security-hub
cloudposse/security-hub/aws
Terraform module to provision AWS Security Hub
Terraform module to deploy AWS Security Hub. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Introduction This module enables AWS Security Hub in one region of one account and optionally sets up an SNS topic to receive notifications of its findings. Usage For a complete example, see examples/complete. For automated tests of the complete example using bats and Terratest (which tests and deploys the example on AWS), see test. Here's how to invoke this module in your projects: ``hcl module "securityhub" { source = "cloudposse/sec
| Name | Type | Description | Default |
|---|---|---|---|
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| tenant | string | ID element _(Rarely used, not included by default)_. A customer identifier, indi | null |
| enabled_standards | list(any) | A list of standards/rulesets to enable See https://registry.terraform.io/provid | [] |
| imported_findings_notification_arn | string | The ARN for an SNS topic to send findings notifications to. This is only used if | null |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| enable_default_standards | bool | Flag to indicate whether default standards should be enabled | true |
| subscribers | map(object({ protocol = st | Required configuration for subscibres to SNS topic. | {} |
| finding_aggregator_linking_mode | string | Linking mode to use for the finding aggregator. The possible values are: - | "ALL_REGIONS" |
| finding_aggregator_regions | list(string) | A list of regions to aggregate findings from. This is only used if `finding_ag | [] |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| regex_replace_chars | string | Terraform regular expression (regex) string. Characters matching the regex will | null |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| cloudwatch_event_rule_pattern_detail_type | string | The detail-type pattern used to match events that will be sent to SNS. For mor | "Security Hub Findings - Imported" |
| finding_aggregator_enabled | bool | Flag to indicate whether a finding aggregator should be created If you want to | false |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
enabled_subscriptions — A list of subscriptions that have been enabledsns_topic — The SNS topic that was createdsns_topic_subscriptions — The SNS topic that was createdAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,