Joern Barthel
Joern Barthel
Use a role name that reflects the username and investigate if that can be enforced in the trust policies conditions.
As it says: adds encrypt / decrypt cmd and references how to use cmd's in general from the POV of modules (as helper scripts).
As a superwerker user I want to start with a green Security Hub so that I don't suffer from alert fatigue from day one on Important: before working on this,...
As an AWS user, I want to be restricted to my main region by default. superwerker could enable the CT region restriction feature for that by default (maybe with a...
Following the strategy to communicate over SSM/OC we should enable certain default ops items: https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-automatically-create-OpsItems-2.html
- Consider migration scenarios like e.g. onboard the old single account into a pseudo greenfield `sw` structure
Document or Automate if possible: - [ ] VAT ID - [ ] Tax inheritance - [ ] Currency selection - [ ] Send invoices as PDF + mailing list...
We are happy users of ADF for organisational / baseline (partially together with CT) as well as workload setups. One thing that is currently missing is integrity protection (in the...
Control Tower uses a 14-day retention policy for it's CloudWatch Logs. Seems reasonable to introduce as a default for ADF as well - or - to preserve backwards compatibility -...
As it says. Right now the name of the deployment OU is not configurable. Since Control Tower (for better or worse) is now the default account factory and introduces capitalised...