adding guardduty-notification module
parent
06506e5b9c
commit
f2b87eb44d
@ -0,0 +1,29 @@
|
||||
# guardduty-notifications
|
||||
|
||||
This module sets up Cloudwatch Event rules which both logs to Cloudwatch and notifies a given SNS topic to inform administrators of any Guard Duty findings.
|
||||
|
||||
https://aws.amazon.com/guardduty/
|
||||
|
||||
## Usage
|
||||
|
||||
```
|
||||
module "guardduty-notifications" {
|
||||
source = "github.com/lalanza808/tf-modules.git/security/guardduty-notifications"
|
||||
}
|
||||
```
|
||||
|
||||
## Inputs
|
||||
|
||||
You should provide the following input, which is the SNS Topic ARN you wish to publish messages to:
|
||||
|
||||
* `sns_topic_arn`
|
||||
|
||||
If you don't provide it, the results will still be emitted to a Cloudwatch Logs group.
|
||||
|
||||
You can override the following inputs:
|
||||
|
||||
* `prefix`
|
||||
* `tags`
|
||||
* `log_retention`
|
||||
|
||||
See all inputs here: [variables.tf](./variables.tf)
|
@ -0,0 +1,35 @@
|
||||
resource "aws_cloudwatch_event_rule" "guardduty" {
|
||||
name = "${var.prefix}-guardduty"
|
||||
description = "Capture AWS Guard Duty findings and notify operations"
|
||||
|
||||
event_pattern = <<PATTERN
|
||||
{
|
||||
"source": [
|
||||
"aws.guardduty"
|
||||
],
|
||||
"detail-type": [
|
||||
"GuardDuty Finding"
|
||||
]
|
||||
}
|
||||
PATTERN
|
||||
|
||||
tags = var.tags
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_log_group" "guardduty" {
|
||||
name = "/aws/events/${var.prefix}-guardduty"
|
||||
retention_in_days = var.log_retention
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_event_target" "guardduty-sns" {
|
||||
count = length(var.sns_topic_arn) > 0 ? 1 : 0
|
||||
rule = aws_cloudwatch_event_rule.guardduty.name
|
||||
target_id = "send_to_sns"
|
||||
arn = var.sns_topic_arn
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_event_target" "guardduty-cwlogs" {
|
||||
rule = aws_cloudwatch_event_rule.guardduty.name
|
||||
target_id = "send_to_cloudwatch_logs"
|
||||
arn = aws_cloudwatch_log_group.guardduty.arn
|
||||
}
|
@ -0,0 +1,16 @@
|
||||
variable "sns_topic_arn" {
|
||||
description = "ARN of the SNS topic to recieve notifications"
|
||||
default = ""
|
||||
}
|
||||
variable "tags" {
|
||||
default = {}
|
||||
type = map
|
||||
description = "Optional set of tags to apply to the infrastructure"
|
||||
}
|
||||
variable "prefix" {
|
||||
default = "security"
|
||||
description = "String to prefix to all resources"
|
||||
}
|
||||
variable "log_retention" {
|
||||
default = 90
|
||||
}
|
Loading…
Reference in New Issue