Terraform module to setup AWS GuardDuty in an organization
data "aws_caller_identity" "current" {}
resource "aws_guardduty_organization_admin_account" "default" {
admin_account_id = data.aws_caller_identity.current.account_id
}
module "guardduty" {
source = "blackbird-cloud/guardduty-organization/aws"
version = "~> 2"
finding_publishing_frequency = "FIFTEEN_MINUTES"
auto_enable_organization_members = "ALL"
scan_s3_data_events = true
scan_eks_audit_logs = true
enable_ebs_malware_protection = true
enable_eks_runtime_monitoring = true
scan_rds_login_events = true
scan_lambda_network_logs = true
tags = {
my = "tag"
}
depends_on = [aws_guardduty_organization_admin_account.default]
}
Name | Version |
---|---|
terraform | >= 1 |
aws | ~> 5.2 |
Name | Version |
---|---|
aws | ~> 5.2 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
auto_enable_organization_members | (Optional) Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE. Defaults to ALL . |
string |
"ALL" |
no |
enable_ebs_malware_protection | (Optional) If true, enables Malware Protection for all new accounts joining the organization. Defaults to true . |
bool |
true |
no |
enable_eks_runtime_monitoring | (Optional) If true, enables EKS GuardDuty Add-on for EKS protection. Defaults to true . |
bool |
true |
no |
finding_publishing_frequency | (Optional) Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to SIX_HOURS. For standalone and GuardDuty primary accounts, it must be configured in Terraform to enable drift detection. Valid values for standalone and primary accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. Defaults to SIX_HOURS . |
string |
"SIX_HOURS" |
no |
members | List of member accounts to invite to GuardDuty | map(object({ |
{} |
no |
publish_destination_kms_key_arn | (Optional) The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted. | string |
"" |
no |
publish_destination_s3_arn | (Optional) The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be AWSLogs/[Account-ID]/GuardDuty/[Region]/ if not provided. |
string |
"" |
no |
scan_eks_audit_logs | (Optional) If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true . |
bool |
true |
no |
scan_lambda_network_logs | (Optional) Lambda Protection helps you identify potential security threats when an AWS Lambda function gets invoked in your AWS environment. Defaults to true . |
bool |
true |
no |
scan_rds_login_events | (Optional) GuardDuty RDS Protection detects anomalous login behavior on your database instance. Defaults to true . |
bool |
true |
no |
scan_s3_data_events | (Optional) Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: true . |
bool |
true |
no |
tags | (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. |
map(string) |
{} |
no |
No outputs.
We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
Checkout our other 👉 terraform modules
Copyright © 2017-2024 Blackbird Cloud