{"id":29943230,"url":"https://github.com/sourcefuse/terraform-aws-arc-security","last_synced_at":"2026-02-10T15:08:04.080Z","repository":{"id":207025352,"uuid":"718187019","full_name":"sourcefuse/terraform-aws-arc-security","owner":"sourcefuse","description":null,"archived":false,"fork":false,"pushed_at":"2025-06-05T06:16:11.000Z","size":4398,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-08-01T05:55:59.020Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sourcefuse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security-hub-notification.tf","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-11-13T15:05:30.000Z","updated_at":"2025-06-05T06:15:52.000Z","dependencies_parsed_at":"2024-08-14T21:21:34.460Z","dependency_job_id":"ca56009a-31a1-43a8-96e6-88dfbe6536ce","html_url":"https://github.com/sourcefuse/terraform-aws-arc-security","commit_stats":null,"previous_names":["sourcefuse/terraform-aws-arc-security"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/sourcefuse/terraform-aws-arc-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sourcefuse","download_url":"https://codeload.github.com/sourcefuse/terraform-aws-arc-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29303420,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T14:34:17.295Z","status":"ssl_error","status_checked_at":"2026-02-10T14:33:22.845Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-03T02:14:38.803Z","updated_at":"2026-02-10T15:08:04.075Z","avatar_url":"https://github.com/sourcefuse.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Module Structure](./static/banner.png)\n\n# [terraform-aws-arc-security](https://github.com/sourcefuse/terraform-aws-arc-security)\n\n\u003ca href=\"https://github.com/sourcefuse/terraform-aws-arc-security/releases/latest\"\u003e\u003cimg src=\"https://img.shields.io/github/release/sourcefuse/terraform-aws-arc-security.svg?style=for-the-badge\" alt=\"Latest Release\"/\u003e\u003c/a\u003e \u003ca href=\"https://github.com/sourcefuse/terraform-aws-arc-security/commits\"\u003e\u003cimg src=\"https://img.shields.io/github/last-commit/sourcefuse/terraform-aws-arc-security.svg?style=for-the-badge\" alt=\"Last Updated\"/\u003e\u003c/a\u003e ![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge\u0026logo=terraform\u0026logoColor=white) ![GitHub Actions](https://img.shields.io/badge/github%20actions-%232671E5.svg?style=for-the-badge\u0026logo=githubactions\u0026logoColor=white)\n\n[![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=sourcefuse_terraform-aws-arc-security)](https://sonarcloud.io/summary/new_code?id=sourcefuse_terraform-aws-arc-security)\n\n[![Known Vulnerabilities](https://github.com/sourcefuse/terraform-aws-arc-security/actions/workflows/snyk.yaml/badge.svg)](https://github.com/sourcefuse/terraform-aws-arc-security/actions/workflows/snyk.yaml)\n## Overview\n\nThe SourceFuse AWS Reference Architecture (ARC) Terraform module streamlines the management of Security Hub components, enhancing security posture and compliance for AWS environments. This module offers simplified configuration and deployment for Security Hub, optimizing resource allocation and threat detection capabilities.\n\nFor more information about this repository and its usage, please see [Terraform AWS ARC GitHub SECURITY Module Usage Guide](https://github.com/sourcefuse/terraform-aws-arc-security/blob/main/docs/module-usage-guide/README.md).\n\n## Usage\n\nTo see a full example, check out the [main.tf](./example/main.tf) file in the example folder.  \n\n```hcl\nmodule \"cloud_security\" {\n  source      = \"sourcefuse/arc-security/aws\"\n  version     = \"1.0.2\"\n  region      = var.region\n  environment = var.environment\n  namespace   = var.namespace\n\n  enable_inspector    = true\n  enable_aws_config   = true\n  enable_guard_duty   = true\n  enable_security_hub = false\n\n  create_config_iam_role = true\n\n  aws_config_sns_subscribers   = local.aws_config_sns_subscribers\n  guard_duty_sns_subscribers   = local.guard_duty_sns_subscribers\n  security_hub_sns_subscribers = local.security_hub_sns_subscribers\n\n  aws_config_managed_rules       = var.aws_config_managed_rules\n  enabled_security_hub_standards = local.security_hub_standards\n\n  create_inspector_iam_role               = var.create_inspector_iam_role\n  inspector_enabled_rules                 = var.inspector_enabled_rules\n  inspector_schedule_expression           = var.inspector_schedule_expression\n  inspector_assessment_event_subscription = var.inspector_assessment_event_subscription\n\n  tags = module.tags.tags\n}\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.5.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 5.0, \u003c 6.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 5.99.1 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_aws_config_storage\"\u003e\u003c/a\u003e [aws\\_config\\_storage](#module\\_aws\\_config\\_storage) | cloudposse/config-storage/aws | 1.0.2 |\n| \u003ca name=\"module_config\"\u003e\u003c/a\u003e [config](#module\\_config) | cloudposse/config/aws | 1.5.2 |\n| \u003ca name=\"module_guard_duty\"\u003e\u003c/a\u003e [guard\\_duty](#module\\_guard\\_duty) | cloudposse/guardduty/aws | 0.6.0 |\n| \u003ca name=\"module_guard_duty_sns_topic\"\u003e\u003c/a\u003e [guard\\_duty\\_sns\\_topic](#module\\_guard\\_duty\\_sns\\_topic) | cloudposse/sns-topic/aws | 0.20.1 |\n| \u003ca name=\"module_inspector\"\u003e\u003c/a\u003e [inspector](#module\\_inspector) | ./modules/inspector | n/a |\n| \u003ca name=\"module_security_hub\"\u003e\u003c/a\u003e [security\\_hub](#module\\_security\\_hub) | cloudposse/security-hub/aws | 0.12.2 |\n| \u003ca name=\"module_securityhub_sns_kms_key\"\u003e\u003c/a\u003e [securityhub\\_sns\\_kms\\_key](#module\\_securityhub\\_sns\\_kms\\_key) | cloudposse/kms-key/aws | 0.12.2 |\n| \u003ca name=\"module_securityhub_sns_topic\"\u003e\u003c/a\u003e [securityhub\\_sns\\_topic](#module\\_securityhub\\_sns\\_topic) | cloudposse/sns-topic/aws | 0.21.0 |\n| \u003ca name=\"module_sns_guard_duty\"\u003e\u003c/a\u003e [sns\\_guard\\_duty](#module\\_sns\\_guard\\_duty) | cloudposse/sns-topic/aws | 0.21.0 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_event_rule.guard_duty_findings](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |\n| [aws_cloudwatch_event_rule.imported_findings](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |\n| [aws_cloudwatch_event_target.guard_duty_imported_findings](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |\n| [aws_cloudwatch_event_target.security_hub_imported_findings](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |\n| [aws_kms_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |\n| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_sns_topic_policy.sns_topic_guard_duty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.guard_duty_sns_topic_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.securityhub_sns_kms_key_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_session_context.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_session_context) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_add_inspector_member_accounts\"\u003e\u003c/a\u003e [add\\_inspector\\_member\\_accounts](#input\\_add\\_inspector\\_member\\_accounts) | Whether to associate as a member account with your Amazon Inspector delegated administrator account. | `bool` | `false` | no |\n| \u003ca name=\"input_aws_config_managed_rules\"\u003e\u003c/a\u003e [aws\\_config\\_managed\\_rules](#input\\_aws\\_config\\_managed\\_rules) | A list of AWS Managed Rules that should be enabled on the account.