Automate the AWS GuardDuty account invitation lifecycle for all of your organizations AWS accounts in all regions as well as aggregate and normalize the GuardDuty findings
Mozilla Public License 2.0
65
stars
14
forks
source link
Create CloudFormation code that provisions service link IAM role #4
So in order to conditionally create the service linked role (because it could exist already) we'd need to use either
2 nested stacks, the parent that runs lambda to find out if the role exists and the child that creates the role conditionally on the parents output (how we did it with mozdef)
Let's put this in the role cloudformation stack that grants role assumption rights. Set it to remain if the stack every gets deleted.