adding securityhub cloudwatch event notifications to sns
parent
6725ecb118
commit
d01fbaa216
@ -0,0 +1,35 @@
|
|||||||
|
# securityhub-notifications
|
||||||
|
|
||||||
|
This module sets up Cloudwatch Event rules which notify a given SNS topic to inform administrators of any SecurityHub findings.
|
||||||
|
|
||||||
|
https://aws.amazon.com/security-hub/
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
```
|
||||||
|
module "sns-email-topic" {
|
||||||
|
source = "github.com/lalanza808/tf-modules.git/monitoring/sns-email-topic"
|
||||||
|
}
|
||||||
|
|
||||||
|
module "securityhub-notification" {
|
||||||
|
source = "github.com/lalanza808/tf-modules.git/monitoring/securityhub-notifications"
|
||||||
|
sns_topic_arn = module.sns-email-topic.topic_arn
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Inputs
|
||||||
|
|
||||||
|
You must provide one input, which is the SNS Topic ARN you wish to publish messages to.
|
||||||
|
|
||||||
|
* `sns_topic_arn`
|
||||||
|
|
||||||
|
You can provide these optional inputs:
|
||||||
|
|
||||||
|
* `prefix`
|
||||||
|
* `tags`
|
||||||
|
|
||||||
|
See all inputs here: [variables.tf](./variables.tf)
|
||||||
|
|
||||||
|
## Outputs
|
||||||
|
|
||||||
|
None
|
@ -0,0 +1,25 @@
|
|||||||
|
resource "aws_cloudwatch_event_rule" "health" {
|
||||||
|
name = "${var.prefix}-aws-securityhub"
|
||||||
|
description = "Capture AWS SecurityHub incidents and notify operations SNS"
|
||||||
|
|
||||||
|
event_pattern = <<PATTERN
|
||||||
|
{
|
||||||
|
"source": [
|
||||||
|
"aws.securityhub"
|
||||||
|
],
|
||||||
|
"detail-type": [
|
||||||
|
"Security Hub Findings - Imported"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
PATTERN
|
||||||
|
|
||||||
|
tags = {
|
||||||
|
Terraform = "True"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_cloudwatch_event_target" "sns" {
|
||||||
|
rule = aws_cloudwatch_event_rule.health.name
|
||||||
|
target_id = "${var.prefix}-aws-securityhub"
|
||||||
|
arn = var.sns_topic_arn
|
||||||
|
}
|
@ -0,0 +1,12 @@
|
|||||||
|
variable "sns_topic_arn" {
|
||||||
|
description = "ARN of the SNS topic to recieve notifications"
|
||||||
|
}
|
||||||
|
variable "tags" {
|
||||||
|
default = {}
|
||||||
|
type = map
|
||||||
|
description = "Optional set of tags to apply to the infrastructure"
|
||||||
|
}
|
||||||
|
variable "prefix" {
|
||||||
|
default = "monitoring"
|
||||||
|
description = "String to prefix to all resources"
|
||||||
|
}
|
Loading…
Reference in New Issue