\u003cbr\u003e\u003cbr\u003eSee the following for a list of possible rules to enable:\u003cbr\u003ehttps://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html | \u003cpre\u003emap(object({\u003cbr\u003e    description      = string\u003cbr\u003e    identifier       = string\u003cbr\u003e    input_parameters = any\u003cbr\u003e    tags             = map(string)\u003cbr\u003e    enabled          = bool\u003cbr\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_aws_config_sns_subscribers\"\u003e\u003c/a\u003e [aws\\_config\\_sns\\_subscribers](#input\\_aws\\_config\\_sns\\_subscribers) | A map of subscription configurations for SNS topics\u003cbr\u003e\u003cbr\u003eFor more information, see:\u003cbr\u003ehttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\u003cbr\u003e\u003cbr\u003eprotocol:\u003cbr\u003e  The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\u003cbr\u003e  supported, see link) (email is an option but is unsupported in terraform, see link).\u003cbr\u003eendpoint:\u003cbr\u003e  The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\u003cbr\u003eendpoint\\_auto\\_confirms:\u003cbr\u003e  Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\u003cbr\u003e  false\u003cbr\u003eraw\\_message\\_delivery:\u003cbr\u003e  Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).\u003cbr\u003e  Default is false | \u003cpre\u003emap(object({\u003cbr\u003e    protocol               = string\u003cbr\u003e    endpoint               = string\u003cbr\u003e    endpoint_auto_confirms = bool\u003cbr\u003e    raw_message_delivery   = bool\u003cbr\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_create_config_iam_role\"\u003e\u003c/a\u003e [create\\_config\\_iam\\_role](#input\\_create\\_config\\_iam\\_role) | Flag to indicate whether an iam role should be created for aws config. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_aws_config\"\u003e\u003c/a\u003e [enable\\_aws\\_config](#input\\_enable\\_aws\\_config) | Whether to enable AWS Config | `bool` | `true` | no |\n| \u003ca name=\"input_enable_guard_duty\"\u003e\u003c/a\u003e [enable\\_guard\\_duty](#input\\_enable\\_guard\\_duty) | Whether to enable Guard Duty | `bool` | `true` | no |\n| \u003ca name=\"input_enable_inspector\"\u003e\u003c/a\u003e [enable\\_inspector](#input\\_enable\\_inspector) | Whether to enable Inspector | `bool` | `true` | no |\n| \u003ca name=\"input_enable_inspector_at_orgnanization\"\u003e\u003c/a\u003e [enable\\_inspector\\_at\\_orgnanization](#input\\_enable\\_inspector\\_at\\_orgnanization) | Whether to enable Inspecter at Org level, if false account\\_list should be provided | `bool` | `false` | no |\n| \u003ca name=\"input_enable_security_hub\"\u003e\u003c/a\u003e [enable\\_security\\_hub](#input\\_enable\\_security\\_hub) | Whether to enable Security Hub | `bool` | `true` | no |\n| \u003ca name=\"input_enabled_security_hub_standards\"\u003e\u003c/a\u003e [enabled\\_security\\_hub\\_standards](#input\\_enabled\\_security\\_hub\\_standards) | A list of standards/rulesets to enable\u003cbr\u003e\u003cbr\u003eSee https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription#argument-reference\u003cbr\u003e\u003cbr\u003eThe possible values are:\u003cbr\u003e\u003cbr\u003e  - standards/aws-foundational-security-best-practices/v/1.0.0\u003cbr\u003e  - ruleset/cis-aws-foundations-benchmark/v/1.2.0\u003cbr\u003e  - standards/pci-dss/v/3.2.1 | `list(any)` | n/a | yes |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | n/a | yes |\n| \u003ca name=\"input_force_destroy\"\u003e\u003c/a\u003e [force\\_destroy](#input\\_force\\_destroy) | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | `bool` | `false` | no |\n| \u003ca name=\"input_guard_duty_s3_protection_enabled\"\u003e\u003c/a\u003e [guard\\_duty\\_s3\\_protection\\_enabled](#input\\_guard\\_duty\\_s3\\_protection\\_enabled) | Flag to indicate whether S3 protection will be turned on in GuardDuty. | `bool` | `false` | no |\n| \u003ca name=\"input_guard_duty_sns_subscribers\"\u003e\u003c/a\u003e [guard\\_duty\\_sns\\_subscribers](#input\\_guard\\_duty\\_sns\\_subscribers) | A map of subscription configurations for SNS topics\u003cbr\u003e\u003cbr\u003eFor more information, see:\u003cbr\u003ehttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\u003cbr\u003e\u003cbr\u003eprotocol:\u003cbr\u003e  The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\u003cbr\u003e  supported, see link) (email is an option but is unsupported in terraform, see link).