-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcompliance-soc2-production.json
More file actions
56 lines (48 loc) · 1.54 KB
/
compliance-soc2-production.json
File metadata and controls
56 lines (48 loc) · 1.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
{
"stackName": "App-SOC2-Production",
"applicationId": "REPLACE_WITH_APP_ID",
"applicationName": "SOC2 Production Application",
"description": "Production environment with full SOC2 compliance",
"environment": "production",
"runtime": "ec2",
"securityProfile": "production",
"topology": "application-service",
"domain": "example.com",
"subdomain": "app",
"enableSsl": true,
"networkMode": "private-with-nat",
"region": "us-east-1",
"authMode": "application-oidc",
"cognitoAutoProvision": true,
"cognitoDomainPrefix": "app-prod-CHANGEME",
"cognitoMfaEnabled": true,
"cognitoMfaMethod": "totp",
"cognitoCreateGroups": true,
"cognitoAdminGroupName": "Admins",
"cognitoUserGroupName": "Users",
"instanceType": "t3.medium",
"minInstanceCapacity": 2,
"maxInstanceCapacity": 6,
"enableAutoScaling": true,
"cpuTargetUtilization": 60,
"complianceFrameworks": "SOC2",
"complianceMode": "enforce",
"scopeConfigRulesToDeployment": false,
"awsConfigEnabled": true,
"createConfigInfrastructure": true,
"guardDutyEnabled": true,
"guardDutyAlertsConfigured": true,
"auditManagerEnabled": true,
"wafEnabled": true,
"albAccessLogging": true,
"enableFlowlogs": true,
"certificateExpirationMonitoring": true,
"enableS3VersioningRemediation": true,
"enableCloudTrailBucketAccessRemediation": true,
"enableRdsDeletionProtectionRemediation": true,
"enableRdsAutoMinorVersionUpgradeRemediation": true,
"enableMonitoring": true,
"enableEncryption": true,
"logRetentionDays": "730",
"retainStorage": true
}