Terraform module which creates security related resources on AWS.
- access-analyzer
- cloudtrail-event-data-store
- cloudtrail-trail
- config-managed-rule
- config-recorder
- macie-account
Terraform Modules from this package were written to manage the following AWS Services with Terraform.
- AWS IAM
- Access Analyzer
- AWS CloudTrail
- Event Data Store
- Trail
- AWS Config
- Recorder
- Rules
- Managed Rules
- AWS Macie
- Account
module "event_data_store" {
source = "tedilabs/security/aws//modules/cloudtrail-event-data-store"
version = "~> 0.6.0"
name = "management-event"
level = "ACCOUNT"
scope = "REGIONAL"
## Event Selector
event_type = "CLOUDTRAIL_EVENTS"
event_selectors = [
{
category = "MANAGEMENT"
scope = "READ"
exclude_sources = ["kms.amazonaws.com"]
},
{
category = "DATA"
scope = "ALL"
resource_type = "AWS::S3::Object"
selectors = [
{
field = "resource_arn"
operator = "ends_with"
values = ["hello"]
}
]
},
{
category = "DATA"
scope = "WRITE"
resource_type = "AWS::S3Outposts::Object"
selectors = [
{
field = "event_name"
operator = "starts_with"
values = ["Put"]
}
]
},
]
## IAM Role
import_trail_events_iam_role = {
enabled = true
source_s3_buckets = [
{
name = "helloworld"
key_prefix = "asdf/"
},
{
name = "foo"
key_prefix = "bar/"
},
{
name = "demo"
key_prefix = ""
},
]
}
## Attributes
retention_in_days = 365 * 7
termination_protection_enabled = false
tags = {
"project" = "terraform-aws-security-examples"
}
}
- Simple Event Data Store in CloudTrail
- Event Data Store in CloudTrail with Config Configuration Items
- Full Event Data Store in CloudTrail
Like this project? Follow the repository on GitHub. And if you're feeling especially charitable, follow posquit0 on GitHub.
Provided under the terms of the Apache License.
Copyright Β© 2021-2023, Byungjin Park.