runbooks 0.2.5__py3-none-any.whl → 0.6.1__py3-none-any.whl

runbooks/cfat/assessment/asana-import.csv

@@ -0,0 +1,39 @@
+"Task", "Description", "Status"
+"cfat - Remove IAM user firdosh.homavazir@vectormetering.com", "Review and determine if IAM user firdosh.homavazir@vectormetering.com can be deleted. - Remediation Link: ", "Not Started"
+"cfat - Remove IAM user firdosh.homavazir@vectormetering.com API key AKIA5HLFQ5445SLUCJ4H ", "Review and determine if IAM user API key AKIA5HLFQ5445SLUCJ4H for firdosh.homavazir@vectormetering.com can be removed. - Remediation Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting", "Not Started"
+"cfat - Remove IAM user firdosh.homavazir@vectormetering.com", "Review and determine if IAM user firdosh.homavazir@vectormetering.com can be deleted. - Remediation Link: ", "Not Started"
+"cfat - Remove IAM user firdosh.homavazir@vectormetering.com API key AKIA5HLFQ544W5ZJXRUA ", "Review and determine if IAM user API key AKIA5HLFQ544W5ZJXRUA for firdosh.homavazir@vectormetering.com can be removed. - Remediation Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting", "Not Started"
+"cfat - Delete VPC in ap-south-1", "Delete any unnecessary VPC in ap-south-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in eu-north-1", "Delete any unnecessary VPC in eu-north-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in eu-west-3", "Delete any unnecessary VPC in eu-west-3 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in eu-west-2", "Delete any unnecessary VPC in eu-west-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in eu-west-1", "Delete any unnecessary VPC in eu-west-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in ap-northeast-3", "Delete any unnecessary VPC in ap-northeast-3 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in ap-northeast-2", "Delete any unnecessary VPC in ap-northeast-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in ap-northeast-1", "Delete any unnecessary VPC in ap-northeast-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in ca-central-1", "Delete any unnecessary VPC in ca-central-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in sa-east-1", "Delete any unnecessary VPC in sa-east-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in ap-southeast-1", "Delete any unnecessary VPC in ap-southeast-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in ap-southeast-2", "Delete any unnecessary VPC in ap-southeast-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in eu-central-1", "Delete any unnecessary VPC in eu-central-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in us-east-1", "Delete any unnecessary VPC in us-east-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in us-east-2", "Delete any unnecessary VPC in us-east-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in us-west-1", "Delete any unnecessary VPC in us-west-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Delete VPC in us-west-2", "Delete any unnecessary VPC in us-west-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started"
+"cfat - Review account email addresses", "Review Account Email Addresses in AWS Organization - Remediation Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-best-practices.html#ru-bp-group", "Not Started"
+"cfat - Deploy Transitional OU", "Deploy Transitional OU in AWS Organization - Remediation Link: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/transitional-ou.html", "Not Started"
+"cfat - Deploy Suspended OU", "Deploy Suspended OU in AWS Organization - Remediation Link: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/suspended-ou.html", "Not Started"
+"cfat - Deploy Workloads OU", "Deploy Workloads OU in AWS Organization - Remediation Link: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/workloads-ou.html", "Not Started"
+"cfat - Deploy Security OU", "Deploy Security OU in AWS Organization - Remediation Link: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/security-ou-and-accounts.html", "Not Started"
+"cfat - Deploy Infrastructure OU", "Deploy Infrastructure OU in AWS Organization - Remediation Link: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/infrastructure-ou-and-accounts.html", "Not Started"
+"cfat - Deploy AWS Control Tower", "Deploy AWS Control Tower in AWS Organization - Remediation Link: https://catalog.workshops.aws/control-tower/en-US/prerequisites/deploying", "Not Started"
+"cfat - Delegate administration of Amazon S3 Storage Lens", "Delegate administration to Amazon S3 Storage Lens - Remediation Link: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-s3lens.html#integrate-enable-da-s3lens", "Not Started"
+"cfat - Delegate administration to AWS IAM Identity Center", "Delegate administration to AWS IAM Identity Center - Remediation Link: https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html", "Not Started"
+"cfat - Delegate administration to AWS IAM Access Analyzer", "Delegate administration to AWS IAM Access Analyzer - Remediation Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#access-analyzer-enabling", "Not Started"
+"cfat - Delegate administration of AWS IAM Access Analyzer", "Delegate administration to AWS IAM Access Analyzer - Remediation Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-settings.html", "Not Started"
+"cfat - Enable AWS GuardDuty", "Enable AWS GuardDuty in AWS Organization - Remediation Link: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-guardduty.html#integrate-enable-ta-guardduty", "Not Started"
+"cfat - Delegate administration of AWS GuardDuty", "Delegate administration to AWS GuardDuty - Remediation Link: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-guardduty.html", "Not Started"
+"cfat - Enable AWS IPAM", "Enable AWS IPAM in AWS Organization - Remediation Link: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ipam.html", "Not Started"
+"cfat - Delegate administration of AWS IPAM", "Delegate administration to AWS IPAM - Remediation Link: https://docs.aws.amazon.com/vpc/latest/ipam/enable-integ-ipam.html", "Not Started"
