terraform-aws-guardduty

It's 100% Open Source and licensed under the APACHE2.

Introduction

Sets up guard duty in the Master account with trusted IP and threat lists, can invite member accounts forked from [email protected]:QuiNovas/terraform-aws-guardduty.git

https://aws.amazon.com/guardduty/

Requirements

No requirements.

Providers

Name	Version
aws	n/a

Modules

No modules.

Resources

Name	Type
aws_guardduty_detector.master	resource
aws_guardduty_ipset.MyIPSet	resource
aws_guardduty_member.members	resource
aws_guardduty_organization_configuration.example	resource
aws_guardduty_threatintelset.MyThreatIntelSet	resource
aws_s3_bucket.guard_duty_lists	resource
aws_s3_bucket.logging	resource
aws_s3_bucket_logging.guard_duty_lists	resource
aws_s3_bucket_policy.guard_duty_lists	resource
aws_s3_bucket_public_access_block.guard_duty_lists	resource
aws_s3_bucket_public_access_block.logging	resource
aws_s3_bucket_server_side_encryption_configuration.guard_duty_lists	resource
aws_s3_bucket_server_side_encryption_configuration.logging	resource
aws_s3_bucket_versioning.guard_duty_lists	resource
aws_s3_object.MyIPSet	resource
aws_s3_object.MyThreatIntelSet	resource
aws_caller_identity.current	data source
aws_iam_policy_document.guard_duty_lists	data source

Inputs

Name	Description	Type	Default	Required
account_name	The account name. Used as a prefix to name resources.	`string`	`""`	no
enable	Enable/Disable guardduty.You can set the enable attribute to false for suspend monitoring and feedback reporting while keeping existing data.	`bool`	`true`	no
ip_set_active	Specifies whether GuardDuty is to start using the uploaded IPSet	`string`	`false`	no
ip_set_format	The format of the file that contains the IPSet. Valid values: TXT \| STIX \| OTX_CSV \| ALIEN_VAULT \| PROOF_POINT \| FIRE_EYE	`string`	`"TXT"`	no
ip_set_list_path	The path of the IP safe list file	`string`	`""`	no
kms_key	n/a	`any`	n/a	yes
log_bucket	Account level Log bucket id	`string`	n/a	yes
member_list	The list of member accounts to be added. Each member list need to have values of account_id, member_email and invite boolean	`list(any)`	`[]`	no
member_list_count	The count of members to be added to this master guard duty	`string`	`0`	no
mfa_delete	n/a	`string`	`"Disabled"`	no
threat_intel_list_path	The path of the Threat intel file	`string`	`""`	no
threat_intel_set_active	Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet	`string`	`false`	no
threat_intel_set_format	The format of the file that contains the ThreatIntelSet. Valid values: TXT \| STIX \| OTX_CSV \| ALIEN_VAULT \| PROOF_POINT \| FIRE_EYE	`string`	`"TXT"`	no

Outputs

Name	Description
GuardDuty	The GuardDuty detector

Policy

This is the policy required to build this project:

The Terraform resource required is:

resource "aws_iam_policy" "terraform_pike" {
  name_prefix = "terraform_pike"
  path        = "/"
  description = "Pike Autogenerated policy from IAC"

  policy = jsonencode({
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:DeleteBucket",
                "s3:DeleteObject",
                "s3:GetAccelerateConfiguration",
                "s3:GetBucketAcl",
                "s3:GetBucketCORS",
                "s3:GetBucketLogging",
                "s3:GetBucketObjectLockConfiguration",
                "s3:GetBucketPolicy",
                "s3:GetBucketPublicAccessBlock",
                "s3:GetBucketRequestPayment",
                "s3:GetBucketTagging",
                "s3:GetBucketVersioning",
                "s3:GetBucketWebsite",
                "s3:GetEncryptionConfiguration",
                "s3:GetLifecycleConfiguration",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:GetObjectTagging",
                "s3:GetReplicationConfiguration",
                "s3:ListBucket",
                "s3:PutBucketLogging",
                "s3:PutBucketPolicy",
                "s3:PutBucketPublicAccessBlock",
                "s3:PutBucketVersioning",
                "s3:PutEncryptionConfiguration",
                "s3:PutObject"
            ],
            "Resource": "*"
        }
    ]
})
}

Related Projects

Check out these related projects.

terraform-aws-statebucket - Terraform s3 state buckets

Help

Got a question?

File a GitHub issue.

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Contributors

James Woolfenden

jameswoolfenden / terraform-aws-guardduty Goto Github PK