test: { 5 | exclude: ['**/*.integration.test.ts', '**/dist/*', '**/node_modules/**'], 6 | include: ['**/*.test.ts'], 7 | passWithNoTests: true, 8 | setupFiles: ['./vitest.setup.ts'], 9 | reporters: ['default', 'junit'], 10 | outputFile: './test-reports/test-results.xml', 11 | coverage: { 12 | include: ['**/*.ts'], 13 | thresholds: { 14 | branches: 70, 15 | functions: 92, 16 | lines: 15, 17 | statements: 15, 18 | }, 19 | }, 20 | }, 21 | }); 22 | -------------------------------------------------------------------------------- /Config: -------------------------------------------------------------------------------- 1 | package.Landing-zone-accelerator-on-aws = { 2 | interfaces = (1.0); 3 | 4 | # Use NoOpBuild. 5 | build-system = no-op; 6 | build-tools = { 7 | 1.0 = { 8 | NoOpBuild = 1.0; 9 | }; 10 | }; 11 | 12 | # Use runtime-dependencies for when you want to bring in additional 13 | # packages when deploying. 14 | # Use dependencies instead if you intend for these dependencies to 15 | # be exported to other packages that build against you. 16 | dependencies = { 17 | 1.0 = { 18 | }; 19 | }; 20 | 21 | runtime-dependencies = { 22 | 1.0 = { 23 | }; 24 | }; 25 | 26 | }; 27 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/ad-config-scripts/AD-group-grant-permissions-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupName 5 | ) 6 | 7 | # Turned off logging; 8 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 9 | 10 | #This part of the code gets the domain name and splits it 11 | $fdn=(Get-WmiObject Win32_ComputerSystem).Domain 12 | $dom,$ext=$fdn.split('.') 13 | 14 | #Delegate Control 15 | dsacls "CN=$GroupName,OU=Users,OU=$dom,DC=$dom,DC=$ext" /I:T /G "$dom\$GroupName`:CCDC;computer" 16 | dsacls "CN=$GroupName,OU=Users,OU=$dom,DC=$dom,DC=$ext" /I:T /G "$dom\$GroupName`:CCDC;user" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/ssm-documents/attach-iam-instance-profile.yaml: -------------------------------------------------------------------------------- 1 | description: Associate AWS Iam Instance Profile to EC2 Instance 2 | schemaVersion: '0.3' 3 | assumeRole: '{{ AutomationAssumeRole }}' 4 | parameters: 5 | IamInstanceProfile: 6 | type: String 7 | InstanceId: 8 | type: String 9 | AutomationAssumeRole: 10 | type: String 11 | mainSteps: 12 | - name: associateIamProfile 13 | action: 'aws:executeAwsApi' 14 | inputs: 15 | Service: ec2 16 | Api: associate_iam_instance_profile 17 | IamInstanceProfile: 18 | Name: '{{ IamInstanceProfile }}' 19 | InstanceId: '{{ InstanceId }}' -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/ssm-documents/attach-iam-instance-profile.yaml: -------------------------------------------------------------------------------- 1 | description: Associate AWS Iam Instance Profile to EC2 Instance 2 | schemaVersion: '0.3' 3 | assumeRole: '{{ AutomationAssumeRole }}' 4 | parameters: 5 | IamInstanceProfile: 6 | type: String 7 | InstanceId: 8 | type: String 9 | AutomationAssumeRole: 10 | type: String 11 | mainSteps: 12 | - name: associateIamProfile 13 | action: 'aws:executeAwsApi' 14 | inputs: 15 | Service: ec2 16 | Api: associate_iam_instance_profile 17 | IamInstanceProfile: 18 | Name: '{{ IamInstanceProfile }}' 19 | InstanceId: '{{ InstanceId }}' -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/ssm-documents/attach-iam-instance-profile.yaml: -------------------------------------------------------------------------------- 1 | description: Associate AWS Iam Instance Profile to EC2 Instance 2 | schemaVersion: '0.3' 3 | assumeRole: '{{ AutomationAssumeRole }}' 4 | parameters: 5 | IamInstanceProfile: 6 | type: String 7 | InstanceId: 8 | type: String 9 | AutomationAssumeRole: 10 | type: String 11 | mainSteps: 12 | - name: associateIamProfile 13 | action: 'aws:executeAwsApi' 14 | inputs: 15 | Service: ec2 16 | Api: associate_iam_instance_profile 17 | IamInstanceProfile: 18 | Name: '{{ IamInstanceProfile }}' 19 | InstanceId: '{{ InstanceId }}' -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/waf-logging-enabled-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "wafconfig", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "waf:GetLoggingConfiguration", 9 | "waf:GetWebACL", 10 | "wafv2:GetLoggingConfiguration", 11 | "wafv2:GetWebACL", 12 | "waf-regional:GetLoggingConfiguration", 13 | "waf-regional:GetWebACL" 14 | ], 15 | "Resource": [ 16 | "arn:*:waf::*:*", 17 | "arn:*:wafv2:*:*:*/*/*", 18 | "arn:*:waf-regional:*:*:*" 19 | ] 20 | } 21 | ] 22 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/waf-logging-enabled-detection-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "wafconfig", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "waf:GetLoggingConfiguration", 9 | "waf:GetWebACL", 10 | "wafv2:GetLoggingConfiguration", 11 | "wafv2:GetWebACL", 12 | "waf-regional:GetLoggingConfiguration", 13 | "waf-regional:GetWebACL" 14 | ], 15 | "Resource": [ 16 | "arn:*:waf::*:*", 17 | "arn:*:wafv2:*:*:*/*/*", 18 | "arn:*:waf-regional:*:*:*" 19 | ] 20 | } 21 | ] 22 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/ssm-documents/attach-iam-instance-profile.yaml: -------------------------------------------------------------------------------- 1 | description: Associate AWS Iam Instance Profile to EC2 Instance 2 | schemaVersion: '0.3' 3 | assumeRole: '{{ AutomationAssumeRole }}' 4 | parameters: 5 | IamInstanceProfile: 6 | type: String 7 | InstanceId: 8 | type: String 9 | AutomationAssumeRole: 10 | type: String 11 | mainSteps: 12 | - name: associateIamProfile 13 | action: 'aws:executeAwsApi' 14 | inputs: 15 | Service: ec2 16 | Api: associate_iam_instance_profile 17 | IamInstanceProfile: 18 | Name: '{{ IamInstanceProfile }}' 19 | InstanceId: '{{ InstanceId }}' -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/ssm-documents/attach-iam-instance-profile.yaml: -------------------------------------------------------------------------------- 1 | description: Associate AWS Iam Instance Profile to EC2 Instance 2 | schemaVersion: '0.3' 3 | assumeRole: '{{ AutomationAssumeRole }}' 4 | parameters: 5 | IamInstanceProfile: 6 | type: String 7 | InstanceId: 8 | type: String 9 | AutomationAssumeRole: 10 | type: String 11 | mainSteps: 12 | - name: associateIamProfile 13 | action: 'aws:executeAwsApi' 14 | inputs: 15 | Service: ec2 16 | Api: associate_iam_instance_profile 17 | IamInstanceProfile: 18 | Name: '{{ IamInstanceProfile }}' 19 | InstanceId: '{{ InstanceId }}' -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/network-refactor/organization-config.yaml: -------------------------------------------------------------------------------- 1 | enable: true 2 | organizationalUnits: 3 | - name: Security 4 | - name: Infrastructure 5 | serviceControlPolicies: [] 6 | taggingPolicies: [] 7 | chatbotPolicies: [] 8 | backupPolicies: [] 9 | organizationalUnitIds: 10 | - name: Root 11 | id: r-asdf 12 | arn: arn:aws:organizations::111111111111:root/o-asdf123456/r-asdf 13 | - name: Security 14 | id: ou-asdf-11111111 15 | arn: arn:aws:organizations::111111111111:ou/o-asdf123456/ou-asdf-11111111 16 | - name: Infrastructure 17 | id: ou-asdf-22222222 18 | arn: arn:aws:organizations::111111111111:ou/o-asdf123456/ou-asdf-22222222 -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/bucket-policies/assets-bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Policy from file", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "AWS": "*" 9 | }, 10 | "Action": ["s3:List*"], 11 | "Resource": [ 12 | "arn:aws:s3:::aws-accelerator-imported-all-enabled-${ACCOUNT_ID}-${REGION}", 13 | "arn:aws:s3:::aws-accelerator-imported-all-enabled-${ACCOUNT_ID}-${REGION}/*" 14 | ], 15 | "Condition": { 16 | "StringEquals": { 17 | "aws:PrincipalOrgID": "${ORG_ID}" 18 | } 19 | } 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/data-perimeter/attach-resource-based-policy.yaml: -------------------------------------------------------------------------------- 1 | description: Resource-based Policy 2 | schemaVersion: '0.3' 3 | assumeRole: '{{ AutomationAssumeRole }}' 4 | parameters: 5 | ResourceId: 6 | type: String 7 | FunctionName: 8 | type: String 9 | AutomationAssumeRole: 10 | type: String 11 | ConfigRuleName: 12 | type: String 13 | mainSteps: 14 | - name: invokeLambdaFunction 15 | action: 'aws:invokeLambdaFunction' 16 | inputs: 17 | InvocationType: RequestResponse 18 | FunctionName: "{{ FunctionName }}" 19 | InputPayload: 20 | ResourceId: "{{ ResourceId }}" 21 | ConfigRuleName: "{{ ConfigRuleName }}" 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tester/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 5 | * with the License. A copy of the License is located at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 10 | * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 11 | * and limitations under the License. 12 | */ 13 | 14 | export * from './lib/tester-stack'; 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/installer/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 5 | * with the License. A copy of the License is located at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 10 | * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 11 | * and limitations under the License. 12 | */ 13 | 14 | export * from './lib/installer-stack'; 15 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/ad-config-scripts/AD-connector-permissions-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupName, 5 | 6 | [string] 7 | $DomainAdminUser, 8 | 9 | [string] 10 | $DomainAdminPassword 11 | ) 12 | 13 | # Turned off logging; 14 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 15 | 16 | $securePassword = ConvertTo-SecureString $DomainAdminPassword -AsPlainText -Force 17 | $credential = New-Object System.Management.Automation.PSCredential $DomainAdminUser, $securePassword 18 | 19 | Start-Process powershell.exe -Credential $credential -ArgumentList "-file c:\cfn\scripts\AD-group-grant-permissions-setup.ps1", "$GroupName" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/ad-config-scripts/AD-connector-permissions-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupName, 5 | 6 | [string] 7 | $DomainAdminUser, 8 | 9 | [string] 10 | $DomainAdminPassword 11 | ) 12 | 13 | # Turned off logging; 14 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 15 | 16 | $securePassword = ConvertTo-SecureString $DomainAdminPassword -AsPlainText -Force 17 | $credential = New-Object System.Management.Automation.PSCredential $DomainAdminUser, $securePassword 18 | 19 | Start-Process powershell.exe -Credential $credential -ArgumentList "-file c:\cfn\scripts\AD-group-grant-permissions-setup.ps1", "$GroupName" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/ad-config-scripts/AD-connector-permissions-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupName, 5 | 6 | [string] 7 | $DomainAdminUser, 8 | 9 | [string] 10 | $DomainAdminPassword 11 | ) 12 | 13 | # Turned off logging; 14 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 15 | 16 | $securePassword = ConvertTo-SecureString $DomainAdminPassword -AsPlainText -Force 17 | $credential = New-Object System.Management.Automation.PSCredential $DomainAdminUser, $securePassword 18 | 19 | Start-Process powershell.exe -Credential $credential -ArgumentList "-file c:\cfn\scripts\AD-group-grant-permissions-setup.ps1", "$GroupName" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/service-control-policies/quarantine.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "DenyAllAWSServicesExceptBreakglassRoles", 6 | "Effect": "Deny", 7 | "Action": "*", 8 | "Resource": "*", 9 | "Condition": { 10 | "ArnNotLike": { 11 | "aws:PrincipalArn": [ 12 | "arn:${PARTITION}:iam::*:role/${MANAGEMENT_ACCOUNT_ACCESS_ROLE}", 13 | "arn:${PARTITION}:iam::*:role/aws*", 14 | "arn:${PARTITION}:iam::*:role/${ACCELERATOR_PREFIX}*", 15 | "arn:${PARTITION}:iam::*:role/cdk-accel*" 16 | ] 17 | } 18 | } 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/service-control-policies/quarantine.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "DenyAllAWSServicesExceptBreakglassRoles", 6 | "Effect": "Deny", 7 | "Action": "*", 8 | "Resource": "*", 9 | "Condition": { 10 | "ArnNotLike": { 11 | "aws:PrincipalArn": [ 12 | "arn:${PARTITION}:iam::*:role/${MANAGEMENT_ACCOUNT_ACCESS_ROLE}", 13 | "arn:${PARTITION}:iam::*:role/aws*", 14 | "arn:${PARTITION}:iam::*:role/${ACCELERATOR_PREFIX}*", 15 | "arn:${PARTITION}:iam::*:role/cdk-accel*" 16 | ] 17 | } 18 | } 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/service-control-policies/quarantine.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "DenyAllAWSServicesExceptBreakglassRoles", 6 | "Effect": "Deny", 7 | "Action": "*", 8 | "Resource": "*", 9 | "Condition": { 10 | "ArnNotLike": { 11 | "aws:PrincipalArn": [ 12 | "arn:${PARTITION}:iam::*:role/${MANAGEMENT_ACCOUNT_ACCESS_ROLE}", 13 | "arn:${PARTITION}:iam::*:role/aws*", 14 | "arn:${PARTITION}:iam::*:role/${ACCELERATOR_PREFIX}*", 15 | "arn:${PARTITION}:iam::*:role/cdk-accel*" 16 | ] 17 | } 18 | } 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/invalid-config/global-config.yaml: -------------------------------------------------------------------------------- 1 | homeRegion: "{{AcceleratorHomeRegion}}" 2 | enabledRegions: [{{AcceleratorHomeRegion}}, {{NonHomeEnabledRegions}}] 3 | managementAccountAccessRole: OrganizationAccountAccessRole 4 | cloudwatchLogRetentionInDays: 365 5 | terminationProtection: false 6 | controlTower: 7 | enable: false 8 | logging: 9 | account: LogArchive 10 | cloudtrail: 11 | enable: false 12 | organizationTrail: false 13 | sessionManager: 14 | sendToCloudWatchLogs: false 15 | sendToS3: false 16 | tags: 17 | - key: ValidTag 18 | value: "{{DEFINED_PLACEHOLDER}}" 19 | - key: InvalidTag 20 | value: "{{UNDEFINED_PLACEHOLDER}}" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/ad-config-scripts/AD-connector-permissions-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupName, 5 | 6 | [string] 7 | $DomainAdminUser, 8 | 9 | [string] 10 | $DomainAdminPassword 11 | ) 12 | 13 | # Turned off logging; 14 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 15 | 16 | $securePassword = ConvertTo-SecureString $DomainAdminPassword -AsPlainText -Force 17 | $credential = New-Object System.Management.Automation.PSCredential $DomainAdminUser, $securePassword 18 | 19 | Start-Process powershell.exe -Credential $credential -ArgumentList "-file c:\cfn\scripts\AD-group-grant-permissions-setup.ps1", "$GroupName" -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/service-control-policies/quarantine.