Skip to content

telia-oss/terraform-aws-securityhub-reporter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
examples
examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Securityhub reporter lambda

This module creates a lambda that will read status of selected controls in Security Hub's AWS Foundational Security Best Practices v1.0.0 and reports the results to the selected Slack channel (optional) and custom Cloudwatch metric.

Localy set security control ids

Selected controls are passed to Lambda function through terraform variable

variable "security_controls" {
    description = "Comma separated list of controls that should be checked."
    type        = string
}

This variable is mandatory and value from it is used as a fallback when call to remote API which provides list of security controls for checking fails.

Externally set security control ids

This lambda can be set so that it obtains list of security controls from external API. It uses three parameters from aws parameter store to obtain information about the API. These parameter names set by these four variables:

variable "ps_root_path" {
  type = string
  default = "/SecurityReporter/"
}

variable "ps_key_security_controls_api_resource_path" {
  type = string
  default = "securityControlsApiResourcePath"

}

variable "ps_key_security_controls_api_key" {
  type = string
  default = "securityControlsApiKey"
}

variable "ps_key_security_controls_api_host" {
  type = string
  default = "securityControlsApiHost"
}
  1. ps_root_path: Path under which the parameters are stored. Lambda loads all params under this path
  2. ps_key_security_controls_api_host: Name of the SSM parameter where a host to REST API returning controls ID is stored. The Parameter is created under ps_root_path.
  3. ps_key_security_controls_api_key: Name of the SSM parameter where api key to REST API returning controls ID is stored. For now x-api-key header is used for authentication. The Parameter is created under ps_root_path.
  4. ps_key_security_controls_api_host: Name of the SSM parameter where resource path to REST API returning controls ID is stored.The Parameter is created under ps_root_path.

All these ssm parameters are created when terraform is applied with default value and users then manually change them to correct values. If any of the params is not created or holds default value then the lambda function uses locally set security controls. The API must return json in following structure:

{
  "data":  {
    "ControlIds": []
  }
}

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 10

Bump Python from 3.9 to 3.13 Latest
Nov 17, 2025
+ 9 releases

Packages

 
 
 

Contributors

Languages