From 47ebfba92d6e5420eb9e6eb80e9ed3e17efa5824 Mon Sep 17 00:00:00 2001
From: "docs-sourcer[bot]"
<99042413+docs-sourcer[bot]@users.noreply.github.com>
Date: Fri, 20 Sep 2024 02:36:12 +0000
Subject: [PATCH] Updated with the [latest
changes](https://github.com/gruntwork-io/terraform-aws-security/releases/tag/v0.74.3)
from the `terraform-aws-security@v0.74.3` source branch.
---
.../auto-update/auto-update.md | 30 +-
.../aws-auth/aws-auth.md | 14 +-
.../aws-config-bucket/aws-config-bucket.md | 20 +-
.../aws-config-multi-region.md | 266 ++++++++---------
.../aws-config-rules/aws-config-rules.md | 42 +--
.../aws-config/aws-config.md | 268 +++++++++---------
.../aws-organizations/aws-organizations.md | 36 +--
.../cloudtrail-bucket/cloudtrail-bucket.md | 22 +-
.../cloudtrail/cloudtrail.md | 76 ++---
.../cross-account-iam-roles.md | 24 +-
.../custom-iam-entity/custom-iam-entity.md | 24 +-
.../ebs-encryption-multi-region.md | 28 +-
.../ebs-encryption/ebs-encryption.md | 18 +-
.../fail2ban/fail2ban.md | 12 +-
.../github-actions-iam-role.md | 16 +-
.../github-actions-openid-connect-provider.md | 18 +-
.../guardduty-bucket/guardduty-bucket.md | 16 +-
.../guardduty-multi-region.md | 32 +--
.../guardduty/guardduty.md | 42 +--
.../iam-access-analyzer-multi-region.md | 34 +--
.../iam-groups/iam-groups.md | 22 +-
.../iam-policies/iam-policies.md | 20 +-
.../iam-user-password-policy.md | 18 +-
.../iam-users/iam-users.md | 16 +-
.../ip-lockdown/ip-lockdown.md | 14 +-
.../kms-cmk-replica/kms-cmk-replica.md | 18 +-
.../kms-grant-multi-region.md | 34 +--
.../kms-master-key-multi-region.md | 40 +--
.../kms-master-key/kms-master-key.md | 16 +-
.../modules/terraform-aws-security/ntp/ntp.md | 12 +-
.../os-hardening/os-hardening.md | 30 +-
.../private-s3-bucket/private-s3-bucket.md | 16 +-
.../saml-iam-roles/saml-iam-roles.md | 18 +-
.../secrets-manager-resource-policies.md | 16 +-
.../ssh-grunt-selinux-policy.md | 14 +-
.../ssh-grunt/ssh-grunt.md | 32 +--
.../terraform-aws-security/ssh-iam/ssh-iam.md | 16 +-
.../ssm-healthchecks-iam-permissions.md | 16 +-
.../tls-cert-private/tls-cert-private.md | 14 +-
39 files changed, 712 insertions(+), 708 deletions(-)
diff --git a/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md b/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
index 84496e432..6c67891ba 100644
--- a/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
+++ b/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Security Modules
-View Source
+View Source
Release Notes
@@ -37,23 +37,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [How to install Auto Update](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/auto-update/core-concepts.md#installation)
+* [How to install Auto Update](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/auto-update/core-concepts.md#installation)
-* [How Auto Update works on Ubuntu](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/auto-update/core-concepts.md#ubuntu-support)
+* [How Auto Update works on Ubuntu](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/auto-update/core-concepts.md#ubuntu-support)
-* [How Auto Update works on Amazon Linux 2](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/auto-update/core-concepts.md#amazon-linux-support)
+* [How Auto Update works on Amazon Linux 2](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/auto-update/core-concepts.md#amazon-linux-support)
-* [Auto Update Limitations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/auto-update/core-concepts.md#limitations)
+* [Auto Update Limitations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/auto-update/core-concepts.md#limitations)
-* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/README.adoc#core-concepts)
+* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/README.adoc#core-concepts)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -61,7 +61,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [auto-update example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/auto-update): The `examples/auto-update` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [auto-update example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/auto-update): The `examples/auto-update` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -73,11 +73,11 @@ If you want to deploy this repo in production, check out the following resources
diff --git a/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md b/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
index 51ff62152..a90fc6727 100644
--- a/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
+++ b/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Auth Helper
-View Source
+View Source
Release Notes
@@ -175,7 +175,7 @@ eval $(aws-auth --serial-number arn:aws:iam::123456789011:mfa/jondoe --token-cod
If you store your secrets in a CLI-friendly password manager, such as [pass](https://www.passwordstore.org/),
[lpass](https://github.com/lastpass/lastpass-cli) or
-[1Password CLI](https://support.1password.com/command-line-getting-started/), then you can reduce this even further! Instructions on how to set this up for Lastpass / `lpass` can be found [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-auth/AWS-AUTH-LASTPASS.md) and 1Password / `op` [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-auth/AWS-AUTH-1PASSWORD.md).
+[1Password CLI](https://support.1password.com/command-line-getting-started/), then you can reduce this even further! Instructions on how to set this up for Lastpass / `lpass` can be found [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-auth/AWS-AUTH-LASTPASS.md) and 1Password / `op` [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-auth/AWS-AUTH-1PASSWORD.md).
First, store your permanent AWS credentials in `pass`:
@@ -250,11 +250,11 @@ If you you need to run `aws-auth` with a cronjob, you may want to set the `$USER
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md b/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
index 6474d01da..055d1d77e 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
@@ -9,19 +9,19 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config Bucket
-View Source
+View Source
Release Notes
This module creates an S3 bucket for storing AWS Config data, including all the appropriate lifecycle, encryption, and
permission settings for AWS Config.
-This module is not meant to be used directly. Instead, it's used under the hood in the [aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config)
-and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/account-baseline-root) modules. Please see those modules for more information.
+This module is not meant to be used directly. Instead, it's used under the hood in the [aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config)
+and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/account-baseline-root) modules. Please see those modules for more information.
## Sample Usage
@@ -36,7 +36,7 @@ and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-securi
module "aws_config_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -153,7 +153,7 @@ module "aws_config_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v0.74.3"
}
inputs = {
@@ -497,11 +497,11 @@ The name of the S3 bucket used by AWS Config to store configuration items.
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md b/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
index 2cc155ea3..9bfa36da0 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config Multi Region Module
-View Source
+View Source
Release Notes
-This module wraps the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config/README.md) to configure [AWS Config](https://aws.amazon.com/config/) in all enabled regions for the AWS Account, and optionally can aggregate AWS Config across multiple accounts.
+This module wraps the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config/README.md) to configure [AWS Config](https://aws.amazon.com/config/) in all enabled regions for the AWS Account, and optionally can aggregate AWS Config across multiple accounts.
@@ -45,25 +45,25 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* Learn more about AWS Config in the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config/README.adoc).
+* Learn more about AWS Config in the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config/README.adoc).
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
* [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/)
-* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
+* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
## Sample Usage
@@ -78,7 +78,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
module "aws_config_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -288,65 +288,66 @@ module "aws_config_multi_region" {
rds_storage_encrypted_kms_id = null
# Map of recording group configurations.
- #
- # See the official AWS provider documentation for futher context
- # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder#recording_group-configuration-block
- #
- # Each configuration can have the following parameters:
- #
- # all_supported bool (required):
- # Whether to records configuration changes for every supported type of regional resource.
- #
- # include_global_resource_types bool (required):
- # Whether to records configuration changes for every supported type of global resource.
- #
- # resource_types list(string) (required):
- # List of resource types to record configuration changes for.
- # Requires that all_supported is false and a recording_strategy of "INCLUSION_BY_RESOURCE_TYPES"
- #
- # recording_strategy object({}) (required):
- # use_only list(string):
- # The recording stratgy to use which can be one of:
- # - "ALL_SUPPORTED_RESOURCE_TYPES"
- # - "EXCLUSION_BY_RESOURCE_TYPES"
- # - "INCLUSION_BY_RESOURCE_TYPES"
- #
- # exclusion_by_resource_types object({}) (optional):
- # resource_types list(string):
- # A list of resource types to exclude from recording.
- # Requires that all_supported is false and a recording_strategy of "EXCLUSION_BY_RESOURCE_TYPES"
- #
+
+See the official AWS provider
+ # documentation for futher context
+ # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder#recording_group-configuration-block
+
+Each
+ # configuration can have the following parameters:
+
+all_supported bool
+ # (required): Whether to records configuration changes for every supported
+ # type of regional resource.
+
+include_global_resource_types bool (required):
+ # Whether to records configuration changes for every supported type of global
+ # resource.