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "DenyAllAWSServicesExceptBreakglassRoles", 6 | "Effect": "Deny", 7 | "Action": "*", 8 | "Resource": "*", 9 | "Condition": { 10 | "ArnNotLike": { 11 | "aws:PrincipalArn": [ 12 | "arn:${PARTITION}:iam::*:role/${MANAGEMENT_ACCOUNT_ACCESS_ROLE}", 13 | "arn:${PARTITION}:iam::*:role/aws*", 14 | "arn:${PARTITION}:iam::*:role/${ACCELERATOR_PREFIX}*", 15 | "arn:${PARTITION}:iam::*:role/cdk-accel*" 16 | ] 17 | } 18 | } 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/lib/common/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 5 | * with the License. A copy of the License is located at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 10 | * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 11 | * and limitations under the License. 12 | */ 13 | 14 | export * from './parse'; 15 | export * from './types'; 16 | -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/standard/index.md: -------------------------------------------------------------------------------- 1 | # Standard Configuration 2 | 3 | This section outlines the standard sample configuration intended for commercial AWS regions. Please continue reading the subpages for important design and architectural considerations when using this sample. 4 | 5 | !!! info "Subpages" 6 | - [Overview](./overview.md) 7 | - [Organization and Account Structure](./org-structure.md) 8 | - [Authentication and Authorization](./authn-authz.md) 9 | - [Logging and Monitoring](./logging-monitoring.md) 10 | - [Networking](./networking.md) 11 | 12 | !!! note "See also" 13 | - [GitHub - LZA Standard Sample Configuration](https://github.com/aws/lza-universal-configuration/tree/main/modules/base/default) -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/service-control-policies/quarantine.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "DenyAllAWSServicesExceptBreakglassRoles", 6 | "Effect": "Deny", 7 | "Action": "*", 8 | "Resource": "*", 9 | "Condition": { 10 | "ArnNotLike": { 11 | "aws:PrincipalArn": [ 12 | "arn:${PARTITION}:iam::*:role/${MANAGEMENT_ACCOUNT_ACCESS_ROLE}", 13 | "arn:${PARTITION}:iam::*:role/aws*", 14 | "arn:${PARTITION}:iam::*:role/${ACCELERATOR_PREFIX}*", 15 | "arn:${PARTITION}:iam::*:role/cdk-accel*" 16 | ] 17 | } 18 | } 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /source/packages/@aws-cdk-extensions/cdk-extensions/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 5 | * with the License. A copy of the License is located at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 10 | * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 11 | * and limitations under the License. 12 | */ 13 | 14 | export * from './lib/repository'; 15 | export * from './lib/trail'; 16 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/__snapshots__/ipam.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`Ipam > Construct(Ipam): Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "TestIpamD7083AA5": { 7 | "Properties": { 8 | "Description": "Test IPAM", 9 | "OperatingRegions": [ 10 | { 11 | "RegionName": "us-east-1", 12 | }, 13 | { 14 | "RegionName": "us-west-2", 15 | }, 16 | ], 17 | "Tags": [ 18 | { 19 | "Key": "Name", 20 | "Value": "Test", 21 | }, 22 | ], 23 | }, 24 | "Type": "AWS::EC2::IPAM", 25 | }, 26 | }, 27 | } 28 | `; 29 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tools/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 5 | * with the License. A copy of the License is located at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 10 | * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 11 | * and limitations under the License. 12 | */ 13 | 14 | export * from './lib/classes/accelerator-tool'; 15 | export * from './uninstaller'; 16 | -------------------------------------------------------------------------------- /source/.eslintrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "env": { 3 | "es2021": true, 4 | "node": true 5 | }, 6 | "root": true, 7 | "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended", "plugin:prettier/recommended"], 8 | "parser": "@typescript-eslint/parser", 9 | "parserOptions": { 10 | "ecmaVersion": 12, 11 | "sourceType": "module" 12 | }, 13 | "plugins": ["@typescript-eslint"], 14 | "rules": { 15 | "dot-notation": "off", 16 | "no-case-declarations": "off", 17 | "@typescript-eslint/no-non-null-assertion": "off", 18 | "@typescript-eslint/camelcase": "off", 19 | "@typescript-eslint/no-var-requires": 0, 20 | "@typescript-eslint/ban-ts-comment": "off" 21 | }, 22 | "globals": { 23 | "require": true 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/chatbot-policies/default-chatbot-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "chatbot": { 3 | "platforms": { 4 | "chime": { 5 | "client": { 6 | "@@assign": "disabled" 7 | } 8 | }, 9 | "slack": { 10 | "client": { 11 | "@@assign": "disabled" 12 | } 13 | }, 14 | "microsoft_teams": { 15 | "client": { 16 | "@@assign": "disabled" 17 | } 18 | } 19 | }, 20 | "default": { 21 | "client": { 22 | "@@assign": "disabled" 23 | } 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/test-configuration/config.yaml: -------------------------------------------------------------------------------- 1 | tests: 2 | - name: validate main transit gateway 3 | description: Validate Main Transit Gateway 4 | suite: network 5 | testTarget: validateTransitGateway 6 | expect: PASS 7 | parameters: 8 | name: Main 9 | accountId: '' 10 | region: us-east-1 11 | amazonSideAsn: '65521' 12 | dnsSupport: enable 13 | vpnEcmpSupport: enable 14 | defaultRouteTableAssociation: disable 15 | defaultRouteTablePropagation: disable 16 | autoAcceptSharingAttachments: enable 17 | routeTableNames: 18 | - core 19 | - segregated 20 | - shared 21 | - standalone 22 | shareTargetAccountIds: [] -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/test-configuration/config.yaml: -------------------------------------------------------------------------------- 1 | tests: 2 | - name: validate main transit gateway 3 | description: Validate Main Transit Gateway 4 | suite: network 5 | testTarget: validateTransitGateway 6 | expect: PASS 7 | parameters: 8 | name: Main 9 | accountId: '' 10 | region: us-east-1 11 | amazonSideAsn: '65521' 12 | dnsSupport: enable 13 | vpnEcmpSupport: enable 14 | defaultRouteTableAssociation: disable 15 | defaultRouteTablePropagation: disable 16 | autoAcceptSharingAttachments: enable 17 | routeTableNames: 18 | - core 19 | - segregated 20 | - shared 21 | - standalone 22 | shareTargetAccountIds: [] -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/test-configuration/config.yaml: -------------------------------------------------------------------------------- 1 | tests: 2 | - name: validate main transit gateway 3 | description: Validate Main Transit Gateway 4 | suite: network 5 | testTarget: validateTransitGateway 6 | expect: PASS 7 | parameters: 8 | name: Main 9 | accountId: '' 10 | region: us-east-1 11 | amazonSideAsn: '65521' 12 | dnsSupport: enable 13 | vpnEcmpSupport: enable 14 | defaultRouteTableAssociation: disable 15 | defaultRouteTablePropagation: disable 16 | autoAcceptSharingAttachments: enable 17 | routeTableNames: 18 | - core 19 | - segregated 20 | - shared 21 | - standalone 22 | shareTargetAccountIds: [] -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/chatbot-policies/default-chatbot-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "chatbot": { 3 | "platforms": { 4 | "chime": { 5 | "client": { 6 | "@@assign": "disabled" 7 | } 8 | }, 9 | "slack": { 10 | "client": { 11 | "@@assign": "disabled" 12 | } 13 | }, 14 | "microsoft_teams": { 15 | "client": { 16 | "@@assign": "disabled" 17 | } 18 | } 19 | }, 20 | "default": { 21 | "client": { 22 | "@@assign": "disabled" 23 | } 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/chatbot-policies/default-chatbot-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "chatbot": { 3 | "platforms": { 4 | "chime": { 5 | "client": { 6 | "@@assign": "disabled" 7 | } 8 | }, 9 | "slack": { 10 | "client": { 11 | "@@assign": "disabled" 12 | } 13 | }, 14 | "microsoft_teams": { 15 | "client": { 16 | "@@assign": "disabled" 17 | } 18 | } 19 | }, 20 | "default": { 21 | "client": { 22 | "@@assign": "disabled" 23 | } 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/__snapshots__/prefix-list.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`PrefixList > Construct(PrefixList): Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "TestPrefixListF3A076C9": { 7 | "Properties": { 8 | "AddressFamily": "IPv4", 9 | "Entries": [ 10 | { 11 | "Cidr": "1.1.1.1/32", 12 | }, 13 | ], 14 | "MaxEntries": 1, 15 | "PrefixListName": "Test", 16 | "Tags": [ 17 | { 18 | "Key": "Test-Key", 19 | "Value": "Test-Value", 20 | }, 21 | ], 22 | }, 23 | "Type": "AWS::EC2::PrefixList", 24 | }, 25 | }, 26 | } 27 | `; 28 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/tester/test/configs/config.yaml: -------------------------------------------------------------------------------- 1 | tests: 2 | - name: validate main transit gateway 3 | description: Validate Main Transit Gateway 4 | suite: network 5 | testTarget: validateTransitGateway 6 | expect: PASS 7 | parameters: 8 | name: Main 9 | accountId: '333333333333' 10 | region: us-east-1 11 | amazonSideAsn: '65521' 12 | dnsSupport: enable 13 | vpnEcmpSupport: enable 14 | defaultRouteTableAssociation: disable 15 | defaultRouteTablePropagation: disable 16 | autoAcceptSharingAttachments: enable 17 | routeTableNames: 18 | - core 19 | - segregated 20 | - shared 21 | - standalone 22 | shareTargetAccountIds: ['111111111111','222222222222'] -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-ou-targets/test-configuration/config.yaml: -------------------------------------------------------------------------------- 1 | tests: 2 | - name: validate main transit gateway 3 | description: Validate Main Transit Gateway 4 | suite: network 5 | testTarget: validateTransitGateway 6 | expect: PASS 7 | parameters: 8 | name: Main 9 | accountId: '' 10 | region: us-east-1 11 | amazonSideAsn: '65521' 12 | dnsSupport: enable 13 | vpnEcmpSupport: enable 14 | defaultRouteTableAssociation: disable 15 | defaultRouteTablePropagation: disable 16 | autoAcceptSharingAttachments: enable 17 | routeTableNames: 18 | - core 19 | - segregated 20 | - shared 21 | - standalone 22 | shareTargetAccountIds: [] -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/index.md: -------------------------------------------------------------------------------- 1 | # Sample Configurations 2 | 3 | This section contains details about the sample configurations provided for the Landing Zone Accelerator on AWS solution. These configurations are frequently updated as AWS services and features evolve. If you are adopting one of these samples, we highly recommend that you continue to review the updates to the respective sample configuration and apply the enhancements that are relevant to your environment. 4 | 5 | !!! info "Subpages" 6 | - [Standard](./standard/index.md) 7 | - [GovCloud (US)](./govcloud-us/index.md) 8 | 9 | !!! note "See also" 10 | - [Support for specific regions and industries](https://github.com/awslabs/landing-zone-accelerator-on-aws/tree/main/reference/sample-configurations) -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled-delegated-admin/test-configuration/config.yaml: -------------------------------------------------------------------------------- 1 | tests: 2 | - name: validate main transit gateway 3 | description: Validate Main Transit Gateway 4 | suite: network 5 | testTarget: validateTransitGateway 6 | expect: PASS 7 | parameters: 8 | name: Main 9 | accountId: '' 10 | region: us-east-1 11 | amazonSideAsn: '65521' 12 | dnsSupport: enable 13 | vpnEcmpSupport: enable 14 | defaultRouteTableAssociation: disable 15 | defaultRouteTablePropagation: disable 16 | autoAcceptSharingAttachments: enable 17 | routeTableNames: 18 | - core 19 | - segregated 20 | - shared 21 | - standalone 22 | shareTargetAccountIds: [] -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/__snapshots__/transit-gateway-route-table.