Skip to content

plus3it/terraform-aws-tardigrade-config-rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

343 Commits
.github
.github
 
 
tests
tests
 
 
.bumpversion.cfg
.bumpversion.cfg
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.mergify.yml
.mergify.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

terraform-aws-tardigrade-config-rules

Terraform module to setup config rules

Testing

Manual testing:

# Replace "xxx" with an actual AWS profile, then execute the integration tests.
export AWS_PROFILE=xxx 
make terraform/pytest PYTEST_ARGS="-v --nomock"

For automated testing, PYTEST_ARGS is optional and no profile is needed:

make mockstack/up
make terraform/pytest PYTEST_ARGS="-v"
make mockstack/clean

Requirements

Name Version
terraform >= 0.13
aws >= 4.0

Providers

Name Version
aws >= 4.0

Resources

Name Type
aws_caller_identity.this data source
aws_iam_policy.custom_lambda data source
aws_iam_policy_document.custom_lambda data source
aws_partition.this data source

Inputs

Name Description Type Default Required
config_recorder_id ID of the config recorder in the account. Required to address the implicit dependency on the config recorder string n/a yes
config_rule Object of attributes for the config rule resource, see https://www.terraform.io/docs/providers/aws/r/config_config_rule.html#argument-reference. When owner is AWS, set source_identifer to the AWS predefined identifier for the rule. When owner is CUSTOM_LAMBDA, set source_identifier to null and it will be set to the ARN of the lambda function 
object({
    description                 = string
    input_parameters            = string
    maximum_execution_frequency = string
    name                        = string
    owner                       = string
    source_identifier           = string
    tags                        = map(string)
    scope = object({
      compliance_resource_id    = string
      compliance_resource_types = list(string)
      tag_key                   = string
      tag_value                 = string
    })
    source_details = list(object({
      message_type = string
    }))
  })
 n/a yes
lambda Object of attributes for the lambda supporting a custom config rule, see https://www.terraform.io/docs/providers/aws/r/lambda_function.html#argument-reference. Required when config_rule.owner is CUSTOM_LAMBDA 
object({
    description                    = string
    handler                        = string
    name                           = string
    policy                         = string
    runtime                        = string
    source_path                    = string
    reserved_concurrent_executions = number
    tags                           = map(string)
    timeout                        = number
  })
 
{
  "description": null,
  "handler": null,
  "name": null,
  "policy": null,
  "reserved_concurrent_executions": null,
  "runtime": null,
  "source_path": null,
  "tags": null,
  "timeout": null
}
 no

Outputs

Name Description
config_rule AWS Config Rule object

About

Terraform module to setup config rules

Topics

terraform tardigrade

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

6 forks
Report repository

Releases 16

4.0.0 Latest
Aug 10, 2022
+ 15 releases

Packages

No packages published

Contributors 12

Languages