adding some extremely simple modules for iam-analyzer and securityhub w/ cis benchmarks

security/iam-analyzer/main.tf

@@ -0,0 +1,4 @@
+resource "aws_accessanalyzer_analyzer" "example" {
+  analyzer_name = var.name
+  tags = var.tags
+}

security/iam-analyzer/variables.tf

@@ -0,0 +1,9 @@
+variable "name" {
+  default = "ctay-iam-analyzer"
+}
+
+variable "tags" {
+  default     = {}
+  type        = map
+  description = "Optional tag mapping to apply to the infrastructure"
+}

security/securityhub/main.tf

@@ -0,0 +1,7 @@
+resource "aws_securityhub_account" "main" {}
+
+resource "aws_securityhub_standards_subscription" "cis" {
+  standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+
+  depends_on = [aws_securityhub_account.main]
+}