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`TransitGatewayRouteTable > Construct(TransitGatewayRouteTable): Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "TransitGatewayRouteTableCoreTransitGatewayRouteTableD6BC94E0": { 7 | "Properties": { 8 | "Tags": [ 9 | { 10 | "Key": "Name", 11 | "Value": "core", 12 | }, 13 | { 14 | "Key": "Test-Key", 15 | "Value": "Test-Value", 16 | }, 17 | ], 18 | "TransitGatewayId": "tgw0001", 19 | }, 20 | "Type": "AWS::EC2::TransitGatewayRouteTable", 21 | }, 22 | }, 23 | } 24 | `; 25 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-networkfirewall/includedStacks/firewall-stack.json: -------------------------------------------------------------------------------- 1 | { 2 | "Resources": { 3 | "firewallLogicalId": { 4 | "Properties": { 5 | "FirewallName": "TestFirewall", 6 | "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:222222222222:firewall-policy/TestPolicy", 7 | "SubnetMappings": [ 8 | { 9 | "SubnetId": "Test-Subnet-1" 10 | }, 11 | { 12 | "SubnetId": "Test-Subnet-2" 13 | } 14 | ], 15 | "Tags": [ 16 | { 17 | "Key": "Name", 18 | "Value": "TestFirewall" 19 | } 20 | ], 21 | "VpcId": "TestVpc" 22 | }, 23 | "Type": "AWS::NetworkFirewall::Firewall" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/bucket-policies/access-logs-bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "statement from policy file", 6 | "Effect": "Deny", 7 | "Principal": { 8 | "AWS": "*" 9 | }, 10 | "Action": "s3:*", 11 | "Resource": [ 12 | "arn:aws:s3:::existing-access-logs-bucket-${ACCOUNT_ID}-${REGION}", 13 | "arn:aws:s3:::existing-access-logs-bucket-${ACCOUNT_ID}-${REGION}/*" 14 | ], 15 | "Condition": { 16 | "Bool": { 17 | "aws:SecureTransport": "false" 18 | } 19 | } 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/bucket-policies/access-logs-bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "statement from policy file", 6 | "Effect": "Deny", 7 | "Principal": { 8 | "AWS": "*" 9 | }, 10 | "Action": "s3:*", 11 | "Resource": [ 12 | "arn:aws:s3:::existing-access-logs-bucket-${ACCOUNT_ID}-${REGION}", 13 | "arn:aws:s3:::existing-access-logs-bucket-${ACCOUNT_ID}-${REGION}/*" 14 | ], 15 | "Condition": { 16 | "Bool": { 17 | "aws:SecureTransport": "false" 18 | } 19 | } 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/bucket-policies/access-logs-bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "statement from policy file", 6 | "Effect": "Deny", 7 | "Principal": { 8 | "AWS": "*" 9 | }, 10 | "Action": "s3:*", 11 | "Resource": [ 12 | "arn:aws:s3:::existing-access-logs-bucket-${ACCOUNT_ID}-${REGION}", 13 | "arn:aws:s3:::existing-access-logs-bucket-${ACCOUNT_ID}-${REGION}/*" 14 | ], 15 | "Condition": { 16 | "Bool": { 17 | "aws:SecureTransport": "false" 18 | } 19 | } 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /source/mkdocs/docs/sample-configurations/govcloud-us/index.md: -------------------------------------------------------------------------------- 1 | # GovCloud (US) Configuration 2 | 3 | This section outlines the sample configuration intended for United States Federal and Department of Defense (DoD) customers operating in GovCloud (US) AWS regions. Please continue reading the subpages for important design and architectural considerations when using this sample. 4 | 5 | !!! info "Subpages" 6 | - [Overview](./overview.md) 7 | - [Organization and Account Structure](./org-structure.md) 8 | - [Security Controls](./security-controls.md) 9 | - [Networking](./networking.md) 10 | - [Additional Considerations](./considerations.md) 11 | 12 | !!! note "See also" 13 | - [GitHub - LZA GovCloud (US) Sample Configuration](https://github.com/aws/lza-universal-configuration/tree/main/modules/base/default) -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-ssm/get-param-value/test/static-input.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Abstract class to configure static input for create-log-groups custom resource AWS Lambda unit testing 3 | */ 4 | export abstract class StaticInput { 5 | public static readonly crossAccountProps = { 6 | parameterRegion: 'parameterRegion', 7 | invokingAccountID: 'invokingAccountID', 8 | parameterAccountID: 'parameterAccountID', 9 | assumeRoleArn: 'assumeRoleArn', 10 | parameterName: 'parameterName', 11 | }; 12 | public static readonly sameAccountProps = { 13 | parameterRegion: 'parameterRegion', 14 | invokingAccountID: 'invokingAccountID', 15 | parameterAccountID: 'invokingAccountID', 16 | assumeRoleArn: 'assumeRoleArn', 17 | parameterName: 'parameterName', 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/__snapshots__/transit-gateway-connect.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`TransitGatewayConnectAttachment > Construct(TransitGatewayStaticRoute): Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "TransitGatewayConnectVpcAttachTestVpcTgwConnectTransitGatewayConnect442AF647": { 7 | "Properties": { 8 | "Options": { 9 | "Protocol": "gre", 10 | }, 11 | "Tags": [ 12 | { 13 | "Key": "Name", 14 | "Value": "TestVpcTgwConnect", 15 | }, 16 | ], 17 | "TransportTransitGatewayAttachmentId": "tgw-attach-0123456789012", 18 | }, 19 | "Type": "AWS::EC2::TransitGatewayConnect", 20 | }, 21 | }, 22 | } 23 | `; 24 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/kms/elb-logs-bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Policy from file", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "AWS": "*" 9 | }, 10 | "Action": [ 11 | "s3:List*" 12 | ], 13 | "Resource": [ 14 | "arn:aws:s3:::existing-elb-logs-bucket-${ACCOUNT_ID}-${REGION}", 15 | "arn:aws:s3:::existing-elb-logs-bucket-${ACCOUNT_ID}-${REGION}/*" 16 | ], 17 | "Condition": { 18 | "StringEquals": { 19 | "aws:PrincipalOrgID": "${ORG_ID}" 20 | } 21 | } 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/vpc-endpoint-policies/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Sid": "AllowRequestsByOrgsIdentities", 5 | "Effect": "Allow", 6 | "Principal": { 7 | "AWS": "*" 8 | }, 9 | "Action": "*", 10 | "Resource": "*", 11 | "Condition": { 12 | "StringEquals": { 13 | "aws:PrincipalOrgID": "${ORG_ID}" 14 | } 15 | } 16 | }, 17 | { 18 | "Sid": "AllowRequestsByAWSServicePrincipals", 19 | "Effect": "Allow", 20 | "Principal": { 21 | "AWS": "*" 22 | }, 23 | "Action": "*", 24 | "Resource": "*", 25 | "Condition": { 26 | "Bool": { 27 | "aws:PrincipalIsAWSService": "true" 28 | } 29 | } 30 | } 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/vpc-endpoint-policies/default.