https://github.com/rhythmictech/terraform-aws-config-multiregion

Manages the rhythmictech/terraform-aws-config module across many regions
https://github.com/rhythmictech/terraform-aws-config-multiregion

Last synced: 3 months ago
JSON representation

Manages the rhythmictech/terraform-aws-config module across many regions

• Host: GitHub
• URL: https://github.com/rhythmictech/terraform-aws-config-multiregion
• Owner: rhythmictech
• License: mit
• Created: 2021-01-30T21:59:55.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2023-08-29T15:08:55.000Z (almost 3 years ago)
• Last Synced: 2026-02-12T09:47:32.592Z (4 months ago)
• Language: HCL
• Homepage: https://registry.terraform.io/modules/rhythmictech/config-multiregion/aws/latest
• Size: 29.3 KB
• Stars: 2
• Watchers: 0
• Forks: 2
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
# terraform-aws-config-multiregion

A wrapper module for [terraform-aws-config](https://github.com/rhythmictech/terraform-aws-config) to configure across an arbitrary set of regions.

[![tflint](https://github.com/rhythmictech/terraform-aws-config-multiregion/workflows/tflint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-config-multiregion/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)

[![tfsec](https://github.com/rhythmictech/terraform-aws-config-multiregion/workflows/tfsec/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-config-multiregion/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)

[![yamllint](https://github.com/rhythmictech/terraform-aws-config-multiregion/workflows/yamllint/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-config-multiregion/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)

[![misspell](https://github.com/rhythmictech/terraform-aws-config-multiregion/workflows/misspell/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-config-multiregion/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)

[![pre-commit-check](https://github.com/rhythmictech/terraform-aws-config-multiregion/workflows/pre-commit-check/badge.svg?branch=master&event=push)](https://github.com/rhythmictech/terraform-aws-config-multiregion/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)



## Example

Here's what using the module will look like

```hcl

module "example" {

  source = "rhythmictech/config/aws"

}

```

## About

There's no good way to do arbitrary multi-region things in TF, and some things need to be arbitrarily in multiple regions. For example, AWS Config should be enabled in any region you haven't administratively disabled.

This module will simply wrap the `terraform-aws-config` module for the regions you specify in `enabled_regions`.

*Note:* This module will forward all notifications via SNS->SQS to the SNS topic you specify. The SQS queue will be created in your default region, and the SNS topic must also be in that same region.

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.13.5 |

|  [aws](#requirement\_aws) | >= 3.8 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 3.8 |

|  [aws.ap-northeast-1](#provider\_aws.ap-northeast-1) | >= 3.8 |

|  [aws.ap-northeast-2](#provider\_aws.ap-northeast-2) | >= 3.8 |

|  [aws.ap-northeast-3](#provider\_aws.ap-northeast-3) | >= 3.8 |

|  [aws.ap-south-1](#provider\_aws.ap-south-1) | >= 3.8 |

|  [aws.ap-southeast-1](#provider\_aws.ap-southeast-1) | >= 3.8 |

|  [aws.ap-southeast-2](#provider\_aws.ap-southeast-2) | >= 3.8 |

|  [aws.ca-central-1](#provider\_aws.ca-central-1) | >= 3.8 |

|  [aws.eu-central-1](#provider\_aws.eu-central-1) | >= 3.8 |

|  [aws.eu-north-1](#provider\_aws.eu-north-1) | >= 3.8 |

|  [aws.eu-west-1](#provider\_aws.eu-west-1) | >= 3.8 |

|  [aws.eu-west-2](#provider\_aws.eu-west-2) | >= 3.8 |

|  [aws.eu-west-3](#provider\_aws.eu-west-3) | >= 3.8 |

|  [aws.sa-east-1](#provider\_aws.sa-east-1) | >= 3.8 |

|  [aws.us-east-1](#provider\_aws.us-east-1) | >= 3.8 |

|  [aws.us-east-2](#provider\_aws.us-east-2) | >= 3.8 |

|  [aws.us-west-1](#provider\_aws.us-west-1) | >= 3.8 |

|  [aws.us-west-2](#provider\_aws.us-west-2) | >= 3.8 |

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [ap\_northeast\_1](#module\_ap\_northeast\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [ap\_northeast\_2](#module\_ap\_northeast\_2) | rhythmictech/config/aws | ~> 1.2.0 |

|  [ap\_northeast\_3](#module\_ap\_northeast\_3) | rhythmictech/config/aws | ~> 1.2.0 |

|  [ap\_south\_1](#module\_ap\_south\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [ap\_southeast\_1](#module\_ap\_southeast\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [ap\_southeast\_2](#module\_ap\_southeast\_2) | rhythmictech/config/aws | ~> 1.2.0 |

|  [ca\_central\_1](#module\_ca\_central\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [eu\_central\_1](#module\_eu\_central\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [eu\_north\_1](#module\_eu\_north\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [eu\_west\_1](#module\_eu\_west\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [eu\_west\_2](#module\_eu\_west\_2) | rhythmictech/config/aws | ~> 1.2.0 |

|  [eu\_west\_3](#module\_eu\_west\_3) | rhythmictech/config/aws | ~> 1.2.0 |

|  [sa\_east\_1](#module\_sa\_east\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [us\_east\_1](#module\_us\_east\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [us\_east\_2](#module\_us\_east\_2) | rhythmictech/config/aws | ~> 1.2.0 |

|  [us\_west\_1](#module\_us\_west\_1) | rhythmictech/config/aws | ~> 1.2.0 |

|  [us\_west\_2](#module\_us\_west\_2) | rhythmictech/config/aws | ~> 1.2.0 |

## Resources

| Name | Type |

|------|------|

| [aws_sns_topic.ap_northeast_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.ap_northeast_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.ap_northeast_3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.ap_south_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.ap_southeast_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.ap_southeast_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.ca_central_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.eu_central_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.eu_north_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.eu_west_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.eu_west_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.eu_west_3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.sa_east_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.us_east_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.us_east_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.us_west_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic.us_west_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |

| [aws_sns_topic_subscription.ap_northeast_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.ap_northeast_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.ap_northeast_3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.ap_south_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.ap_southeast_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.ap_southeast_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.ca_central_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.eu_central_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.eu_north_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.eu_west_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.eu_west_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.eu_west_3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.sa_east_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.us_east_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.us_east_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.us_west_1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sns_topic_subscription.us_west_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |

| [aws_sqs_queue.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [bucket\_suffix](#input\_bucket\_suffix) | Suffix to append to S3 bucket name | `string` | `"awsconfig"` | no |

|  [delivery\_channel\_name](#input\_delivery\_channel\_name) | Name of the delivery channel | `string` | `"awsconfig-s3"` | no |

|  [enabled\_global\_logging\_regions](#input\_enabled\_global\_logging\_regions) | Regions to enable global logging in | `list(string)` | 
[
  "us-east-1"
]
 | no |

|  [enabled\_regions](#input\_enabled\_regions) | Regions to enable module in | `list(string)` | 
[
  "us-east-1",
  "us-east-2",
  "us-west-1",
  "us-west-2",
  "ca-central-1",
  "eu-central-1",
  "eu-west-1",
  "eu-west-2",
  "eu-west-3",
  "eu-north-1",
  "ap-northeast-1",
  "ap-northeast-2",
  "ap-northeast-3",
  "ap-southeast-1",
  "ap-southeast-2",
  "ap-south-1",
  "sa-east-1"
]
 | no |

|  [logging\_bucket](#input\_logging\_bucket) | Optional target for S3 access logging | `string` | `null` | no |

|  [logging\_prefix](#input\_logging\_prefix) | Optional target prefix for S3 access logging (only used if `s3_access_logging_bucket` is set) | `string` | `null` | no |

|  [recorder\_name](#input\_recorder\_name) | Name of the config recorder | `string` | `"awsconfig"` | no |

|  [snapshot\_delivery\_frequency](#input\_snapshot\_delivery\_frequency) | Deliery frequency: One\_Hour, Three\_Hours, Six\_Hours, Twelve\_Hours, TwentyFour\_Hours | `string` | `"Six_Hours"` | no |

|  [tags](#input\_tags) | Tags to add to resources that support it | `map(string)` | `{}` | no |


## Outputs

No outputs.

## Getting Started

This workflow has a few prerequisites which are installed through the `./bin/install-x.sh` scripts and are linked below. The install script will also work on your local machine. 

- [pre-commit](https://pre-commit.com)

- [terraform](https://terraform.io)

- [tfenv](https://github.com/tfutils/tfenv)

- [terraform-docs](https://github.com/segmentio/terraform-docs)

- [tfsec](https://github.com/tfsec/tfsec)

- [tflint](https://github.com/terraform-linters/tflint)

We use `tfenv` to manage `terraform` versions, so the version is defined in the `versions.tf` and `tfenv` installs the latest compliant version.

`pre-commit` is like a package manager for scripts that integrate with git hooks. We use them to run the rest of the tools before apply. 

`terraform-docs` creates the beautiful docs (above),  `tfsec` scans for security no-nos, `tflint` scans for best practices.