Sam-Martin / Terraform Aws Config Module
Licence: apache-2.0
A Terraform Module for Controlling AWS Config (via CloudFormation)
Labels
Projects that are alternatives of or similar to Terraform Aws Config Module
Lambda Deployment Example
Automated Lambda Deployments with Terraform & CodePipeline
Stars: ✭ 25 (+177.78%)
Mutual labels: hcl
Terraform Dcos
DC/OS Terraform Installation and Upgrading Scripts
Stars: ✭ 26 (+188.89%)
Mutual labels: hcl
Terraform Aws Openfaas Fargate
Create an OpenFaaS platform for AWS Fargate using Terraform
Stars: ✭ 24 (+166.67%)
Mutual labels: hcl
Terraform Best Practices
Terraform best practices (constantly updating)
Stars: ✭ 940 (+10344.44%)
Mutual labels: hcl
Terraform Aws Config
A quick example of configuring the AWS Config service with terraform
Stars: ✭ 25 (+177.78%)
Mutual labels: hcl
Terraform Aws Docker
A POC using Terraform to create two EC2 instances running Docker with containerized Nginx daemon.
Stars: ✭ 24 (+166.67%)
Mutual labels: hcl
Terraform Google Vault
Terraform module to deploy Vault as a container on Google Cloud Run
Stars: ✭ 25 (+177.78%)
Mutual labels: hcl
Confluent Hybrid Cloud Workshop
Confluent Hybrid Cloud Workshop
Stars: ✭ 26 (+188.89%)
Mutual labels: hcl
Fdb Cloud Test
Packer + Terraform setup to experiment with FDB clusters in the cloud.
Stars: ✭ 23 (+155.56%)
Mutual labels: hcl
Go Colorful
A library for playing with colors in go (golang).
Stars: ✭ 845 (+9288.89%)
Mutual labels: hcl
Cloudguardiaas
Check Point CloudGuard Network Security repository containing solution templates, Terraform templates, tools and scripts for deploying and configuring CloudGuard Network Security products.
Stars: ✭ 27 (+200%)
Mutual labels: hcl
Tezos On Gke
A secure, turn-key public Tezos baking service on Kubernetes
Stars: ✭ 26 (+188.89%)
Mutual labels: hcl
aws-config-custom-rules-terraform
Deprecated
A recent release of Terraform means you can control your AWS Config configuration through Terraform directly.
Please see the documentation for details.
Description
This Terraform module allows you to automatically setup custom AWS Config rules.
This module uses CloudFormation and Lambda in the back end to control the AWS Config components, due to a lack of support for AWS Config in Terraform at the time of writing.
Requirements
- Custom rule's runtime function must be
lambda_handler
for Python scripts andhandler
for NodeJS scripts
Setup
- Create a bucket in which to place your config snapshots.
- Download and package your rules as .py or .js files named after the rules into zip files named identically bar the file extension (use the
package-rule-lambda-functions.ps1
if on Windows) - Place the zip files in
temp/
within the repository directory (or modify thezip_folder
parameter to specify another path) - Run the module as per the example in usage
Variables
-
region
AWS region, does not set AWS region. Used to name roles etc. (required) -
delivery_channel_s3_bucket_name
name of the bucket in which you wish to store your config snapshots (required) -
delivery_channel_s3_bucket_prefix
key prefix to be used inside the bucket (defaults to blank) -
delivery_channel_delivery_frequency
frequency to evaluate periodic config rules (defaults toTwentyFour_Hours
) -
num_custom_rules
used to enumerate the custom rules (required) -
custom_rules
semicolon separated list of custom rule zip file names (required) -
custom_rule_languages
semicolon separated list of custom rule languages (affects runtime function) (required) -
custom_rule_input_parameters
semicolon separated list of rules' parameters (use{}
for no parameters) (required) -
custom_rule_message_types
semicolon separated list of trigger type for each custom rule. Valid values:ConfigurationSnapshotDeliveryCompleted
andConfigurationItemChangeNotification
(required) -
custom_rule_scope
semicolon separated list of rule scopes (see AWS Config ConfigRule Scope) (required) -
zip_folder
relative or absolute path to the zips of the custom rule's lambda functions (defaults totemp/
)
Example Usage
variable "region" {
type = "string"
default = "eu-west-1"
}
provider "aws" {
region = "${var.region}"
}
module "aws_config_rules" {
source = "github.com/Sam-Martin/terraform-aws-config-module/module"
region = "${var.region}"
num_custom_rules = 4
custom_rule_languages = "nodejs;nodejs;nodejs;python2.7"
delivery_channel_s3_bucket_name = "awsconfigtestbucket"
delivery_channel_s3_bucket_prefix = "logs"
custom_rules = <<EOF
cloudtrail_enabled_all_regions-periodic;
iam_mfa_require_root-periodic;
iam_password_minimum_length-periodic;
ec2-exposed-instance
EOF
custom_rule_input_parameters = <<EOF
{};
{};
{
"MinimumPasswordLength": "8"
};
{
"RDP": "3389",
"SSH": "22"
}
EOF
custom_rule_message_types = <<EOF
ConfigurationSnapshotDeliveryCompleted;
ConfigurationSnapshotDeliveryCompleted;
ConfigurationSnapshotDeliveryCompleted;
ConfigurationItemChangeNotification
EOF
custom_rule_scope = <<EOF
{};
{};
{};
{
"ComplianceResourceTypes": [
"AWS::EC2::Instance"
]
}
EOF
}
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].