Requirements

Name	Version
terraform	>=1.0.9
aws	~> 4
random	3.1.0

Providers

Name	Version
aws	4.13.0
random	3.1.0

Modules

Name	Source	Version
all_cis_alarms	terraform-aws-modules/cloudwatch/aws//modules/cis-alarms	3.2.0
chatbot_config	waveaccounting/chatbot-slack-configuration/aws	1.1.0
eventbridge	terraform-aws-modules/eventbridge/aws	1.13.3
iam_chatbot_role	terraform-aws-modules/iam/aws//modules/iam-assumable-role	~> 4
s3_bucket_cloudtrail	terraform-aws-modules/s3-bucket/aws	3.2.0
s3_bucket_config	terraform-aws-modules/s3-bucket/aws	3.2.0
vpc_flowlog_bucket	terraform-aws-modules/s3-bucket/aws	3.2.0

Resources

Name	Type
aws_budgets_budget.budget	resource
aws_cloudtrail.cloudtrail	resource
aws_cloudwatch_log_group.all_cis_alarms	resource
aws_cloudwatch_log_group.cloudtrail	resource
aws_config_configuration_recorder.config	resource
aws_config_configuration_recorder_status.config	resource
aws_config_conformance_pack.cis	resource
aws_config_conformance_pack.databases	resource
aws_config_conformance_pack.s3	resource
aws_config_delivery_channel.config	resource
aws_ebs_encryption_by_default.account	resource
aws_guardduty_detector.detector	resource
aws_iam_policy.config_s3	resource
aws_iam_policy.ct-role-policy	resource
aws_iam_policy_attachment.main	resource
aws_iam_role.config	resource
aws_iam_role.ct-role	resource
aws_iam_role_policy_attachment.config	resource
aws_iam_role_policy_attachment.config_s3	resource
aws_kms_key.backup	resource
aws_kms_key.cloudtrail	resource
aws_kms_key.cloudtrail_cloudwatch	resource
aws_kms_key.cloudtrail_s3	resource
aws_kms_key.config	resource
aws_kms_key.health	resource
aws_kms_key.s3_bucket_config	resource
aws_kms_key.securityhub	resource
aws_kms_key.vpc_flowlog_bucket	resource
aws_s3_account_public_access_block.account	resource
aws_s3_bucket_policy.s3_bucket_cloudtrail	resource
aws_securityhub_account.account	resource
aws_securityhub_standards_control.disable_root_account_hardware_mfa_aws	resource
aws_securityhub_standards_control.disable_root_account_hardware_mfa_cis	resource
aws_securityhub_standards_control.disable_s3_bucket_access_logging_aws	resource
aws_securityhub_standards_control.disable_s3_bucket_event_notification_aws	resource
aws_securityhub_standards_subscription.best_practices	resource
aws_securityhub_standards_subscription.cis	resource
aws_sns_topic.backup	resource
aws_sns_topic.config	resource
aws_sns_topic.health	resource
aws_sns_topic.securityhub	resource
random_pet.this	resource
aws_caller_identity.current	data source
aws_iam_policy_document.cloudtrail_assume_role	data source
aws_iam_policy_document.cloudtrail_cloudwatch_kms	data source
aws_iam_policy_document.cloudtrail_cloudwatch_policy	data source
aws_iam_policy_document.cloudtrail_kms	data source
aws_iam_policy_document.cloudtrail_s3_kms	data source
aws_iam_policy_document.combined	data source
aws_iam_policy_document.config_kms	data source
aws_iam_policy_document.config_sns	data source
aws_iam_policy_document.deny_insecure_transport	data source
aws_iam_policy_document.kms	data source
aws_iam_policy_document.kms_config	data source
aws_iam_policy_document.require_latest_tls	data source
aws_iam_policy_document.s3_aws_cloudtrial_service	data source
aws_iam_policy_document.sns	data source
aws_iam_policy_document.vpc_flowlog_kms	data source

Inputs

Name	Description	Type	Default	Required
aws_account_name	AWS Account Name	string	n/a	yes
aws_region	AWS Region, such as 'eu-central-1'	string	n/a	yes
backup_topic_name	SNS Topic name for Backup notifications	string	"eventbridge-backup"	no
budget_alert_subscribers	List of email addresses with recipients for the billing alerts	list(string)	n/a	yes
budget_alert_threshold	Billing alert threshold in USD	string	n/a	yes
chatbot_channels	The configs of the chatbot for Slack. To get the ID, open Slack, right click on the channel name in the left pane, then choose Copy Link. The channel ID is the 9-character string at the end of the URL. For example, ABCBBLZZZ. The ID of the Slack workspace authorized with AWS Chatbot. To get the workspace ID, you must perform the initial authorization flow with Slack in the AWS Chatbot console. Then you can copy and paste the workspace ID from the console. Logging levels include ERROR, INFO, or NONE.	list(object({ slack_channel_id = string slack_workspace_id = string sns_topic_arns = list(string) logging_level = string configuration_name = string guardrail_policies = list(string) }))	null	no
cloudwatch_log_group_name	Cloudwatch log group name prefix for CIS alarms	string	"cis-alarms"	no
config_topic_name	SNS Topic name used for Config notifications	string	"config-notifications"	no
health_topic_name	SNS Topic name for Health notifications	string	"eventbridge-health"	no
s3_logging	(Optional) S3 logging configuration target_bucket target_prefix	map(string)	{}	no
securityhub_findings_filter	Additional filter for Security Hub findings (defaults to no filter)	any	{ "findings": { "Compliance": { "Status": [ "FAILED", "WARNING" ] }, "Severity": { "Label": [ "MEDIUM", "HIGH", "CRITICAL" ] } } }	no
securityhub_topic_name	SNS Topic name for Security Hub notifications	string	"eventbridge-securityhub"	no
slack_channel_id	Slack Channel ID for chatbot	string	n/a	yes
slack_workspace_id	Slack Workspace ID for chatbot	string	n/a	yes
tags	A map of tags to add to all resources	map(string)	{}	no

Outputs

Name	Description
backup_sns_topic_arn	SNS Backup topic ARN
health_sns_topic_arn	SNS Health topic ARN
securityhub_sns_topic_arn	SNS Security Hub topic ARN
vpc_flowlog_bucket	n/a