HomeTerraform Modulesecurity-baseline

security-baseline

DNXLabs/security-baseline/aws

Terraform Module HCL AWS

Terraform module to set up AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations.

Install

module "security-baseline" {
source = "DNXLabs/security-baseline/aws"
version = "3.0.2"
}
⭐ Source on GitHub 📦 Registry page

README

terraform-aws-security-baseline ![Lint Status](https://github.com/DNXLabs/terraform-aws-security-baseline/actions) ![LICENSE](https://github.com/DNXLabs/terraform-aws-security-baseline/blob/master/LICENSE) This terraform module sets up AWS account with the secure baseline configuration based on Center for Internet Security (CIS) Amazon Web Services Foundations. Submodules: - alarm-baseline - This modules set up CloudWatch alarms to notify when critical changes happen in AWS account. Those CloudWatch metrics and alarms are defined in the CIS benchmark. - Unauthorised api call - No Multi-factor authentication (MFA) console signin - Root Usage - Identity and Access Management (IAM) changes - Cloudtrail configuration changes - Console signin failures - Disable or Delete Customer Master Keys (C

Inputs (10)

NameTypeDescriptionDefault
org_namestringName for this organization required
account_emailstringAWS Account email to be used with Guardduty required
master_account_idstringMaster account ID required
config_s3_bucket_namestringThe name of the S3 bucket which will store configuration snapshots.""
guardduty_detector_idstringGuardDuty detector ID in the master account""
guarddutyboolEnable/Disables guarddutytrue
tagsmapSpecifies object tags key and value. This applies to all resources created by th{ "Terraform": true }
enable_config_baselineboolIf true, will create aws configtrue
config_delivery_frequencystringThe frequency which AWS Config sends a snapshot into the S3 bucket."One_Hour"
config_include_global_resource_typesboolSpecifies whether AWS Config includes all supported types of global resources witrue

Resources (11)

aws_config_config_ruleaws_config_configuration_recorderaws_config_configuration_recorder_statusaws_config_delivery_channelaws_guardduty_detectoraws_guardduty_invite_accepteraws_guardduty_memberaws_iam_roleaws_iam_role_policyaws_iam_role_policy_attachmentaws_sns_topic

Topics & Tags

terraformhacktoberfestaws

Details

FrameworkTerraform Module
LanguageHCL
Version3.0.2
Cloud AWS
★ Stars8
Forks5
Total downloads6.1k
Inputs10
Resources11
LicenseApache-2.0
NamespaceDNXLabs
Updated

Similar packages

caf-enterprise-scale

Azure landing zones Terraform module

★ 952terraform
caf

Terraform supermodule for the Terraform platform engineering for Azure

★ 581terraform
lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

★ 210terraform
label

Terraform Module to define a consistent naming convention by (namespace, stage,

★ 702terraform

Tools

⚖ Compare with another construct → 📋 View data schema