{"id":20017164,"url":"https://github.com/blackbird-cloud/terraform-aws-account-security","last_synced_at":"2026-04-10T21:46:54.991Z","repository":{"id":152686827,"uuid":"572459216","full_name":"blackbird-cloud/terraform-aws-account-security","owner":"blackbird-cloud","description":"Terraform module to setup AWS account security","archived":false,"fork":false,"pushed_at":"2025-01-31T14:07:59.000Z","size":36,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-31T14:32:31.523Z","etag":null,"topics":["aws","security","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackbird-cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-30T10:18:40.000Z","updated_at":"2024-09-19T14:23:49.000Z","dependencies_parsed_at":"2025-01-12T15:43:54.147Z","dependency_job_id":"5b81a36f-b339-47b6-b724-77263619bcc0","html_url":"https://github.com/blackbird-cloud/terraform-aws-account-security","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":"blackbird-cloud/terraform-module-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackbird-cloud%2Fterraform-aws-account-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackbird-cloud%2Fterraform-aws-account-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackbird-cloud%2Fterraform-aws-account-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackbird-cloud%2Fterraform-aws-account-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackbird-cloud","download_url":"https://codeload.github.com/blackbird-cloud/terraform-aws-account-security/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241451677,"owners_count":19964901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","security","terraform"],"created_at":"2024-11-13T08:14:45.466Z","updated_at":"2026-04-10T21:46:49.936Z","avatar_url":"https://github.com/blackbird-cloud.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e=1.0.9 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 4 |\n| \u003ca name=\"requirement_random\"\u003e\u003c/a\u003e [random](#requirement\\_random) | 3.1.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 4.13.0 |\n| \u003ca name=\"provider_random\"\u003e\u003c/a\u003e [random](#provider\\_random) | 3.1.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_all_cis_alarms\"\u003e\u003c/a\u003e [all\\_cis\\_alarms](#module\\_all\\_cis\\_alarms) | terraform-aws-modules/cloudwatch/aws//modules/cis-alarms | 3.2.0 |\n| \u003ca name=\"module_chatbot_config\"\u003e\u003c/a\u003e [chatbot\\_config](#module\\_chatbot\\_config) | waveaccounting/chatbot-slack-configuration/aws | 1.1.0 |\n| \u003ca name=\"module_eventbridge\"\u003e\u003c/a\u003e [eventbridge](#module\\_eventbridge) | terraform-aws-modules/eventbridge/aws | 1.13.3 |\n| \u003ca name=\"module_iam_chatbot_role\"\u003e\u003c/a\u003e [iam\\_chatbot\\_role](#module\\_iam\\_chatbot\\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | ~\u003e 4 |\n| \u003ca name=\"module_s3_bucket_cloudtrail\"\u003e\u003c/a\u003e [s3\\_bucket\\_cloudtrail](#module\\_s3\\_bucket\\_cloudtrail) | terraform-aws-modules/s3-bucket/aws | 3.2.0 |\n| \u003ca name=\"module_s3_bucket_config\"\u003e\u003c/a\u003e [s3\\_bucket\\_config](#module\\_s3\\_bucket\\_config) | terraform-aws-modules/s3-bucket/aws | 3.2.0 |\n| \u003ca name=\"module_vpc_flowlog_bucket\"\u003e\u003c/a\u003e [vpc\\_flowlog\\_bucket](#module\\_vpc\\_flowlog\\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.2.0 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_budgets_budget.budget](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/budgets_budget) | resource |\n| [aws_cloudtrail.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource |\n| [aws_cloudwatch_log_group.all_cis_alarms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_cloudwatch_log_group.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_config_configuration_recorder.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder) | resource |\n| [aws_config_configuration_recorder_status.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder_status) | resource |\n| [aws_config_conformance_pack.cis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_conformance_pack) | resource |\n| [aws_config_conformance_pack.databases](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_conformance_pack) | resource |\n| [aws_config_conformance_pack.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_conformance_pack) | resource |\n| [aws_config_delivery_channel.