+"cfat - Delegate administration of AWS Account management", "Delegate administration to AWS Account contact management - Remediation Link: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-account.html#integrate-enable-da-account", "Not Started"
+"cfat - Delegate administration of AWS Backup", "Delegate administration to AWS Backup - Remediation Link: https://docs.aws.amazon.com/aws-backup/latest/devguide/manage-cross-account.html#backup-delegatedadmin", "Not Started"

runbooks/cfat/assessment/cfat-checks.csv

@@ -0,0 +1,31 @@
+check,description,status,required,weight,loe,remediationLink
+"AWS Organization created","AWS Organization is enabled.","complete",true,6,1,"https://aws.amazon.com/organizations/getting-started/"
+"Management Account created","AWS Management account exists.","complete",true,6,1,"https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html"
+"Management Account IAM users removed","IAM Users should not exist in Management Account.","incomplete",false,4,1,"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting"
+"Management Account EC2 instances removed","EC2 Instances should not exist in Management Account.","incomplete",false,4,1,"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html"
+"Management Account VPCs removed","Management Account should not have any VPCs.","incomplete",false,4,1,"https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md"
+"CloudTrail Trail created","CloudTrail should be enabled within the account.","complete",true,6,3,"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html"
+"CloudTrail Organization Service enabled","CloudTrail should be enabled on the Organization.","complete",true,6,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudtrail.html"
+"CloudTrail Org Trail deployed","At least one CloudTrail Organization Trail should be enabled.","complete",true,6,1,"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html"
+"Config Recorder in Management Account configured","Config Recorder in the Management Account should be enabled.","complete",true,6,2,"https://aws.amazon.com/blogs/mt/managing-aws-organizations-accounts-using-aws-config-and-aws-cloudformation-stacksets/"
+"Config Delivery Channel in Management Account configured","Config Delivery Channel in Management Account should be enabled.","complete",true,6,2,"https://aws.amazon.com/blogs/mt/managing-aws-organizations-accounts-using-aws-config-and-aws-cloudformation-stacksets/"
+"CloudFormation StackSets activated","CloudFormation StackSets should be activated in the CloudFormation console.","incomplete",false,5,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudformation.html#integrate-enable-ta-cloudformation"
+"GuardDuty Organization service enabled","GuardDuty Organization services should be enabled.","incomplete",false,4,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-guardduty.html#integrate-enable-ta-guardduty"
+"RAM Organization service enabled","Resource Access Manager (RAM) trusted access should be enabled in the AWS Organization.","complete",false,4,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ram.html#integrate-enable-ta-ram"
+"Security Hub Organization service enabled","Security Hub trusted access should be enabled in the AWS Organization.","complete",false,4,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-securityhub.html#integrate-enable-ta-securityhub"
+"IAM Access Analyzer Organization service enabled","IAM Access Analyzer trusted access should be enabled in the AWS Organization.","incomplete",false,4,1,"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#access-analyzer-enabling"
+"Config Organization service enabled","AWS Config trusted access should be enabled in the AWS Organization.","complete",false,4,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html#integrate-enable-ta-config"
+"CloudFormation Organization service enabled","CloudFormation trusted access should be enabled in the AWS Organization.","complete",false,5,1,"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.html"
+"Top-level Infrastructure OU deployed","Top-level Infrastructure OU should exist.","incomplete",false,5,2,"https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou"
+"Top-level Security OU deployed","Top-level Security OU should exist.","incomplete",true,6,2,"https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou"
+"Top-level Workloads OU deployed","Top-level Workloads OU should exist.","incomplete",false,5,2,"https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou"
+"IAM IdC Organization service enabled","IAM Identity Center trusted access should be enabled in the AWS Organization","complete",true,6,1,"https://docs.aws.amazon.com/singlesignon/latest/userguide/get-set-up-for-idc.html"
+"IAM IdC configured","IAM Identity Center should be configured.","complete",true,6,3,"https://docs.aws.amazon.com/singlesignon/latest/userguide/tutorials.html"
+"Service Control Policies enabled","Service Control Policy should be enabled within the AWS Organization.","complete",true,6,1,"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html"
+"Organization Tag Policy enabled","Tag Policy should be enabled within the AWS Organization.","complete",true,6,1,"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html"
+"Organization Backup Policy enabled","Backup Policy should be enabled within the AWS Organization.","complete",false,5,1,"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html"
+"Control Tower deployed","Control Tower should be deployed.","incomplete",true,6,6,"https://catalog.workshops.aws/control-tower/en-US/prerequisites/deploying"
+"Control Tower latest version","Control Tower should be the latest version.","complete",false,5,2,"https://docs.aws.amazon.com/controltower/latest/userguide/update-controltower.html"
+"Control Tower not drifted","Control Tower should not be drifted.","complete",true,6,2,"https://docs.aws.amazon.com/controltower/latest/userguide/resolve-drift.html"
+"Log Archive account deployed","Log Archive account should exist.","incomplete",true,6,2,"https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html"
+"Audit account deployed","Audit/Security Tooling account should exist.","incomplete",true,6,2,"https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html"

