generated from cloudposse/terraform-example-module
-
-
Notifications
You must be signed in to change notification settings - Fork 29
/
variables.tf
94 lines (81 loc) · 3.47 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
variable "enable_cloudwatch" {
description = <<-DOC
Flag to indicate whether an CloudWatch logging should be enabled for GuardDuty
DOC
type = bool
default = false
}
variable "cloudwatch_event_rule_pattern_detail_type" {
description = <<-DOC
The detail-type pattern used to match events that will be sent to SNS.
For more information, see:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsandEventPatterns.html
https://docs.aws.amazon.com/eventbridge/latest/userguide/event-types.html
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html
DOC
type = string
default = "GuardDuty Finding"
}
variable "create_sns_topic" {
description = <<-DOC
Flag to indicate whether an SNS topic should be created for notifications.
If you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers.
DOC
type = bool
default = false
}
variable "subscribers" {
type = map(object({
protocol = string
endpoint = string
endpoint_auto_confirms = bool
raw_message_delivery = bool
}))
description = <<-DOC
A map of subscription configurations for SNS topics
For more information, see:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference
protocol:
The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially
supported, see link) (email is an option but is unsupported in terraform, see link).
endpoint:
The endpoint to send data to, the contents will vary with the protocol. (see link for more information)
endpoint_auto_confirms:
Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is
false
raw_message_delivery:
Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).
Default is false
DOC
default = {}
}
variable "findings_notification_arn" {
description = <<-DOC
The ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.
If you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set
create_sns_topic to false.
DOC
default = null
type = string
}
variable "finding_publishing_frequency" {
description = <<-DOC
The frequency of notifications sent for finding occurrences. If the detector is a GuardDuty member account, the value
is determined by the GuardDuty master account and cannot be modified, otherwise it defaults to SIX_HOURS.
For standalone and GuardDuty master accounts, it must be configured in Terraform to enable drift detection.
Valid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS."
For more information, see:
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency
DOC
type = string
default = null
}
variable "s3_protection_enabled" {
description = <<-DOC
Flag to indicate whether S3 protection will be turned on in GuardDuty.
For more information, see:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector
DOC
type = bool
default = false
}