# Overview
This module performs the following tasks:

- Enable AWS config in all regions
- Deploy [CIS1.4 level 1 conformance pack](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_1.html). Rules file Cis14Level1.yaml is downloaded from https://raw.githubusercontent.com/awslabs/aws-config-rules/master/aws-config-conformance-packs/Operational-Best-Practices-for-CIS-AWS-v1.4-Level1.yaml
- Set Config retention period
- Setup Config aggregator, aggregate Config in all regions into primary region
- Create s3 bucket for config use

## Inputs:
| Name               | Description                                                 | Type | Default | Required |
|--------------------|-------------------------------------------------------------|------|---------|:-----:|
| application        | name of application                                         | string | none | yes |
| environment        | capacity of environment (prd/dev/lab)                       | string | none | yes | 
| customer-name      | owner of aws resources                                      | string | none | yes |
| project            | name of project                                             | string | none | yes |
| default-tags       | tags to be added to resources                               | list | none | yes | 
| aws-region-short   | short name of aws region (e.g. apne1)                       | string | none | yes |
| primary-aws-region | name of primary region where global events will be recorded | string | none | yes |


# Notes
- It takes a while for AWS to process Config changes.
- [AWS managed config rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) are automatically applied. Those rule may duplicate with Cis1.4.