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement": [ 3 | { 4 | "Sid": "AllowRequestsByOrgsIdentities", 5 | "Effect": "Allow", 6 | "Principal": { 7 | "AWS": "*" 8 | }, 9 | "Action": "*", 10 | "Resource": "*", 11 | "Condition": { 12 | "StringEquals": { 13 | "aws:PrincipalOrgID": "${ORG_ID}" 14 | } 15 | } 16 | }, 17 | { 18 | "Sid": "AllowRequestsByAWSServicePrincipals", 19 | "Effect": "Allow", 20 | "Principal": { 21 | "AWS": "*" 22 | }, 23 | "Action": "*", 24 | "Resource": "*", 25 | "Condition": { 26 | "Bool": { 27 | "aws:PrincipalIsAWSService": "true" 28 | } 29 | } 30 | } 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/bucket-policies/elb-logs-bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Policy from file", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "AWS": "*" 9 | }, 10 | "Action": [ 11 | "s3:List*" 12 | ], 13 | "Resource": [ 14 | "arn:aws:s3:::existing-elb-logs-bucket-${ACCOUNT_ID}-${REGION}", 15 | "arn:aws:s3:::existing-elb-logs-bucket-${ACCOUNT_ID}-${REGION}/*" 16 | ], 17 | "Condition": { 18 | "StringEquals": { 19 | "aws:PrincipalOrgID": "${ORG_ID}" 20 | } 21 | } 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/bucket-policies/elb-logs-bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Policy from file", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "AWS": "*" 9 | }, 10 | "Action": [ 11 | "s3:List*" 12 | ], 13 | "Resource": [ 14 | "arn:aws:s3:::existing-elb-logs-bucket-${ACCOUNT_ID}-${REGION}", 15 | "arn:aws:s3:::existing-elb-logs-bucket-${ACCOUNT_ID}-${REGION}/*" 16 | ], 17 | "Condition": { 18 | "StringEquals": { 19 | "aws:PrincipalOrgID": "${ORG_ID}" 20 | } 21 | } 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/bucket-policies/elb-logs-bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Policy from file", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "AWS": "*" 9 | }, 10 | "Action": [ 11 | "s3:List*" 12 | ], 13 | "Resource": [ 14 | "arn:aws:s3:::existing-elb-logs-bucket-${ACCOUNT_ID}-${REGION}", 15 | "arn:aws:s3:::existing-elb-logs-bucket-${ACCOUNT_ID}-${REGION}/*" 16 | ], 17 | "Condition": { 18 | "StringEquals": { 19 | "aws:PrincipalOrgID": "${ORG_ID}" 20 | } 21 | } 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/__snapshots__/dhcp-options.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`DhcpOptions > Construct(DhcpOptions): Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "TestDhcpOpts22CADF8A": { 7 | "Properties": { 8 | "DomainName": "test.com", 9 | "DomainNameServers": [ 10 | "1.1.1.1", 11 | ], 12 | "NetbiosNameServers": [ 13 | "1.1.1.1", 14 | ], 15 | "NetbiosNodeType": 2, 16 | "NtpServers": [ 17 | "1.1.1.1", 18 | ], 19 | "Tags": [ 20 | { 21 | "Key": "Name", 22 | "Value": "Test", 23 | }, 24 | ], 25 | }, 26 | "Type": "AWS::EC2::DHCPOptions", 27 | }, 28 | }, 29 | } 30 | `; 31 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/common-functions.ts: -------------------------------------------------------------------------------- 1 | import * as path from 'path'; 2 | import * as fs from 'fs'; 3 | 4 | // Copies Resource Policy files to the Lambda directory for packaging 5 | export function copyPoliciesToDeploymentPackage( 6 | filePaths: { name: string; path: string; tempPath: string }[], 7 | deploymentPackagePath: string, 8 | accountId: string, 9 | ) { 10 | // Make policy folder 11 | fs.mkdirSync(path.join(deploymentPackagePath, 'policies', accountId), { recursive: true }); 12 | 13 | for (const policyFilePath of filePaths) { 14 | //copy from generated temp path to original policy path 15 | fs.copyFileSync( 16 | path.join(policyFilePath.tempPath), 17 | path.join(deploymentPackagePath, 'policies', accountId, `${policyFilePath.name.toUpperCase()}.json`), 18 | ); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/lib/aws-servicecatalog/share-portfolio-with-org/test/static-input.ts: -------------------------------------------------------------------------------- 1 | export abstract class StaticInput { 2 | public static readonly newPropsOrgShare = { 3 | portfolioId: 'portfolioId', 4 | organizationId: 'organizationId', 5 | tagShareOptions: 'true', 6 | }; 7 | public static readonly orgIdOrgError = { 8 | portfolioId: 'portfolioId', 9 | organizationId: 'organizationId', 10 | organizationalUnitId: 'organizationalUnitId', 11 | tagShareOptions: 'true', 12 | }; 13 | public static readonly noOrgIdOrgError = { 14 | portfolioId: 'portfolioId', 15 | tagShareOptions: 'true', 16 | }; 17 | public static readonly newPropsOuShare = { 18 | portfolioId: 'portfolioId', 19 | organizationalUnitId: 'organizationalUnitId', 20 | tagShareOptions: 'true', 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /source/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "alwaysStrict": true, 4 | "noFallthroughCasesInSwitch": true, 5 | "noImplicitAny": true, 6 | "noImplicitReturns": true, 7 | "noImplicitThis": true, 8 | "noPropertyAccessFromIndexSignature": true, 9 | "noUnusedParameters": true, 10 | "noUnusedLocals": true, 11 | "resolveJsonModule": true, 12 | "strict": true, 13 | "module": "nodenext", 14 | "declaration": true, 15 | "esModuleInterop": true, 16 | "forceConsistentCasingInFileNames": true, 17 | "preserveSymlinks": true, 18 | "sourceMap": true, 19 | "target": "ES2022", 20 | "lib": ["es2022"], 21 | "composite": false, 22 | "useDefineForClassFields": false, 23 | "skipLibCheck": true, 24 | "assumeChangesOnlyAffectDirectDependencies": true 25 | }, 26 | "ts-node": { "swc": true } 27 | } 28 | -------------------------------------------------------------------------------- /source/mkdocs/docs/faq/index.md: -------------------------------------------------------------------------------- 1 | # Frequently Asked Questions (FAQ) 2 | 3 | This section contains several categories of FAQs about the Landing Zone Accelerator solution. 4 | 5 | !!! info "Subpages" 6 | - [General](./general.md) 7 | - [Architecture](./architecture.md) 8 | - [AWS Control Tower and Customizations for Control Tower](./ct-cfct.md) 9 | - [Customizations](./customizations.md) 10 | - [Operations](./operations.md) 11 | - Networking: 12 | - [General](./networking/general.md) 13 | - [Deep Packet Inspection](./networking/dpi.md) 14 | - [AWS Direct Connect](./networking/direct-connect.md) 15 | - [AWS Network Firewall](./networking/network-firewall.md) 16 | - [AWS Gateway Load Balancer](./networking/gwlb.md) 17 | - [Security](./security.md) 18 | - Logging 19 | - [Amazon CloudWatch](./logging/cwl.md) 20 | -------------------------------------------------------------------------------- /.github/workflows/automated-tests.yml: -------------------------------------------------------------------------------- 1 | name: Automated Tests 2 | on: 3 | pull_request_review: 4 | types: [submitted, edited, dismissed] 5 | pull_request: 6 | types: 7 | - edited 8 | - opened 9 | - synchronize 10 | - reopened 11 | 12 | jobs: 13 | test: 14 | permissions: 15 | contents: read 16 | pull-requests: read 17 | statuses: write 18 | issues: read 19 | runs-on: ubuntu-latest 20 | 21 | steps: 22 | - uses: actions/checkout@v4 23 | - uses: actions/setup-node@v4 24 | with: 25 | node-version: 18.x 26 | cache: 'yarn' 27 | - name: 'Build and Test' 28 | run: | 29 | cd source 30 | yarn install 31 | yarn lerna run precommit --stream 32 | yarn build 33 | yarn test 34 | env: 35 | ACCELERATOR_PREFIX: AWSAccelerator 36 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/constructs/test/aws-ec2/__snapshots__/ipam-pool.