This module creates all infrastructure necessary to enable Amazon Inspector.
The following resources will be created:
- Cloudwatch events rules and targets
- IAM roles and Policies
- AWS Inspector assessment target and templates
- Define assessment duration
- Include ruleset in the Inspector assessment. (CVE,CIS,Security Best Pratices and Network reachability)
- enable_scheduled_event - Default true; A way to disable Inspector from running on a schedule
- schedule_expression - Default rate(30 days); How often to run an Inspector assessment. See AWS Schedule Expression documentation for more info on formatting.s
- assessment_duration - Default 3600; How long the assessment runs in seconds.
| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assessment_duration | The duration of the Inspector assessment run | string |
"3600" |
no |
| assessment_ruleset | A list of AWS Inspector rules that should run on a periodic basis. Possible rules: Common Vulnerabilities and Exposures(CVE) / CIS Operating System Security Configuration Benchmarks (CIS)/ Network Reachability / Security Best Practices Get the Inspector rule arns by region: https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rules-arns.html example: assessment_ruleset = ["arn:aws:inspector:us-east-2:646659390643:rulespackage/0-m8r61nnh"] |
list(string) |
n/a | yes |
| aws_account_id | AWS Account ID | string |
n/a | yes |
| enable_scheduled_event | Enable Cloudwatch Events to schedule an assessment | bool |
true |
no |
| name_prefix | name prefix | string |
"" |
no |
| region | AWS Region. | any |
n/a | yes |
| schedule_expression | AWS Schedule Expression: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html | string |
n/a | yes |
No output.
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.