From 927589370ff9953caf3d481540f5fb375217b1d2 Mon Sep 17 00:00:00 2001 From: lalanza808 Date: Mon, 6 Jul 2020 14:57:47 -0700 Subject: [PATCH] adding some extremely simple modules for iam-analyzer and securityhub w/ cis benchmarks --- security/iam-analyzer/main.tf | 4 ++++ security/iam-analyzer/variables.tf | 9 +++++++++ security/securityhub/main.tf | 7 +++++++ 3 files changed, 20 insertions(+) create mode 100644 security/iam-analyzer/main.tf create mode 100644 security/iam-analyzer/variables.tf create mode 100644 security/securityhub/main.tf diff --git a/security/iam-analyzer/main.tf b/security/iam-analyzer/main.tf new file mode 100644 index 0000000..9496755 --- /dev/null +++ b/security/iam-analyzer/main.tf @@ -0,0 +1,4 @@ +resource "aws_accessanalyzer_analyzer" "example" { + analyzer_name = var.name + tags = var.tags +} diff --git a/security/iam-analyzer/variables.tf b/security/iam-analyzer/variables.tf new file mode 100644 index 0000000..95939d1 --- /dev/null +++ b/security/iam-analyzer/variables.tf @@ -0,0 +1,9 @@ +variable "name" { + default = "ctay-iam-analyzer" +} + +variable "tags" { + default = {} + type = map + description = "Optional tag mapping to apply to the infrastructure" +} diff --git a/security/securityhub/main.tf b/security/securityhub/main.tf new file mode 100644 index 0000000..4d8c987 --- /dev/null +++ b/security/securityhub/main.tf @@ -0,0 +1,7 @@ +resource "aws_securityhub_account" "main" {} + +resource "aws_securityhub_standards_subscription" "cis" { + standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0" + + depends_on = [aws_securityhub_account.main] +}