| .. | ||
| Cis14Level1.yaml | ||
| cis-rules.tf-no | ||
| main.tf | ||
| provider.tf | ||
| README.md | ||
| variables.tf | ||
Overview
This module performs the following tasks:
- Enable AWS config in all regions
- Deploy CIS1.4 level 1 conformance pack. Rules file Cis14Level1.yaml is downloaded from https://raw.githubusercontent.com/awslabs/aws-config-rules/master/aws-config-conformance-packs/Operational-Best-Practices-for-CIS-AWS-v1.4-Level1.yaml
- Set Config retention period
- Setup Config aggregator, aggregate Config in all regions into primary region
- Create s3 bucket for config use
Inputs:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| application | name of application | string | none | yes |
| environment | capacity of environment (prd/dev/lab) | string | none | yes |
| customer-name | owner of aws resources | string | none | yes |
| project | name of project | string | none | yes |
| default-tags | tags to be added to resources | list | none | yes |
| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
| primary-aws-region | name of primary region where global events will be recorded | string | none | yes |
Notes
- It takes a while for AWS to process Config changes.
- AWS managed config rules are automatically applied. Those rule may duplicate with Cis1.4.