config
cloudposse/config/aws
This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
This module enables AWS Config and optionally sets up an SNS topic to receive notifications of its findings. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Usage For a complete example, see examples/complete. For automated tests of the complete example using bats and Terratest (which tests and deploys the example on AWS), see test. ``hcl module "example" { source = "cloudposse/config/aws" # Cloud Posse recommends pinning every module to a specific version # version = "x.x.x" create_sns_topic = true create_iam_role = true mana
| Name | Type | Description | Default |
|---|---|---|---|
| global_resource_collector_region | string | The region that collects AWS Config data for global resources such as IAM | |
| s3_bucket_id | string | The id (name) of the S3 bucket used to store the configuration history | |
| s3_bucket_arn | string | The ARN of the S3 bucket used to store the configuration history | |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| create_sns_topic | bool | Flag to indicate whether an SNS topic should be created for notifications If you | false |
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| create_organization_aggregator_iam_role | bool | Flag to indicate whether an IAM Role should be created to grant the proper permi | false |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| regex_replace_chars | string | Terraform regular expression (regex) string. Characters matching the regex will | null |
| findings_notification_arn | string | The ARN for an SNS topic to send findings notifications to. This is only used if | null |
| iam_role_organization_aggregator_arn | string | The ARN for an IAM Role that AWS Config uses for the organization aggregator tha | null |
| allowed_aws_services_for_sns_published | list(string) | AWS services that will have permission to publish to SNS topic. Used when no ext | [] |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| label_key_case | string | Controls the letter case of the `tags` keys (label names) for tags generated by | null |
| create_iam_role | bool | Flag to indicate whether an IAM Role should be created to grant the proper permi | false |
| iam_role_arn | string | The ARN for an IAM Role AWS Config uses to make read or write requests to the de | null |
| child_resource_collector_accounts | set(string) | The account IDs of other accounts that will send their AWS Configuration to this | null |
| force_destroy | bool | A boolean that indicates all objects should be deleted from the bucket so that t | false |
| recording_mode | object({ recording_frequen | The mode for AWS Config to record configuration changes. recording_frequency: | null |
| disabled_aggregation_regions | list(string) | A list of regions where config aggregation is disabled | [
"ap-northeast-3"
] |
| allowed_iam_arns_for_sns_publish | list(string) | IAM role/user ARNs that will have permission to publish to SNS topic. Used when | [] |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| sqs_queue_kms_master_key_id | string | The ID of an AWS-managed customer master key (CMK) for Amazon SQS Queue or a cus | "" |
sns_topic — SNS topicsns_topic_subscriptions — SNS topic subscriptionsaws_config_configuration_recorder_id — The ID of the AWS Config Recorderstorage_bucket_id — Bucket Name (aka ID)storage_bucket_arn — Bucket ARNiam_role — IAM Role used to make read or write requests to the delivery channel and to describe the AWS resourciam_role_organization_aggregator — IAM Role used to make read or write requests to the delivery channel and to describe the AWS resourcAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,