refactor: use module count instead of having ennabled variable in eac…

…h submodule. (nozaq#195) * refactor: use `count` to toggle vpc-baseline * refactor: use `count` to toggle guardduty-baseline * refactor: use `count` to toggle securityhub-baseline * refactor: use `count` to toggle ebs-baseline * refactor: use `count` to toggle analyzer-baseline * refactor: use `count` to toggle config-baseline * refactor: use `count` to toggle cloudtrail-baseline * refactor: use `count` to toggle alarm-baseline * refactor: add migrations
mm-weber · Jan 7, 2022 · acd1464 · acd1464
1 parent 3366cac
commit acd1464
Show file tree

Hide file tree

Showing 54 changed files with 1,016 additions and 474 deletions.
diff --git a/README.md b/README.md
@@ -110,7 +110,7 @@ This module is composed of several submodules and each of which can be used inde
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
@@ -377,7 +377,7 @@ This module is composed of several submodules and each of which can be used inde
 | <a name="output_cloudtrail_sns_topic"></a> [cloudtrail\_sns\_topic](#output\_cloudtrail\_sns\_topic) | The sns topic linked to the cloudtrail. |
 | <a name="output_config_configuration_recorder"></a> [config\_configuration\_recorder](#output\_config\_configuration\_recorder) | The configuration recorder in each region. |
 | <a name="output_config_iam_role"></a> [config\_iam\_role](#output\_config\_iam\_role) | The IAM role used for delivering AWS Config records to CloudWatch Logs. |
-| <a name="output_config_sns_topic"></a> [config\_sns\_topic](#output\_config\_sns\_topic) | The SNS topic that AWS Config delivers notifications to. |
+| <a name="output_config_sns_topic"></a> [config\_sns\_topic](#output\_config\_sns\_topic) | The SNS topic) that AWS Config delivers notifications to. |
 | <a name="output_default_network_acl"></a> [default\_network\_acl](#output\_default\_network\_acl) | The default network ACL. |
 | <a name="output_default_route_table"></a> [default\_route\_table](#output\_default\_route\_table) | The default route table. |
 | <a name="output_default_security_group"></a> [default\_security\_group](#output\_default\_security\_group) | The ID of the default security group. |

diff --git a/analyzer_baselines.tf b/analyzer_baselines.tf
@@ -6,220 +6,221 @@ locals {
 # Analyzer Baseline
 # --------------------------------------------------------------------------------------------------
 module "analyzer_baseline_ap-northeast-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "ap-northeast-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.ap-northeast-1
   }
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "ap-northeast-1")
+
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_ap-northeast-2" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "ap-northeast-2") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.ap-northeast-2
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "ap-northeast-2")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_ap-south-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "ap-south-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.ap-south-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "ap-south-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_ap-northeast-3" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "ap-northeast-3") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.ap-northeast-3
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "ap-northeast-3")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_ap-southeast-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "ap-southeast-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.ap-southeast-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "ap-southeast-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_ap-southeast-2" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "ap-southeast-2") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.ap-southeast-2
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "ap-southeast-2")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_ca-central-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "ca-central-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.ca-central-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "ca-central-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_eu-central-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "eu-central-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.eu-central-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "eu-central-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_eu-north-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "eu-north-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.eu-north-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "eu-north-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_eu-west-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "eu-west-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.eu-west-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "eu-west-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_eu-west-2" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "eu-west-2") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.eu-west-2
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "eu-west-2")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_eu-west-3" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "eu-west-3") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.eu-west-3
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "eu-west-3")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_sa-east-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "sa-east-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.sa-east-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "sa-east-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_us-east-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "us-east-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.us-east-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "us-east-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_us-east-2" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "us-east-2") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.us-east-2
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "us-east-2")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_us-west-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "us-west-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.us-west-1
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "us-west-1")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags
 }
 
 module "analyzer_baseline_us-west-2" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "us-west-2") ? 1 : 0
   source = "./modules/analyzer-baseline"
 
   providers = {
     aws = aws.us-west-2
   }
 
-  enabled         = local.is_analyzer_enabled && contains(var.target_regions, "us-west-2")
   analyzer_name   = var.analyzer_name
   is_organization = local.is_master_account
   tags            = var.tags