SRA genai bedrock capability one

CHANGELOG.md

@@ -57,6 +57,25 @@
 All notable changes to this project will be documented in this file.
 
 ---
+
+## 2025-02-04
+
+### Added<!-- omit in toc -->
+
+- Added [Bedrock](aws_sra_examples/solutions/genai/bedrock_org) solution to deploy the sra-bedrock-org solution for GenAI deep-dive Bedrock capability one security controls.  See https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8n)
+
+## 2025-01-21
+
+### Updated<!-- omit in toc -->
+
+- Updated [Config Management Account](aws_sra_examples/solutions/config/config_management_account) solution to use service-linked role for AWS Config.
+
+## 2025-01-08
+
+### Updated<!-- omit in toc -->
+
+- Updated [Common Prerequisites](aws_sra_examples/solutions/common/common_prerequisites) staging util script to fix lambda layer deploy when using solution_directory.
+
 ## 2024-09-18
 
 ### Added<!-- omit in toc -->

README.md

@@ -140,6 +140,7 @@ Please follow the instructions for SRA Terraform deployments in the [SRA Terrafo
 | :---------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | [Account Alternate Contacts](aws_sra_examples/solutions/account/account_alternate_contacts)           | Sets the billing, operations, and security alternate contacts for all accounts within the organization.                                                                                                                                      |                                                                                                              |                                                                                                                                                                                                                                         |
 | [AMI Bakery](aws_sra_examples/solutions/ami_bakery/ami_bakery_org)                                    | Creates and configures an AMI image management pipeline.                                                                                                                                                                                     |                                                                                                              |                                                                                                                                                                                                                                         |
+| [Bedrock](aws_sra_examples/solutions/genai/bedrock_org)                         | Enables and configures security controls for Bedrock GenAI deep-dive capability one.                                                                                                                                 |                                                                                                              |                                                                                                                                                                                                                                         |
 | [CloudTrail](aws_sra_examples/solutions/cloudtrail/cloudtrail_org)                                    | Organization trail with defaults set to configure data events (e.g. S3 and Lambda) to avoid duplicating the Control Tower configured CloudTrail. Options for configuring management events.                                                  | CloudTrail enabled in each account with management events only.                                              |                                                                                                                                                                                                                                         |
 | [Config Management Account](aws_sra_examples/solutions/config/config_management_account)              | Enables AWS Config in the Management account to allow resource compliance monitoring.                                                                                                                                                        | Configures AWS Config in all accounts except for the Management account in each governed region.             | <ul><li>AWS Control Tower</li></ul>                                                                                                                                                                                                     |
 | [Config Organization Aggregator](aws_sra_examples/solutions/config/config_aggregator_org)             | **Not required for most Control Tower environments.** Deploy an Organization Config Aggregator to a delegated admin other than the Audit account.                                                                                            | Organization Config Aggregator in the Management account and Account Config Aggregator in the Audit account. | <ul><li>AWS Control Tower</li><li>[Common Register Delegated Administrator](aws_sra_examples/solutions/common/common_register_delegated_administrator)</li></ul>                                                                        |

aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/codepipeline.py

@@ -90,7 +90,7 @@ def create_codepipeline(
         "roleArn": "arn:" + aws_partition + ":iam::" + account_id + ":role/" + codepipeline_role_name,
         "artifactStore": {"type": "S3", "location": bucket_name},
         "stages": [
-            {  # type: ignore
+            {
                 "name": pipeline_name + "-CodeCommitSource",
                 "actions": [
                     {
@@ -104,7 +104,7 @@ def create_codepipeline(
                     }
                 ],
             },
-            {  # type: ignore
+            {
                 "name": pipeline_name + "-DeployEC2ImageBuilder",
                 "actions": [
                     {

aws_sra_examples/solutions/config/config_org/lambda/src/config.py

@@ -92,7 +92,7 @@ def set_config_in_org(
     configuration_recorder: ConfigurationRecorderTypeDef = {
         "name": recorder_name,
         "roleARN": role_arn,
-        "recordingGroup": {  # type: ignore
+        "recordingGroup": {
             "allSupported": all_supported,
             "includeGlobalResourceTypes": include_global_resource_types,
             "resourceTypes": resource_types,