\u003cbr\u003eendpoint:\u003cbr\u003e  The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\u003cbr\u003eendpoint\\_auto\\_confirms:\u003cbr\u003e  Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\u003cbr\u003e  false\u003cbr\u003eraw\\_message\\_delivery:\u003cbr\u003e  Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).\u003cbr\u003e  Default is false | \u003cpre\u003emap(object({\u003cbr\u003e    protocol               = string\u003cbr\u003e    endpoint               = string\u003cbr\u003e    endpoint_auto_confirms = bool\u003cbr\u003e    raw_message_delivery   = bool\u003cbr\u003e  }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_inspector_account_list\"\u003e\u003c/a\u003e [inspector\\_account\\_list](#input\\_inspector\\_account\\_list) | List of Account for which inspector has to be enabled | `list(string)` | n/a | yes |\n| \u003ca name=\"input_inspector_resource_types\"\u003e\u003c/a\u003e [inspector\\_resource\\_types](#input\\_inspector\\_resource\\_types) | Type of resources to scan. Valid values are EC2, ECR, LAMBDA and LAMBDA\\_CODE. At least one item is required. | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"EC2\",\u003cbr\u003e  \"ECR\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_inspector_schedule_expression\"\u003e\u003c/a\u003e [inspector\\_schedule\\_expression](#input\\_inspector\\_schedule\\_expression) | AWS Schedule Expression to indicate how often the inspector scheduled event shoud run | `string` | `\"rate(7 days)\"` | no |\n| \u003ca name=\"input_inspector_sns_subscribers\"\u003e\u003c/a\u003e [inspector\\_sns\\_subscribers](#input\\_inspector\\_sns\\_subscribers) | A map of subscription configurations for SNS topics\u003cbr\u003e\u003cbr\u003eFor more information, see:\u003cbr\u003ehttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\u003cbr\u003e\u003cbr\u003eprotocol:\u003cbr\u003e  The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\u003cbr\u003e  supported, see link) (email is an option but is unsupported in terraform, see link).\u003cbr\u003eendpoint:\u003cbr\u003e  The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\u003cbr\u003eendpoint\\_auto\\_confirms:\u003cbr\u003e  Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\u003cbr\u003e  false\u003cbr\u003eraw\\_message\\_delivery:\u003cbr\u003e  Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).\u003cbr\u003e  Default is false | \u003cpre\u003emap(object({\u003cbr\u003e    protocol               = string\u003cbr\u003e    endpoint               = string\u003cbr\u003e    endpoint_auto_confirms = bool\u003cbr\u003e    raw_message_delivery   = bool\u003cbr\u003e  }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_namespace\"\u003e\u003c/a\u003e [namespace](#input\\_namespace) | Namespace for the resources. | `string` | n/a | yes |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | AWS region | `string` | `\"us-east-1\"` | no |\n| \u003ca name=\"input_security_hub_sns_subscribers\"\u003e\u003c/a\u003e [security\\_hub\\_sns\\_subscribers](#input\\_security\\_hub\\_sns\\_subscribers) | A map of subscription configurations for SNS topics\u003cbr\u003e\u003cbr\u003eFor more information, see:\u003cbr\u003ehttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\u003cbr\u003e\u003cbr\u003eprotocol:\u003cbr\u003e  The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\u003cbr\u003e  supported, see link) (email is an option but is unsupported in terraform, see link).\u003cbr\u003eendpoint:\u003cbr\u003e  The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\u003cbr\u003eendpoint\\_auto\\_confirms:\u003cbr\u003e  Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\u003cbr\u003e  false\u003cbr\u003eraw\\_message\\_delivery:\u003cbr\u003e  Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).