https://github.com/aws-ia/terraform-aws-shield-advanced
Configure and deploy Amazon Shield Advanced
https://github.com/aws-ia/terraform-aws-shield-advanced
aws aws-security aws-shield aws-shield-advanced protection security security-tools shield shield-advanced
Last synced: 9 months ago
JSON representation
Configure and deploy Amazon Shield Advanced
- Host: GitHub
- URL: https://github.com/aws-ia/terraform-aws-shield-advanced
- Owner: aws-ia
- License: apache-2.0
- Created: 2023-08-15T16:27:31.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-09-09T00:52:50.000Z (almost 3 years ago)
- Last Synced: 2024-12-31T21:34:50.056Z (over 1 year ago)
- Topics: aws, aws-security, aws-shield, aws-shield-advanced, protection, security, security-tools, shield, shield-advanced
- Language: HCL
- Homepage: https://registry.terraform.io/modules/aws-ia/shield-advanced/aws/latest
- Size: 113 KB
- Stars: 6
- Watchers: 5
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# Terraform Module for AWS Shield Advanced
Terraform module that creates AWS Shield Advanced Resources
- [Terraform Module for AWS Shield Advanced](#terraform-module-for-aws-shield-advanced)
- [Usage](#usage)
- [Overview Diagrams](#overview-diagrams)
- [Terraform Module](#terraform-module)
- [Requirements](#requirements)
- [Providers](#providers)
- [Modules](#modules)
- [Resources](#resources)
- [Inputs](#inputs)
- [Outputs](#outputs)
## Usage
```hcl
module "shield_advanced" {
source = "aws-ia/terraform-aws-shield-advanced/aws"
name = "Example protection"
resource_arn = "${local.arn_prefix}/${aws_eip.example.id}"
protection_group_config = [
{
id = "Arbitrary Resource"
aggregation = "MEAN"
pattern = "ARBITRARY"
members = "${local.arn_prefix}/${aws_eip.example.id}"
},
{
id = "All Resources"
aggregation = "MEAN"
pattern = "ALL"
},
{
id = "CloudFront Resource"
aggregation = "SUM"
pattern = "BY_RESOURCE_TYPE"
resource_type = "CLOUDFRONT_DISTRIBUTION"
},
{
id = "Route53 Resource"
aggregation = "MAX"
pattern = "BY_RESOURCE_TYPE"
resource_type = "ROUTE_53_HOSTED_ZONE"
},
{
id = "GlobalAccelerator Resource"
aggregation = "SUM"
pattern = "BY_RESOURCE_TYPE"
resource_type = "GLOBAL_ACCELERATOR"
},
{
id = "ALB Resource"
aggregation = "MEAN"
pattern = "BY_RESOURCE_TYPE"
resource_type = "APPLICATION_LOAD_BALANCER"
},
{
id = "CLB Resource"
aggregation = "MEAN"
pattern = "BY_RESOURCE_TYPE"
resource_type = "CLASSIC_LOAD_BALANCER"
},
{
id = "ElasticIP Resource"
aggregation = "SUM"
pattern = "BY_RESOURCE_TYPE"
resource_type = "ELASTIC_IP_ALLOCATION"
},
]
}
```
## Overview Diagrams
## Terraform Module
### Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [aws](#requirement\_aws) | >= 4.47 |
### Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 4.47 |
### Modules
No modules.
### Resources
| Name | Type |
|------|------|
| [aws_route53_health_check.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_health_check) | resource |
| [aws_shield_protection.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/shield_protection) | resource |
| [aws_shield_protection_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/shield_protection_group) | resource |
| [aws_shield_protection_health_check_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/shield_protection_health_check_association) | resource |
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [name](#input\_name) | A friendly name for the Protection you are creating. | `string` | n/a | yes |
| [protection\_group\_config](#input\_protection\_group\_config) | `id` - The name of the protection group, or protection\_group\_id
`aggregation` - Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
`pattern` - The criteria to use to choose the protected resources for inclusion in the group.
`resource_type` - (Optional) The resource type to include in the protection group. You must set this only when you set pattern to `BY_RESOURCE_TYPE`. |
list(object({
id = string
aggregation = string
pattern = string
resource_type = optional(string)
})) | n/a | yes |
| [resource\_arn](#input\_resource\_arn) | The ARN (Amazon Resource Name) of the resource to be protected. | `string` | n/a | yes |
| [health\_check\_configuration](#input\_health\_check\_configuration) | Amazon Route53 Health Check Configuration to be associated to AWS Shield Advanced Protection. | `map(any)` | `null` | no |
| [tags](#input\_tags) | Key-value map of resource tags to apply to all taggable resources created by the module. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Defaults to `{}`. | `map(string)` | `{}` | no |
### Outputs
| Name | Description |
|------|-------------|
| [route53\_health\_check](#output\_route53\_health\_check) | Amazon Route53 Health Check Configuration. |
| [shied\_protection](#output\_shied\_protection) | AWS Shield Advanced Protection and assigned resources. |
| [shied\_protection\_group](#output\_shied\_protection\_group) | Group of protected resources to be collectivelly handled by AWS Shield Advanced. |
| [shield\_protection\_health\_check\_association](#output\_shield\_protection\_health\_check\_association) | Association between an Amazon Route53 Health Check and an AWS Shield Advanced protected resource. |