https://github.com/blackbird-cloud/terraform-aws-securityhub
Terraform module to create an AWS Security Hub
https://github.com/blackbird-cloud/terraform-aws-securityhub
aws securityhub terraform
Last synced: 11 months ago
JSON representation
Terraform module to create an AWS Security Hub
- Host: GitHub
- URL: https://github.com/blackbird-cloud/terraform-aws-securityhub
- Owner: blackbird-cloud
- License: apache-2.0
- Created: 2023-05-25T11:12:53.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-01-31T14:49:41.000Z (12 months ago)
- Last Synced: 2025-01-31T15:19:55.499Z (12 months ago)
- Topics: aws, securityhub, terraform
- Language: HCL
- Homepage:
- Size: 68.4 KB
- Stars: 0
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://blackbird.cloud)
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
| [aws](#requirement\_aws) | ~> 5 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 5.47.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_securityhub_action_target.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_action_target) | resource |
| [aws_securityhub_finding_aggregator.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_finding_aggregator) | resource |
| [aws_securityhub_member.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_member) | resource |
| [aws_securityhub_organization_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_organization_configuration) | resource |
| [aws_securityhub_product_subscription.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_product_subscription) | resource |
| [aws_securityhub_standards_control.disabled_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_control) | resource |
| [aws_securityhub_standards_subscription.best_practices_aws_foundations_benchmark](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription) | resource |
| [aws_securityhub_standards_subscription.cis_1_2_aws_foundations_benchmark](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription) | resource |
| [aws_securityhub_standards_subscription.cis_1_4_aws_foundations_benchmark](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription) | resource |
| [aws_organizations_organizational_unit_descendant_accounts.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organizational_unit_descendant_accounts) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [action\_targets](#input\_action\_targets) | Map of action targets to configure, configures AWS Security Hub to send selected insights and findings to Amazon EventBridge. |
map(object({
name = string
identifier = string
description = string
})) | `{}` | no |
| [auto\_enable](#input\_auto\_enable) | (Optional) Whether to automatically enable Security Hub for new accounts in the organization. Defaults to false. | `bool` | `true` | no |
| [auto\_enable\_standards](#input\_auto\_enable\_standards) | (Optional) Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to DEFAULT, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to NONE. | `string` | `"DEFAULT"` | no |
| [disabled\_rules](#input\_disabled\_rules) | Map of rules to disable from the enabled standards. | map(object({
standards_control_arn = string
disabled_reason = string
})) | `{}` | no |
| [enable\_best\_practices](#input\_enable\_best\_practices) | Whether to enable the AWS Foundational Security Best Practices standards subscription. | `bool` | `true` | no |
| [enable\_cis\_1\_2](#input\_enable\_cis\_1\_2) | Whether to enable the CIS AWS Foundations Benchmark v1.2.0 standards subscription. If you want to disable this, on first deploy leave it enabled, then disable it. | `bool` | `true` | no |
| [enable\_cis\_1\_4](#input\_enable\_cis\_1\_4) | Whether to enable the CIS AWS Foundations Benchmark v1.4.0 standards subscription. | `bool` | `true` | no |
| [enable\_for\_organizational\_units](#input\_enable\_for\_organizational\_units) | Map of Organizational Units to enable Security Hub for. | `map(string)` | `{}` | no |
| [product\_arns](#input\_product\_arns) | (Optional) Map of production name : product arn. The ARN of the product that generates findings that you want to import into Security Hub. | `map(string)` | `{}` | no |
| [region](#input\_region) | AWS Region used for picking up the ARNs for the securityhub standards subscriptions. | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [action\_targets](#output\_action\_targets) | n/a |
| [disabled\_rules](#output\_disabled\_rules) | n/a |
| [product\_subscriptions](#output\_product\_subscriptions) | n/a |
## About
We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
Checkout our other :point\_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)
## Copyright
Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)