https://github.com/sam-martin/terraform-aws-config-module

A Terraform Module for Controlling AWS Config (via CloudFormation)
https://github.com/sam-martin/terraform-aws-config-module

Last synced: about 1 year ago
JSON representation

A Terraform Module for Controlling AWS Config (via CloudFormation)

• Host: GitHub
• URL: https://github.com/sam-martin/terraform-aws-config-module
• Owner: Sam-Martin
• License: apache-2.0
• Created: 2016-04-19T14:55:09.000Z (about 10 years ago)
• Default Branch: master
• Last Pushed: 2017-03-30T13:47:55.000Z (about 9 years ago)
• Last Synced: 2025-04-23T03:47:18.848Z (about 1 year ago)
• Language: HCL
• Size: 48.8 KB
• Stars: 10
• Watchers: 0
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# aws-config-custom-rules-terraform

# Deprecated

A recent release of Terraform means you can control your AWS Config configuration through Terraform directly.  

Please see [the documentation for details](https://www.terraform.io/docs/providers/aws/r/config_config_rule.html).

# Description

This Terraform module allows you to automatically setup custom AWS Config rules.  

This module uses CloudFormation and Lambda in the back end to control the AWS Config components, due to a lack of support for AWS Config in Terraform at the time of writing.  

# Requirements  

* Custom rule's runtime function must be `lambda_handler` for Python scripts and `handler` for NodeJS scripts

# Setup

1. Create a bucket in which to place your config snapshots.

1. Download and package your rules as .py or .js files named after the rules into zip files named identically bar the file extension (use the `package-rule-lambda-functions.ps1` if on Windows)  

2. Place the zip files in `temp/` within the repository directory (or modify the `zip_folder` parameter to specify another path)  

3. Run the module as per the example in usage  

# Variables  

* `region` AWS region, does not set AWS region. Used to name roles etc. (**required**)  

* `delivery_channel_s3_bucket_name` name of the bucket in which you wish to store your config snapshots (**required**)  

* `delivery_channel_s3_bucket_prefix` key prefix to be used inside the bucket (defaults to blank)   

* `delivery_channel_delivery_frequency` frequency to evaluate periodic config rules (defaults to `TwentyFour_Hours`)

* `num_custom_rules` used to enumerate the custom rules (**required**)  

* `custom_rules` semicolon separated list of custom rule zip file names (**required**)  

* `custom_rule_languages` semicolon separated list of custom rule languages (affects runtime function) (**required**)

* `custom_rule_input_parameters` semicolon separated list of rules' parameters (use `{}` for no parameters) (**required**)  

* `custom_rule_message_types` semicolon separated list of trigger type for each custom rule. Valid values: `ConfigurationSnapshotDeliveryCompleted` and `ConfigurationItemChangeNotification` (**required**)  

* `custom_rule_scope` semicolon separated list of rule scopes (see [AWS Config ConfigRule Scope](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html)) (**required**)

* `zip_folder` relative or absolute path to the zips of the custom rule's lambda functions (defaults to `temp/`)  

# Example Usage

```

variable "region" {

  type = "string"

  default = "eu-west-1"

}

provider "aws" {

  region = "${var.region}"

}

module "aws_config_rules" {

  source = "github.com/Sam-Martin/terraform-aws-config-module/module"

  region = "${var.region}"

  num_custom_rules = 4

  custom_rule_languages = "nodejs;nodejs;nodejs;python2.7"

  delivery_channel_s3_bucket_name = "awsconfigtestbucket"

  delivery_channel_s3_bucket_prefix = "logs"

  custom_rules = <