Created
November 21, 2025 19:43
-
-
Save okram999/48226e6311c434a9c752f0f9a026ae51 to your computer and use it in GitHub Desktop.
sample file for referece
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| providers: [] | |
| managedActiveDirectories: | |
| - name: AcceleratorManagedActiveDirectory | |
| type: AWS Managed Microsoft AD | |
| account: niris-ct-network3 | |
| region: us-east-1 | |
| dnsName: example.local | |
| netBiosDomainName: example | |
| description: Example managed active directory | |
| edition: Standard | |
| # resolverRuleName: example-com-rule | |
| vpcSettings: | |
| vpcName: services-hub-vpc | |
| subnets: | |
| - accelerator-Pvt1a-subnet | |
| - accelerator-Pvt1b-subnet | |
| secretConfig: | |
| account: Audit | |
| region: us-east-1 | |
| adminSecretName: admin | |
| sharedOrganizationalUnits: | |
| organizationalUnits: | |
| - Root | |
| excludedAccounts: | |
| - Management | |
| logs: | |
| groupName: /aws/directoryservice/AcceleratorManagedActiveDirectory | |
| retentionInDays: 30 | |
| identityCenter: | |
| name: lzaidentityCenterconfigname | |
| identityCenterPermissionSets: | |
| - name: MyAWSAdministratorAccess | |
| policies: | |
| awsManaged: | |
| - arn:aws:iam::aws:policy/AdministratorAccess | |
| sessionDuration: 60 | |
| identityCenterAssignments: | |
| - name: AssignCentralITAdmins | |
| permissionSetName: MyAWSAdministratorAccess | |
| principals: | |
| - type: USER | |
| name: RichRoe@okram.onmicrosoft.com | |
| deploymentTargets: | |
| organizationalUnits: | |
| - Infrastructure | |
| accounts: | |
| - LogArchive | |
| policySets: | |
| - deploymentTargets: | |
| organizationalUnits: | |
| - Root | |
| policies: | |
| - name: PaloFirewall-Policy | |
| policy: iam-policies/fw-policy.json | |
| roleSets: | |
| - deploymentTargets: | |
| organizationalUnits: | |
| - Root | |
| roles: | |
| - name: EC2-Default-SSM-AD-Role | |
| instanceProfile: true | |
| assumedBy: | |
| - type: service | |
| principal: ec2.amazonaws.com | |
| policies: | |
| awsManaged: | |
| - AmazonSSMManagedInstanceCore | |
| - AmazonSSMDirectoryServiceAccess | |
| - CloudWatchAgentServerPolicy | |
| boundaryPolicy: Default-Boundary-Policy | |
| - name: Backup-Role | |
| # This role is utilized by the Backup Plans defined in global-config.yaml | |
| # We create this role in every account where we plan to have Backup Plans | |
| # and Backup Vaults | |
| assumedBy: | |
| - type: service | |
| principal: backup.amazonaws.com | |
| policies: | |
| awsManaged: | |
| - service-role/AWSBackupServiceRolePolicyForBackup | |
| - service-role/AWSBackupServiceRolePolicyForRestores | |
| - AWSBackupServiceRolePolicyForS3Backup | |
| - AWSBackupServiceRolePolicyForS3Restore | |
| groupSets: [] | |
| userSets: [] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment