-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathguardduty_baselines.tf
44 lines (35 loc) · 1.6 KB
/
guardduty_baselines.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# --------------------------------------------------------------------------------------------------
# GuardDuty Baseline
# Needs to be set up in each region.
# This is an extra configuration which is not included in CIS benchmark.
# --------------------------------------------------------------------------------------------------
locals {
guardduty_master_account_id = var.master_account_id
guardduty_member_accounts = var.member_accounts
}
module "guardduty_baseline_us-gov-west-1" {
count = contains(var.target_regions, "us-gov-west-1") && var.guardduty_enabled ? 1 : 0
source = "./modules/guardduty-baseline"
providers = {
aws = aws.us-gov-west-1
}
disable_email_notification = var.guardduty_disable_email_notification
finding_publishing_frequency = var.guardduty_finding_publishing_frequency
invitation_message = var.guardduty_invitation_message
master_account_id = local.guardduty_master_account_id
member_accounts = local.guardduty_member_accounts
tags = var.tags
}
module "guardduty_baseline_us-gov-east-1" {
count = contains(var.target_regions, "us-gov-east-1") && var.guardduty_enabled ? 1 : 0
source = "./modules/guardduty-baseline"
providers = {
aws = aws.us-gov-east-1
}
disable_email_notification = var.guardduty_disable_email_notification
finding_publishing_frequency = var.guardduty_finding_publishing_frequency
invitation_message = var.guardduty_invitation_message
master_account_id = local.guardduty_master_account_id
member_accounts = local.guardduty_member_accounts
tags = var.tags
}