-
Notifications
You must be signed in to change notification settings - Fork 9
/
variables.tf
124 lines (99 loc) · 2.36 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
variable "resource_name_prefix" {
description = "All the resources will be prefixed with this varible"
default = "aws-cis"
}
# SNS
variable sns_arn {
description = "SNS for CIS notifications"
}
# S3
variable s3_enabled {
default = true
}
variable audit_log_bucket_custom_policy_json {
default = ""
}
# AWS Config
variable config_enabled {
default = true
}
variable include_global_resource_types {
default = true
}
# CloudTrail
variable cw_log_enabled {
default = true
}
variable "cloudwatch_logs_kms" {
description = "kms key for CW logs encryption"
default = ""
}
variable cloudtrail_log_group_name {
description = "CloudTrail LogGroup name"
}
variable "clodtrail_event_selector_type" {
description = "Log type for event selectors"
default = "All"
}
variable aws_account_id {
description = "AWS Account ID"
}
variable region {
description = "AWS region"
}
variable cloudtrail_kms_policy {
description = "KMS policy for Cloudtrail logs."
default = ""
}
# Alerting
variable alerting_enabled {
description = "Enable alerting"
default = true
}
variable alarm_namespace {
description = "Alarm metric namespace"
default = "CISBenchmark"
}
variable tags {
default = {
"key" = "AWS_CIS_Benchmark"
"value" = "1.2.0"
}
}
# Password Policy
variable "iam_allow_users_to_change_password" {
description = "Can users change their own password"
default = true
}
variable "iam_hard_expiry" {
description = "Everyone needs hard reset for expired passwords"
default = true
}
variable "iam_require_uppercase_characters" {
description = "Require at least one uppercase letter in passwords"
default = true
}
variable "iam_require_lowercase_characters" {
description = "Require at least one lowercase letter in passwords"
default = true
}
variable "iam_require_symbols" {
description = "Require at least one symbol in passwords"
default = true
}
variable "iam_require_numbers" {
description = "Require at least one number in passwords"
default = true
}
variable "iam_minimum_password_length" {
description = "Require minimum lenght of password"
default = 14
}
variable "iam_password_reuse_prevention" {
description = "Prevent password reuse N times"
default = 24
}
variable "iam_max_password_age" {
description = "Passwords expire in N days"
default = 90
}