generated from GSA/grace-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
variables.tf
101 lines (84 loc) · 3.82 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
variable "securityhub_enable" {
description = "(optional) The boolean value of whether to enable SecurityHub for the current account"
default = "true"
}
variable "securityhub_enable_cis_benchmark" {
description = "(optional) The boolean value of whether to enable the CIS Benchmark ruleset"
default = "true"
}
variable "securityhub_enable_guardduty" {
description = "(optional) The boolean value of whether to enable the guardduty product for SecurityHub"
default = "true"
}
variable "guardduty_enable" {
description = "(optional) The boolean value of whether to enable the GuardDuty Detector"
default = "true"
}
variable "guardduty_frequency" {
description = "(optional) Specifies the frequency of notifications sent for subsequent finding occurrences. (see: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency)"
default = "ONE_HOUR"
}
variable "config_role_name" {
description = "(optional) The name given to the IAM role created for AWS Config"
default = "grace-config-service"
}
variable "config_recorder_enable" {
description = "(optional) The boolean value indicating whether or not to deploy the AWS Config Recorder and its configuration"
default = "true"
}
variable "config_recorder_name" {
description = "(optional) The name given to the AWS Config Recorder"
default = "grace-config-service"
}
variable "config_recorder_enabled" {
description = "(optional) The boolean value indicating whether or not to enable AWS Config Recorder"
default = "true"
}
variable "config_delivery_name" {
description = "(optional) The name given to the AWS Config Delivery Channel"
default = "grace-config-service"
}
variable "config_delivery_bucket" {
description = "(required) The name of the S3 bucket that should receive AWS Config Recorder logs"
}
variable "config_delivery_bucket_prefix" {
description = "(optional) The prefix used when delivering logs to the aws_config_delivery_bucket"
default = "grace-config-service"
}
variable "config_delivery_frequency" {
description = "(optional) The frequency with which AWS Config recurringly delivers configuration snapshots (see: https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html#API_ConfigSnapshotDeliveryProperties_Contents)"
default = "One_Hour"
}
variable "config_recorder_group_all_supported" {
description = "(optional) Specifies whether AWS Config records configuration changes for every supported type of regional resource (which includes any new type that will become supported in the future)."
default = "true"
}
variable "config_recorder_group_include_global" {
description = "(optional) Specifies whether AWS Config includes all supported types of global resources with the resources that it records."
default = "true"
}
variable "lambda_name" {
description = "(optional) The name given to the Lambda function"
default = "grace-securityhub"
}
variable "lambda_iam_role_name" {
description = "(optional) The name given to the Lambda IAM Role"
default = "grace-securityhub"
}
variable "lambda_iam_policy_name" {
description = "(optional) The name given to the Lambda IAM Policy"
default = "grace-securityhub"
}
variable "lambda_kms_key_alias_prefix" {
description = "(optional) The prefix used in the KMS Key Alias, the suffix is the current account ID"
default = "grace-securityhub"
}
variable "lambda_source_file" {
type = string
description = "(optional) The full or relative path to zipped binary of lambda handler"
default = "../release/grace-securityhub.zip"
}
variable "lambda_sns_topic_name" {
description = "(optional) The name of the SNS topic used to send events to the SecurityHub Lambda"
default = "grace-securityhub-topic"
}