Skip to content

felimartina/terraform-aws-config

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.circleci
.circleci
 
 
config-policies
config-policies
 
 
iam-policies
iam-policies
 
 
.gitignore
.gitignore
 
 
.markdownlintrc
.markdownlintrc
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config-rules-availability.tf
config-rules-availability.tf
 
 
config-rules-availability.variables.tf
config-rules-availability.variables.tf
 
 
config-rules-cost.tf
config-rules-cost.tf
 
 
config-rules-cost.variables.tf
config-rules-cost.variables.tf
 
 
config-rules-management.tf
config-rules-management.tf
 
 
config-rules-management.variables.tf
config-rules-management.variables.tf
 
 
config-rules-performance.tf
config-rules-performance.tf
 
 
config-rules-performance.variables.tf
config-rules-performance.variables.tf
 
 
config-rules-security.tf
config-rules-security.tf
 
 
config-rules-security.variables.tf
config-rules-security.variables.tf
 
 
config-service.tf
config-service.tf
 
 
config-service.variables.tf
config-service.variables.tf
 
 
iam.tf
iam.tf
 
 
main.tf
main.tf
 
 

Repository files navigation

Enables AWS Config and adds managed config rules with good defaults.

This module comes with most of AWS managed Config Rules. All rules are disabled by default so you can only pick the rules that are relevant to you.

Some rules need extra parameters. Please refer to the table below to see a comprenhensive list of all inpur variables.

If you need a rule that is currently not included in this module please open a PR.

Usage

module "aws_config" {
  source                = "trussworks/aws/config"
  config_logs_bucket    = "my-aws-logs"
  cloudtrail_enabled    = 1
  required_tags         = 1
  required_tag_key_1    = "Owner"
  required_tag_key_2    = "Env"
  required_tag_values_2 = "Dev,QA,Prod"
}

