precommit

squareops · Aug 29, 2023 · 2c48ef8 · 2c48ef8
1 parent 365c810
commit 2c48ef8
Show file tree

Hide file tree

Showing 8 changed files with 42 additions and 44 deletions.
diff --git a/README.md b/README.md
@@ -213,7 +213,8 @@ To find more information about our company, visit [squareops.com](https://square
 | <a name="input_check_level"></a> [check\_level](#input\_check\_level) | CIS level-2 checks deployment | `string` | `""` | no |
 | <a name="input_cloudtrail_event_selector_type"></a> [cloudtrail\_event\_selector\_type](#input\_cloudtrail\_event\_selector\_type) | Types of events that will be aggregated in CloudTrail | `string` | `"All"` | no |
 | <a name="input_cloudtrail_kms_policy"></a> [cloudtrail\_kms\_policy](#input\_cloudtrail\_kms\_policy) | KMS policy for Cloudtrail Logs | `string` | `""` | no |
-| <a name="input_cloudwatch_logs_kms_id"></a> [cloudwatch\_logs\_kms\_id](#input\_cloudwatch\_logs\_kms\_id) | KMS key for CloudWatch Logs Encryption | `string` | `""` | no |
+| <a name="input_cloudwatch_log_group_retention_days"></a> [cloudwatch\_log\_group\_retention\_days](#input\_cloudwatch\_log\_group\_retention\_days) | Enter the number of days in which you want your cloud watch log group for cloudtrail will got expired | `number` | `30` | no |
+| <a name="input_cloudwatch_logs_kms_key_arn"></a> [cloudwatch\_logs\_kms\_key\_arn](#input\_cloudwatch\_logs\_kms\_key\_arn) | KMS key for CloudWatch Logs Encryption | `string` | `""` | no |
 | <a name="input_config_enabled"></a> [config\_enabled](#input\_config\_enabled) | Set it to true to enable AWS Config | `bool` | `true` | no |
 | <a name="input_cron_expression"></a> [cron\_expression](#input\_cron\_expression) | Expession to trigger lambda function regularly on the schedule | `string` | `"cron(0 22 1,10,20,28 * ? 2023)"` | no |
 | <a name="input_cw_log_enabled"></a> [cw\_log\_enabled](#input\_cw\_log\_enabled) | Set it to true to aggregate logs on CloudWatch | `bool` | `true` | no |

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -14,26 +14,26 @@ module "cis" {
 
   source = "../../"
 
-  name                             = local.name
-  region                           = local.region
-  email                            = "skaf-demo@squareops.com"
-  cron_expression                  = "cron(0 22 1,10,20,28 * ? 2023)"
-  check_level                      = local.check_level
-  s3_enabled                       = true
-  config_enabled                   = true
-  include_global_resource_types    = true
-  cw_log_enabled                   = true
-  alerting_enabled                 = true
-  multiple_access_key_notification = true
-  multiple_access_key_deactivate   = false
-  disable_unused_cred_90_days      = false
-  notify_unused_cred_90_days       = true
-  notify_unused_cred_45_days       = true
-  disable_unused_cred_45_days      = false
-  remove_ssl_tls_iam               = false
-  enable_guard_duty                = true
-  enable_security_hub              = true
-  mfa_iam_group_name               = "mfa-group" ## enter your user group name
-  cloudwatch_logs_kms_key_arn      = "arn:aws:kms:us-east-1:427743860237:key/3116fc04-dbbd-4648-b42e-88e0e2c036db" ## enter kms key id for encrypting cloudwatch log group of cloud trail
+  name                                = local.name
+  region                              = local.region
+  email                               = "skaf-demo@squareops.com"
+  cron_expression                     = "cron(0 22 1,10,20,28 * ? 2023)"
+  check_level                         = local.check_level
+  s3_enabled                          = true
+  config_enabled                      = true
+  include_global_resource_types       = true
+  cw_log_enabled                      = true
+  alerting_enabled                    = true
+  multiple_access_key_notification    = true
+  multiple_access_key_deactivate      = false
+  disable_unused_cred_90_days         = false
+  notify_unused_cred_90_days          = true
+  notify_unused_cred_45_days          = true
+  disable_unused_cred_45_days         = false
+  remove_ssl_tls_iam                  = false
+  enable_guard_duty                   = true
+  enable_security_hub                 = true
+  mfa_iam_group_name                  = "mfa-group"                                                                   ## enter your user group name
+  cloudwatch_logs_kms_key_arn         = "arn:aws:kms:us-east-1:427743860237:key/3116fc04-dbbd-4648-b42e-88e0e2c036db" ## enter kms key id for encrypting cloudwatch log group of cloud trail
   cloudwatch_log_group_retention_days = 60
 }
diff --git a/examples/complete/output.tf b/examples/complete/output.tf
@@ -22,7 +22,3 @@ output "access_log_bucket_arn" {
   description = "access log bucket arn"
   value       = module.cis.access_log_bucket_id
 }
-
-
-
-
diff --git a/main.tf b/main.tf
@@ -1,18 +1,18 @@
 data "aws_region" "current" {}
 
