terraform-aws-org-configuration

Terraform module for configuring an integration with Lacework and AWS for cloud resource configuration assessment.

Requirements

Name	Version
terraform	>= 0.14
aws	>= 3.55.0
lacework	~> 2.0

Providers

Name	Version
archive	n/a
aws	>= 3.55.0
lacework	~> 2.0

Modules

No modules.

Resources

Name	Type
aws_cloudformation_stack.lacework_stack	resource
aws_cloudformation_stack_set.lacework_stackset	resource
aws_cloudformation_stack_set_instance.lacework_stackset_instances	resource
aws_iam_role.lacework_copy_zip_files_role	resource
aws_iam_role.lacework_setup_function_role	resource
aws_kms_key.lacework_kms_key	resource
aws_lambda_function.lacework_copy_zip_files	resource
aws_lambda_function.lacework_setup_function	resource
aws_lambda_invocation.lacework_copy_zip_files	resource
aws_lambda_permission.lacework_lambda_permission	resource
aws_s3_bucket.lacework_org_lambda	resource
aws_s3_bucket_ownership_controls.lacework_org_lambda	resource
aws_s3_bucket_public_access_block.lacework_org_lambda	resource
aws_s3_bucket_versioning.lacework_org_lambda	resource
aws_secretsmanager_secret.lacework_api_credentials	resource
aws_secretsmanager_secret_version.lacework_api_credentials	resource
aws_sns_topic.lacework_sns_topic	resource
aws_sns_topic_policy.default	resource
aws_sns_topic_subscription.lacework_sns_subscription	resource
archive_file.lambda_zip_file	data source
aws_caller_identity.current	data source
aws_iam_policy_document.kms_key_policy	data source
aws_iam_policy_document.lacework_copy_zip_files_assume_role	data source
aws_iam_policy_document.lacework_copy_zip_files_role	data source
aws_iam_policy_document.lacework_setup_function_assume_role	data source
aws_iam_policy_document.lacework_setup_function_role	data source
aws_iam_policy_document.sns_topic_policy	data source
aws_partition.current	data source
aws_region.current	data source
lacework_metric_module.lwmetrics	data source

Inputs

Name	Description	Type	Default	Required
cf_resource_prefix	Prefix for resources created by Lacework stackset	string	n/a	yes
cf_s3_bucket	Enter the S3 bucket for Lacework Cloudformation assets. Use this if you want to customize your deployment.	string	"lacework-alliances"	no
cf_s3_prefix	Enter the S3 key prefix for Lacework Cloudformation assets directory. Use this if you want to customize your deployment.	string	"lacework-organization-cfn"	no
cf_stack_name	The stackset name	string	"lacework-aws-org-configuration"	no
kms_key_arn	The ARN of an existing KMS encryption key to be used for SNS and Secrets	string	""	no
kms_key_deletion_days	The waiting period, specified in number of days	number	30	no
kms_key_multi_region	Whether the KMS key is a multi-region or regional key	bool	true	no
kms_key_rotation	Enable KMS automatic key rotation	bool	false	no
lacework_access_key_id	n/a	string	n/a	yes
lacework_account	Lacework account name. Do not include the '.lacework.net' at the end.	string	n/a	yes
lacework_secret_key	n/a	string	n/a	yes
lacework_subaccount	If Lacework Organizations is enabled, enter the sub-account. Leave blank if Lacework Organizations is not enabled.	string	""	no
organization_id	AWS Organization ID where these resources are being deployed into	string	n/a	yes
organization_unit	Organizational Unit ID that the stackset will be deployed into	list(string)	n/a	yes
stackset_failure_tolerance_count	The maxiumum number of failed AWS account integrations to tolerate	number	5	no
stackset_managed_execution	Allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.	bool	true	no
stackset_max_concurrent_count	The maximum number of AWS accounts to deploy to concurrently	number	50	no
stackset_region_concurrency_type	Allow stackset instance deployment to run in parallel	string	"PARALLEL"	no
tags	A map/dictionary of Tags to be assigned to created resources	map(string)	{}	no

Outputs

No outputs.