Inputs

Name Description Type Default Required
acm_certificate_expiration_check MANAGEMENT ACM Enable this rule. string 0 no
acm_days_to_expiration For acm_days_to_expiration rule. Specify the number of days before the rule flags the ACM Certificate as noncompliant. string 14 no
autoscaling_group_elb_healthcheck_required AVAILABILITY EC2 Enable this rule. string 0 no
cloudtrail_enabled MANAGEMENT CLOUDTRAIL Enable this rule. string 0 no
config_delivery_frequency The frequency with which AWS Config delivers configuration snapshots. string Six_Hours no
config_logs_bucket The S3 bucket for AWS Config logs. string - yes
config_logs_prefix The S3 prefix for AWS Config logs. string config no
config_max_execution_frequency The maximum frequency with which AWS Config runs evaluations for a rule. string TwentyFour_Hours no
db_backup_preferred_backup_window For db_instance_backup_enabled rule. time range in which backups are created string `` no
db_backup_read_replicas For db_instance_backup_enabled rule. Evaluates whether backups are enabled for read replicas string `` no
db_backup_retention_period For db_instance_backup_enabled rule. The minimum retention period for backups string `` no
db_instance_backup_enabled MANAGEMENT RDS Enable this rule. string 0 no
desired_instance_type MANAGEMENT EC2 Enable this rule. string 0 no
desired_instance_types For desired_instance_types rule. Comma-separated list of EC2 instance types (for example, "t2.small, m4.large, i2.xlarge"). string `` no
ebs_optimized_instance PERFORMANCE EC2 EBS Enable this rule. string 0 no
ec2_applications_required_platform_type For ec2_managedinstance_applications_required rule. The platform type (for example, "Linux" or "Windows"). string `` no
ec2_applications_required_required_application_names For ec2_managedinstance_applications_required rule. Comma-separated list of application names. Optionally, specify versions appended with ":" (for example, "Chrome:0.5.3, FireFox"). string `` no
ec2_instance_detailed_monitoring_enabled MANAGEMENT EC2 Enable this rule. string 0 no
ec2_managedinstance_applications_required MANAGEMENT EC2 Enable this rule. string 0 no
ec2_managedinstance_platform_check MANAGEMENT EC2 Enable this rule. string 0 no
ec2_platform_check_agent_version For ec2_platform_check_platform_type rule. The version of the agent (for example, "2.0.433.0"). string `` no
ec2_platform_check_platform_type For ec2_platform_check_platform_type rule. The platform type (for example, "Linux" or "Windows"). string `` no
ec2_platform_check_platform_version For ec2_platform_check_platform_type rule. The version of the platform (for example, "2016.09"). string `` no
ec2_volume_inuse_check COST EC2 EBS Enable this rule. string 0 no
eip_attached COST EC2 VPC Enable this rule. string 0 no
elb_acm_certificate_required SECURITY EC2 ELB Enable this rule. string 0 no
encrypted_volumes SECURITY EC2 EBS Enable this rule. string 0 no
iam_group_has_users_check SECURITY MANAGEMENT IAM Enable this rule. string 0 no
iam_password_policy SECURITY IAM Enable this rule. string 0 no
iam_user_group_membership_check SECURITY MANAGEMENT IAM Enable this rule. string 0 no
iam_user_no_policies_check SECURITY MANAGEMENT IAM Enable this rule. string 0 no
instances_in_vpc SECURITY EC2 VPC Enable this rule. string 0 no
password_max_age_days For iam_password_policy rule. Number of days before password expiration. string 90 no
password_min_length For iam_password_policy rule. Password minimum length. string 14 no
password_require_lowercase For iam_password_policy rule. Require at least one lowercase character in password. string true no
password_require_numbers For iam_password_policy rule. Require at least one number in password. string true no
password_require_symbols For iam_password_policy rule. Require at least one symbol in password. string true no
password_require_uppercase For iam_password_policy rule. Require at least one uppercase character in password. string true no
password_reuse_prevention For iam_password_policy rule. For iam_password_policy rule. Number of passwords before allowing reuse. string 24 no
rds_multi_az_support AVAILABILITY RDS Enable this rule. string 0 no
rds_storage_encrypted SECURITY RDS Enable this rule. string 0 no
required_tag_key_1 For required_tags rule. Required Tag 1 string `` no
required_tag_key_2 For required_tags rule. Required Tag 2 string `` no
required_tag_key_3 For required_tags rule. Required Tag 3 string `` no
required_tag_key_4 For required_tags rule. Required Tag 4 string `` no
required_tag_key_5 For required_tags rule. Required Tag 5 string `` no
required_tag_key_6 For required_tags rule. Required Tag 6 string `` no
required_tag_values_1 For required_tags rule. Values that required Tag 1 accepts (ie. "Prod,QA,Dev") string `` no
required_tag_values_2 For required_tags rule. Values that required Tag 2 accepts (ie. "Prod,QA,Dev") string `` no
required_tag_values_3 For required_tags rule. Values that required Tag 3 accepts (ie. "Prod,QA,Dev") string `` no
required_tag_values_4 For required_tags rule. Values that required Tag 4 accepts (ie. "Prod,QA,Dev") string `` no
required_tag_values_5 For required_tags rule. Values that required Tag 5 accepts (ie. "Prod,QA,Dev") string `` no
required_tag_values_6 For required_tags rule. Values that required Tag 6 accepts (ie. "Prod,QA,Dev") string `` no
required_tags MANAGEMENT COST Enable this rule. string 0 no
restricted_ssh SECURITY EC2 SSH Enable this rule. string 0 no
root_account_mfa_enabled SECURITY IAM Enable this rule. string 0 no
s3_bucket_public_read_prohibited SECURITY S3 Enable this rule. string 0 no
s3_bucket_public_write_prohibited SECURITY S3 Enable this rule. string 0 no
s3_bucket_ssl_requests_only SECURITY S3 Enable this rule. string 0 no

About

Enables AWS Config and adds managed config rules with good defaults.

registry.terraform.io/modules/trussworks/config

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • HCL 90.1%
  • Smarty 9.9%