New: Manage Free Templates for AWS CloudFormation with the widdix CLI

S3 VirusScan

This template creates a Antivirus cluster for S3 buckets. You can connect as many buckets as you like by using S3 Event Notifications. The template has it's own repository: aws-s3-virusscan

Features

Installation Guide

Visit the template's repository for installation instructions: aws-s3-virusscan

Account Password Policy

This template creates an account password policy for your IAM users. You can:

Or just use the suggested defaults.

Installation Guide

  1. Launch Stack
  2. Click Next to proceed with the next step of the wizard.
  3. Specify a name and all parameters for the stack.
  4. Click Next to proceed with the next step of the wizard.
  5. Click Next to skip the Options step of the wizard.
  6. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  7. Click Create to start the creation of the stack.
  8. Wait until the stack reaches the state CREATE_COMPLETE

Authentication Proxy using your GitHub Organization

This template describes a highly available authentication proxy that forwards request to a upstream http(s) endpoint if the user is authenticated against your GitHub Organization.

Architecture

Installation Guide

  1. This templates depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. Launch Stack
  3. Click Next to proceed with the next step of the wizard.
  4. Specify a name and all parameters for the stack.
  5. Click Next to proceed with the next step of the wizard.
  6. Click Next to skip the Options step of the wizard.
  7. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  8. Click Create to start the creation of the stack.
  9. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

CloudTrail across all regions

This template enables CloudTrail to records AWS API calls across all regions in your AWS account. API calls are archived in S3 and also pushed CloudWatch Logs. If new API calls are available in S3 a SNS topic is notified.

Installation Guide

  1. Launch Stack
  2. Click Next to proceed with the next step of the wizard.
  3. Specify a name and all parameters for the stack.
  4. Click Next to proceed with the next step of the wizard.
  5. Click Next to skip the Options step of the wizard.
  6. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  7. Click Create to start the creation of the stack.
  8. Wait until the stack reaches the state CREATE_COMPLETE

If you want to use an external S3 bucket, the bucket needs to have the following S3 bucket policy:

{
  "Version": "2012-10-17",
  "Statement": [{
    "Sid": "AWSCloudTrailAclCheck",
    "Effect": "Allow",
    "Principal": {
      "Service": "cloudtrail.amazonaws.com"
    },
    "Action": "s3:GetBucketAcl",
    "Resource": "arn:aws:s3:::$ExternalTrailBucket"
  }, {
    "Sid": "AWSCloudTrailWrite",
    "Effect": "Allow",
    "Principal": {
      "Service": "cloudtrail.amazonaws.com"
    },
    "Action": "s3:PutObject",
    "Resource": [
      "arn:aws:s3:::$ExternalTrailBucket/AWSLogs/$AccountId[0]/*",
      "arn:aws:s3:::$ExternalTrailBucket/AWSLogs/$AccountId[1]/*",
      "arn:aws:s3:::$ExternalTrailBucket/AWSLogs/$AccountId[2]/*"
    ],
    "Condition": {
      "StringEquals": {
        "s3:x-amz-acl": "bucket-owner-full-control"
      }
    }
  }]
}

Replace $ExternalTrailBucket with the name of your bucket, and add a row for every account you want to write from $AccountId[*].

AWS Config setup

This template enables AWS Config to deliver a AWS resource inventory to S3. Allowing you to keep track of infrastructure changes for compliance and debugging of your cloud infrastructure.

Installation Guide

  1. Launch Stack
  2. Click Next to proceed with the next step of the wizard.
  3. Specify a name and all parameters for the stack.
  4. Click Next to proceed with the next step of the wizard.
  5. Click Next to skip the Options step of the wizard.
  6. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  7. Click Create to start the creation of the stack.
  8. Wait until the stack reaches the state CREATE_COMPLETE

If you want to use an external S3 bucket, the bucket needs to have the following S3 bucket policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AWSConfigBucketPermissionsCheck",
      "Effect": "Allow",
      "Principal": {
        "Service": [
         "config.amazonaws.com"
        ]
      },
      "Action": "s3:GetBucketAcl",
      "Resource": "arn:aws:s3:::$ExternalConfigBucket"
    },
    {
      "Sid": " AWSConfigBucketDelivery",
      "Effect": "Allow",
      "Principal": {
        "Service": [
         "config.amazonaws.com"
        ]
      },
      "Action": "s3:PutObject",
      "Resource": [
        "arn:aws:s3:::$ExternalConfigBucket/AWSLogs/$AccountId[0]/Config/*",
        "arn:aws:s3:::$ExternalConfigBucket/AWSLogs/$AccountId[0]/Config/*",
        "arn:aws:s3:::$ExternalConfigBucket/AWSLogs/$AccountId[2]/Config/*"
      ],
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control" 
        }
      }
    }
  ]
}

Replace $ExternalTrailBucket with the name of your bucket, and add a row for every account you want to write from $AccountId[*].