Skip to content

tedilabs/terraform-aws-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

67 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

terraform-aws-security

GitHub release (latest SemVer) GitHub pre-commit

Terraform module which creates security related resources on AWS.

Target AWS Services

Terraform Modules from this package were written to manage the following AWS Services with Terraform.

  • AWS IAM
    • Access Analyzer
  • AWS CloudTrail
    • Event Data Store
    • Trail
  • AWS Config
    • Recorder
    • Rules
      • Managed Rules
  • AWS Macie
    • Account

Usage

CloudTrail

module "event_data_store" {
  source  = "tedilabs/security/aws//modules/cloudtrail-event-data-store"
  version = "~> 0.6.0"

  name = "management-event"

  level = "ACCOUNT"
  scope = "REGIONAL"


  ## Event Selector
  event_type = "CLOUDTRAIL_EVENTS"
  event_selectors = [
    {
      category        = "MANAGEMENT"
      scope           = "READ"
      exclude_sources = ["kms.amazonaws.com"]
    },
    {
      category      = "DATA"
      scope         = "ALL"
      resource_type = "AWS::S3::Object"
      selectors = [
        {
          field    = "resource_arn"
          operator = "ends_with"
          values   = ["hello"]
        }
      ]
    },
    {
      category      = "DATA"
      scope         = "WRITE"
      resource_type = "AWS::S3Outposts::Object"
      selectors = [
        {
          field    = "event_name"
          operator = "starts_with"
          values   = ["Put"]
        }
      ]
    },
  ]


  ## IAM Role
  import_trail_events_iam_role = {
    enabled = true
    source_s3_buckets = [
      {
        name = "helloworld"
        key_prefix = "asdf/"
      },
      {
        name = "foo"
        key_prefix = "bar/"
      },
      {
        name = "demo"
        key_prefix = ""
      },
    ]
  }


  ## Attributes
  retention_in_days              = 365 * 7
  termination_protection_enabled = false

  tags = {
    "project" = "terraform-aws-security-examples"
  }
}

Examples

CloudTrail

Macie

Self Promotion

Like this project? Follow the repository on GitHub. And if you're feeling especially charitable, follow posquit0 on GitHub.

License

Provided under the terms of the Apache License.

Copyright Β© 2021-2023, Byungjin Park.