Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.
Other
965
stars
235
forks
source link
[FEATURE] Possibility to set pExcludeS3BlockAccountPublicAccessTags Parameter without using SRA in us-east-1 #227
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Is your feature request related to a problem? Please describe
When tagging an account in Organizations, the CloudTrail event gets created in us-east-1 as Organizations is a global service. When using SRA in a region which is not us-east-1, the setting of the parameter pExcludeS3BlockAccountPublicAccessTags has no effect as the CloudTrail event just exists in us-east-1
Describe the solution you'd like
Adjustment in the EventBridge trigger or somewhere else to execute the Lambda function which is f.e. located in eu-central-1 eventhough the event is created in us-east-1
Community Note
Is your feature request related to a problem? Please describe
When tagging an account in Organizations, the CloudTrail event gets created in us-east-1 as Organizations is a global service. When using SRA in a region which is not us-east-1, the setting of the parameter pExcludeS3BlockAccountPublicAccessTags has no effect as the CloudTrail event just exists in us-east-1
Describe the solution you'd like
Adjustment in the EventBridge trigger or somewhere else to execute the Lambda function which is f.e. located in eu-central-1 eventhough the event is created in us-east-1