terraform-aws-security
Terraform module which creates security related resources on AWS.
- access-analyzer
- cloudtrail-event-data-store
- cloudtrail-trail
- config-managed-rule
- config-recorder
- macie-account
Target AWS Services
Terraform Modules from this package were written to manage the following AWS Services with Terraform.
- AWS IAM
- Access Analyzer
- AWS CloudTrail
- Event Data Store
- Trail
- AWS Config
- Recorder
- Rules
- Managed Rules
- AWS Macie
- Account
Usage
CloudTrail
module "event_data_store" {
source = "tedilabs/security/aws//modules/cloudtrail-event-data-store"
version = "~> 0.6.0"
name = "management-event"
level = "ACCOUNT"
scope = "REGIONAL"
## Event Selector
event_type = "CLOUDTRAIL_EVENTS"
event_selectors = [
{
category = "MANAGEMENT"
scope = "READ"
exclude_sources = ["kms.amazonaws.com"]
},
{
category = "DATA"
scope = "ALL"
resource_type = "AWS::S3::Object"
selectors = [
{
field = "resource_arn"
operator = "ends_with"
values = ["hello"]
}
]
},
{
category = "DATA"
scope = "WRITE"
resource_type = "AWS::S3Outposts::Object"
selectors = [
{
field = "event_name"
operator = "starts_with"
values = ["Put"]
}
]
},
]
## IAM Role
import_trail_events_iam_role = {
enabled = true
source_s3_buckets = [
{
name = "helloworld"
key_prefix = "asdf/"
},
{
name = "foo"
key_prefix = "bar/"
},
{
name = "demo"
key_prefix = ""
},
]
}
## Attributes
retention_in_days = 365 * 7
termination_protection_enabled = false
tags = {
"project" = "terraform-aws-security-examples"
}
}
Examples
CloudTrail
- Simple Event Data Store in CloudTrail
- Event Data Store in CloudTrail with Config Configuration Items
- Full Event Data Store in CloudTrail
Macie
Self Promotion
Like this project? Follow the repository on GitHub. And if you're feeling especially charitable, follow posquit0 on GitHub.
License
Provided under the terms of the Apache License.
Copyright © 2021-2023, Byungjin Park.