A Terraform Module to periodically syncronize AWS Organizational Units with Lacework Organizational CloudTrail monitoring.
Name | Version |
---|---|
terraform | >= 0.12.31 |
aws | ~> 4.0 |
Name | Version |
---|---|
aws | 4.25.0 |
random | 3.3.2 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
lacework_account | Lacework Account (without .lacework.net ) |
string |
n/a | yes |
lacework_api_key | Lacework API Access Key | string |
n/a | yes |
lacework_api_secret | Lacework API Secret | string |
n/a | yes |
lacework_default_account | The catch-all 'default' Lacework Account name to use for CloudTrail data. | string |
n/a | yes |
lacework_integration_guid | The GUID for the Org-level Cloudtrail integration to synchronize. | string |
n/a | yes |
lacework_org_map | A key/value map of Lacework Account names to AWS Organization OU IDs. | map(any) |
n/a | yes |
lambda_function_name | The desired name of the lambda function. | string |
"" |
no |
lambda_log_retention | The number of days in which to retain logs for the lambda function. | number |
30 |
no |
lambda_role_name | The desired IAM role name for the Lacework remediation lambda function. | string |
"" |
no |
lambda_timeout | The execution timeout for the Lambda function, in seconds. | number |
15 |
no |
lambda_triger_interval | The frequency at which the lambda function should trigger, in hours. | number |
1 |
no |
management_account_role | The role ARN with organizations:ListAccountsForParent permissions in the AWS Organization management account. |
string |
"" |
no |
resource_prefix | The name prefix to use for resources provisioned by the module. | string |
"lacework-organization-sync" |
no |
use_assumed_role | Set to true to use an assumed role to access the AWS Organizations API in the management account. |
bool |
false |
no |
Name | Description |
---|---|
cloudwatch_rule_arn | CloudWatch Event Rule ARN |
lambda_function_arn | Lambda Function ARN |
lambda_function_name | Lambda Function Name |
lambda_role_arn | Lambda IAM Role ARN |
lambda_role_name | Lambda IAM Role Name |