A terraform module to deploy Amazon Inspector
- Amazon Inspector Agent installed on desired EC2 instances.
Note: this module currently does not support the customization of assessment targets. All EC2 instances with the AWS Inspector agent installed will be included on an assessment.
source
- Tells Terraform where to find the source code for the desired module. See Terraform documentation for more info.name_prefix
- Used as a prefix for resources created in AWS.
enabled
- Defaulttrue
; A way to disable the entire module. This works around terraform being unable tocount = 0
for a module, and is helpful for turning off a modules resources per terraform workspace.enable_scheduled_event
- Defaulttrue
; A way to disable Inspector from running on a scheduleschedule_expression
- Defaultcron(0 14 ? * THU *)
; How often to run an Inspector assessment. See AWS Schedule Expression documentation for more info on formatting.assessment_duration
- Default3600
; How long the assessment runs in seconds.ruleset_cve
- Defaulttrue
; Includes the Common Vulnerabilties and Exposures ruleset in the Inspector assessment.ruleset_cis
- Defaulttrue
; Includes the CIS Benchmarks ruleset in the Inspector assessment.ruleset_security_best_practices
- Defaulttrue
; Includes the AWS Security Best Practices ruleset in the Inspector assessment.ruleset_network_reachability
- Defaulttrue
; Includes the Network Reachability ruleset in the Inspector assessment.
module "my-inspector-deployment" {
source = "USSBA/inspector/aws"
version = "1.0.1"
enabled = true
name_prefix = "${terraform.workspace}"
enable_scheduled_event = true
schedule_expression = "cron(0 14 * * ? *)"
assessment_duration = "300"
ruleset_cve = true
ruleset_cis = true
ruleset_security_best_practices = true
ruleset_network_reachability = true
}
We welcome contributions. To contribute please read our CONTRIBUTING document.
All contributions are subject to the license and in no way imply compensation for contributions.
We strive for a welcoming and inclusive environment for all SBA projects.
Please follow this guidelines in all interactions:
- Be Respectful: use welcoming and inclusive language.
- Assume best intentions: seek to understand other's opinions.
Please do not submit an issue on GitHub for a security vulnerability. Instead, contact the development team through HQVulnerabilityManagement. Be sure to include all pertinent information.
The agency reserves the right to change this policy at any time.