...
CreateNewRole: If role with the name 'ACNMDRCrossAccountRole' does not exist and it needs to be created, select 'Yes'. Otherwise select 'No'
ACNMDRAwsAccountARN: Provide Accenture MDR Account ARN to create cross-account role
ACNMDRExternalId: External ID provided By Accenture MDR for the account. If it is not provided by Accenture MDR, Type External ID as per your choice, ex. <Customer account ID>, Make sure external id matches pattern:
[\w+=,.@:\/-]*as per the AWS document: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.htmlLoggingResource:
a) S3Bucket: If data is going to be collected directly from S3 Bucket
...
PolicyName: It should be a unique policy name that has not been used previously to assign the policy to 'ACNMDRCrossAccountRole'. Recommended PolicyNames - CrossAccountPolicyFor<S3BucketName> or CrossAccountPolicyFor<SQSName> or CrossAccountPolicyFor<LogGroupName>
S3BucketARN: ARN of the S3 bucket from which logs are going to be collected. S3BucketARN is also required if LoggingResource is 'SQS'. Example Values - arn:aws:s3:::<BucketName> or arn:aws:s3:::<BucketName>/<PrefixPath>/. (Note: Keep S3BucketARN blank in case of 'CloudWatchLogs')
SQSOrCloudWatchLogGroupARN: Provide SQS or CloudWatchLogGroup ARN as per LoggingResource selection, SQSOrCloudWatchLogGroupARN required in case of LoggingResource is 'SQS' or 'CloudWatchLogs', (note: Keep SQSOrCloudWatchLogGroupARN blank if LoggingResource is 'S3Bucket')
S3KMSKeyARN: Provide KMS Key ARN used to encrypt S3 Bucket (Note: Value required in case LoggingResource 'S3Bucket' or 'SQS' and s3 Bucket is encrypted)
SQSKMSKeyARN: Provide KMS Key ARN used to encrypt SQS (Note: Value required in case LoggingResource 'SQS' and sqs queue is encrypted)
c. Click on Next
...
7. In the Configure stack option, Add Tags and Permissions required as per the organization standards and nomenclature, or keep it unchanged and click on the Next button.
...