+
+resource_types list(string) (required): List of resource types
+ # to record configuration changes for. Requires that all_supported is false
+ # and a recording_strategy of
+ # "INCLUSION_BY_RESOURCE_TYPES"
+
+recording_strategy object({}) (required):
+ # use_only list(string): The recording stratgy to use which can be one of:
+ # - "ALL_SUPPORTED_RESOURCE_TYPES" - "EXCLUSION_BY_RESOURCE_TYPES" -
+ # "INCLUSION_BY_RESOURCE_TYPES"
+
+exclusion_by_resource_types object({})
+ # (optional): resource_types list(string): A list of resource types to
+ # exclude from recording. Requires that all_supported is false and a
+ # recording_strategy of "EXCLUSION_BY_RESOURCE_TYPES"
recording_groups = {"default_group":{"all_supported":true,"include_global_resource_types":true,"recording_strategy":{"use_only":"ALL_SUPPORTED_RESOURCE_TYPES"},"resource_types":[]}}
- # The mode for AWS Config to record configuration changes.
- # recording_frequency:
- # The frequency with which AWS Config records configuration changes (service defaults to CONTINUOUS).
- # - CONTINUOUS
- # - DAILY
- # You can also override the recording frequency for specific resource types.
- # recording_mode_override:
- # description:
- # A description for the override.
- # recording_frequency:
- # The frequency with which AWS Config records configuration changes for the specified resource types.
- # - CONTINUOUS
- # - DAILY
- # resource_types:
- # A list of resource types for which AWS Config records configuration changes. For example, AWS::EC2::Instance.
- #
- # See the following for more information:
- # https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
- # /*
- # recording_mode = {
- # recording_frequency = "DAILY"
- # recording_mode_override = {
- # description = "Override for specific resource types"
- # recording_frequency = "CONTINUOUS"
- # resource_types = ["AWS::EC2::Instance"]
- # }
- # }
- # */
- #
+ # The mode for AWS Config to record configuration
+ # changes.
+recording_frequency:
+The frequency with which AWS Config records
+ # configuration changes (service defaults to CONTINUOUS).
+- CONTINUOUS
+-
+ # DAILY
+You can also override the recording frequency for specific resource
+ # types.
+recording_mode_override: description: A description for the
+ # override. recording_frequency: The frequency with which AWS Config
+ # records configuration changes for the specified resource types. -
+ # CONTINUOUS - DAILY resource_types: A list of resource types for which
+ # AWS Config records configuration changes. For example,
+ # AWS::EC2::Instance.
+
+See the following for more
+ # information:
+https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
+/*
+recording_mode
+ # = { recording_frequency = "DAILY" recording_mode_override = {
+ # description = "Override for specific resource types"
+ # recording_frequency = "CONTINUOUS" resource_types =
+ # ["AWS::EC2::Instance"] }
+}
+*/
recording_mode = null
# Set to true to enable replication for this bucket. You can set the role to
@@ -436,7 +437,7 @@ module "aws_config_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v0.74.3"
}
inputs = {
@@ -649,65 +650,66 @@ inputs = {
rds_storage_encrypted_kms_id = null
# Map of recording group configurations.
- #
- # See the official AWS provider documentation for futher context
- # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder#recording_group-configuration-block
- #
- # Each configuration can have the following parameters:
- #
- # all_supported bool (required):
- # Whether to records configuration changes for every supported type of regional resource.
- #
- # include_global_resource_types bool (required):
- # Whether to records configuration changes for every supported type of global resource.
- #
- # resource_types list(string) (required):
- # List of resource types to record configuration changes for.
- # Requires that all_supported is false and a recording_strategy of "INCLUSION_BY_RESOURCE_TYPES"
- #
- # recording_strategy object({}) (required):
- # use_only list(string):
- # The recording stratgy to use which can be one of:
- # - "ALL_SUPPORTED_RESOURCE_TYPES"
- # - "EXCLUSION_BY_RESOURCE_TYPES"
- # - "INCLUSION_BY_RESOURCE_TYPES"
- #
- # exclusion_by_resource_types object({}) (optional):
- # resource_types list(string):
- # A list of resource types to exclude from recording.
- # Requires that all_supported is false and a recording_strategy of "EXCLUSION_BY_RESOURCE_TYPES"
- #
+
+See the official AWS provider
+ # documentation for futher context
+ # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder#recording_group-configuration-block
+
+Each
+ # configuration can have the following parameters:
+
+all_supported bool
+ # (required): Whether to records configuration changes for every supported
+ # type of regional resource.
+
+include_global_resource_types bool (required):
+ # Whether to records configuration changes for every supported type of global
+ # resource.
