{"id":21725452,"url":"https://github.com/jameswoolfenden/terraform-aws-config","last_synced_at":"2026-04-13T23:03:31.522Z","repository":{"id":81359186,"uuid":"172124510","full_name":"JamesWoolfenden/terraform-aws-config","owner":"JamesWoolfenden","description":"A Terraform module for making AWS codebuilds","archived":false,"fork":false,"pushed_at":"2023-07-29T20:11:34.000Z","size":129,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-25T19:28:00.476Z","etag":null,"topics":["aws","codebuild","module","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JamesWoolfenden.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-22T19:38:01.000Z","updated_at":"2022-09-19T12:04:33.000Z","dependencies_parsed_at":"2025-01-25T19:36:16.529Z","dependency_job_id":null,"html_url":"https://github.com/JamesWoolfenden/terraform-aws-config","commit_stats":null,"previous_names":[],"tags_count":79,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JamesWoolfenden","download_url":"https://codeload.github.com/JamesWoolfenden/terraform-aws-config/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244706500,"owners_count":20496570,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","codebuild","module","terraform"],"created_at":"2024-11-26T03:17:46.001Z","updated_at":"2026-04-13T23:03:31.495Z","avatar_url":"https://github.com/JamesWoolfenden.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-config\n\n[![Build Status](https://github.com/JamesWoolfenden/terraform-aws-config/workflows/Verify%20and%20Bump/badge.svg?branch=master)](https://github.com/JamesWoolfenden/terraform-aws-config)\n[![Latest Release](https://img.shields.io/github/release/JamesWoolfenden/terraform-aws-config.svg)](https://github.com/JamesWoolfenden/terraform-aws-config/releases/latest)\n[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/JamesWoolfenden/terraform-aws-config.svg?label=latest)](https://github.com/JamesWoolfenden/terraform-aws-config/releases/latest)\n![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.14.0-blue.svg)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/JamesWoolfenden/terraform-aws-config/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=JamesWoolfenden%2Fterraform-aws-config\u0026benchmark=CIS+AWS+V1.2)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white)](https://github.com/pre-commit/pre-commit)\n[![checkov](https://img.shields.io/badge/checkov-verified-brightgreen)](https://www.checkov.io/)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/jameswoolfenden/terraform-aws-config/general)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=JamesWoolfenden%2Fterraform-aws-config\u0026benchmark=INFRASTRUCTURE+SECURITY)\n\nTerraform module to provision an AWS config.\n\n---\n\n## Usage\n\nInclude this repository as a module in your existing terraform code:\n\n```hcl\nmodule \"config\" {\n source = \"JamesWoolfenden/aws/config\"\n name = \"aws-config\"\n log_bucket = \"config-logs\"\n common_tags= var.common_tags\n}\n```\n\n## Costs\n\n```text\nmonthly cost estimate\n\nProject: .\n\n Name Monthly Qty Unit Monthly Cost\n\n module.config.aws_config_config_rule.rule[0]\n └─ Rule evaluations (first 100K) Cost depends on usage: $0.001 per evaluations\n\n module.config.aws_config_config_rule.rule[1]\n └─ Rule evaluations (first 100K) Cost depends on usage: $0.001 per evaluations\n\n module.config.aws_config_config_rule.rule[2]\n └─ Rule evaluations (first 100K) Cost depends on usage: $0.001 per evaluations\n\n module.config.aws_config_config_rule.rule[3]\n └─ Rule evaluations (first 100K) Cost depends on usage: $0.001 per evaluations\n\n module.config.aws_config_config_rule.rule[4]\n └─ Rule evaluations (first 100K) Cost depends on usage: $0.001 per evaluations\n\n module.config.aws_config_config_rule.rule[5]\n └─ Rule evaluations (first 100K) Cost depends on usage: $0.001 per evaluations\n\n module.config.aws_config_config_rule.rule[6]\n └─ Rule evaluations (first 100K) Cost depends on usage: $0.001 per evaluations\n\n module.config.aws_config_config_rule.rule[7]\n └─ Rule evaluations (first 100K) Cost depends on usage: $0.001 per evaluations\n\n module.config.aws_config_configuration_recorder.config\n ├─ Config items Cost depends on usage: $0.003 per records\n └─ Custom config items Cost depends on usage: $0.003 per records\n\n module.config.aws_kms_key.s3\n ├─ Customer master key 1 months $1.00\n ├─ Requests Cost depends on usage: $0.03 per 10k requests\n ├─ ECC GenerateDataKeyPair requests Cost depends on usage: $0.10 per 10k requests\n └─ RSA GenerateDataKeyPair requests Cost depends on usage: $0.10 per 10k requests\n\n module.config.aws_s3_bucket.config\n ├─ Glacier\n │ ├─ Storage Cost depends on usage: $0.0045 per GB-months\n │ ├─ PUT, COPY, POST, LIST requests Cost depends on usage: $0.03 per 1k requests\n │ ├─ GET, SELECT, and all other requests Cost depends on usage: $0.00042 per 1k requests\n │ ├─ Lifecycle transition Cost depends on usage: $0.03 per 1k requests\n │ ├─ Retrieval requests (standard) Cost depends on usage: $0.03 per 1k requests\n │ ├─ Retrievals (standard) Cost depends on usage: $0.01 per GB-months\n │ ├─ Select data scanned (standard) Cost depends on usage: $0.0084 per GB-months\n │ ├─ Select data returned (standard) Cost depends on usage: $0.01 per GB-months\n │ ├─ Retrieval requests (expedited) Cost depends on usage: $10.50 per 1k requests\n │ ├─ Retrievals (expedited) Cost depends on usage: $0.03 per GB-months\n │ ├─ Select data scanned (expedited) Cost depends on usage: $0.02 per GB-months\n │ ├─ Select data returned (expedited) Cost depends on usage: $0.03 per GB-months\n │ ├─ Retrieval requests (bulk) Cost depends on usage: $0.03 per 1k requests\n │ ├─ Retrievals (bulk) Cost depends on usage: $0.0026 per GB-months\n │ ├─ Select data scanned (bulk) Cost depends on usage: $0.00104 per GB-months\n │ ├─ Select data returned (bulk) Cost depends on usage: $0.0026 per GB-months\n │ └─ Early delete (within 90 days) Cost depends on usage: $0.0045 per GB-months\n └─ Standard\n ├─ Storage Cost depends on usage: $0.02 per GB-months\n ├─ PUT, COPY, POST, LIST requests Cost depends on usage: $0.0053 per 1k requests\n ├─ GET, SELECT, and all other requests Cost depends on usage: $0.00042 per 1k requests\n ├─ Select data scanned Cost depends on usage: $0.00225 per GB-months\n └─ Select data returned Cost depends on usage: $0.0008 per GB-months\n\n module.config.aws_sns_topic.config\n └─ Requests Cost depends on usage: $0.50 per 1M requests\n\n PROJECT TOTAL $1.00\n```\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\nNo requirements.\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | n/a |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_config_config_rule.rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_config_rule) | resource |\n| [aws_config_configuration_recorder.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder) | resource |\n| [aws_config_configuration_recorder_status.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder_status) | resource |\n| [aws_config_delivery_channel.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_delivery_channel) | resource |\n| [aws_iam_role.config_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy_attachment.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_kms_key.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_s3_bucket.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |\n| [aws_s3_bucket_policy.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |\n| [aws_s3_bucket_public_access_block.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |\n| [aws_sns_topic.