Skip to content

Commit

Permalink
feat: initial commit (#1)
Browse files Browse the repository at this point in the history 
* feat: initial commit
  • Loading branch information
@Ic3w0lf
Ic3w0lf authored Jun 12, 2023
1 parent 9186ee0 commit 4034d3c
Show file tree
Hide file tree
Showing 7 changed files with 484 additions and 64 deletions.
98 changes: 65 additions & 33 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,72 +1,104 @@
<!-- BEGIN_TF_DOCS -->
[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)

<!--
Replace the GitHub Repo name and comment in these badges if they BridgeCrew is enabled for this repository.

### Code Quality
[![License](https://img.shields.io/github/license/geekcell/terraform-aws-module-template)](https://github.com/geekcell/terraform-aws-module-template/blob/master/LICENSE)
[![GitHub release (latest tag)](https://img.shields.io/github/v/release/geekcell/terraform-aws-module-template?logo=github&sort=semver)](https://github.com/geekcell/terraform-aws-module-template/releases)
[![Release](https://github.com/geekcell/terraform-aws-module-template/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-module-template/actions/workflows/release.yaml)
[![Validate](https://github.com/geekcell/terraform-aws-module-template/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-module-template/actions/workflows/validate.yaml)
[![Lint](https://github.com/geekcell/terraform-aws-module-template/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-module-template/actions/workflows/linter.yaml)
[![License](https://img.shields.io/github/license/geekcell/terraform-aws-cloudtrail-alerts)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/blob/master/LICENSE)
[![GitHub release (latest tag)](https://img.shields.io/github/v/release/geekcell/terraform-aws-cloudtrail-alerts?logo=github&sort=semver)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/releases)
[![Release](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/release.yaml)
[![Validate](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/validate.yaml)
[![Lint](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-cloudtrail-alerts/actions/workflows/linter.yaml)

<!--
Replace the GitHub Repo name and comment in these badges if they BridgeCrew is enabled for this repository.
### Security
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=INFRASTRUCTURE+SECURITY)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=INFRASTRUCTURE+SECURITY)
#### Cloud
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+AWS+V1.2)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_aws_13)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+AWS+V1.3)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+AZURE+V1.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_azure_13)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+AZURE+V1.3)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+GCP+V1.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+AWS+V1.2)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_aws_13)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+AWS+V1.3)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+AZURE+V1.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_azure_13)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+AZURE+V1.3)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+GCP+V1.1)
##### Container
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_kubernetes_16)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+KUBERNETES+V1.6)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_eks_11)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+EKS+V1.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_gke_11)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+GKE+V1.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=CIS+KUBERNETES+V1.5)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_kubernetes_16)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+KUBERNETES+V1.6)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_eks_11)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+EKS+V1.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_gke_11)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+GKE+V1.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=CIS+KUBERNETES+V1.5)
#### Data protection
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=SOC2)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=PCI-DSS+V3.2)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/pci_dss_v321)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=PCI-DSS+V3.2.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=ISO27001)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=NIST-800-53)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=HIPAA)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-module-template/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-module-template&benchmark=FEDRAMP+%28MODERATE%29)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=SOC2)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=PCI-DSS+V3.2)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/pci_dss_v321)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=PCI-DSS+V3.2.1)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=ISO27001)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=NIST-800-53)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=HIPAA)
[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-cloudtrail-alerts/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-cloudtrail-alerts&benchmark=FEDRAMP+%28MODERATE%29)
-->

# Terraform AWS Module Template
# Terraform AWS CloudTrail Alerts Module

A module that create CloudWatch metric filters and alarms required for most modern compliance reports. This
module includes the necessary metric filters and alarms for the following compliance reports:

A template repository for creating our AWS Terraform modules. It gives you a good starting point for creating new modules quickly.
It comes with:
* Basic directory structure
* GitHub Workflow for Linting and Validation
* Pre-Commit Hooks
* Makefile for common tasks
| Compliance Report | Sections |
|---|---|
| CIS AWS Foundations Benchmark v1.5.0 | Section 4.1 - 4.15 |
| NIST 800-171 v2 | Section 3.12.3 |
| ISO/IEC 27001 v2 | Section A.12.4.1 |
| PCI DSS v3.2.1 | Section 10.1 |
| SOC 2 v2 | Section 5.2 |

This module can also create an SNS topic with a Slack channel configuration for AWS Chatbot (must be configured)
manually in the AWS Console.

## Inputs

No inputs.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_cloudtrail_log_group_name"></a> [cloudtrail\_log\_group\_name](#input\_cloudtrail\_log\_group\_name) | The name of the CloudWatch log group to filter for events. Defaults to the AWS Control Tower created Baseline. | `string` | `"aws-controltower/CloudTrailLogs"` | no |
| <a name="input_cloudwatch_namespace"></a> [cloudwatch\_namespace](#input\_cloudwatch\_namespace) | The namespace to use for the CloudWatch metric filter. | `string` | `"CISBenchmark"` | no |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix that will added to created resources. | `string` | n/a | yes |
| <a name="input_slack_channel_id"></a> [slack\_channel\_id](#input\_slack\_channel\_id) | The ID of the Slack channel to send alerts to. | `string` | `null` | no |
| <a name="input_slack_workspace_id"></a> [slack\_workspace\_id](#input\_slack\_workspace\_id) | The ID of the Slack workspace to send alerts to. | `string` | `null` | no |
| <a name="input_sns_kms_master_key_alias"></a> [sns\_kms\_master\_key\_alias](#input\_sns\_kms\_master\_key\_alias) | The alias of the KMS key to use to encrypt the SNS topic if no key is provided. | `string` | `"sns/cloudtrail-alerts"` | no |
| <a name="input_sns_kms_master_key_id"></a> [sns\_kms\_master\_key\_id](#input\_sns\_kms\_master\_key\_id) | The ARN of the KMS key to use to encrypt the SNS topic. Will create a new CMK if not provided. | `string` | `null` | no |
| <a name="input_sns_topic_arn"></a> [sns\_topic\_arn](#input\_sns\_topic\_arn) | Use an existing SNS topic to send alerts to. | `string` | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Tags to add to the created resources. | `map(any)` | `{}` | no |

## Outputs

No outputs.

## Providers

No providers.
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |
| <a name="provider_awscc"></a> [awscc](#provider\_awscc) | 0.53.0 |

## Resources

- resource.aws_cloudwatch_log_metric_filter.main (main.tf#24)
- resource.aws_cloudwatch_metric_alarm.main (main.tf#38)
- resource.aws_kms_alias.main (main.tf#69)
- resource.aws_kms_key.main (main.tf#59)
- resource.aws_sns_topic.main (main.tf#108)
- resource.awscc_chatbot_slack_channel_configuration.main (main.tf#118)
- data source.aws_caller_identity.current (main.tf#18)
- data source.aws_cloudwatch_log_group.cloudtrail (main.tf#20)
- data source.aws_iam_policy_document.kms (main.tf#76)

# Examples
### Complete
```hcl
module "example" {
source = "../../"
prefix = "root"
}
```
<!-- END_TF_DOCS -->
Loading

0 comments on commit 4034d3c

Please sign in to comment.