When onboarding an account or organization to Stax, several services require configuration for the Stax Assurance processes to be successful.
If you are configuring an existing AWS Organization's management account for onboarding, you must follow these steps. If configuring a newly provisioned AWS account that will become an Organization management account, these steps are not required.
Reconfigure AWS Config
AWS Config must have default configuration recorders and delivery channels deleted so Stax can recreate them. Perform the following tasks for every region in the AWS account to be onboarded.
- Use the delete-configuration-recorder command to delete your current AWS Config Configuration Recorder:
$ aws configservice --region ap-southeast-2 delete-configuration-recorder --configuration-recorder-name default
- Use the delete-delivery-channel command to delete the delivery channel:
$ aws configservice --region ap-southeast-2 delete-delivery-channel --delivery-channel-name default
Reconfigure Amazon GuardDuty
Amazon GuardDuty must have members and detectors deleted so Stax can recreate them. Perform the following tasks in the AWS account to be onboarded:
- Use the delete-members command to delete GuardDuty members:
$ aws guardduty delete-members --detector-id <value> --account-ids <value>
- Use the delete-detector command to delete the GuardDuty detector:
$ aws guardduty delete-detector --detector-id <value>