Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tedilabs/terraform-aws-security
🌳 A sustainable Terraform Package which creates Security resources on AWS
https://github.com/tedilabs/terraform-aws-security
aws aws-access-analyzer aws-config devops hacktoberfest hcl2 iac lang-hcl sre tedilabs terraform terraform-aws terraform-module terraform-modules
Last synced: about 3 hours ago
JSON representation
🌳 A sustainable Terraform Package which creates Security resources on AWS
- Host: GitHub
- URL: https://github.com/tedilabs/terraform-aws-security
- Owner: tedilabs
- License: apache-2.0
- Created: 2021-11-29T12:40:05.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2024-06-28T05:42:25.000Z (4 months ago)
- Last Synced: 2024-06-28T06:45:11.274Z (4 months ago)
- Topics: aws, aws-access-analyzer, aws-config, devops, hacktoberfest, hcl2, iac, lang-hcl, sre, tedilabs, terraform, terraform-aws, terraform-module, terraform-modules
- Language: HCL
- Homepage: https://registry.terraform.io/modules/tedilabs/security/aws
- Size: 318 KB
- Stars: 18
- Watchers: 1
- Forks: 3
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# terraform-aws-security
[](https://github.com/pre-commit/pre-commit)
Terraform module which creates security related resources on AWS.
- [access-analyzer](./modules/access-analyzer)
- [cloudtrail-event-data-store](./modules/cloudtrail-event-data-store)
- [cloudtrail-trail](./modules/cloudtrail-trail)
- [config-managed-rule](./modules/config-managed-rule)
- [config-recorder](./modules/config-recorder)
- [macie-account](./modules/macie-account)
## Target AWS Services
Terraform Modules from [this package](https://github.com/tedilabs/terraform-aws-security) were written to manage the following AWS Services with Terraform.
- **AWS IAM**
- Access Analyzer
- **AWS CloudTrail**
- Event Data Store
- Trail
- **AWS Config**
- Recorder
- Rules
- Managed Rules
- **AWS Macie**
- Account
## Usage
### CloudTrail
```tf
module "event_data_store" {
source = "tedilabs/security/aws//modules/cloudtrail-event-data-store"
version = "~> 0.6.0"
name = "management-event"
level = "ACCOUNT"
scope = "REGIONAL"
## Event Selector
event_type = "CLOUDTRAIL_EVENTS"
event_selectors = [
{
category = "MANAGEMENT"
scope = "READ"
exclude_sources = ["kms.amazonaws.com"]
},
{
category = "DATA"
scope = "ALL"
resource_type = "AWS::S3::Object"
selectors = [
{
field = "resource_arn"
operator = "ends_with"
values = ["hello"]
}
]
},
{
category = "DATA"
scope = "WRITE"
resource_type = "AWS::S3Outposts::Object"
selectors = [
{
field = "event_name"
operator = "starts_with"
values = ["Put"]
}
]
},
]
## IAM Role
import_trail_events_iam_role = {
enabled = true
source_s3_buckets = [
{
name = "helloworld"
key_prefix = "asdf/"
},
{
name = "foo"
key_prefix = "bar/"
},
{
name = "demo"
key_prefix = ""
},
]
}
## Attributes
retention_in_days = 365 * 7
termination_protection_enabled = false
tags = {
"project" = "terraform-aws-security-examples"
}
}
```
## Examples
### CloudTrail
- [Simple Event Data Store in CloudTrail](./examples/cloudtrail-event-data-store-simple)
- [Event Data Store in CloudTrail with Config Configuration Items](./examples/cloudtrail-event-data-store-config)
- [Full Event Data Store in CloudTrail](./examples/cloudtrail-event-data-store-full)
### Macie
- [Simple Macie Account](./examples/macie-account-simple)
## Self Promotion
Like this project? Follow the repository on [GitHub](https://github.com/tedilabs/terraform-aws-security). And if you're feeling especially charitable, follow **[posquit0](https://github.com/posquit0)** on GitHub.
## License
Provided under the terms of the [Apache License](LICENSE).
Copyright © 2021-2023, [Byungjin Park](https://www.posquit0.com).