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_delivery_channel) | resource |\n| [aws_ebs_encryption_by_default.account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_encryption_by_default) | resource |\n| [aws_guardduty_detector.detector](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector) | resource |\n| [aws_iam_policy.config_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.ct-role-policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy_attachment.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |\n| [aws_iam_role.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.ct-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.config_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_kms_key.backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_kms_key.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_kms_key.cloudtrail_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_kms_key.cloudtrail_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_kms_key.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_kms_key.health](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_kms_key.s3_bucket_config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_kms_key.securityhub](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_kms_key.vpc_flowlog_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_s3_account_public_access_block.account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_account_public_access_block) | resource |\n| [aws_s3_bucket_policy.s3_bucket_cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |\n| [aws_securityhub_account.account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_account) | resource |\n| [aws_securityhub_standards_control.disable_root_account_hardware_mfa_aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_control) | resource |\n| [aws_securityhub_standards_control.disable_root_account_hardware_mfa_cis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_control) | resource |\n| [aws_securityhub_standards_control.disable_s3_bucket_access_logging_aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_control) | resource |\n| [aws_securityhub_standards_control.disable_s3_bucket_event_notification_aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_control) | resource |\n| [aws_securityhub_standards_subscription.best_practices](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription) | resource |\n| [aws_securityhub_standards_subscription.cis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription) | resource |\n| [aws_sns_topic.backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |\n| [aws_sns_topic.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |\n| [aws_sns_topic.health](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |\n| [aws_sns_topic.securityhub](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |\n| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/3.1.0/docs/resources/pet) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.cloudtrail_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cloudtrail_cloudwatch_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cloudtrail_cloudwatch_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cloudtrail_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cloudtrail_s3_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.config_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.config_sns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.deny_insecure_transport](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.kms_config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.require_latest_tls](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.s3_aws_cloudtrial_service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.sns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.vpc_flowlog_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_aws_account_name\"\u003e\u003c/a\u003e [aws\\_account\\_name](#input\\_aws\\_account\\_name) | AWS Account Name | `string` | n/a | yes |\n| \u003ca name=\"input_aws_region\"\u003e\u003c/a\u003e [aws\\_region](#input\\_aws\\_region) | AWS Region, such as 'eu-central-1' | `string` | n/a | yes |\n| \u003ca name=\"input_backup_topic_name\"\u003e\u003c/a\u003e [backup\\_topic\\_name](#input\\_backup\\_topic\\_name) | SNS Topic name for Backup notifications | `string` | `\"eventbridge-backup\"` | no |\n| \u003ca name=\"input_budget_alert_subscribers\"\u003e\u003c/a\u003e [budget\\_alert\\_subscribers](#input\\_budget\\_alert\\_subscribers) | List of email addresses with recipients for the billing alerts | `list(string)` | n/a | yes |\n| \u003ca name=\"input_budget_alert_threshold\"\u003e\u003c/a\u003e [budget\\_alert\\_threshold](#input\\_budget\\_alert\\_threshold) | Billing alert threshold in USD | `string` | n/a | yes |\n| \u003ca name=\"input_chatbot_channels\"\u003e\u003c/a\u003e [chatbot\\_channels](#input\\_chatbot\\_channels) | The configs of the chatbot for Slack. To get the ID, open Slack, right click on the channel name in the left pane, then choose Copy Link. The channel ID is the 9-character string at the end of the URL. For example, ABCBBLZZZ. The ID of the Slack workspace authorized with AWS Chatbot. To get the workspace ID, you must perform the initial authorization flow with Slack in the AWS Chatbot console. Then you can copy and paste the workspace ID from the console. Logging levels include ERROR, INFO, or NONE. | \u003cpre\u003elist(object({\u003cbr\u003e    slack_channel_id   = string\u003cbr\u003e    slack_workspace_id = string\u003cbr\u003e    sns_topic_arns     = list(string)\u003cbr\u003e    logging_level      = string\u003cbr\u003e    configuration_name = string\u003cbr\u003e    guardrail_policies = list(string)\u003cbr\u003e  }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_cloudwatch_log_group_name\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_name](#input\\_cloudwatch\\_log\\_group\\_name) | Cloudwatch log group name prefix for CIS alarms | `string` | `\"cis-alarms\"` | no |\n| \u003ca name=\"input_config_topic_name\"\u003e\u003c/a\u003e [config\\_topic\\_name](#input\\_config\\_topic\\_name) | SNS Topic name used for Config notifications | `string` | `\"config-notifications\"` | no |\n| \u003ca name=\"input_health_topic_name\"\u003e\u003c/a\u003e [health\\_topic\\_name](#input\\_health\\_topic\\_name) | SNS Topic name for Health notifications | `string` | `\"eventbridge-health\"` | no |\n| \u003ca name=\"input_s3_logging\"\u003e\u003c/a\u003e [s3\\_logging](#input\\_s3\\_logging) | (Optional) S3 logging configuration target\\_bucket target\\_prefix | `map(string)` | `{}` | no |\n| \u003ca name=\"input_securityhub_findings_filter\"\u003e\u003c/a\u003e [securityhub\\_findings\\_filter](#input\\_securityhub\\_findings\\_filter) | Additional filter for Security Hub findings (defaults to no filter) | `any` | \u003cpre\u003e{\u003cbr\u003e  \"findings\": {\u003cbr\u003e    \"Compliance\": {\u003cbr\u003e      \"Status\": [\u003cbr\u003e        \"FAILED\",\u003cbr\u003e        \"WARNING\"\u003cbr\u003e      ]\u003cbr\u003e    },\u003cbr\u003e    \"Severity\": {\u003cbr\u003e      \"Label\": [\u003cbr\u003e        \"MEDIUM\",\u003cbr\u003e        \"HIGH\",\u003cbr\u003e        \"CRITICAL\"\u003cbr\u003e      ]\u003cbr\u003e    }\u003cbr\u003e  }\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_securityhub_topic_name\"\u003e\u003c/a\u003e [securityhub\\_topic\\_name](#input\\_securityhub\\_topic\\_name) | SNS Topic name for Security Hub notifications | `string` | `\"eventbridge-securityhub\"` | no |\n| \u003ca name=\"input_slack_channel_id\"\u003e\u003c/a\u003e [slack\\_channel\\_id](#input\\_slack\\_channel\\_id) | Slack Channel ID for chatbot | `string` | n/a | yes |\n| \u003ca name=\"input_slack_workspace_id\"\u003e\u003c/a\u003e [slack\\_workspace\\_id](#input\\_slack\\_workspace\\_id) | Slack Workspace ID for chatbot | `string` | n/a | yes |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_backup_sns_topic_arn\"\u003e\u003c/a\u003e [backup\\_sns\\_topic\\_arn](#output\\_backup\\_sns\\_topic\\_arn) | SNS Backup topic ARN |\n| \u003ca name=\"output_health_sns_topic_arn\"\u003e\u003c/a\u003e [health\\_sns\\_topic\\_arn](#output\\_health\\_sns\\_topic\\_arn) | SNS Health topic ARN |\n| \u003ca name=\"output_securityhub_sns_topic_arn\"\u003e\u003c/a\u003e [securityhub\\_sns\\_topic\\_arn](#output\\_securityhub\\_sns\\_topic\\_arn) | SNS Security Hub topic ARN |\n| \u003ca name=\"output_vpc_flowlog_bucket\"\u003e\u003c/a\u003e [vpc\\_flowlog\\_bucket](#output\\_vpc\\_flowlog\\_bucket) | n/a |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackbird-cloud%2Fterraform-aws-account-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackbird-cloud%2Fterraform-aws-account-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackbird-cloud%2Fterraform-aws-account-security/lists"}