cloud-storage-security
cloudstoragesec/cloud-storage-security/aws
Terraform Module
HCL
AWS
✓ Verified
A Terraform Module for CSS products
Install
module "cloud-storage-security" {
source = "cloudstoragesec/cloud-storage-security/aws"
version = "1.8.16+css9.06.000"
}
README
Cloud Storage Security Terraform Module Overview This Terraform module facilitates the seamless setup and deployment of Cloud Storage Security (CSS) within an AWS environment as an alternative to the CloudFormation deployment method. Prerequisites PAYG Deployment Subscribe to AWS Marketplace Listing In order to run the product, you must be subscribed to one of Cloud Storage Security's listings in AWS Marketplace. Our primary listing may be found at the link below. Click Continue to Subscribe, and continue until you reach the deployment step. This process will be run instead of the CloudFormation deployment that is described in the listing. Antivirus for Amazon S3 - PAYG with 30 DAY FREE TRIAL BYOL/GovCloud Deployment If you are looking to deploy our BYOL version of this software which does
Inputs (50)
| Name | Type | Description | Default |
|---|---|---|---|
| cidr | list(string) | The CIDR blocks which are allowed access to the CSS Console (e.g. 0.0.0.0/0 for | |
| subnet_a_id | string | A subnet ID within the VPC that may be used for ECS tasks for this deployment | |
| vpc | string | The VPC in which to place the user facing Console | |
| configure_load_balancer | bool | Whether the Console should be deployed behind a load balancer. Recommended if de | false |
| existing_target_group_arn | string | If you are using your own AWS load balancer, provide the Target Group ARN th | null |
| large_file_disk_size_gb | number | Choose a larger disk size (between 20 - 16,300 GB) to enable scanning larger | 2000 |
| azure_max_running_agents | number | Default maximum number of running scan Azure agents. This value represents t | 12 |
| application_bucket_prefix | string | Prefix for the main application bucket name | "cloudstoragesec" |
| lb_subnet_a_id | string | A subnet in your VPC in which the Load Balancer can be placed. Ensure this s | null |
| eventbridge_notifications_enabled | bool | If true Proactive Notifications will also be sent to AWS EventBridge This va | false |
| cpu | string | The CPU for the CSS Console | "512" |
| guard_duty_s3_integration_enabled_regions | string | If you are utilizing GuardDuty S3 Malware scanning, you may enable an integrat | "DISABLED" |
| ebs_volume_encryption | bool | Enable EBS Volume Encryption | false |
| agent_scanning_engine | string | The initial scanning engine to use. CSS Secure is included with no additiona | "ClamAV" |
| sns_cmk_key_arn | string | Optional ARN for the CMK that should be used for the AWS KMS encryption for | null |
| multi_engine_scanning_mode | string | Initial setting for whether or not multiple av engines should be utilized to | "Disabled" |
| ecr_account | string | The AWS Account ID which contains the ECR repositories used for the CSS Cons | null |
| console_auto_assign_public_ip | bool | Whether a public IP should be assigned to the console. If set to false, | true |
| product_mode | string | Select Whether to have AV, DC or Both enabled by default (these can be changed l | "AV" |
| use_fips_endpoints | bool | Would you like us to use AWS FIPS endpoints? | false |
| s3_cmk_key_arn | string | Optional ARN for the CMK that should be used for the AWS KMS encryption for | "default" |
| enable_large_file_scanning | bool | Set to true if you would like to have EC2 instances launched to scan files too | false |
| ebs_volume_encryption_kms_key_id | string | Enter an optional custom KMS Key ARN to use for EBS encryption; otherwise, t | "default" |
| … and 10 more inputs | |||
Outputs (13)
console_web_address — Address of Console Web Interfaceusername — User Name used to log in to consoleproactive_notifications_topic_arn — ARN for the proactive notifications topiclb_arn — ARN for the console Load Balancer if LB is usedapplication_id — The Application ID that identifies the Antivirus for Amazon S3 deploymentprimary_account_id — The Account ID that is hosting the Antivirus for Amazon S3 deploymentcross_account_policy_name — Cross-Account Scanning Policy Namecross_account_ec2_policy_name — Cross-Account EC2 Scanning Policy Nameallow_access_to_all_kms_keys — Whether scanner has access to all KMS encrypted bucketsquarantine_bucket_prefix — Prefix for the quarantine bucketcross_account_role_name — Cross-Account Scanning Role Namecross_account_event_bridge_role_name — Cross-Account Event Bridge Scanning Role Namecross_account_event_bridge_policy_name — Cross-Account Event Bridge Scanning Policy NameResources (38)
aws_appautoscaling_targetaws_appconfig_applicationaws_appconfig_configuration_profileaws_appconfig_deploymentaws_appconfig_deployment_strategyaws_appconfig_environmentaws_cloudwatch_event_busaws_cloudwatch_log_groupaws_cloudwatch_metric_alarmaws_cognito_useraws_cognito_user_groupaws_cognito_user_in_groupaws_cognito_user_poolaws_cognito_user_pool_clientaws_dynamodb_tableaws_ecs_clusteraws_ecs_serviceaws_ecs_task_definitionaws_iam_instance_profileaws_iam_policyaws_iam_roleaws_iam_role_policyaws_iam_role_policy_attachmentaws_lbaws_lb_listeneraws_lb_target_groupaws_s3_bucketaws_s3_bucket_policyaws_s3_bucket_server_side_encryption_configurationaws_security_groupaws_sns_topicaws_sns_topic_policyaws_sqs_queueaws_ssm_documentaws_ssm_parameterawscc_ssm_documentrandom_idtime_sleep
Details
FrameworkTerraform Module
LanguageHCL
Version1.8.16+css9.06.000
Cloud AWS
★ Stars3
Forks10
Total downloads40.0k
Inputs50
Outputs13
Resources38
Submodules1
LicenseApache-2.0
Namespacecloudstoragesec
Updated