Getting started
Management
Environments
Compliance
Reference
Troubleshooting
Statement of Work
All deliverables listed have been delivered in accordance with the project.
Send an email to the onboarding team requesting that the new client's SSO infrastructure be created.
Network
If CIDR is customised, ensure that the CIDR between VPCs does not share the same address pool.
‣
‣
Monitoring
If GuardDuty Alarms was disabled, make sure this is correct.
‣
‣
Security
Default VPC is deleted on all accounts and regions.
‣
‣
Root user hardware-MFA has enabled all accounts [⚠️ Warning customer if it is not enabled].
SSO
IAM Identity Center (SSO) is enabled and setup for the customer.
Groups and Permission sets are created for AdministratorAccess and ViewOnlyAccess.
Billing Alerts
Billing Alerts is enabled in the Management account.
‣
Developer experience
We recommend a NX1 showcase to customers.
We recommend that the customer team has been invited to NX1 Tenant.
Compliance
The following items are only required when the customer is aiming for compliance.
Default Security Group All Rules are deleted on all accounts.
Route53 query logs are enabled in production accounts (Optional).
SecurityHub: CIS AWS Foundations Benchmark:
There are no "Critical" failed checks.
"High" and "Medium" failed checks are justifiable.
SecurityHub: AWS Foundational Security Best Practices:
There are no "Critical" failed checks.
"High" and "Medium" failed checks are justifiable.
All relevant SCPs are deployed to the Master account:
‣
‣
Region-lock
‣
Audit-security-lock
‣