runbooks/cfat/assessment/cfat.txt

@@ -0,0 +1,520 @@
+Cloud Foundation Assessment Tool
+Generated on: Tue, 22 Apr 2025 04:41:25 GMT
+
+
+Incomplete Requirements:
+    INCOMPLETE: Top-level Security OU deployed
+    INCOMPLETE: Control Tower deployed
+    INCOMPLETE: Log Archive account deployed
+    INCOMPLETE: Audit account deployed
+
+====================================
+
+Foundation Status: INCOMPLETE
+Estimate of Required Level of Effort (LOE): 12 hours
+CFAT Score: 99 out of 158
+
+====================================
+
+Foundation Checks:
+┌─────────┬────────────────────────────────────────────────────────────┬───────────────────────────────────────────────────────────────────────────────────────────┬──────────────┬──────────┬────────┬─────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
+│ (index) │ check                                                      │ description                                                                               │ status       │ required │ weight │ loe │ remediationLink                                                                                                                                 │
+├─────────┼────────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┼──────────────┼──────────┼────────┼─────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
+│ 0       │ 'AWS Organization created'                                 │ 'AWS Organization is enabled.'                                                            │ 'complete'   │ true     │ 6      │ 1   │ 'https://aws.amazon.com/organizations/getting-started/'                                                                                         │
+│ 1       │ 'Management Account created'                               │ 'AWS Management account exists.'                                                          │ 'complete'   │ true     │ 6      │ 1   │ 'https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html'                                                               │
+│ 2       │ 'Management Account IAM users removed'                     │ 'IAM Users should not exist in Management Account.'                                       │ 'incomplete' │ false    │ 4      │ 1   │ 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting'                                                       │
+│ 3       │ 'Management Account EC2 instances removed'                 │ 'EC2 Instances should not exist in Management Account.'                                   │ 'incomplete' │ false    │ 4      │ 1   │ 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html'                                                                │
+│ 4       │ 'Management Account VPCs removed'                          │ 'Management Account should not have any VPCs.'                                            │ 'incomplete' │ false    │ 4      │ 1   │ 'https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md'              │
+│ 5       │ 'CloudTrail Trail created'                                 │ 'CloudTrail should be enabled within the account.'                                        │ 'complete'   │ true     │ 6      │ 3   │ 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html'                                                   │
+│ 6       │ 'CloudTrail Organization Service enabled'                  │ 'CloudTrail should be enabled on the Organization.'                                       │ 'complete'   │ true     │ 6      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudtrail.html'                                        │
+│ 7       │ 'CloudTrail Org Trail deployed'                            │ 'At least one CloudTrail Organization Trail should be enabled.'                           │ 'complete'   │ true     │ 6      │ 1   │ 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html'                                                   │
+│ 8       │ 'Config Recorder in Management Account configured'         │ 'Config Recorder in the Management Account should be enabled.'                            │ 'complete'   │ true     │ 6      │ 2   │ 'https://aws.amazon.com/blogs/mt/managing-aws-organizations-accounts-using-aws-config-and-aws-cloudformation-stacksets/'                        │
+│ 9       │ 'Config Delivery Channel in Management Account configured' │ 'Config Delivery Channel in Management Account should be enabled.'                        │ 'complete'   │ true     │ 6      │ 2   │ 'https://aws.amazon.com/blogs/mt/managing-aws-organizations-accounts-using-aws-config-and-aws-cloudformation-stacksets/'                        │
+│ 10      │ 'CloudFormation StackSets activated'                       │ 'CloudFormation StackSets should be activated in the CloudFormation console.'             │ 'incomplete' │ false    │ 5      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudformation.html#integrate-enable-ta-cloudformation' │
+│ 11      │ 'GuardDuty Organization service enabled'                   │ 'GuardDuty Organization services should be enabled.'                                      │ 'incomplete' │ false    │ 4      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-guardduty.html#integrate-enable-ta-guardduty'           │
+│ 12      │ 'RAM Organization service enabled'                         │ 'Resource Access Manager (RAM) trusted access should be enabled in the AWS Organization.' │ 'complete'   │ false    │ 4      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ram.html#integrate-enable-ta-ram'                       │
+│ 13      │ 'Security Hub Organization service enabled'                │ 'Security Hub trusted access should be enabled in the AWS Organization.'                  │ 'complete'   │ false    │ 4      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-securityhub.html#integrate-enable-ta-securityhub'       │
+│ 14      │ 'IAM Access Analyzer Organization service enabled'         │ 'IAM Access Analyzer trusted access should be enabled in the AWS Organization.'           │ 'incomplete' │ false    │ 4      │ 1   │ 'https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#access-analyzer-enabling'                                │
