Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: CC-BY-SA-4.0
The Quick Setup provides the ability to deploy all of the SRA solutions via a single centralized CloudFormation template. Review the individual solution documentation to get the details of what is deployed and configured. Quick Setup utilizes the <solution_name>-main-ssm.yaml template within each of the corresponding solutions for deployment. Deploy Parameters are provided to allow the selection of which solutions to deploy within the environment along with solution specific parameters .
There are rules built into the Quick Setup CloudFormation template to prevent the deployment of a solution without it's dependent solution(s). Review the Example Solutions table within the main README to understand which solutions have dependencies.
Quick Setup was created with the intention of simplifying the setup of new environments but it can be leveraged by existing SRA environments. If one of the SRA solutions has been deployed within the environment, follow the below options to prevent any conflicts.
- Option 1 - Set the
Deploy Parameterfor each of the solutions previously deployed toNo.- Note: The Config Management Solution
Deploy Parametermust be set toAlready DeployedorYesto pass the validation rules when it is a dependency of another solution (e.g. Security Hub, Config Organization Conformance Pack).
- Note: The Config Management Solution
- Option 2
- Disable/Delete the previously deployed solutions following the associated solution delete instructions.
- Deploy the solutions using the Quick Setup.
- Deploy the <SOLUTION_NAME> Solution
- Yes = Includes the solution in the deployment
- No = Does not include the solution in the deployment
- Already Deployed = The solution has already been deployed within the environment
- Disable <SOLUTION_NAME>
- Yes = The solution
Deployparameter above must beYes. This will disable the service within all the member accounts/regions. - No = (Default) Use this value when deploying the solution for the first time.
- Yes = The solution
Verify that the SRA Prerequisites Solution has been deployed. Note: This only needs to be done once for all the solutions.
Choose a Deployment Method:
- Download the sra-quick-setup-ssm.yaml template to your Desktop or locate it within the local machine
$HOME/aws-sra-examples/aws_sra_examples/quick_setup/templates/sra-quick-setup-ssm.yaml. - In the
management account (home region), launch an AWS CloudFormation Stack using the sra-quick-setup-ssm.yaml template.
- Download and Stage the SRA Solutions. Note: Get the latest code and run the staging script.
- Update the existing CloudFormation Stack or CFCT configuration. Note: New parameters or changes to existing parameters may require input.
- In the
management account (home region), change theDisable GuardDuty,Disable Macie, andDisable Security Hubparameters totrueand update the AWS CloudFormation Stack (sra-quick-setup-ssm). This will disable the solutions within each of the member accounts/regions. - In the
management account (home region), verify that the GuardDuty, Macie, and Security Hub Lambda functions are finished processing by confirming no more CloudWatch logs are generated. - In the
management account (home region), delete the AWS CloudFormation Stack (sra-quick-setup-ssm). - In the
management account (home region), delete the AWS CloudWatch Log Groups./aws/lambda/<solution_name>for the Lambda functions deployedsra/sra-org-trailfor the SRA Organizations CloudTrail solution
- In the
Log Archive account, empty and delete the S3 buckets created by the SRA solutions (e.g.sra-<solution_name>-<account_id>-<region>).