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_common_tags\"\u003e\u003c/a\u003e [common\\_tags](#input\\_common\\_tags) | A mapping of tags to assign to created resources | `map(any)` | n/a | yes |\n| \u003ca name=\"input_delivery_frequency\"\u003e\u003c/a\u003e [delivery\\_frequency](#input\\_delivery\\_frequency) | The recurring frequency with which AWS Config delivers configuration snapshots. May be one of One\\_Hour, Three\\_Hours, Six\\_Hours, Twelve\\_Hours, or TwentyFour\\_Hours | `string` | `\"TwentyFour_Hours\"` | no |\n| \u003ca name=\"input_enable_recorder\"\u003e\u003c/a\u003e [enable\\_recorder](#input\\_enable\\_recorder) | Whether the configuration recorder should be enabled or disabled. | `string` | `true` | no |\n| \u003ca name=\"input_expiration\"\u003e\u003c/a\u003e [expiration](#input\\_expiration) | The number of days to wait before expiring an object | `string` | `2555` | no |\n| \u003ca name=\"input_input_parameters\"\u003e\u003c/a\u003e [input\\_parameters](#input\\_input\\_parameters) | A map of strings in JSON format that is passed to the AWS Config rule Lambda function. The map is keyed by the rule names. This is merged with a map contained in locals, with the values supplied here overriding any default values. | `map(any)` | \u003cpre\u003e{\u003cbr\u003e \"iam-password-policy\": \"{\n \\\"RequireUppercaseCharacters\\\": \\\"true\\\",\n \\\"RequireLowercaseCharacters\\\": \\\"true\\\",\n \\\"RequireSymbols\\\": \\\"true\\\",\n \\\"RequireNumbers\\\": \\\"true\\\",\n \\\"MinimumPasswordLength\\\": \\\"30\\\",\n \\\"PasswordReusePrevention\\\": \\\"24\\\",\n \\\"MaxPasswordAge\\\": \\\"30\\\"\n}\n\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_log_bucket\"\u003e\u003c/a\u003e [log\\_bucket](#input\\_log\\_bucket) | The log bucket to write S3 logs to. | `string` | n/a | yes |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | The name to use when naming resources. | `string` | n/a | yes |\n| \u003ca name=\"input_rules\"\u003e\u003c/a\u003e [rules](#input\\_rules) | The list of rules to enable in AWS Config. The names are identical to the ones used by AWS. These are used to name the rules and to reference into the input\\_parameters and source\\_identifiers maps. The default is the minimum recommended list. | `list(any)` | \u003cpre\u003e[\u003cbr\u003e \"cloudtrail-enabled\",\u003cbr\u003e \"iam-password-policy\",\u003cbr\u003e \"restricted-ssh\",\u003cbr\u003e \"root-account-mfa-enabled\",\u003cbr\u003e \"s3-bucket-logging-enabled\",\u003cbr\u003e \"s3-bucket-public-read-prohibited\",\u003cbr\u003e \"s3-bucket-public-write-prohibited\",\u003cbr\u003e \"s3-bucket-ssl-requests-only\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_rules_count\"\u003e\u003c/a\u003e [rules\\_count](#input\\_rules\\_count) | The count of the items in the rules list | `string` | `8` | no |\n| \u003ca name=\"input_scopes\"\u003e\u003c/a\u003e [scopes](#input\\_scopes) | This is a map of rule names to scope maps. Each scope can have one or both of the following tuples: (compliance\\_resource\\_id, compliance\\_resource\\_types), (tag\\_key, tag\\_value). This map is merged with a default map in locals, with the values in this map overriding the defaults. Defines which resources can trigger an evaluation for the rules. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. | `map(any)` | \u003cpre\u003e{\u003cbr\u003e \"default\": {\u003cbr\u003e \"tag_key\": \"\",\u003cbr\u003e \"tag_value\": \"\"\u003cbr\u003e }\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_source_identifiers\"\u003e\u003c/a\u003e [source\\_identifiers](#input\\_source\\_identifiers) | A map of rule names to source identifiers. For AWS Config managed rules, a predefined identifier from a list. For example, IAM\\_PASSWORD\\_POLICY is a managed rule. This map will be merged with a default list in locals, with values in this list overriding