{"id":18898783,"url":"https://github.com/tedilabs/terraform-aws-security","last_synced_at":"2026-02-25T09:06:54.797Z","repository":{"id":37693838,"uuid":"433037471","full_name":"tedilabs/terraform-aws-security","owner":"tedilabs","description":"🌳 A sustainable Terraform Package which creates Security resources on AWS","archived":false,"fork":false,"pushed_at":"2025-03-20T18:15:44.000Z","size":342,"stargazers_count":18,"open_issues_count":8,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-03T14:05:04.283Z","etag":null,"topics":["aws","aws-access-analyzer","aws-config","devops","hacktoberfest","hcl2","iac","lang-hcl","sre","tedilabs","terraform","terraform-aws","terraform-module","terraform-modules"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/tedilabs/security/aws","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tedilabs.png","metadata":{"funding":{"github":"tedilabs","patreon":"posquit0","ko_fi":"posquit0","custom":"https://www.paypal.me/posquit0"},"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-11-29T12:40:05.000Z","updated_at":"2025-03-20T18:15:47.000Z","dependencies_parsed_at":"2023-10-02T18:52:49.052Z","dependency_job_id":"819b6d04-33c4-4686-8ee6-34630fc7d8cc","html_url":"https://github.com/tedilabs/terraform-aws-security","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/tedilabs/terraform-aws-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tedilabs","download_url":"https://codeload.github.com/tedilabs/terraform-aws-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-security/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264585371,"owners_count":23632646,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-access-analyzer","aws-config","devops","hacktoberfest","hcl2","iac","lang-hcl","sre","tedilabs","terraform","terraform-aws","terraform-module","terraform-modules"],"created_at":"2024-11-08T08:44:08.633Z","updated_at":"2026-02-25T09:06:54.792Z","avatar_url":"https://github.com/tedilabs.png","language":"HCL","readme":"# terraform-aws-security\n\n![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/tedilabs/terraform-aws-security?color=blue\u0026sort=semver\u0026style=flat-square)\n![GitHub](https://img.shields.io/github/license/tedilabs/terraform-aws-security?color=blue\u0026style=flat-square)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white\u0026style=flat-square)](https://github.com/pre-commit/pre-commit)\n\nTerraform module which creates security related resources on AWS.\n\n- [access-analyzer](./modules/access-analyzer)\n- [cloudtrail-event-data-store](./modules/cloudtrail-event-data-store)\n- [cloudtrail-trail](./modules/cloudtrail-trail)\n- [config-managed-rule](./modules/config-managed-rule)\n- [config-recorder](./modules/config-recorder)\n- [macie-account](./modules/macie-account)\n- [macie-custom-data-identifier](./modules/macie-custom-data-identifier)\n\n\n## Target AWS Services\n\nTerraform Modules from [this package](https://github.com/tedilabs/terraform-aws-security) were written to manage the following AWS Services with Terraform.\n\n- **AWS IAM**\n  - Access Analyzer\n- **AWS CloudTrail**\n  - Event Data Store\n  - Trail\n- **AWS Config**\n  - Recorder\n  - Rules\n    - Managed Rules\n- **AWS Macie**\n  - Account\n    - Member Accounts\n    - Organization Configurations\n  - Custom Data Identifier\n\n\n## Usage\n\n### CloudTrail\n\n```tf\nmodule \"event_data_store\" {\n  source  = \"tedilabs/security/aws//modules/cloudtrail-event-data-store\"\n  version = \"~\u003e 0.6.0\"\n\n  name = \"management-event\"\n\n  level = \"ACCOUNT\"\n  scope = \"REGIONAL\"\n\n\n  ## Event Selector\n  event_type = \"CLOUDTRAIL_EVENTS\"\n  event_selectors = [\n    {\n      category        = \"MANAGEMENT\"\n      scope           = \"READ\"\n      exclude_sources = [\"kms.amazonaws.com\"]\n    },\n    {\n      category      = \"DATA\"\n      scope         = \"ALL\"\n      resource_type = \"AWS::S3::Object\"\n      selectors = [\n        {\n          field    = \"resource_arn\"\n          operator = \"ends_with\"\n          values   = [\"hello\"]\n        }\n      ]\n    },\n    {\n      category      = \"DATA\"\n      scope         = \"WRITE\"\n      resource_type = \"AWS::S3Outposts::Object\"\n      selectors = [\n        {\n          field    = \"event_name\"\n          operator = \"starts_with\"\n          values   = [\"Put\"]\n        }\n      ]\n    },\n  ]\n\n\n  ## IAM Role\n  import_trail_events_iam_role = {\n    enabled = true\n    source_s3_buckets = [\n      {\n        name = \"helloworld\"\n        key_prefix = \"asdf/\"\n      },\n      {\n        name = \"foo\"\n        key_prefix = \"bar/\"\n      },\n      {\n        name = \"demo\"\n        key_prefix = \"\"\n      },\n    ]\n  }\n\n\n  ## Attributes\n  retention_in_days              = 365 * 7\n  termination_protection_enabled = false\n\n  tags = {\n    \"project\" = \"terraform-aws-security-examples\"\n  }\n}\n```\n\n\n## Examples\n\n### CloudTrail\n\n- [Simple Event Data Store in CloudTrail](./examples/cloudtrail-event-data-store-simple)\n- [Event Data Store in CloudTrail with Config Configuration Items](./examples/cloudtrail-event-data-store-config)\n- [Full Event Data Store in CloudTrail](./examples/cloudtrail-event-data-store-full)\n\n### Macie\n\n- [Simple Macie Account](./examples/macie-account-simple)\n\n\n## Self Promotion\n\nLike this project? Follow the repository on [GitHub](https://github.com/tedilabs/terraform-aws-security). And if you're feeling especially charitable, follow **[posquit0](https://github.com/posquit0)** on GitHub.\n\n\n## License\n\nProvided under the terms of the [Apache License](LICENSE).\n\nCopyright © 2021-2026, [Byungjin Park](https://www.posquit0.com).","funding_links":["https://github.com/sponsors/tedilabs","https://patreon.com/posquit0","https://ko-fi.com/posquit0","https://www.paypal.me/posquit0"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftedilabs%2Fterraform-aws-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftedilabs%2Fterraform-aws-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftedilabs%2Fterraform-aws-security/lists"}