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html 2 | 3 | exports[`IpamPool > Construct(IpamPool): Snapshot Test 1`] = ` 4 | { 5 | "Resources": { 6 | "TestIpamPool2D962DC3": { 7 | "Properties": { 8 | "AddressFamily": "ipv4", 9 | "Description": "Test IPAM pool", 10 | "IpamScopeId": "test-scope", 11 | "Locale": "us-east-1", 12 | "ProvisionedCidrs": [ 13 | { 14 | "Cidr": "10.0.0.0/8", 15 | }, 16 | { 17 | "Cidr": "192.168.0.0/16", 18 | }, 19 | ], 20 | "Tags": [ 21 | { 22 | "Key": "Name", 23 | "Value": "Test", 24 | }, 25 | ], 26 | }, 27 | "Type": "AWS::EC2::IPAMPool", 28 | }, 29 | }, 30 | } 31 | `; 32 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/custom-config-rules/waf-logging-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "wafconfig", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "waf:PutLoggingConfiguration", 9 | "waf:GetLoggingConfiguration", 10 | "waf:GetWebACL", 11 | "wafv2:PutLoggingConfiguration", 12 | "wafv2:GetLoggingConfiguration", 13 | "wafv2:GetWebACL", 14 | "waf-regional:PutLoggingConfiguration", 15 | "waf-regional:GetLoggingConfiguration", 16 | "waf-regional:GetWebACL" 17 | ], 18 | "Resource": [ 19 | "*" 20 | ] 21 | }, 22 | { 23 | "Sid": "logs", 24 | "Effect": "Allow", 25 | "Action": [ 26 | "logs:*" 27 | ], 28 | "Resource": [ 29 | "*" 30 | ] 31 | } 32 | ] 33 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/custom-config-rules/waf-logging-enabled-remediation-role.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "wafconfig", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "waf:PutLoggingConfiguration", 9 | "waf:GetLoggingConfiguration", 10 | "waf:GetWebACL", 11 | "wafv2:PutLoggingConfiguration", 12 | "wafv2:GetLoggingConfiguration", 13 | "wafv2:GetWebACL", 14 | "waf-regional:PutLoggingConfiguration", 15 | "waf-regional:GetLoggingConfiguration", 16 | "waf-regional:GetWebACL" 17 | ], 18 | "Resource": [ 19 | "*" 20 | ] 21 | }, 22 | { 23 | "Sid": "logs", 24 | "Effect": "Allow", 25 | "Action": [ 26 | "logs:*" 27 | ], 28 | "Resource": [ 29 | "*" 30 | ] 31 | } 32 | ] 33 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/test/validation/replacements/valid-config/global-config.yaml: -------------------------------------------------------------------------------- 1 | homeRegion: "{{AcceleratorHomeRegion}}" 2 | enabledRegions: [{{AcceleratorHomeRegion}}, {{NonHomeEnabledRegions}}] 3 | managementAccountAccessRole: OrganizationAccountAccessRole 4 | cloudwatchLogRetentionInDays: 365 5 | terminationProtection: false 6 | controlTower: 7 | enable: false 8 | logging: 9 | account: LogArchive 10 | cloudtrail: 11 | enable: false 12 | organizationTrail: false 13 | sessionManager: 14 | sendToCloudWatchLogs: false 15 | sendToS3: false 16 | tags: 17 | - key: ValidTag 18 | value: "{{DEFINED_PLACEHOLDER}}" # This placeholder is defined 19 | # These placeholders are undefined but commented, validation should not fail 20 | # - key: InvalidTag 21 | # value: "{{UNDEFINED_PLACEHOLDER}}" 22 | # - key: InvalidTag2 23 | # value: "{{UNDEFINED_PLACEHOLDER}}" 24 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/config/validator/utils/common-validator-functions.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 5 | * with the License. A copy of the License is located at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 10 | * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 11 | * and limitations under the License. 12 | */ 13 | 14 | /** 15 | * Returns true if an array contains duplicate values 16 | * @param arr 17 | * @returns 18 | */ 19 | export function hasDuplicates(arr: string[]): boolean { 20 | return new Set(arr).size !== arr.length; 21 | } 22 | -------------------------------------------------------------------------------- /source/mkdocs/docs/developer-guide/index.md: -------------------------------------------------------------------------------- 1 | # Developer Guide 2 | 3 | This section contains guidance about installing Landing Zone Accelerator package dependencies and best practices to follow when contributing code to the solution. 4 | 5 | !!! info "Subpages" 6 | - [Development Dependencies](./dependencies.md) 7 | - [Package Dependencies](./package-dependencies.generated.md) 8 | - [Command Line Interface and Package Scripts](./scripts.md) 9 | - [Architecture and Design Philosophy](./design.md) 10 | - [Feature Development](./features.md) 11 | - [Commit messages](./commits.md) 12 | - [Documentation Guidelines](./doc-guidelines.md) 13 | - [Using JSON Schema](./json-schema.md) 14 | - [Module Development](./module-development/index.md) 15 | 16 | !!! note "See also" 17 | - [Implementation Guide - Developer Guide](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/developer-guide.html) -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/service-control-policies/data-perimeter.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "EnforceResourcePerimeterThirdPartyResources", 6 | "Effect": "Deny", 7 | "Action": ["s3:*", "kms:*", "iam:*"], 8 | "Resource": "*", 9 | "Condition": { 10 | "StringNotEqualsIfExists": { 11 | "aws:ResourceOrgID": "${ORG_ID}", 12 | "aws:ResourceAccount": ${ACCEL_LOOKUP::CUSTOM:ALLOWED_EXTERNAL_ACCOUNTS}, 13 | "aws:SourceVpc": [${ACCEL_LOOKUP::VPC_ID:OU:Infrastructure}], 14 | "aws:sourceVpce": [${ACCEL_LOOKUP::VPCE_ID:ACCOUNT:Network}] 15 | }, 16 | "ForAllValues:StringNotEquals": { 17 | "aws:CalledVia": [ 18 | "dataexchange.amazonaws.com", 19 | "servicecatalog.amazonaws.com" 20 | ] 21 | } 22 | } 23 | } 24 | ] 25 | } 26 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/snapshot-only/service-control-policies/data-perimeter.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "EnforceResourcePerimeterThirdPartyResources", 6 | "Effect": "Deny", 7 | "Action": ["s3:*", "kms:*", "iam:*"], 8 | "Resource": "*", 9 | "Condition": { 10 | "StringNotEqualsIfExists": { 11 | "aws:ResourceOrgID": "${ORG_ID}", 12 | "aws:ResourceAccount": ${ACCEL_LOOKUP::CUSTOM:ALLOWED_EXTERNAL_ACCOUNTS}, 13 | "aws:SourceVpc": [${ACCEL_LOOKUP::VPC_ID:OU:Infrastructure}], 14 | "aws:sourceVpce": [${ACCEL_LOOKUP::VPCE_ID:ACCOUNT:Network}] 15 | }, 16 | "ForAllValues:StringNotEquals": { 17 | "aws:CalledVia": [ 18 | "dataexchange.amazonaws.com", 19 | "servicecatalog.amazonaws.com" 20 | ] 21 | } 22 | } 23 | } 24 | ] 25 | } 26 | -------------------------------------------------------------------------------- /source/packages/@aws-lza/common/constants.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 5 | * with the License. A copy of the License is located at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 10 | * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 11 | * and limitations under the License. 12 | */ 13 | 14 | /** 15 | * Maximum number of parallel module execution 16 | * 17 | * @description 18 | * This is the maximum number of parallel module execution. This is used to limit the number of parallel module execution. 