\u003cbr\u003e  Default is false | \u003cpre\u003emap(object({\u003cbr\u003e    protocol               = string\u003cbr\u003e    endpoint               = string\u003cbr\u003e    endpoint_auto_confirms = bool\u003cbr\u003e    raw_message_delivery   = bool\u003cbr\u003e  }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Tags for AWS resources | `map(string)` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_aws_config_configuration_recorder_id\"\u003e\u003c/a\u003e [aws\\_config\\_configuration\\_recorder\\_id](#output\\_aws\\_config\\_configuration\\_recorder\\_id) | The ID of the AWS Config Recorder |\n| \u003ca name=\"output_aws_config_iam_role\"\u003e\u003c/a\u003e [aws\\_config\\_iam\\_role](#output\\_aws\\_config\\_iam\\_role) | IAM Role used to make read or write requests to the delivery channel and to describe the AWS resources associated with\u003cbr\u003ethe account. |\n| \u003ca name=\"output_aws_config_sns_topic\"\u003e\u003c/a\u003e [aws\\_config\\_sns\\_topic](#output\\_aws\\_config\\_sns\\_topic) | SNS topic |\n| \u003ca name=\"output_aws_config_sns_topic_subscriptions\"\u003e\u003c/a\u003e [aws\\_config\\_sns\\_topic\\_subscriptions](#output\\_aws\\_config\\_sns\\_topic\\_subscriptions) | SNS topic subscriptions |\n| \u003ca name=\"output_guard_duty_detector\"\u003e\u003c/a\u003e [guard\\_duty\\_detector](#output\\_guard\\_duty\\_detector) | GuardDuty detector |\n| \u003ca name=\"output_guard_duty_sns_topic\"\u003e\u003c/a\u003e [guard\\_duty\\_sns\\_topic](#output\\_guard\\_duty\\_sns\\_topic) | SNS topic |\n| \u003ca name=\"output_guard_duty_sns_topic_subscriptions\"\u003e\u003c/a\u003e [guard\\_duty\\_sns\\_topic\\_subscriptions](#output\\_guard\\_duty\\_sns\\_topic\\_subscriptions) | SNS topic subscriptions |\n| \u003ca name=\"output_inspector_aws_cloudwatch_event_rule\"\u003e\u003c/a\u003e [inspector\\_aws\\_cloudwatch\\_event\\_rule](#output\\_inspector\\_aws\\_cloudwatch\\_event\\_rule) | The AWS Inspector event rule |\n| \u003ca name=\"output_inspector_aws_cloudwatch_event_target\"\u003e\u003c/a\u003e [inspector\\_aws\\_cloudwatch\\_event\\_target](#output\\_inspector\\_aws\\_cloudwatch\\_event\\_target) | The AWS Inspector event target |\n| \u003ca name=\"output_security_hub_enabled_subscriptions\"\u003e\u003c/a\u003e [security\\_hub\\_enabled\\_subscriptions](#output\\_security\\_hub\\_enabled\\_subscriptions) | A list of subscriptions that have been enabled |\n| \u003ca name=\"output_security_hub_sns_topic\"\u003e\u003c/a\u003e [security\\_hub\\_sns\\_topic](#output\\_security\\_hub\\_sns\\_topic) | The SNS topic that was created |\n| \u003ca name=\"output_security_hub_sns_topic_subscriptions\"\u003e\u003c/a\u003e [security\\_hub\\_sns\\_topic\\_subscriptions](#output\\_security\\_hub\\_sns\\_topic\\_subscriptions) | The SNS topic that was created |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n### Git commits\n\nwhile Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch\n\nFor Example\n\n```sh\ngit commit -m \"your commit message #major\"\n```\nBy specifying this , it will bump the version and if you dont specify this in your commit message then by default it will consider patch and will bump that accordingly\n\n\n## Development\n\n### Prerequisites\n\n- [terraform](https://learn.hashicorp.com/terraform/getting-started/install#installing-terraform)\n- [terraform-docs](https://github.com/segmentio/terraform-docs)\n- [pre-commit](https://pre-commit.com/#install)\n- [golang](https://golang.org/doc/install#install)\n- [golint](https://github.com/golang/lint#installation)\n\n### Configurations\n\n- Configure pre-commit hooks\n  ```sh\n  pre-commit install\n  ```\n\n### Tests\n- Tests are available in `test` directory\n- Configure the dependencies\n  ```sh\n  cd test/\n  go mod init github.com/sourcefuse/terraform-aws-refarch-\u003cmodule_name\u003e\n  go get github.com/gruntwork-io/terratest/modules/terraform\n  ```\n- Now execute the test  \n  ```sh\n  go test -timeout  30m\n  ```\n\n## Authors\n\nThis project is authored by:\n- SourceFuse\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-security/lists"}