+│ 15      │ 'Config Organization service enabled'                      │ 'AWS Config trusted access should be enabled in the AWS Organization.'                    │ 'complete'   │ false    │ 4      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html#integrate-enable-ta-config'                 │
+│ 16      │ 'CloudFormation Organization service enabled'              │ 'CloudFormation trusted access should be enabled in the AWS Organization.'                │ 'complete'   │ false    │ 5      │ 1   │ 'https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.html'                                    │
+│ 17      │ 'Top-level Infrastructure OU deployed'                     │ 'Top-level Infrastructure OU should exist.'                                               │ 'incomplete' │ false    │ 5      │ 2   │ 'https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou'                                                                      │
+│ 18      │ 'Top-level Security OU deployed'                           │ 'Top-level Security OU should exist.'                                                     │ 'incomplete' │ true     │ 6      │ 2   │ 'https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou'                                                                      │
+│ 19      │ 'Top-level Workloads OU deployed'                          │ 'Top-level Workloads OU should exist.'                                                    │ 'incomplete' │ false    │ 5      │ 2   │ 'https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou'                                                                      │
+│ 20      │ 'IAM IdC Organization service enabled'                     │ 'IAM Identity Center trusted access should be enabled in the AWS Organization'            │ 'complete'   │ true     │ 6      │ 1   │ 'https://docs.aws.amazon.com/singlesignon/latest/userguide/get-set-up-for-idc.html'                                                             │
+│ 21      │ 'IAM IdC configured'                                       │ 'IAM Identity Center should be configured.'                                               │ 'complete'   │ true     │ 6      │ 3   │ 'https://docs.aws.amazon.com/singlesignon/latest/userguide/tutorials.html'                                                                      │
+│ 22      │ 'Service Control Policies enabled'                         │ 'Service Control Policy should be enabled within the AWS Organization.'                   │ 'complete'   │ true     │ 6      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html'                                           │
+│ 23      │ 'Organization Tag Policy enabled'                          │ 'Tag Policy should be enabled within the AWS Organization.'                               │ 'complete'   │ true     │ 6      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html'                                           │
+│ 24      │ 'Organization Backup Policy enabled'                       │ 'Backup Policy should be enabled within the AWS Organization.'                            │ 'complete'   │ false    │ 5      │ 1   │ 'https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html'                                           │
+│ 25      │ 'Control Tower deployed'                                   │ 'Control Tower should be deployed.'                                                       │ 'incomplete' │ true     │ 6      │ 6   │ 'https://catalog.workshops.aws/control-tower/en-US/prerequisites/deploying'                                                                     │
+│ 26      │ 'Control Tower latest version'                             │ 'Control Tower should be the latest version.'                                             │ 'complete'   │ false    │ 5      │ 2   │ 'https://docs.aws.amazon.com/controltower/latest/userguide/update-controltower.html'                                                            │
+│ 27      │ 'Control Tower not drifted'                                │ 'Control Tower should not be drifted.'                                                    │ 'complete'   │ true     │ 6      │ 2   │ 'https://docs.aws.amazon.com/controltower/latest/userguide/resolve-drift.html'                                                                  │
+│ 28      │ 'Log Archive account deployed'                             │ 'Log Archive account should exist.'                                                       │ 'incomplete' │ true     │ 6      │ 2   │ 'https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html'                                                   │
+│ 29      │ 'Audit account deployed'                                   │ 'Audit/Security Tooling account should exist.'                                            │ 'incomplete' │ true     │ 6      │ 2   │ 'https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html'                                                   │
+└─────────┴────────────────────────────────────────────────────────────┴───────────────────────────────────────────────────────────────────────────────────────────┴──────────────┴──────────┴────────┴─────┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
+
+
+Start Detailed Report:
+
+
+*********************************************************
+                   MANAGEMENT ACCOUNT
+*********************************************************
+
+AWS ACCOUNT TYPE
+
+  Is in AWS Organization: true
+  Assessing AWS Management Account: true
+
+IAM USERS CHECK
+
+  IAM User: firdosh.homavazir@vectormetering.com
+    User API Key ID: AKIA5HLFQ5445SLUCJ4H
+
+  IAM User: firdosh.homavazir@vectormetering.com
+    User API Key ID: AKIA5HLFQ544W5ZJXRUA
+
+
+EC2 INSTANCE CHECK
+
+  No EC2 instances found.
+
+VPC CHECK
+
+  ap-south-1 - found VPC(s).
+  eu-north-1 - found VPC(s).
+  eu-west-3 - found VPC(s).
+  eu-west-2 - found VPC(s).
+  eu-west-1 - found VPC(s).
+  ap-northeast-3 - found VPC(s).
+  ap-northeast-2 - found VPC(s).
+  ap-northeast-1 - found VPC(s).
