Skip to content

Terraform module to setup AWS GuardDuty in an organization

License

Notifications You must be signed in to change notification settings

blackbird-cloud/terraform-aws-guardduty-organization

Repository files navigation

Terraform Aws Guardduty Organization Module

Terraform module to setup AWS GuardDuty in an organization

blackbird-logo

Example

data "aws_caller_identity" "current" {}

resource "aws_guardduty_organization_admin_account" "default" {
  admin_account_id = data.aws_caller_identity.current.account_id
}

module "guardduty" {
  source  = "blackbird-cloud/guardduty-organization/aws"
  version = "~> 2"

  finding_publishing_frequency     = "FIFTEEN_MINUTES"
  auto_enable_organization_members = "ALL"

  scan_s3_data_events           = true
  scan_eks_audit_logs           = true
  enable_ebs_malware_protection = true
  enable_eks_runtime_monitoring = true
  scan_rds_login_events         = true
  scan_lambda_network_logs      = true

  tags = {
    my = "tag"
  }

  depends_on = [aws_guardduty_organization_admin_account.default]
}

Requirements

Name Version
terraform >= 1
aws ~> 5.2

Providers

Name Version
aws ~> 5.2

Resources

Name Type
aws_guardduty_detector.default resource
aws_guardduty_member.members resource
aws_guardduty_organization_configuration.default resource
aws_guardduty_organization_configuration_feature.ebs_malware_protection resource
aws_guardduty_organization_configuration_feature.eks_audit_logs resource
aws_guardduty_organization_configuration_feature.eks_runtime_monitoring resource
aws_guardduty_organization_configuration_feature.lambda_network_logs resource
aws_guardduty_organization_configuration_feature.rds_login_events resource
aws_guardduty_organization_configuration_feature.s3_data_events resource
aws_guardduty_publishing_destination.default resource

Inputs

Name Description Type Default Required
auto_enable_organization_members (Optional) Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE. Defaults to ALL. string "ALL" no
enable_ebs_malware_protection (Optional) If true, enables Malware Protection for all new accounts joining the organization. Defaults to true. bool true no
enable_eks_runtime_monitoring (Optional) If true, enables EKS GuardDuty Add-on for EKS protection. Defaults to true. bool true no
finding_publishing_frequency (Optional) Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to SIX_HOURS. For standalone and GuardDuty primary accounts, it must be configured in Terraform to enable drift detection. Valid values for standalone and primary accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. Defaults to SIX_HOURS. string "SIX_HOURS" no
members List of member accounts to invite to GuardDuty
map(object({
account_id = string
email = string
}))
{} no
publish_destination_kms_key_arn (Optional) The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted. string "" no
publish_destination_s3_arn (Optional) The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be AWSLogs/[Account-ID]/GuardDuty/[Region]/ if not provided. string "" no
scan_eks_audit_logs (Optional) If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true. bool true no
scan_lambda_network_logs (Optional) Lambda Protection helps you identify potential security threats when an AWS Lambda function gets invoked in your AWS environment. Defaults to true. bool true no
scan_rds_login_events (Optional) GuardDuty RDS Protection detects anomalous login behavior on your database instance. Defaults to true. bool true no
scan_s3_data_events (Optional) Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: true. bool true no
tags (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. map(string) {} no

Outputs

No outputs.

About

We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other 👉 terraform modules

Copyright

Copyright © 2017-2024 Blackbird Cloud

About

Terraform module to setup AWS GuardDuty in an organization

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages