Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect S3 and Org Auto-enable #20

Closed
wants to merge 3 commits into from
Closed

Protect S3 and Org Auto-enable #20

wants to merge 3 commits into from

Conversation

kierang-contino
Copy link

what

  • Add a toggle that activates the Auto-enable feature of GuardDuty from a delegated admin account
  • Add a toggle that enables GuardDuty's S3 Protection feature

why

  • This allows a single account to manage the GuardDuty findings and configuration across an Organization and is best practice
  • This allows GuardDuty to protect the account by reading S3 Logs

references

@kierang-contino kierang-contino requested review from a team as code owners March 7, 2022 05:01
@kierang-contino kierang-contino requested a review from a team as a code owner March 7, 2022 05:02
@kierang-contino kierang-contino changed the title Protect S3 and Protect S3 and Org Auto-enable Mar 7, 2022
bridgecrew[bot]
bridgecrew bot reviewed Mar 7, 2022
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bridgecrew has found infrastructure configuration errors in this PR ⬇️

main.tf
@@ -4,6 +4,22 @@
resource "aws_guardduty_detector" "guardduty" {
enable = module.this.enabled
finding_publishing_frequency = var.finding_publishing_frequency
datasources {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW   Ensure GuardDuty is enbaled to specific org/region
    Resource: aws_guardduty_detector.guardduty | ID: BC_AWS_GENERAL_66

How to Fix

resource "aws_guardduty_detector" "ok" {
  enable = true
}

resource "aws_guardduty_organization_configuration" "example" {
  auto_enable = true
  detector_id = aws_guardduty_detector.ok.id
}

Description

TBA

Dependent Resources



Calculating...

bridgecrew[bot]
bridgecrew bot reviewed Mar 7, 2022
View reviewed changes
main.tf
@@ -4,6 +4,22 @@
resource "aws_guardduty_detector" "guardduty" {
enable = module.this.enabled
finding_publishing_frequency = var.finding_publishing_frequency
datasources {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW   Ensure GuardDuty is enbaled to specific org/region
    Resource: aws_guardduty_detector.guardduty | ID: BC_AWS_GENERAL_66

How to Fix

resource "aws_guardduty_detector" "ok" {
  enable = true
}

resource "aws_guardduty_organization_configuration" "example" {
  auto_enable = true
  detector_id = aws_guardduty_detector.ok.id
}

Description

TBA

Dependent Resources



Calculating...

bridgecrew[bot]
bridgecrew bot reviewed Mar 7, 2022
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️   Due to f4ea4e3 - Auto Format - 1 new error was added

Change details

Error ID Change Path Resource
BC_AWS_GENERAL_66 Added /main.tf aws_guardduty_detector.guardduty

@mergify
Copy link

mergify bot commented May 3, 2022

This pull request is now in conflict. Could you fix it @kierang-contino? 🙏

@hans-d hans-d added wip Work in Progress: Not ready for final review or merge stale This PR has gone stale labels Mar 8, 2024
@mergify Mergify
Copy link

mergify bot commented Mar 8, 2024

This pull request is now in conflict. Could you fix it @kierang-contino? 🙏

@hans-d hans-d removed the wip Work in Progress: Not ready for final review or merge label Mar 8, 2024
@mergify mergify bot added the conflict This PR has conflicts label Mar 9, 2024
@mergify mergify bot closed this Mar 9, 2024
@mergify Mergify
Copy link

mergify bot commented Mar 9, 2024

This PR has been closed due to inactivity and merge conflicts.
Please resolve the conflicts and reopen if necessary.

@mergify Mergify
Copy link

mergify bot commented Mar 9, 2024

Thanks @kierang-contino for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

@mergify mergify bot added the needs-cloudposse Needs Cloud Posse assistance label Mar 9, 2024
@mergify Mergify
Copy link

mergify bot commented Mar 9, 2024

Important

Cloud Posse Engineering Team Review Required

This pull request modifies files that require Cloud Posse's review. Please be patient, and a core maintainer will review your changes.

To expedite this process, reach out to us on Slack in the #pr-reviews channel.

@mergify mergify bot removed conflict This PR has conflicts needs-cloudposse Needs Cloud Posse assistance labels Mar 9, 2024
@mergify mergify bot removed the stale This PR has gone stale label Mar 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridgecrew Bridgecrew bridgecrew left review comments

@florian0410 florian0410 Awaiting requested review from florian0410 florian0410 is a code owner automatically assigned from cloudposse/contributors

@SweetOps SweetOps Awaiting requested review from SweetOps SweetOps is a code owner automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Organisation feature 'auto-enable' S3 Protection
3 participants
@kierang-contino @hans-d @cloudpossebot