+  ca-central-1 - found VPC(s).
+  sa-east-1 - found VPC(s).
+  ap-southeast-1 - found VPC(s).
+  ap-southeast-2 - found VPC(s).
+  eu-central-1 - found VPC(s).
+  us-east-1 - found VPC(s).
+  us-east-2 - found VPC(s).
+  us-west-1 - found VPC(s).
+  us-west-2 - found VPC(s).
+
+AWS CONFIG CHECK
+
+  ap-south-1 - Config Recorder found
+  ap-south-1 - Config Delivery Channel found
+  eu-north-1 - Config Recorder found
+  eu-north-1 - Config Delivery Channel found
+  eu-west-3 - Config Recorder found
+  eu-west-3 - Config Delivery Channel found
+  eu-west-2 - Config Recorder found
+  eu-west-2 - Config Delivery Channel found
+  eu-west-1 - Config Recorder found
+  eu-west-1 - Config Delivery Channel found
+  ap-northeast-3 - Config Recorder found
+  ap-northeast-3 - Config Delivery Channel found
+  ap-northeast-2 - Config Recorder found
+  ap-northeast-2 - Config Delivery Channel found
+  ap-northeast-1 - Config Recorder found
+  ap-northeast-1 - Config Delivery Channel found
+  ca-central-1 - Config Recorder found
+  ca-central-1 - Config Delivery Channel found
+  sa-east-1 - Config Recorder found
+  sa-east-1 - Config Delivery Channel found
+  ap-southeast-1 - Config Recorder found
+  ap-southeast-1 - Config Delivery Channel found
+  ap-southeast-2 - Config Recorder found
+  ap-southeast-2 - Config Delivery Channel found
+  eu-central-1 - Config Recorder found
+  eu-central-1 - Config Delivery Channel found
+  us-east-1 - Config Recorder found
+  us-east-1 - Config Delivery Channel found
+  us-east-2 - Config Recorder found
+  us-east-2 - Config Delivery Channel found
+  us-west-1 - Config Recorder found
+  us-west-1 - Config Delivery Channel found
+  us-west-2 - Config Recorder found
+  us-west-2 - Config Delivery Channel found
+
+MANAGEMENT ACCOUNT TASKS:
+  Remove IAM user firdosh.homavazir@vectormetering.com - Management Account - Review and determine if IAM user firdosh.homavazir@vectormetering.com can be deleted.
+  Remove IAM user firdosh.homavazir@vectormetering.com API key AKIA5HLFQ5445SLUCJ4H  - Management Account - Review and determine if IAM user API key AKIA5HLFQ5445SLUCJ4H for firdosh.homavazir@vectormetering.com can be removed.
+  Remove IAM user firdosh.homavazir@vectormetering.com - Management Account - Review and determine if IAM user firdosh.homavazir@vectormetering.com can be deleted.
+  Remove IAM user firdosh.homavazir@vectormetering.com API key AKIA5HLFQ544W5ZJXRUA  - Management Account - Review and determine if IAM user API key AKIA5HLFQ544W5ZJXRUA for firdosh.homavazir@vectormetering.com can be removed.
+  Delete VPC in ap-south-1 - Management Account - Delete any unnecessary VPC in ap-south-1 to include the default VPC.
+  Delete VPC in eu-north-1 - Management Account - Delete any unnecessary VPC in eu-north-1 to include the default VPC.
+  Delete VPC in eu-west-3 - Management Account - Delete any unnecessary VPC in eu-west-3 to include the default VPC.
+  Delete VPC in eu-west-2 - Management Account - Delete any unnecessary VPC in eu-west-2 to include the default VPC.
+  Delete VPC in eu-west-1 - Management Account - Delete any unnecessary VPC in eu-west-1 to include the default VPC.
+  Delete VPC in ap-northeast-3 - Management Account - Delete any unnecessary VPC in ap-northeast-3 to include the default VPC.
+  Delete VPC in ap-northeast-2 - Management Account - Delete any unnecessary VPC in ap-northeast-2 to include the default VPC.
+  Delete VPC in ap-northeast-1 - Management Account - Delete any unnecessary VPC in ap-northeast-1 to include the default VPC.
+  Delete VPC in ca-central-1 - Management Account - Delete any unnecessary VPC in ca-central-1 to include the default VPC.
+  Delete VPC in sa-east-1 - Management Account - Delete any unnecessary VPC in sa-east-1 to include the default VPC.
+  Delete VPC in ap-southeast-1 - Management Account - Delete any unnecessary VPC in ap-southeast-1 to include the default VPC.
+  Delete VPC in ap-southeast-2 - Management Account - Delete any unnecessary VPC in ap-southeast-2 to include the default VPC.
+  Delete VPC in eu-central-1 - Management Account - Delete any unnecessary VPC in eu-central-1 to include the default VPC.
+  Delete VPC in us-east-1 - Management Account - Delete any unnecessary VPC in us-east-1 to include the default VPC.
