adding some extremely simple modules for iam-analyzer and securityhub w/ cis benchmarks
parent
d01fbaa216
commit
927589370f
@ -0,0 +1,4 @@
|
|||||||
|
resource "aws_accessanalyzer_analyzer" "example" {
|
||||||
|
analyzer_name = var.name
|
||||||
|
tags = var.tags
|
||||||
|
}
|
@ -0,0 +1,9 @@
|
|||||||
|
variable "name" {
|
||||||
|
default = "ctay-iam-analyzer"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "tags" {
|
||||||
|
default = {}
|
||||||
|
type = map
|
||||||
|
description = "Optional tag mapping to apply to the infrastructure"
|
||||||
|
}
|
@ -0,0 +1,7 @@
|
|||||||
|
resource "aws_securityhub_account" "main" {}
|
||||||
|
|
||||||
|
resource "aws_securityhub_standards_subscription" "cis" {
|
||||||
|
standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
|
||||||
|
|
||||||
|
depends_on = [aws_securityhub_account.main]
|
||||||
|
}
|
Loading…
Reference in New Issue