19 | */ 20 | export const MaxConcurrentModuleExecutionLimit = 50; 21 | -------------------------------------------------------------------------------- /source/mkdocs/docs/user-guide/index.md: -------------------------------------------------------------------------------- 1 | # User Guide 2 | 3 | This section contains architectural details and configuration references for the Landing Zone Accelerator solution. 4 | 5 | !!! info "Subpages" 6 | - [Services, Features, and Configuration References](./config.md) 7 | - [Centralized Logging](./logging.md) 8 | - [Security Hub Findings](./securityhub-findings.md) 9 | - [Replacement Variables](./replacement-variables.md) 10 | - [Configuration File Includes](./configuration-include.md) 11 | - [CloudFormation Stack Policy Protection](./stack-policy.md) 12 | - [V2 Network Stack Usage](./v2-stacks.md) 13 | 14 | !!! note "See also" 15 | - [Implementation Guide - Architecture Details](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/architecture-details.html) 16 | - [Implementation Guide - Use the solution](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/use-the-solution.html) -------------------------------------------------------------------------------- /source/lerna.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "node_modules/lerna/schemas/lerna-schema.json", 3 | "version": "2.0.0", 4 | "packages": [ 5 | "packages/@aws-accelerator/accelerator", 6 | "packages/@aws-accelerator/accelerator/lib/lambdas/*", 7 | "packages/@aws-accelerator/config", 8 | "packages/@aws-accelerator/constructs", 9 | "packages/@aws-accelerator/constructs/lib/aws-*/*", 10 | "packages/@aws-accelerator/constructs/lib/data-perimeter/*", 11 | "packages/@aws-accelerator/installer", 12 | "packages/@aws-accelerator/govcloud-account-vending", 13 | "packages/@aws-accelerator/govcloud-account-vending/lib/lambdas/*", 14 | "packages/@aws-accelerator/modules", 15 | "packages/@aws-accelerator/tester", 16 | "packages/@aws-accelerator/tester/lambdas", 17 | "packages/@aws-accelerator/tools", 18 | "packages/@aws-accelerator/utils", 19 | "packages/@aws-cdk-extensions/cdk-extensions" 20 | ], 21 | "npmClient": "yarn" 22 | } 23 | -------------------------------------------------------------------------------- /source/packages/@aws-lza/common/types.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 5 | * with the License. A copy of the License is located at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 10 | * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 11 | * and limitations under the License. 12 | */ 13 | 14 | /** 15 | * Accelerator Environment 16 | */ 17 | export type AcceleratorEnvironment = { 18 | accountId: string; 19 | region: string; 20 | }; 21 | 22 | /** 23 | * Module handler return type 24 | */ 25 | export type ModuleHandlerReturnType = { 26 | status: boolean; 27 | message: string; 28 | }; 29 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/ad-config-scripts/AD-user-group-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupNames, 5 | 6 | [string] 7 | $UserName, 8 | 9 | [string] 10 | $DomainAdminUser, 11 | 12 | [string] 13 | $DomainAdminPassword 14 | ) 15 | 16 | # Turned off logging; 17 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 18 | 19 | #This part of the code gets the domain name and splits it 20 | $fdn=(Get-WmiObject Win32_ComputerSystem).Domain 21 | $dom,$ext=$fdn.split('.') 22 | 23 | $securePassword = ConvertTo-SecureString $DomainAdminPassword -AsPlainText -Force 24 | $credential = New-Object System.Management.Automation.PSCredential $DomainAdminUser, $securePassword 25 | 26 | $groupsArray = $GroupNames -split ',' 27 | 28 | for ($i=0; $i -lt $groupsArray.Length; $i++) { 29 | #Add User to Group 30 | Add-ADGroupMember -Identity $groupsArray[$i] -Members $UserName -Credential $credential 31 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/all-enabled/ad-config-scripts/Join-Domain.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $DomainName, 5 | 6 | [string] 7 | $UserName, 8 | 9 | [string] 10 | $Password 11 | ) 12 | 13 | try { 14 | $ErrorActionPreference = "Stop" 15 | 16 | $pass = ConvertTo-SecureString $Password -AsPlainText -Force 17 | $cred = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName,$pass 18 | 19 | Add-Computer -DomainName $DomainName -Credential $cred -ErrorAction Stop 20 | 21 | # Execute restart after script exit and allow time for external services 22 | $shutdown = Start-Process -FilePath "shutdown.exe" -ArgumentList @("/r", "/t 10") -Wait -NoNewWindow -PassThru 23 | if ($shutdown.ExitCode -ne 0) { 24 | throw "[ERROR] shutdown.exe exit code was not 0. It was actually $($shutdown.ExitCode)." 25 | } 26 | } 27 | catch { 28 | $_ | Write-AWSQuickStartException 29 | } 30 | -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/ad-config-scripts/AD-user-group-setup.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $GroupNames, 5 | 6 | [string] 7 | $UserName, 8 | 9 | [string] 10 | $DomainAdminUser, 11 | 12 | [string] 13 | $DomainAdminPassword 14 | ) 15 | 16 | # Turned off logging; 17 | # Start-Transcript -Path C:\cfn\log\AD-connector-setup.txt 18 | 19 | #This part of the code gets the domain name and splits it 20 | $fdn=(Get-WmiObject Win32_ComputerSystem).Domain 21 | $dom,$ext=$fdn.split('.') 22 | 23 | $securePassword = ConvertTo-SecureString $DomainAdminPassword -AsPlainText -Force 24 | $credential = New-Object System.Management.Automation.PSCredential $DomainAdminUser, $securePassword 25 | 26 | $groupsArray = $GroupNames -split ',' 27 | 28 | for ($i=0; $i -lt $groupsArray.Length; $i++) { 29 | #Add User to Group 30 | Add-ADGroupMember -Identity $groupsArray[$i] -Members $UserName -Credential $credential 31 | } -------------------------------------------------------------------------------- /source/packages/@aws-accelerator/accelerator/test/configs/replacements/ad-config-scripts/Join-Domain.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | param( 3 | [string] 4 | $DomainName, 5 | 6 | [string] 7 | $UserName, 8 | 9 | [string] 10 | $Password 11 | ) 12 | 13 | try { 14 | $ErrorActionPreference = "Stop" 15 | 16 | $pass = ConvertTo-SecureString $Password -AsPlainText -Force 17 | $cred = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName,$pass 18 | 19 | Add-Computer -DomainName $DomainName -Credential $cred -ErrorAction Stop 20 | 21 | # Execute restart after script exit and allow time for external services 22 | $shutdown = Start-Process -FilePath "shutdown.exe" -ArgumentList @("/r", "/t 10") -Wait -NoNewWindow -PassThru 23 | if ($shutdown.ExitCode -ne 0) { 24 | throw "[ERROR] shutdown.exe exit code was not 0. It was actually $($shutdown.ExitCode)." 25 | } 26 | } 27 | catch { 28 | $_ | Write-AWSQuickStartException 29 | } 30 | --------------------------------------------------------------------------------