+  Delete VPC in us-east-2 - Management Account - Delete any unnecessary VPC in us-east-2 to include the default VPC.
+  Delete VPC in us-west-1 - Management Account - Delete any unnecessary VPC in us-west-1 to include the default VPC.
+  Delete VPC in us-west-2 - Management Account - Delete any unnecessary VPC in us-west-2 to include the default VPC.
+
+*********************************************************
+                    GOVERNANCE
+*********************************************************
+
+AWS ORGANIZATION POLICY TYPES
+
+  Service Control Policies (SCP) enabled: true
+  Tag Policies enabled: true
+  Backup Policies enabled: true
+
+AWS ORGANIZATION CLOUDFORMATION
+
+  AWS CloudFormation Organization stack sets status : ENABLED
+
+CLOUDTRAIL CHECK
+
+  CloudTrail found in ap-southeast-2
+    Is Organization Trail: true
+    Is MultiRegion: true
+
+
+GOVERNANCE SERVICES ENABLED IN AWS ORGANIZATION:
+
+  AWS CloudTrail
+  AWS Config
+
+GOVERNANCE TASKS:
+
+*********************************************************
+                FINANCIAL MANAGEMENT
+*********************************************************
+
+Legacy CUR
+  Is legacy CUR setup: true
+
+CLOUD FINANCIAL MANAGEMENT TASKS:
+
+*********************************************************
+                MULTI-ACCOUNT STRATEGY
+*********************************************************
+
+AWS ORGANIZATION DETAILS
+
+  AWS Organization Id: o-7qetdtd2wa
+  AWS Organization ARN: arn:aws:organizations::909135376185:organization/o-7qetdtd2wa
+  AWS Organization Root OU Id: r-jwu0
+
+AWS ORGANIZATION CLOUDFORMATION
+
+  AWS CloudFormation Organization stack sets status : ENABLED
+
+AWS ORGANIZATION TOP-LEVEL ORGANIZATION UNITS
+
+  List of Organization's top-level OUs and AWS accounts:
+    Organizational Unit: ou-nz-applications
+      Organizational Unit Id: ou-jwu0-ocsm4re1
+      AWS Accounts: None
+
+    Organizational Unit: ou-shared-services
+      Organizational Unit Id: ou-jwu0-72eyxnqv
+      AWS Accounts: None
+
+    Organizational Unit: ou-au-applications
+      Organizational Unit Id: ou-jwu0-xrrithh4
+      AWS Accounts: None
+
+    Organizational Unit: ou-exceptions
+      Organizational Unit Id: ou-jwu0-wxc5o8id
+      AWS Accounts:
+        Demo-Center
+
+    Organizational Unit: ou-security
+      Organizational Unit Id: ou-jwu0-2qhpuvtu
+      AWS Accounts: None
+
+
+AWS ORGANIZATION MEMBER ACCOUNTS
+
+  Account: ams-api-prod
+  Account Email: aws-bc-ams-api-prod@datacom.com
+
+  Account: vams-nz-multi-fuel-apps-non-prod
+  Account Email: aws-bc-vams-nz-multi-fuel-apps-non-prod@datacom.com
+
+  Account: Demo-Center
+  Account Email: aws-bc-demo-center@datacom.com
+
+  Account: vams-nz-multi-fuel-api-non-prod
+  Account Email: aws-bc-vams-nz-multi-fuel-api-non-prod@datacom.com
+
+  Account: bluecurrent-batch-jobs-test
+  Account Email: aws-bc-batch-jobs-test@datacom.com
+
+  Account: ams-av-dw
+  Account Email: aws-bc-ams-av-dw@datacom.com
+
+  Account: bluecurrent-batch-jobs-prod
+  Account Email: aws-bc-batch-jobs-prod@datacom.com
+
+  Account: vams-nz-elec-outbound-sec
+  Account Email: aws-bc-vams-nz-elec-outbound-sec@datacom.com
+
+  Account: bc-corp-prod
+  Account Email: aws-bc-corp-prod@datacom.com
+
+  Account: vams-nz-multi-fuel-api-sandbox
+  Account Email: aws-bc-vams-nz-multi-fuel-api-sandbox@datacom.com
+
+  Account: bc-corp-sit
+  Account Email: aws-bc-corp-sit@datacom.com
+
+  Account: ams-poc1
+  Account Email: aws-bc-ams-poc1@datacom.com
+
+  Account: bc-photo-poc
+  Account Email: aws-bc-photo-poc@datacom.com
+
+  Account: vams-au-elec-external-non-prod
+  Account Email: aws-bc-vams-au-elec-external-non-prod@datacom.com
+
+  Account: vams-au-multi-fuel-apps-non-prod
+  Account Email: aws-bc-vams-au-multi-fuel-apps-non-prod@datacom.com
+
+  Account: vams-au-multi-fuel-apps-sandbox
+  Account Email: aws-bc-vams-au-multi-fuel-apps-sandbox@datacom.com
+
+  Account: bc-commvault-backup
+  Account Email: aws-bc-commvault-backup@datacom.com
+
+  Account: bc-corp-dev
+  Account Email: aws-bc-corp-dev@datacom.com
+
+  Account: vams-au-multi-fuel-api-sandbox
+  Account Email: aws-bc-vams-au-multi-fuel-api-sandbox@datacom.com
+
+  Account: bc-aws-connect-prod
+  Account Email: aws-bc-aws-connect-prod@datacom.com
+
+  Account: bc-corp-monitoring-prod
+  Account Email: aws-bc-corp-monitoring-prod@datacom.com
+
+  Account: bluecurrent-nz-soa-poc
+  Account Email: aws-bc-nz-soa-poc@datacom.com
+
+  Account: vams-nz-elec-datalake-prod
+  Account Email: aws-bc-vams-nz-elec-datalake-prod@datacom.com
+
+  Account: bc-aws-connect-test
+  Account Email: aws-bc-aws-connect-test@datacom.com
+
+  Account: ams-audit
+  Account Email: aws-bc-ams-audit@datacom.com
+
+  Account: bc-datalake-dev
+  Account Email: aws-bc-datalake-dev@datacom.com
+
+  Account: vams-nz-elec-sidecar
+  Account Email: aws-bc-vams-nz-elec-sidecar@datacom.com
+
+  Account: arcs-syd-prod
+  Account Email: aws-bc-arcs-syd-prod@datacom.com
+
+  Account: vams-au-metering-elec-mass-security
+  Account Email: aws-bc-vams-au-metering-elec-mass-security@datacom.com
+
+  Account: bluecurrent-nz-assetmanagement-jde
+  Account Email: aws-bc-nz-assetmanagement-jde@datacom.com
+
+  Account: vams-nz-multi-fuel-apps-sandbox
+  Account Email: aws-bc-vams-nz-multi-fuel-apps-sandbox@datacom.com
+
+  Account: vams-nz-elec-datalake-test
+  Account Email: aws-bc-vams-nz-elec-datalake-test@datacom.com
+
+  Account: ams-centralised-ops
+  Account Email: aws-bc-ams-centralised-ops@datacom.com
+
+  Account: ams-security
+  Account Email: aws-bc-ams-security@datacom.com
+
+  Account: bc-corp-monitoring-non-prod
+  Account Email: aws-bc-corp-monitoring-non-prod@datacom.com
+
+  Account: vams-au-metering-elec-mass-dev
+  Account Email: aws-bc-vams-au-metering-elec-mass-dev@datacom.com
+
+  Account: vams-nz-elec-inbound-sec
+  Account Email: aws-bc-vams-nz-elec-inbound-sec@datacom.com
+
+  Account: vams-au-multi-fuel-api-non-prod
+  Account Email: aws-bc-vams-au-multi-fuel-api-non-prod@datacom.com
+
+  Account: ams-gateway-1
+  Account Email: aws-bc-ams-gateway-1@datacom.com
+
+  Account: ams-admin
+  Account Email: aws-bc-management@datacom.com
+
+  Account: vams-nz-elec-sandbox
+  Account Email: aws-bc-vams-nz-elec-sandbox@datacom.com
+
+  Account: vams-au-metering-elec-mass-preprod
+  Account Email: aws-bc-vams-au-metering-elec-mass-preprod@datacom.com
+
+  Account: vams-nz-elec-internal-non-prod
+  Account Email: aws-bc-vams-nz-elec-internal-non-prod@datacom.com
+
+  Account: vams-au-metering-elec-mass-sit
+  Account Email: aws-bc-vams-au-metering-elec-mass-sit@datacom.com
+
+  Account: vams-au-multi-fuel-api-prod
+  Account Email: aws-bc-vams-au-multi-fuel-api-prod@datacom.com
+
+  Account: ams-api-dev
+  Account Email: aws-bc-ams-api-dev@datacom.com
+
+  Account: ams-appstream-prod
+  Account Email: aws-bc-ams-appstream-prod@datacom.com
+
+  Account: vams-au-elec-internal-non-prod
+  Account Email: aws-bc-vams-au-elec-internal-non-prod@datacom.com
+
+  Account: vams-nz-multi-fuel-api-prod
+  Account Email: aws-bc-vams-nz-multi-fuel-api-prod@datacom.com
+
+  Account: bc-datalake-preprod
+  Account Email: aws-bc-datalake-preprod@datacom.com
+
+  Account: ams-shared-services
+  Account Email: aws-bc-ams-shared-services@datacom.com
+
+  Account: vams-nz-elec-internal-prod
+  Account Email: aws-bc-vams-nz-elec-internal-prod@datacom.com
+
+  Account: vams-nz-metering-elec-mass-security
+  Account Email: aws-bc-vams-nz-metering-elec-mass-security@datacom.com
+
+  Account: vams-au-multi-fuel-apps-prod
+  Account Email: aws-bc-vams-au-multi-fuel-apps-prod@datacom.com
+
+  Account: vams-metering-autotest-prod
+  Account Email: aws-bc-vams-metering-autotest-prod@datacom.com
+
+  Account: vamsnz-syd-prod
+  Account Email: aws-bc-vamsnz-syd-prod@datacom.com
+
+  Account: bc-corp-uat
+  Account Email: aws-bc-corp-uat@datacom.com
+
+  Account: ams-shared-services-non-prod
+  Account Email: aws-bc-ams-shared-services-non-prod@datacom.com
+
+  Account: vams-nz-multi-fuel-apps-prod
+  Account Email: aws-bc-vams-nz-multi-fuel-apps-prod@datacom.com
