You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cd3_automation_toolkit/documentation/user_guide/learn_more/CISFeatures.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,12 +4,12 @@
4
4
Below CIS Features have been included as part of Automation Toolkit. These are not part of CD3 Excel sheet but just included into setUpOCI Menu "**CIS Compliance Features**".
5
5
6
6
7
-
**1. Run CIS compliance checker script**
7
+
#### **1. Run CIS compliance checker script**
8
8
9
9
You can choose to run CIS compliance checker script against your tennacy using the Automation Toolkit itself. It also enables you to download the latet script if needed. Folder with name _<customer\_name>\_cis\_report_ gets created under _/cd3user/tenancies/<customer\_name>/_ and it contains all the reports genertaed by the script.
10
10
<br>As a best practice, the script should be executed after every deployment in the tenancy. And the output report should be analysed to minimise the reported anomalies as per the design requirements.
11
11
12
-
**2. Create Key/Vault, Object Storage Bucket and enable Logging for write events to bucket:**
12
+
#### **2. Create Key/Vault, Object Storage Bucket and enable Logging for write events to bucket:**
13
13
14
14
Below tf files are created
15
15
@@ -20,15 +20,15 @@ Below tf files are created
20
20
|cis-oss.auto.tfvars |TF variables file for creating OSS bucket using above key (instead of Oracle Managed Keys). This is also created under specified region directory.|
21
21
|cis-oss-logging.auto.tfvars|TF variables file for enabling logging for write events of the above created bucket. This is also created under specified region directory.|
22
22
23
-
**3. Create Default Budget:**
23
+
#### **3. Create Default Budget:**
24
24
25
25
This option will ask for monthly budget (in US$) and Threshold percentage of Budget and bellow tf files are created:
26
26
27
27
| File name | Description|
28
28
|---|---|
29
29
|cis-budget.auto.tfvars |TF variables file for crating budget.|
30
30
31
-
**4. Enable Cloud guard**
31
+
#### **4. Enable Cloud guard**
32
32
33
33
This will enable cloud guard for tenancy from home region, creates Oracle Managed detector and responder recipes. Also creates a target for root compartment with the default Oracle Managed recipes.
34
34
Below TF file is created:
@@ -37,7 +37,7 @@ Below TF file is created:
37
37
|---|---|
38
38
|cis-cloudguard.auto.tf |vars TF variables file for enabling cloud guard and creating target for root compartment. |
39
39
40
-
**5. Enable VCN Flow Logs**
40
+
#### **5. Enable VCN Flow Logs**
41
41
42
42
This will enable Flow logs for all the subnets mentioned in Subnets' tab of CD3 Excel sheet. Log group for each VCN is created under the same compartment as specified for VCN and all subnets are added as logs to this log group.
0 commit comments