guardduty
cloudposse/guardduty/aws
Terraform module to provision AWS Guard Duty
This module enables AWS GuardDuty in one region of one account with comprehensive threat detection features and optionally sets up an SNS topic to receive notifications of its findings. The module supports enabling various GuardDuty detector features including: - S3 Data Events Protection - Monitors S3 data plane operations for suspicious activity - EKS Audit Logs - Analyzes Kubernetes audit logs for threat detection in EKS clusters - EBS Malware Protection - Scans EC2 instance EBS volumes for malware - Lambda Network Logs - Monitors Lambda function network activity for threats - Runtime Monitoring - Provides threat detection for EC2, ECS, and EKS runtime environments with agent management - EKS Runtime Monitoring - Standalone EKS runtime threat detection (alternative to full Runtime Monit
| Name | Type | Description | Default |
|---|---|---|---|
| cloudwatch_event_rule_pattern_detail_type | string | The detail-type pattern used to match events that will be sent to SNS. For more | "GuardDuty Finding" |
| kubernetes_audit_logs_enabled | bool | If `true`, enables Kubernetes audit logs as a data source for Kubernetes protect | false |
| malware_protection_scan_ec2_ebs_volumes_enabled | bool | Configure whether Malware Protection is enabled as data source for EC2 instances | false |
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| lambda_network_logs_enabled | bool | If `true`, enables Lambda network logs as a data source for Lambda protection. | false |
| eks_runtime_monitoring_enabled | bool | If `true`, enables EKS Runtime Monitoring. Note: Do not enable both EKS_RUNTIME_ | false |
| finding_publishing_frequency | string | The frequency of notifications sent for finding occurrences. If the detector is | null |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| create_sns_topic | bool | Flag to indicate whether an SNS topic should be created for notifications. If yo | false |
| descriptor_formats | any | Describe additional descriptors to be output in the `descriptors` output map. Ma | {} |
| tenant | string | ID element _(Rarely used, not included by default)_. A customer identifier, indi | null |
| subscribers | map(object({ protocol | A map of subscription configurations for SNS topics For more information, see: | {} |
| findings_notification_arn | string | The ARN for an SNS topic to send findings notifications to. This is only used if | null |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
guardduty_detector — GuardDuty detectorsns_topic — SNS topicsns_topic_subscriptions — SNS topic subscriptionsAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,