+
+
+AWS ORGANIZATION ENABLED SERVICES
+
+  The following AWS Services are enabled within your AWS Organization:
+    account.amazonaws.com
+    backup.amazonaws.com
+    cloudtrail.amazonaws.com
+    config-multiaccountsetup.amazonaws.com
+    config.amazonaws.com
+    iam.amazonaws.com
+    member.org.stacksets.cloudformation.amazonaws.com
+    ram.amazonaws.com
+    reporting.trustedadvisor.amazonaws.com
+    resource-explorer-2.amazonaws.com
+    securityhub.amazonaws.com
+    ssm.amazonaws.com
+    sso.amazonaws.com
+    tagpolicies.tag.amazonaws.com
+
+AWS ORGANIZATION INTEGRATED SERVICE REGISTERED DELEGATED ADMINS
+
+  Account: ams-audit
+  Delegated Services:
+    securityhub.amazonaws.com
+
+  Account: ams-centralised-ops
+  Delegated Services:
+    config.amazonaws.com
+    resource-explorer-2.amazonaws.com
+
+
+MULTI-ACCOUNT STRATEGY TASKS:
+  Review Account Email Addresses - Multi-Account Strategy - Review Account Email Addresses in AWS Organization
+  Deploy Transitional OU - Multi-Account Strategy - Deploy Transitional OU in AWS Organization
+  Deploy Suspended OU - Multi-Account Strategy - Deploy Suspended OU in AWS Organization
+  Deploy Workloads OU - Multi-Account Strategy - Deploy Workloads OU in AWS Organization
+  Deploy Security OU - Multi-Account Strategy - Deploy Security OU in AWS Organization
+  Deploy Infrastructure OU - Multi-Account Strategy - Deploy Infrastructure OU in AWS Organization
+
+*********************************************************
+                  LANDING ZONE
+*********************************************************
+
+AWS CONTROL TOWER
+
+  AWS Control Tower is not deployed in the AWS Organization
+
+LANDING ZONE TASKS:
+  Deploy AWS Control Tower - Landing Zone - Deploy AWS Control Tower in AWS Organization
+
+*********************************************************
+                    IDENTITY
+*********************************************************
+
+AWS IAM IDENTITY CENTER
+
+  IdC Region: ap-southeast-2
+  IdC ARN: arn:aws:sso:::instance/ssoins-825940b04bdafef9
+  IdC Instance Id: d-976752e8d5
+
+IDENTITY TASKS:
+  Delegate administration to AWS IAM Identity Center - Identity - Delegate administration to AWS IAM Identity Center
+
+*********************************************************
+                    SECURITY
+*********************************************************
+
+AWS SECURITY SERVICES ENABLED IN AWS ORGANIZATION:
+
+  AWS Security Hub
+  AWS CloudTrail
+  AWS Config
+
+SECURITY TASKS:
+  Delegate administration to AWS GuardDuty - Security - Delegate administration to AWS GuardDuty
+  Delegate administration to AWS IAM Access Analyzer - Security - Delegate administration to AWS IAM Access Analyzer
+  Delegate administration of AWS GuardDuty - Security - Delegate administration to AWS GuardDuty
+  Delegate administration of AWS IAM Access Analyzer - Security - Delegate administration to AWS IAM Access Analyzer
+  Delegate administration of Amazon S3 Storage Lens - Security - Delegate administration to Amazon S3 Storage Lens
+
+*********************************************************
+                    NETWORK
+*********************************************************
+
+NETWORK TASKS:
+  Enable AWS GuardDuty - Network - Enable AWS GuardDuty in AWS Organization
+  Enable AWS IPAM - Network - Enable AWS IPAM in AWS Organization
+  Delegate administration of AWS IPAM - Network - Delegate administration to AWS IPAM
+
+*********************************************************
+                  OBSERVABILITY
+*********************************************************
+
+OBSERVABILITY TASKS:
+  Delegate administration of AWS Account - Observability - Delegate administration to AWS Account
+
+*********************************************************
+               BACKUP AND RECOVERY
+*********************************************************
+
+BACKUP AND RECOVERY TASKS:
+  Delegate administration of AWS Backup - Backup and Recovery - Delegate administration to AWS Backup
+
+
+  END REVIEW