 module "cis-level-1" {
-  source                         = "./modules/cis-level-1"
-  name                           = var.name
-  region                         = data.aws_region.current.name
-  email                          = var.email
-  mfa_iam_group_name             = var.mfa_iam_group_name
-  s3_enabled                     = var.s3_enabled
-  cw_log_enabled                 = var.cw_log_enabled
-  multiple_access_key_deactivate = var.multiple_access_key_deactivate
-  disable_unused_cred_90_days    = var.disable_unused_cred_90_days
-  disable_unused_cred_45_days    = var.disable_unused_cred_45_days
-  remove_ssl_tls_iam             = var.remove_ssl_tls_iam
-  cloudwatch_logs_kms_key_arn    = var.cloudwatch_logs_kms_key_arn
+  source                              = "./modules/cis-level-1"
+  name                                = var.name
+  region                              = data.aws_region.current.name
+  email                               = var.email
+  mfa_iam_group_name                  = var.mfa_iam_group_name
+  s3_enabled                          = var.s3_enabled
+  cw_log_enabled                      = var.cw_log_enabled
+  multiple_access_key_deactivate      = var.multiple_access_key_deactivate
+  disable_unused_cred_90_days         = var.disable_unused_cred_90_days
+  disable_unused_cred_45_days         = var.disable_unused_cred_45_days
+  remove_ssl_tls_iam                  = var.remove_ssl_tls_iam
+  cloudwatch_logs_kms_key_arn         = var.cloudwatch_logs_kms_key_arn
   cloudwatch_log_group_retention_days = var.cloudwatch_log_group_retention_days
 }
 

diff --git a/modules/cis-level-1/L1-cloudtrail.tf b/modules/cis-level-1/L1-cloudtrail.tf
@@ -1,8 +1,8 @@
 resource "aws_cloudwatch_log_group" "cloudtrail_events" {
-  name       = format("%s-cloudtrail-log-group", var.name)
-  kms_key_id = var.cloudwatch_logs_kms_key_arn
+  name              = format("%s-cloudtrail-log-group", var.name)
+  kms_key_id        = var.cloudwatch_logs_kms_key_arn
   retention_in_days = var.cloudwatch_log_group_retention_days
-  tags       = var.tags
+  tags              = var.tags
 }
 
 data "aws_iam_policy_document" "cloudtrail_key_policy" {

diff --git a/modules/cis-level-1/README.md b/modules/cis-level-1/README.md
@@ -268,7 +268,8 @@ No modules.
 | <a name="input_audit_log_bucket_custom_policy_json"></a> [audit\_log\_bucket\_custom\_policy\_json](#input\_audit\_log\_bucket\_custom\_policy\_json) | Override cusom policy for S3 Logging bucket | `string` | `""` | no |
 | <a name="input_cloudtrail_event_selector_type"></a> [cloudtrail\_event\_selector\_type](#input\_cloudtrail\_event\_selector\_type) | Types of events that will be aggregated in CloudTrail | `string` | `"All"` | no |
 | <a name="input_cloudtrail_kms_policy"></a> [cloudtrail\_kms\_policy](#input\_cloudtrail\_kms\_policy) | KMS policy for Cloudtrail Logs | `string` | `""` | no |
-| <a name="input_cloudwatch_logs_kms_id"></a> [cloudwatch\_logs\_kms\_id](#input\_cloudwatch\_logs\_kms\_id) | KMS key for CloudWatch Logs Encryption | `string` | `""` | no |
+| <a name="input_cloudwatch_log_group_retention_days"></a> [cloudwatch\_log\_group\_retention\_days](#input\_cloudwatch\_log\_group\_retention\_days) | Enter the number of days in which you want your cloud watch log group for cloudtrail will got expired | `number` | `30` | no |
+| <a name="input_cloudwatch_logs_kms_key_arn"></a> [cloudwatch\_logs\_kms\_key\_arn](#input\_cloudwatch\_logs\_kms\_key\_arn) | KMS key for CloudWatch Logs Encryption | `string` | `""` | no |
 | <a name="input_cron_expression"></a> [cron\_expression](#input\_cron\_expression) | Expession to trigger lambda function regularly on the schedule | `string` | `"cron(0 22 1,10,20,28 * ? 2023)"` | no |
 | <a name="input_cw_log_enabled"></a> [cw\_log\_enabled](#input\_cw\_log\_enabled) | Set it to true to aggregate logs on CloudWatch | `bool` | `true` | no |
 | <a name="input_disable_unused_cred_45_days"></a> [disable\_unused\_cred\_45\_days](#input\_disable\_unused\_cred\_45\_days) | It will disable cred for more than 45 days | `bool` | `false` | no |

diff --git a/modules/soc2/output.tf b/modules/soc2/output.tf
@@ -6,4 +6,4 @@ output "guardduty_bucket_id" {
 output "guardduty_bucket_arn" {
   description = "S3 bucket for storing guardduty findings."
   value       = aws_s3_bucket.gd_bucket[0].arn
-}
+}
diff --git a/variable.tf b/variable.tf
@@ -220,4 +220,4 @@ variable "cloudwatch_log_group_retention_days" {
   type        = number
   default     = 30
   description = "Enter the number of days in which you want your cloud watch log group for cloudtrail will got expired"
-}
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -22,7 +22,3 @@ output "access_log_bucket_arn" {
		description = "access log bucket arn"
		value = module.cis.access_log_bucket_id
		}