You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| config\_enabled | The boolean flag whether config module is enabled or not. No resources are created when set to false. |`bool`|`true`| no |
180
180
| config\_s3\_bucket\_name | The name of the S3 bucket which will store logs for aws config. |`string`| n/a | yes |
181
181
| console\_signin\_failures | If you want to create alarm when any changes in cloudtrail cfg. |`bool`|`true`| no |
182
+
| default\_ebs\_enable | The boolean flag whether Default EBS module is enabled or not. No resources are created when set to false. |`bool`|`false`| no |
182
183
| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. |`string`|`"-"`| no |
183
184
| disable\_or\_delete\_cmk | If you want to create alarm when disable or delete in cmk. |`bool`|`true`| no |
184
185
| ebs\_snapshot\_public\_restorable | Checks whether Amazon Elastic Block Store snapshots are not publicly restorable. |`bool`|`false`| no |
185
186
| ec2\_encrypted\_volumes | Evaluates whether EBS volumes that are in an attached state are encrypted. Optionally, you can specify the ID of a KMS key to use to encrypt the volume. |`bool`|`false`| no |
186
187
| ec2\_volume\_inuse\_check | Checks whether EBS volumes are attached to EC2 instances. |`bool`|`false`| no |
187
188
| eip\_attached | Checks whether all Elastic IP addresses that are allocated to a VPC are attached to EC2 instances or in-use elastic network interfaces (ENIs). |`bool`|`false`| no |
189
+
| enable\_aws\_foundational\_standard | Boolean whether AWS Foundations standard is enabled. |`bool`|`true`| no |
190
+
| enable\_cis\_standard | Boolean whether CIS standard is enabled. |`bool`|`true`| no |
191
+
| enable\_pci\_dss\_standard | Boolean whether PCI DSS standard is enabled. |`bool`|`true`| no |
188
192
| enabled | The boolean flag whether this module is enabled or not. No resources are created when set to false. |`bool`|`true`| no |
| event\_selector | Specifies an event selector for enabling data event logging. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this variable | <pre>list(object({<br> include_management_events = bool<br> read_write_type = string<br><br> }))</pre> |`[]`| no |
@@ -202,6 +206,7 @@ module "secure_baseline" {
202
206
| key\_deletion\_window\_in\_days | Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. |`number`|`10`| no |
203
207
| label\_order | Label order, e.g. `name`,`application`. |`list(any)`|`[]`| no |
204
208
| managedby | ManagedBy, eg 'CloudDrove' |`string`|`"[email protected]"`| no |
209
+
| member\_accounts | A list of IDs and emails of AWS accounts which associated as member accounts. | <pre>list(object({<br> account_id = string<br> email = string<br> }))</pre> |`[]`| no |
205
210
| member\_list | The list of member accounts to be added. Each member list need to have values of account\_id, member\_email and invite boolean | <pre>list(object({<br> account_id = string<br> email = string<br> invite = bool<br> }))</pre> |`[]`| no |
206
211
| multi\_region\_cloudtrail\_enabled | Ensuring that the multi-region-cloud-trail is enabled |`bool`|`false`| no |
207
212
| nacl\_changes | If you want to create alarm when any changes in nacl. |`bool`|`true`| no |
@@ -219,6 +224,7 @@ module "secure_baseline" {
219
224
| rds\_instance\_public\_access\_check | Checks whether the Amazon Relational Database Service (RDS) instances are not publicly accessible. |`bool`|`false`| no |
220
225
| rds\_snapshots\_public\_prohibited | Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. |`bool`|`false`| no |
221
226
| rds\_storage\_encrypted | Checks whether storage encryption is enabled for your RDS DB instances. |`bool`|`false`| no |
227
+
| resource\_arn | The ARN (Amazon Resource Name) of the resource to be protected. |`string`| n/a | yes |
222
228
| restricted\_ports | If you want to enable the restricted incoming port. |`bool`|`false`| no |
223
229
| restricted\_ports\_list | This list of blocked ports. |`string`|`"{\"blockedPort1\": \"22\", \"blockedPort2\": \"3306\",\"blockedPort3\": \"6379\", \"blockedPort4\": \"5432\"}"`| no |
224
230
| root\_usage | If you want to create alarm when sign in with root user. |`bool`|`true`| no |
@@ -229,6 +235,8 @@ module "secure_baseline" {
229
235
| s3\_bucket\_ssl\_requests\_only | Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL). |`bool`|`false`| no |
0 commit comments