/terraform-aws-organization-sync

A Terraform Module to periodically syncronize AWS Organizational Units with Lacework Organizational CloudTrail monitoring.

Primary LanguageShellMIT LicenseMIT

terraform-aws-organization-sync

A Terraform Module to periodically syncronize AWS Organizational Units with Lacework Organizational CloudTrail monitoring.

Requirements

Name Version
terraform >= 0.12.31
aws ~> 4.0

Providers

Name Version
aws 4.25.0
random 3.3.2

Resources

Name Type
aws_cloudwatch_event_rule.organization_sync resource
aws_cloudwatch_event_target.organization_sync resource
aws_cloudwatch_log_group.organization_sync resource
aws_iam_role.organization_sync resource
aws_iam_role_policy.organization_sync_assume_role_policy resource
aws_iam_role_policy.organization_sync_log_policy resource
aws_iam_role_policy.organization_sync_organization_policy resource
aws_iam_role_policy.organization_sync_secret_policy resource
aws_lambda_function.organization_sync resource
aws_lambda_permission.allow_cloudwatch_invocation resource
aws_secretsmanager_secret.organization_sync_secret resource
aws_secretsmanager_secret_version.organization_sync_secret_version resource
random_id.uniq resource

Inputs

Name Description Type Default Required
lacework_account Lacework Account (without .lacework.net) string n/a yes
lacework_api_key Lacework API Access Key string n/a yes
lacework_api_secret Lacework API Secret string n/a yes
lacework_default_account The catch-all 'default' Lacework Account name to use for CloudTrail data. string n/a yes
lacework_integration_guid The GUID for the Org-level Cloudtrail integration to synchronize. string n/a yes
lacework_org_map A key/value map of Lacework Account names to AWS Organization OU IDs. map(any) n/a yes
lambda_function_name The desired name of the lambda function. string "" no
lambda_log_retention The number of days in which to retain logs for the lambda function. number 30 no
lambda_role_name The desired IAM role name for the Lacework remediation lambda function. string "" no
lambda_timeout The execution timeout for the Lambda function, in seconds. number 15 no
lambda_triger_interval The frequency at which the lambda function should trigger, in hours. number 1 no
management_account_role The role ARN with organizations:ListAccountsForParent permissions in the AWS Organization management account. string "" no
resource_prefix The name prefix to use for resources provisioned by the module. string "lacework-organization-sync" no
use_assumed_role Set to true to use an assumed role to access the AWS Organizations API in the management account. bool false no

Outputs

Name Description
cloudwatch_rule_arn CloudWatch Event Rule ARN
lambda_function_arn Lambda Function ARN
lambda_function_name Lambda Function Name
lambda_role_arn Lambda IAM Role ARN
lambda_role_name Lambda IAM Role Name