terraform-aws-tardigrade-security-hub

Terraform module to enable and configure SecurityHub. The module supports independent accounts with the top-level module, and the cross-account invite/accept workflow with the modules/cross-account-member module.

Testing

You can find example implementations of this module in the tests folder. This module requires 2 different AWS accounts to test and so the terraform aws provider definitions are assuming that you will be using a profile with the name aws and awsalternate.

Note: the implementation tests/test-cross-account will require you to provide the variable email_address.

Requirements

Name	Version
terraform	>= 1.0
aws	>= 5.70.0

Providers

Name	Version
aws	>= 5.70.0

Resources

Name	Type
aws_partition.current	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
security_hub	Object of inputs for Security Hub configuration	object({ auto_enable_controls = optional(bool, true) control_finding_generator = optional(string) enable_default_standards = optional(bool, true) product_subscription_arns = optional(list(string), []) standard_subscription_arns = optional(list(string), []) action_targets = optional(list(object({ name = string description = string identifier = string })), []) standards_control_associations = optional(list(object({ name = string association_status = string security_control_id = string standards_arn = string updated_reason = optional(string) })), []) })	{}	no

Outputs

Name	Description
account	Object of the Security Hub account resource
action_targets	Map of Security Hub action targets
product_subscriptions	Map of Security Hub Product Subscriptions
standards_control_associations	Map of Security Hub Standards Control Associations
standards_subscriptions	Map of Security Hub Standards Subscriptions