config-security-check
hendrixroa/config-security-check/aws
Cloudtrail security rules checking.
Cloudtrail Security checking Enables AWS Config and adds managed config rules with good defaults. The following AWS Config Rules are supported: acm-certificate-expiration-check: Ensure ACM Certificates in your account are marked for expiration within the specified number of days. cloudtrail-enabled: Ensure CloudTrail is enabled. ec2-volume-inuse-check: Checks whether EBS volumes are attached to EC2 instances guardduty-enabled-centralized: Checks whether Amazon GuardDuty is enabled in your AWS account and region. instances-in-vpc: Ensure all EC2 instances run in a VPC. root-account-mfa-enabled: Ensure root AWS account has MFA enabled. rds-storage-encrypted: Checks whether storage encryption is enabled for your RDS DB instances. s3-bucket-public-write-prohibited: Checks that your S3 buckets
| Name | Type | Description | Default |
|---|---|---|---|
| config_logs_bucket | string | The S3 bucket for AWS Config logs. | |
| enabled | string | | |
| password_require_uppercase | string | Require at least one uppercase character in password. | true |
| password_require_symbols | string | Require at least one symbol in password. | true |
| password_require_numbers | string | Require at least one number in password. | true |
| password_min_length | string | Password minimum length. | 14 |
| password_max_age | string | Number of days before password expiration. | 90 |
| check_guard_duty | string | Enable guardduty-enabled-centralized rule | false |
| aggregate_organization | string | Aggregate compliance data by organization | "false" |
| check_cloud_trail_log_file_validation | string | Enable cloud-trail-log-file-validation-enabled rule | false |
| config_delivery_frequency | string | The frequency with which AWS Config delivers configuration snapshots. | "Six_Hours" |
| config_max_execution_frequency | string | The maximum frequency with which AWS Config runs evaluations for a rule. | "TwentyFour_Hours" |
| acm_days_to_expiration | string | Specify the number of days before the rule flags the ACM Certificate as noncompl | 14 |
| password_reuse_prevention | string | Number of passwords before allowing reuse. | 24 |
| config_aggregator_name | string | The name of the aggregator. | "organization" |
| password_require_lowercase | string | Require at least one lowercase character in password. | true |
| check_rds_public_access | string | Enable rds-instance-public-access-check rule | false |
| check_multi_region_cloud_trail | string | Enable multi-region-cloud-trail-enabled rule | false |
| check_cloud_trail_encryption | string | Enable cloud-trail-encryption-enabled rule | false |
| config_logs_prefix | string | The S3 prefix for AWS Config logs. | "config" |
Terraform module for building and deploying Next.js apps to AWS. Supports SSR (L
Terraform module for provisioning an EKS cluster
Terraform module to generate well-formed JSON documents (container definitions)
Terraform module that provision an S3 bucket to store the terraform.tfstate file