Product Pages
Get Started Page
CFT: Grant Access for Security Review
3 min
to streamline compliance reviews and foundational technical review (ftr) preparation, awssome io provides a cloudformation template that sets up a cross account auditor role this role enables secure access to aws config and security hub findings, reduces manual audit setup, and ensures automated reporting 👉 important just like with our docid\ ggewxgsbkrqbhzthky9g7 , this stack must be deployed in the docid\ way5qgzwo18pghcnfp6fm compliance evidence for ftr must come from your seller account, and deploying elsewhere (e g , production or staging) won’t satisfy marketplace requirements what the template does this cloudformation template deploys a cross account auditor role for awssome io, enabling secure compliance reviews via aws config and security hub it simplifies audits, automates data delivery, and provides notifications on deployment—while ensuring only read only or controlled write permissions outside of security hub/config config data storage (s3 bucket) creates a versioned, encrypted s3 bucket (awsconfig \[account] \[region]) grants config service access for acl checks and object delivery applies public access blocks to maintain compliance security auditor access (ftr audit iam role) role assumable by awssome account (891377214492) for 12 hour sessions attaches securityaudit and readonlyaccess managed policies adds custom read only permissions for key aws services (tags, orgs, ec2, rds, s3, lambda, iam, cloudtrail, cloudwatch, logs, kms) grants controlled write/edit permissions to security hub (enable/update standards, findings, tags) config (recorder setup, delivery channel, retention) allows creation/passing of service linked roles for aws services automated notification (lambda & eventbridge) deploys a python lambda triggered on stack create complete publishes json payload (customer id, publisher name, region, stack name, outputs, ftr role arn) to sns topic ftr access output provides instant audit ready alerts and enables integration with downstream systems outputs exports the ftr role arn auto fills the publishername parameter ✅ key takeaway deploy this template in your marketplace seller account it ensures that ftr auditors and compliance processes have the correct, secure, read only visibility into your environment while keeping your production and staging accounts untouched