those in locals | `map(any)` | \u003cpre\u003e{\u003cbr\u003e \"acm-certificate-expiration-check\": \"ACM_CERTIFICATE_EXPIRATION_CHECK\",\u003cbr\u003e \"approved-amis-by-id\": \"APPROVED_AMIS_BY_ID\",\u003cbr\u003e \"approved-amis-by-tag\": \"APPROVED_AMIS_BY_TAG\",\u003cbr\u003e \"autoscaling-group-elb-healthcheck-required\": \"AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED\",\u003cbr\u003e \"cloudformation-stack-notification-check\": \"CLOUDFORMATION_STACK_NOTIFICATION_CHECK\",\u003cbr\u003e \"cloudtrail-enabled\": \"CLOUD_TRAIL_ENABLED\",\u003cbr\u003e \"cloudwatch-alarm-action-check\": \"CLOUDWATCH_ALARM_ACTION_CHECK\",\u003cbr\u003e \"cloudwatch-alarm-resource-check\": \"CLOUDWATCH_ALARM_RESOURCE_CHECK\",\u003cbr\u003e \"cloudwatch-alarm-settings-check\": \"CLOUDWATCH_ALARM_SETTINGS_CHECK\",\u003cbr\u003e \"codebuild-project-envvar-awscred-check\": \"CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK\",\u003cbr\u003e \"codebuild-project-source-repo-url-check\": \"CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK\",\u003cbr\u003e \"db-instance-backup-enabled\": \"DB_INSTANCE_BACKUP_ENABLED\",\u003cbr\u003e \"desired-instance-tenancy\": \"DESIRED_INSTANCE_TENANCY\",\u003cbr\u003e \"desired-instance-type\": \"DESIRED_INSTANCE_TYPE\",\u003cbr\u003e \"dynamodb-autoscaling-enabled\": \"DYNAMODB_AUTOSCALING_ENABLED\",\u003cbr\u003e \"dynamodb-throughput-limit-check\": \"DYNAMODB_THROUGHPUT_LIMIT_CHECK\",\u003cbr\u003e \"ebs-optimized-instance\": \"EBS_OPTIMIZED_INSTANCE\",\u003cbr\u003e \"ec2-instance-detailed-monitoring-enabled\": \"EC2_INSTANCE_DETAILED_MONITORING_ENABLED\",\u003cbr\u003e \"ec2-instance-managed-by-ssm\": \"EC2_INSTANCE_MANAGED_BY_SSM\",\u003cbr\u003e \"ec2-instances-in-vpc\": \"INSTANCES_IN_VPC\",\u003cbr\u003e \"ec2-managedinstance-applications-blacklisted\": \"EC2_MANAGEDINSTANCE_APPLICATIONS_BLACKLISTED\",\u003cbr\u003e \"ec2-managedinstance-applications-required\": \"EC2_MANAGEDINSTANCE_APPLICATIONS_REQUIRED\",\u003cbr\u003e \"ec2-managedinstance-association-compliance-status-check\": \"EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK\",\u003cbr\u003e \"ec2-managedinstance-inventory-blacklisted\": \"EC2_MANAGEDINSTANCE_INVENTORY_BLACKLISTED\",\u003cbr\u003e \"ec2-managedinstance-patch-compliance-status-check\": \"EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK\",\u003cbr\u003e \"ec2-managedinstance-platform-check\": \"EC2_MANAGEDINSTANCE_PLATFORM_CHECK\",\u003cbr\u003e \"ec2-volume-inuse-check\": \"EC2_VOLUME_INUSE_CHECK\",\u003cbr\u003e \"eip-attached\": \"EIP_ATTACHED\",\u003cbr\u003e \"elb-acm-certificate-required\": \"ELB_ACM_CERTIFICATE_REQUIRED\",\u003cbr\u003e \"elb-custom-security-policy-ssl-check\": \"ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK\",\u003cbr\u003e \"elb-predefined-security-policy-ssl-check\": \"ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK\",\u003cbr\u003e \"encrypted-volumes\": \"ENCRYPTED_VOLUMES\",\u003cbr\u003e \"fms-webacl-resource-policy-check\": \"FMS_WEBACL_RESOURCE_POLICY_CHECK\",\u003cbr\u003e \"fms-webacl-rulegroup-association-check\": \"FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK\",\u003cbr\u003e \"guardduty-enabled-centralized\": \"GUARDDUTY_ENABLED_CENTRALIZED\",\u003cbr\u003e \"iam-group-has-users-check\": \"IAM_GROUP_HAS_USERS_CHECK\",\u003cbr\u003e \"iam-password-policy\": \"IAM_PASSWORD_POLICY\",\u003cbr\u003e \"iam-policy-blacklisted-check\": \"IAM_POLICY_BLACKLISTED_CHECK\",\u003cbr\u003e \"iam-user-group-membership-check\": \"IAM_USER_GROUP_MEMBERSHIP_CHECK\",\u003cbr\u003e \"iam-user-no-policies-check\": \"IAM_USER_NO_POLICIES_CHECK\",\u003cbr\u003e \"lambda-function-public-access-prohibited\": \"LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED\",\u003cbr\u003e \"lambda-function-settings-check\": \"LAMBDA_FUNCTION_SETTINGS_CHECK\",\u003cbr\u003e \"rds-multi-az-support\": \"RDS_MULTI_AZ_SUPPORT\",\u003cbr\u003e \"rds-snapshots-public-prohibited\": \"RDS_SNAPSHOTS_PUBLIC_PROHIBITED\",\u003cbr\u003e \"rds-storage-encrypted\": \"RDS_STORAGE_ENCRYPTED\",\u003cbr\u003e \"redshift-cluster-configuration-check\": \"REDSHIFT_CLUSTER_CONFIGURATION_CHECK\",\u003cbr\u003e \"redshift-cluster-maintenancesettings-check\": \"REDSHIFT_CLUSTER_MAINTENANCESETTINGS_CHECK\",\u003cbr\u003e \"required-tags\": \"REQUIRED_TAGS\",\u003cbr\u003e \"restricted-common-ports\": \"RESTRICTED_INCOMING_TRAFFIC\",\u003cbr\u003e \"restricted-ssh\": \"INCOMING_SSH_DISABLED\",\u003cbr\u003e \"root-account-mfa-enabled\": \"ROOT_ACCOUNT_MFA_ENABLED\",\u003cbr\u003e \"s3-blacklisted-actions-prohibited\": \"S3_BLACKLISTED_ACTIONS_PROHIBITED\",\u003cbr\u003e \"s3-bucket-logging-enabled\": \"S3_BUCKET_LOGGING_ENABLED\",\u003cbr\u003e \"s3-bucket-policy-not-more-permissive\": \"S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE\",\u003cbr\u003e \"s3-bucket-public-read-prohibited\": \"S3_BUCKET_PUBLIC_READ_PROHIBITED\",\u003cbr\u003e \"s3-bucket-public-write-prohibited\": \"S3_BUCKET_PUBLIC_WRITE_PROHIBITED\",\u003cbr\u003e \"s3-bucket-replication-enabled\": \"S3_BUCKET_REPLICATION_ENABLED\",\u003cbr\u003e \"s3-bucket-server-side-encryption-enabled\": \"S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED\",\u003cbr\u003e \"s3-bucket-ssl-requests-only\": \"S3_BUCKET_SSL_REQUESTS_ONLY\",\u003cbr\u003e \"s3-bucket-versioning-enabled\": \"S3_BUCKET_VERSIONING_ENABLED\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_transition_to_glacier\"\u003e\u003c/a\u003e [transition\\_to\\_glacier](#input\\_transition\\_to\\_glacier) | The number of days to wait before transitioning an object to Glacier | `string` | `30` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_bucket\"\u003e\u003c/a\u003e [bucket](#output\\_bucket) | The bucket name that config writes output to. |\n| \u003ca name=\"output_bucket_arn\"\u003e\u003c/a\u003e [bucket\\_arn](#output\\_bucket\\_arn) | The bucket ARN that config writes output to. |\n| \u003ca name=\"output_delivery_channel_id\"\u003e\u003c/a\u003e [delivery\\_channel\\_id](#output\\_delivery\\_channel\\_id) | The name of the delivery channel. |\n| \u003ca name=\"output_kms_key\"\u003e\u003c/a\u003e [kms\\_key](#output\\_kms\\_key) | n/a |\n| \u003ca name=\"output_recorder_id\"\u003e\u003c/a\u003e [recorder\\_id](#output\\_recorder\\_id) | Name of the recorder. |\n| \u003ca name=\"output_rule_arns\"\u003e\u003c/a\u003e [rule\\_arns](#output\\_rule\\_arns) | The ARNs of the config rules |\n| \u003ca name=\"output_rule_ids\"\u003e\u003c/a\u003e [rule\\_ids](#output\\_rule\\_ids) | The IDs of the config rules |\n| \u003ca name=\"output_topic_arn\"\u003e\u003c/a\u003e [topic\\_arn](#output\\_topic\\_arn) | The ARN of the SNS topic AWS Config writes events to. |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Policy\n\nThis is the policy required to build this project:\n\n\u003c!-- BEGINNING OF PRE-COMMIT-PIKE DOCS HOOK --\u003e\nThe Terraform resource required is:\n\n```golang\nresource \"aws_iam_policy\" \"terraform_pike\" {\n name_prefix = \"terraform_pike\"\n path = \"/\"\n description = \"Pike Autogenerated policy from IAC\"\n\n policy = jsonencode({\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"SNS:CreateTopic\",\n \"SNS:DeleteTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:ListTagsForResource\",\n \"SNS:SetTopicAttributes\",\n \"SNS:TagResource\",\n \"SNS:UnTagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor1\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"config:DeleteConfigRule\",\n \"config:DeleteConfigurationRecorder\",\n \"config:DeleteDeliveryChannel\",\n \"config:DescribeConfigRules\",\n \"config:DescribeConfigurationRecorderStatus\",\n \"config:DescribeConfigurationRecorders\",\n \"config:DescribeDeliveryChannels\",\n \"config:ListTagsForResource\",\n \"config:PutConfigRule\",\n \"config:PutConfigurationRecorder\",\n \"config:PutDeliveryChannel\",\n \"config:StartConfigurationRecorder\",\n \"config:StopConfigurationRecorder\",\n \"config:TagResource\",\n \"config:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor2\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeAccountAttributes\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor3\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:AttachRolePolicy\",\n \"iam:CreateRole\",\n \"iam:DeleteRole\",\n \"iam:DeleteRolePolicy\",\n \"iam:DetachRolePolicy\",\n \"iam:GetRole\",\n \"iam:GetRolePolicy\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListInstanceProfilesForRole\",\n \"iam:ListRolePolicies\",\n \"iam:PassRole\",\n \"iam:PutRolePolicy\",\n \"iam:TagRole\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor4\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:CreateKey\",\n \"kms:DescribeKey\",\n \"kms:EnableKeyRotation\",\n \"kms:GetKeyPolicy\",\n \"kms:GetKeyRotationStatus\",\n \"kms:ListResourceTags\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:TagResource\",\n \"kms:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor5\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:CreateBucket\",\n \"s3:DeleteBucket\",\n \"s3:GetAccelerateConfiguration\",\n \"s3:GetBucketAcl\",\n \"s3:GetBucketCORS\",\n \"s3:GetBucketLogging\",\n \"s3:GetBucketObjectLockConfiguration\",\n \"s3:GetBucketPolicy\",\n \"s3:GetBucketPublicAccessBlock\",\n \"s3:GetBucketRequestPayment\",\n \"s3:GetBucketTagging\",\n \"s3:GetBucketVersioning\",\n \"s3:GetBucketWebsite\",\n \"s3:GetEncryptionConfiguration\",\n \"s3:GetLifecycleConfiguration\",\n \"s3:GetObject\",\n \"s3:GetObjectAcl\",\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n \"s3:PutBucketPolicy\",\n \"s3:PutBucketPublicAccessBlock\"\n ],\n \"Resource\": \"*\"\n }\n ]\n})\n}\n\n\n```\n\u003c!-- END OF PRE-COMMIT-PIKE DOCS HOOK --\u003e\n\n## Related Projects\n\nCheck out these related projects.\n\n- [terraform-aws-s3](https://github.com/jameswoolfenden/terraform-aws-s3) - S3 buckets\n\n## Help\n\n**Got a question?**\n\nFile a GitHub [issue](https://github.com/JamesWoolfenden/terraform-aws-config/issues).\n\n## Contributing\n\n### Bug Reports \u0026 Feature Requests\n\nPlease use the [issue tracker](https://github.com/JamesWoolfenden/terraform-aws-config/issues) to report any bugs or file feature requests.\n\n## Copyrights\n\nCopyright © 2022 James Woolfenden\n\n## License\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\nSee [LICENSE](LICENSE) for full details.\n\nLicensed to the Apache Software Foundation (ASF) under one\nor more contributor license agreements. See the NOTICE file\ndistributed with this work for additional information\nregarding copyright ownership. The ASF licenses this file\nto you under the Apache License, Version 2.0 (the\n\"License\"); you may not use this file except in compliance\nwith the License. You may obtain a copy of the License at\n\n\u003chttps://www.apache.org/licenses/LICENSE-2.0\u003e\n\nUnless required by applicable law or agreed to in writing,\nsoftware distributed under the License is distributed on an\n\"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\nKIND, either express or implied. See the License for the\nspecific language governing permissions and limitations\nunder the License.\n\n### Contributors\n\n[![James Woolfenden][jameswoolfenden_avatar]][jameswoolfenden_homepage]\u003cbr/\u003e[James Woolfenden][jameswoolfenden_homepage]\n\n[jameswoolfenden_homepage]: https://github.com/jameswoolfenden\n[jameswoolfenden_avatar]: https://github.com/jameswoolfenden.png?size=150\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-config/lists"}