feat: localstack - add local config -> centralbucket

VISION.md

@@ -49,7 +49,7 @@ Root
     - [ ] Security Hub
     - [ ] GuardDuty
     - [ ] Macie
-    - [ ] Config
+    - [x] Config
     - [ ] Access Analyzer
     - [ ] Access Logs
     - [ ] DNS Logs
@@ -61,23 +61,23 @@ Root
       - [x] Org CloudTrail
     - [x] CLI:
       - [x] Start Logging
-    - Stack 2: Source of Truth
-      - Security Hub
-      - Inspector
-      - Artifact
-      - Audit Manager
-      - Config Aggregator
-      - Event Bridge
-      - Firewall Manager
-      - Lambda (response)
-      - Detective
-      - Private CA
+    - [ ]Stack 2: Source of Truth
+      - [ ] Security Hub
+      - [ ] Inspector
+      - [ ] Artifact
+      - [ ] Audit Manager
+      - [ ] Config Aggregator
+      - [ ] Event Bridge
+      - [ ] Firewall Manager
+      - [ ] Lambda (response)
+      - [ ] Detective
+      - [ ] Private CA
     - Stack 3: Local
-      - Security Hub
-      - GuardDuty
-      - Macie
-      - Config
-      - Access Analyzer
+    - [ ] Security Hub
+    - [ ] GuardDuty
+    - [ ] Macie
+    - [x] Config
+    - [ ] Access Analyzer
 
   - Network Account
     - Stack 1:
@@ -93,23 +93,23 @@ Root
       - Resolver DNS
       - Network Access Analyzer
     - Stack 2: Local
-      - Security Hub
-      - GuardDuty
-      - Macie
-      - Config
-      - Access Analyzer
+    - [ ] Security Hub
+    - [ ] GuardDuty
+    - [ ] Macie
+    - [x] Config
+    - [ ] Access Analyzer
 
   - Shared Account
     - Stack 1:
       - [x] Set IAM Account Alias
       - Identity Center
       - Systems Manager
     - Stack 2: Local
-      - Security Hub
-      - GuardDuty
-      - Macie
-      - Config
-      - Access Analyzer
+    - [ ] Security Hub
+    - [ ] GuardDuty
+    - [ ] Macie
+    - [x] Config
+    - [ ] Access Analyzer
 
   - Forensics Account
     - Stack 1:
@@ -124,11 +124,11 @@ Root
 
   - Management Account:
     - Stack 3: Local
-      - Security Hub
-      - GuardDuty
-      - Macie
-      - Config
-      - Access Analyzer
+    - [ ] Security Hub
+    - [ ] GuardDuty
+    - [ ] Macie
+    - [x] Config
+    - [ ] Access Analyzer
 
 ### Setup PIPELINE
 

src/deploy.ts

@@ -69,6 +69,8 @@ new LogarchiveAccountStack2(app, 'p6-lz-logarchive-2', {
     account: logarchiveAccountId,
     region: env.region,
   },
+  principals,
+  centralBucketArn: organizationStack.centralBucketArn,
 })
 
 // Audit Account
@@ -111,6 +113,8 @@ new NetworkAccountStack2(app, 'p6-lz-network-2', {
     account: networkAccountId,
     region: env.region,
   },
+  principals,
+  centralBucketArn: organizationStack.centralBucketArn,
 })
 
 // Shared Account
@@ -128,6 +132,8 @@ new SharedAccountStack2(app, 'p6-lz-shared-2', {
     account: sharedAccountId,
     region: env.region,
   },
+  principals,
+  centralBucketArn: organizationStack.centralBucketArn,
 })
 
 // Management Account

src/stacks/audit-1.ts

@@ -20,7 +20,7 @@ export class AuditAccountStack1 extends cdk.Stack {
     })
 
     const cw = new P6LzSraCloudWatch(this, 'P6LzSraCloudWatch', {
-      accountAlias: 'p6m7g8-audit',
+      accountAlias: props.accountAlias,
     })
 
     const bucket = s3.Bucket.fromBucketArn(this, 'CentralBucket', props.centralBucketArn.toString())

src/stacks/logarchive-2.ts

@@ -1,10 +1,20 @@
 import type { Construct } from 'constructs'
+import type { LogarchiveBucketArn, ShareWithOrg } from '../types'
 import * as cdk from 'aws-cdk-lib'
+import * as s3 from 'aws-cdk-lib/aws-s3'
+import { P6LzSraConfig } from '../constructs/p6-lz-sra-config'
 
-interface LogarchiveAccountStack2Props extends cdk.StackProps {}
+interface LogarchiveAccountStack2Props extends cdk.StackProps, LogarchiveBucketArn, ShareWithOrg {}
 
 export class LogarchiveAccountStack2 extends cdk.Stack {
   constructor(scope: Construct, id: string, props: LogarchiveAccountStack2Props) {
     super(scope, id, props)
+
+    const bucket = s3.Bucket.fromBucketArn(this, 'CentralBucket', props.centralBucketArn.toString())
+
+    new P6LzSraConfig(this, 'P6LzSraConfig', {
+      principals: props.principals,
+      centralBucket: bucket,
+    })
   }
 }

src/stacks/network-2.ts

@@ -1,10 +1,20 @@
 import type { Construct } from 'constructs'
+import type { LogarchiveBucketArn, ShareWithOrg } from './../types'
 import * as cdk from 'aws-cdk-lib'
+import * as s3 from 'aws-cdk-lib/aws-s3'
+import { P6LzSraConfig } from '../constructs/p6-lz-sra-config'
 
-interface NetworkAccountStack2Props extends cdk.StackProps {}
+interface NetworkAccountStack2Props extends cdk.StackProps, LogarchiveBucketArn, ShareWithOrg {}
 
 export class NetworkAccountStack2 extends cdk.Stack {
   constructor(scope: Construct, id: string, props: NetworkAccountStack2Props) {
     super(scope, id, props)
+
+    const bucket = s3.Bucket.fromBucketArn(this, 'CentralBucket', props.centralBucketArn.toString())
+
+    new P6LzSraConfig(this, 'P6LzSraConfig', {
+      principals: props.principals,
+      centralBucket: bucket,
+    })
   }
 }

src/stacks/shared-2.ts

@@ -1,10 +1,20 @@
 import type { Construct } from 'constructs'
+import type { LogarchiveBucketArn, ShareWithOrg } from '../types'
 import * as cdk from 'aws-cdk-lib'
+import * as s3 from 'aws-cdk-lib/aws-s3'
+import { P6LzSraConfig } from '../constructs/p6-lz-sra-config'
 
-interface SharedAccountStack2Props extends cdk.StackProps {}
+interface SharedAccountStack2Props extends cdk.StackProps, LogarchiveBucketArn, ShareWithOrg {}
 
 export class SharedAccountStack2 extends cdk.Stack {
   constructor(scope: Construct, id: string, props: SharedAccountStack2Props) {
     super(scope, id, props)
+
+    const bucket = s3.Bucket.fromBucketArn(this, 'CentralBucket', props.centralBucketArn.toString())
+
+    new P6LzSraConfig(this, 'P6LzSraConfig', {
+      principals: props.principals,
+      centralBucket: bucket,
+    })
   }
 }