HomeTerraform Modulecloudtrail-security-check

cloudtrail-security-check

hendrixroa/cloudtrail-security-check/aws

Terraform Module HCL AWS

Cloudtrail security rules checking.

Install
module "cloudtrail-security-check" {
source = "hendrixroa/cloudtrail-security-check/aws"
version = "1.1.0"
}
plain text: /constructs/tfmod-hendrixroa-cloudtrail-security-check-aws/install.txt
⭐ Source on GitHub 📦 Registry page
README

Cloudtrail Security checking Enables AWS Config and adds managed config rules with good defaults. The following AWS Config Rules are supported: acm-certificate-expiration-check: Ensure ACM Certificates in your account are marked for expiration within the specified number of days. cloudtrail-enabled: Ensure CloudTrail is enabled. ec2-volume-inuse-check: Checks whether EBS volumes are attached to EC2 instances guardduty-enabled-centralized: Checks whether Amazon GuardDuty is enabled in your AWS account and region. instances-in-vpc: Ensure all EC2 instances run in a VPC. root-account-mfa-enabled: Ensure root AWS account has MFA enabled. rds-storage-encrypted: Checks whether storage encryption is enabled for your RDS DB instances. s3-bucket-public-write-prohibited: Checks that your S3 buckets

Inputs (20)
NameTypeDescriptionDefault
config_logs_bucketstringThe S3 bucket for AWS Config logs. required
enabledstring required
config_logs_prefixstringThe S3 prefix for AWS Config logs."config"
check_rds_public_accessstringEnable rds-instance-public-access-check rulefalse
password_require_symbolsstringRequire at least one symbol in password.true
password_require_numbersstringRequire at least one number in password.true
password_min_lengthstringPassword minimum length.14
check_cloud_trail_encryptionstringEnable cloud-trail-encryption-enabled rulefalse
check_cloud_trail_log_file_validationstringEnable cloud-trail-log-file-validation-enabled rulefalse
acm_days_to_expirationstringSpecify the number of days before the rule flags the ACM Certificate as noncompl14
password_require_uppercasestringRequire at least one uppercase character in password.true
password_require_lowercasestringRequire at least one lowercase character in password.true
password_reuse_preventionstringNumber of passwords before allowing reuse.24
config_delivery_frequencystringThe frequency with which AWS Config delivers configuration snapshots."Six_Hours"
password_max_agestringNumber of days before password expiration.90
check_guard_dutystringEnable guardduty-enabled-centralized rulefalse
aggregate_organizationstringAggregate compliance data by organization"false"
config_max_execution_frequencystringThe maximum frequency with which AWS Config runs evaluations for a rule."TwentyFour_Hours"
check_multi_region_cloud_trailstringEnable multi-region-cloud-trail-enabled rulefalse
config_aggregator_namestringThe name of the aggregator."organization"
Resources (9)
aws_config_config_ruleaws_config_configuration_aggregatoraws_config_configuration_recorderaws_config_configuration_recorder_statusaws_config_delivery_channelaws_iam_policyaws_iam_policy_attachmentaws_iam_roleaws_iam_role_policy_attachment
Topics & Tags
vpcawsstorage-encryptionsecurityconfig
Details
FrameworkTerraform Module
LanguageHCL
Version1.1.0
Cloud AWS
★ Stars1
Forks1
Total downloads6.5k
Inputs20
Resources9
LicenseApache-2.0
Namespacehendrixroa
Updated
Similar packages
next-js

Terraform module for building and deploying Next.js apps to AWS. Supports SSR (L

★ 1.5kaws
eks-cluster

Terraform module for provisioning an EKS cluster

★ 548aws
ecs-container-definition

Terraform module to generate well-formed JSON documents (container definitions)

★ 350aws
tfstate-backend

Terraform module that provision an S3 bucket to store the terraform.tfstate file

★ 437aws
Tools
⚖ Compare with another construct → 📋 View data schema