Skip to content

SPHTech-Platform/terraform-aws-aqua-cspm

BranchesTags

Repository files navigation

Requirements

Name Version
terraform >= 1.0
aws >= 4.0
time >= 0.9

Providers

Name Version
aws 4.65.0
time 0.9.1

Modules

Name Source Version
kms terraform-aws-modules/kms/aws ~> 1.5.0
lambda terraform-aws-modules/lambda/aws ~> 4.10.1
lambda_role terraform-aws-modules/iam/aws//modules/iam-assumable-role ~> 5.9.0
sechub_integration_lambda terraform-aws-modules/lambda/aws ~> 4.10.1

Resources

Name Type
aws_iam_policy.aqua_cspm_lambda resource
aws_iam_policy.aqua_cspm_supplemental resource
aws_iam_policy.aquasec_importfindings resource
aws_iam_role.aqua_cspm resource
aws_iam_role.aqua_cspm_sechub resource
aws_iam_role_policy_attachment.aqua_cspm resource
aws_iam_role_policy_attachment.aqua_cspm_sechub resource
aws_lambda_invocation.external_id resource
aws_lambda_invocation.onboarding resource
aws_lambda_invocation.sechub_integration_external_id resource
aws_lambda_invocation.sechub_integration_onboarding resource
aws_secretsmanager_secret.aqua_cspm_secret resource
aws_secretsmanager_secret_policy.aqua_cspm_secret resource
aws_secretsmanager_secret_version.aqua_cspm_secret resource
time_sleep.sechub_integration_wait_10_aqua_cspm_secret resource
time_sleep.sechub_integration_wait_10_seconds resource
time_sleep.wait_10_aqua_cspm_secret resource
time_sleep.wait_10_seconds resource
aws_caller_identity.current data source
aws_iam_policy_document.aqua_cspm_control_tower_kms_key data source
aws_iam_policy_document.aqua_cspm_custom_trust data source
aws_iam_policy_document.aqua_cspm_lambda data source
aws_iam_policy_document.aqua_cspm_secret data source
aws_iam_policy_document.aqua_cspm_supplemental data source
aws_iam_policy_document.aquahub_sechub_trust data source
aws_iam_policy_document.aquasec_importfindings data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
aqua_cspm_apikey Aqua CSPM API key: Account Management > API Keys > Generate Key string n/a yes
aqua_cspm_secretkey Aqua CSPM Secret string n/a yes
aqua_group_name Aqua CSPM Group Name from the Aqua Wave console string "Default" no
aqua_sechub_integration Enables aqua security hub integration. If enabled, findings from Aquasec will be pushed to security hub.
Notification type can be either "send_all" or "send_only_failed". Default is "send_all"		 
object({
    enabled           = bool
    notification_type = optional(string, "send_all")
  })
 
{
  "enabled": false
}
 no
enable_kms_key_rotation Specifies whether key rotation is enabled. Defaults to true bool true no
kms_aliases A list of aliases to create. Note - due to the use of toset(), values must be static strings and not computed values list(string) 
[
  "alias/AquaCSPM-Control-Tower-AquaSec"
]
 no
tags A map of tags to add to all resources map(string) {} no

Outputs

Name Description
onboarding_data Details of the onboarding

Create Lambda Zip Archive

Need to Python Zip Archive with build libraries, Steps as follows:

  • Switch to src/lambda_fuction directory cd src/lambda_fuction

  • Install the libraries by executing the following command pip3 install -r requirements.txt -t .

  • Zip the directory zip -r9 lambda_function.zip *

About

Terraform module for Aqua CSPM CT integration

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 25

v0.2.3 Latest
May 29, 2023
+ 24 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages