Skip to content

rocketreach/terraform-aws-guardduty-notifications

BranchesTags
 
 

Repository files navigation

Enable AWS GuardDuty and configures any findings to be sent to and SNS topic.

Creates the following resources:

  • CloudWatch event rule to filter GuardDuty Findings
  • CloudWatch event target to send to SNS topic formatted as GuardDuty finding: <title>

Optionally, it can also create the GuardDuty detector as well.

Usage

module "guardduty-notifications" {
  source  = "trussworks/guardduty-notifications/aws"
  version = "5.0.0"

  sns_topic_slack_arn     = aws_sns_topic.slack.arn
  sns_topic_pagerduty_arn = aws_sns_topic.pagerduty.arn
}

Upgrade Notice v4.x.x to v5.x.x

  • The sns_topic_slack and sns_topic_pagerduty variables have been renamed to sns_topic_slack_arn and sns_topic_pagerduty_arn; they are also taking ARNs as values, and not aws_sns_topic objects. We made this change to better handle the outputs of the notify-slack Terraform module, which outputs names and ARNs, but not objects.

Upgrade Notice v2.x.x to v3.x.x

Version 3 makes a number of changes to the module that will break if it is updated in place. Specifically:

  • The GuardDuty detector is now an optional part of the module, and defaults to off; if you are leaving the GuardDuty detector in this module, you will need to add "create_detector = true" as a parameter and do a terraform state mv of the detector like so:

    terraform state mv module.module_name.aws_guardduty_detector.main module.module_name.aws_guardduty_detector.main[0]

  • The sns_topic_name_slack and sns_topic_name_pagerduty variables have been renamed sns_topic_slack and sns_topic_pagerduty because they are not actually names, but the actual SNS topic objects.

Requirements

Name Version
terraform >= 1.0
aws >= 3.0

Providers

Name Version
aws >= 3.0

Modules

No modules.

Resources

Name Type
aws_cloudwatch_event_rule.main resource
aws_cloudwatch_event_target.pagerduty resource
aws_cloudwatch_event_target.slack resource
aws_guardduty_detector.main resource

Inputs

Name Description Type Default Required
create_detector Create GuardDuty detector bool false no
pagerduty_notifications Enable PagerDuty notifications for GuardDuty findings bool true no
slack_notifications Enable Slack notifications for GuardDuty findings bool true no
sns_topic_pagerduty_arn PagerDuty SNS Topic ARN string "" no
sns_topic_slack_arn Slack SNS Topic ARN string "" no

Outputs

No outputs.

Developer Setup

Install dependencies (macOS)

brew install pre-commit go terraform terraform-docs
pre-commit install --install-hooks

About

Enables AWS GuardDuty and sends findings to an SNS topic.

registry.terraform.io/modules/trussworks/guardduty-notifications

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HCL 76.9%
  • Shell 23.1%