diff --git a/util/org-multi-account/serverless_codebuild/README.md b/util/org-multi-account/serverless_codebuild/README.md index ef5ef990..c4a727ef 100644 --- a/util/org-multi-account/serverless_codebuild/README.md +++ b/util/org-multi-account/serverless_codebuild/README.md @@ -19,12 +19,12 @@ For more information on how to use prowler, see [here](https://github.com/prowle 1. Deploy [ProwlerRole.yaml](templates/ProwlerRole.yaml) stack to CloudFormation in a bid to create resources to master account itself. (The template will be also deployed for other member accounts as a StackSet) - ProwlerCodeBuildAccount : Audit Acccount ID where CodeBuild resides. (preferably Audit/Security account) - - ProwlerCodeBulidRole : Role name to use in CodeBuild service + - ProwlerCodeBuildRole : Role name to use in CodeBuild service - ProwlerCrossAccountRole : Role name to assume for Cross account - ProwlerS3 : The S3 bucket name where reports will be put 1. Create **StackSet** with [ProwlerRole.yaml](templates/ProwlerRole.yaml) to deploy Role into member accounts in AWS Organizations. - ProwlerCodeBuildAccount : Audit Acccount ID where CodeBuild resides. (preferably Audit/Security account) - - ProwlerCodeBulidRole : Role name to use in CodeBuild service + - ProwlerCodeBuildRole : Role name to use in CodeBuild service - ProwlerCrossAccountRole : Role name to assume for Cross account - ProwlerS3 : The S3 bucket name where reports will be put - Permission : Service-managed permissions diff --git a/util/org-multi-account/serverless_codebuild/README_kr.md b/util/org-multi-account/serverless_codebuild/README_kr.md index 4d6927fd..dd96138c 100644 --- a/util/org-multi-account/serverless_codebuild/README_kr.md +++ b/util/org-multi-account/serverless_codebuild/README_kr.md @@ -23,7 +23,7 @@ prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud [ProwlerRole.yaml](templates/ProwlerRole.yaml) - ProwlerCodeBuildAccount : CodeBuild 가 있는 Audit Acccount ID - - ProwlerCodeBulidRole : CodeBuild의 생성될 Role 이름 + - ProwlerCodeBuildRole : CodeBuild의 생성될 Role 이름 - ProwlerCrossAccountRole : Cross account 용 Assume할 Role 이름 - ProwlerS3 : report 가 저장될 S3 bucket 명 2. 아래 템플릿을 이용하여 CloudFormation **StackSet**을 생성하여, Organazation에 포함된 account 대상으로도 아래 템플릿을 배포합니다. @@ -31,7 +31,7 @@ prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud [ProwlerRole.yaml](templates/ProwlerRole.yaml) - ProwlerCodeBuildAccount : CodeBuild 가 있는 Audit Acccount - - ProwlerCodeBulidRole : CodeBuild에서 사용할 Role 이름 + - ProwlerCodeBuildRole : CodeBuild에서 사용할 Role 이름 - ProwlerCrossAccountRole : Cross account 용 Assume할 Role 이름 - ProwlerS3 : report 가 저장될 S3 bucket 명 - Permission : Service-managed permissions diff --git a/util/org-multi-account/serverless_codebuild/templates/ProwlerRole.yaml b/util/org-multi-account/serverless_codebuild/templates/ProwlerRole.yaml index 5751f1f9..d80ad88c 100644 --- a/util/org-multi-account/serverless_codebuild/templates/ProwlerRole.yaml +++ b/util/org-multi-account/serverless_codebuild/templates/ProwlerRole.yaml @@ -8,7 +8,7 @@ Metadata: default: CodeBuild Settings Parameters: - ProwlerCodeBuildAccount - - ProwlerCodeBulidRole + - ProwlerCodeBuildRole - Label: default: S3 Settings Parameters: @@ -30,7 +30,7 @@ Parameters: AllowedPattern: ^\d{12}$ ConstraintDescription: An AWS Account Number must be a 12 digit numeric string. Default: 411267690458 - ProwlerCodeBulidRole: + ProwlerCodeBuildRole: Type: String Description: Enter Instance Role that will be given to the Prowler CodeBuild (needed to grant sts:AssumeRole rights). AllowedPattern: ^[\w+=,.@-]{1,64}$ @@ -63,7 +63,7 @@ Resources: - sts:AssumeRole Condition: StringLike: - aws:PrincipalArn: !Sub arn:${AWS::Partition}:iam::${ProwlerCodeBuildAccount}:role/${ProwlerCodeBulidRole} + aws:PrincipalArn: !Sub arn:${AWS::Partition}:iam::${ProwlerCodeBuildAccount}:role/${ProwlerCodeBuildRole} ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/SecurityAudit - !Sub arn:${AWS::Partition}:iam::aws:policy/job-function/ViewOnlyAccess