terraform.aws-baseline-infra/modules/security_identity_compliance/aws_config/README.md

# Overview
This module performs the following tasks:

- Enable AWS config in all regions
- Deploy [CIS1.4 level 1 conformance pack](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_1.html)
- Set Config retention period
- Setup Config aggregator, aggregate Config in all regions into primary region
- Create s3 bucket for config use

## Inputs:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:-----:|
| application | name of application | string | none | yes |
| environment | capacity of environment (prd/dev/lab) | string | none | yes | 
| customer-name | owner of aws resources | string | none | yes |
| project | name of project | string | none | yes |
| default-tags | tags to be added to resources | list | none | yes | 
| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |

# Notes
- It takes a while for AWS to process Config changes.
- [AWS managed config rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) are automatically applied. Those rule may duplicate with Cis1.4.
NEW: awsconfig and s3 module 2021-01-29 16:21:17 +08:00			`# Overview`
			`This module performs the following tasks:`

UPD: remove deprecated code in infra-bucket, revamped Config module 2022-09-05 11:07:42 +08:00			`- Enable AWS config in all regions`
DOC: updated readme 2022-09-05 11:31:08 +08:00			`- Deploy [CIS1.4 level 1 conformance pack](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_1.html)`
UPD: remove deprecated code in infra-bucket, revamped Config module 2022-09-05 11:07:42 +08:00			`- Set Config retention period`
			`- Setup Config aggregator, aggregate Config in all regions into primary region`
NEW: awsconfig and s3 module 2021-01-29 16:21:17 +08:00			`- Create s3 bucket for config use`

			`## Inputs:`
			`\| Name \| Description \| Type \| Default \| Required \|`
			`\|------\|-------------\|------\|---------\|:-----:\|`
			`\| application \| name of application \| string \| none \| yes \|`
			`\| environment \| capacity of environment (prd/dev/lab) \| string \| none \| yes \|`
			`\| customer-name \| owner of aws resources \| string \| none \| yes \|`
			`\| project \| name of project \| string \| none \| yes \|`
			`\| default-tags \| tags to be added to resources \| list \| none \| yes \|`
			`\| aws-region-short \| short name of aws region (e.g. apne1) \| string \| none \| yes \|`

UPD: remove deprecated code in infra-bucket, revamped Config module 2022-09-05 11:07:42 +08:00			`# Notes`
DOC: updated readme 2022-09-05 11:31:08 +08:00			`- It takes a while for AWS to process Config changes.`
			`- [AWS managed config rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) are automatically applied. Those rule may duplicate with Cis1.4.`