Documentation ¶
Index ¶
- func DeleteDefaultVPCs(region string, role string, deleteFlag bool, isPrivileged bool) error
- func DisableSecurityHubGlobalResourceControls(globalCollectionRegion string, role string, isPrivileged bool, ...) error
- func EnableGuardDutyAdministratorAccount(region string, administratorAccountRole string, rootRole string, ...) error
- func EnableSecurityHubAdministratorAccount(region string, administratorAccountRole string, rootRole string) error
- func GetAccountID(sess *session.Session) string
- func GetAccountIDWithRole(sess *session.Session, role string) string
- func GetCreds(sess *session.Session, role string) *credentials.Credentials
- func GetEnabledRegions(region string, role string, isPrivileged bool) []string
- func GetSession() *session.Session
- func ListMemberAccountIDs(role string) []string
- type AccountWithEmail
- type SecurityHub
- type Vpc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DeleteDefaultVPCs ¶
DeleteDefaultVPCs deletes all of the default VPCs in all regions of an account
func DisableSecurityHubGlobalResourceControls ¶
func DisableSecurityHubGlobalResourceControls(globalCollectionRegion string, role string, isPrivileged bool, isCloudTrailAccount bool) error
DisableSecurityHubGlobalResourceControls disables Security Hub controls related to Global Resources in regions that aren't collecting Global Resources. It also disables CloudTrail related controls in accounts that aren't the central CloudTrail account.
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis-to-disable.html https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-to-disable.html
func EnableGuardDutyAdministratorAccount ¶
func EnableGuardDutyAdministratorAccount(region string, administratorAccountRole string, rootRole string, autoEnableS3Protection bool) error
EnableGuardDutyAdministratorAccount enables the GuardDuty Administrator account within the AWS Organization
func EnableSecurityHubAdministratorAccount ¶
func EnableSecurityHubAdministratorAccount(region string, administratorAccountRole string, rootRole string) error
EnableSecurityHubAdministratorAccount enables the Security Hub Administrator account within the AWS Organization
func GetAccountID ¶
GetAccountID returns the AWS Account ID of the session
func GetAccountIDWithRole ¶
GetAccountIDWithRole returns the AWS Account ID of the session after assuming a role
func GetCreds ¶
func GetCreds(sess *session.Session, role string) *credentials.Credentials
GetCreds return credentials that can be used on a session
func GetEnabledRegions ¶
GetEnabledRegions provides a list of AWS Regions that are enabled
func ListMemberAccountIDs ¶
ListMemberAccountIDs provides a list of AWS Accounts that are members of the AWS Organization
Types ¶
type AccountWithEmail ¶
AccountWithEmail contains AccountID and Email
func ListMemberAccountIDsWithEmails ¶
func ListMemberAccountIDsWithEmails(role string) []AccountWithEmail
ListMemberAccountIDsWithEmails provides a list of AWS Accounts that are members of the AWS Organization along with their email addresses
type SecurityHub ¶
type SecurityHub struct {
// contains filtered or unexported fields
}
SecurityHub is a struct that represents an AWS Security Hub and attaches methods to perform various operations against it