+
+resource_types list(string) (required): List of resource types
+ # to record configuration changes for. Requires that all_supported is false
+ # and a recording_strategy of
+ # "INCLUSION_BY_RESOURCE_TYPES"
+
+recording_strategy object({}) (required):
+ # use_only list(string): The recording stratgy to use which can be one of:
+ # - "ALL_SUPPORTED_RESOURCE_TYPES" - "EXCLUSION_BY_RESOURCE_TYPES" -
+ # "INCLUSION_BY_RESOURCE_TYPES"
+
+exclusion_by_resource_types object({})
+ # (optional): resource_types list(string): A list of resource types to
+ # exclude from recording. Requires that all_supported is false and a
+ # recording_strategy of "EXCLUSION_BY_RESOURCE_TYPES"
recording_groups = {"default_group":{"all_supported":true,"include_global_resource_types":true,"recording_strategy":{"use_only":"ALL_SUPPORTED_RESOURCE_TYPES"},"resource_types":[]}}
- # The mode for AWS Config to record configuration changes.
- # recording_frequency:
- # The frequency with which AWS Config records configuration changes (service defaults to CONTINUOUS).
- # - CONTINUOUS
- # - DAILY
- # You can also override the recording frequency for specific resource types.
- # recording_mode_override:
- # description:
- # A description for the override.
- # recording_frequency:
- # The frequency with which AWS Config records configuration changes for the specified resource types.
- # - CONTINUOUS
- # - DAILY
- # resource_types:
- # A list of resource types for which AWS Config records configuration changes. For example, AWS::EC2::Instance.
- #
- # See the following for more information:
- # https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
- # /*
- # recording_mode = {
- # recording_frequency = "DAILY"
- # recording_mode_override = {
- # description = "Override for specific resource types"
- # recording_frequency = "CONTINUOUS"
- # resource_types = ["AWS::EC2::Instance"]
- # }
- # }
- # */
- #
+ # The mode for AWS Config to record configuration
+ # changes.
+recording_frequency:
+The frequency with which AWS Config records
+ # configuration changes (service defaults to CONTINUOUS).
+- CONTINUOUS
+-
+ # DAILY
+You can also override the recording frequency for specific resource
+ # types.
+recording_mode_override: description: A description for the
+ # override. recording_frequency: The frequency with which AWS Config
+ # records configuration changes for the specified resource types. -
+ # CONTINUOUS - DAILY resource_types: A list of resource types for which
+ # AWS Config records configuration changes. For example,
+ # AWS::EC2::Instance.
+
+See the following for more
+ # information:
+https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
+/*
+recording_mode
+ # = { recording_frequency = "DAILY" recording_mode_override = {
+ # description = "Override for specific resource types"
+ # recording_frequency = "CONTINUOUS" resource_types =
+ # ["AWS::EC2::Instance"] }
+}
+*/
recording_mode = null
# Set to true to enable replication for this bucket. You can set the role to
@@ -1334,7 +1336,7 @@ recording_mode_override:
See the following for more information:
https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
-```
+/*
recording_mode = {
recording_frequency = 'DAILY'
recording_mode_override = {
@@ -1343,7 +1345,7 @@ recording_mode = {
resource_types = ['AWS::EC2::Instance']
}
}
-```
+*/
@@ -1555,11 +1557,11 @@ The ARNs of the SNS Topic used by the config notifications.
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md b/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
index 5e1841842..e404791cf 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Organizations Config Rules
-View Source
+View Source
Release Notes
@@ -41,27 +41,27 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
+* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
-* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config/core-concepts.md#what-is-aws-config)
+* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config/core-concepts.md#what-is-aws-config)
-* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config/core-concepts.md#what-are-config-rules)
+* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config/core-concepts.md#what-are-config-rules)
-* [What are Managed Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config-rules/core-concepts.md#what-are-managed-config-rules)
+* [What are Managed Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config-rules/core-concepts.md#what-are-managed-config-rules)
-* [How do Organization-Level Config Rules Compare to Account-Level Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config-rules/core-concepts.md#how-do-organization-level-config-rules-compare-to-account-level-config-rules)
+* [How do Organization-Level Config Rules Compare to Account-Level Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config-rules/core-concepts.md#how-do-organization-level-config-rules-compare-to-account-level-config-rules)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config-rules/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config-rules/core-concepts.md#what-resources-does-this-module-create)
* [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -69,7 +69,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-config-rules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/aws-config-rules): The `examples/aws-organizations-config-rules` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-config-rules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/aws-config-rules): The `examples/aws-organizations-config-rules` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -83,11 +83,11 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [How do I configure the rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config-rules/core-concepts.md#how-do-i-configure-the-rules)
+* [How do I configure the rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config-rules/core-concepts.md#how-do-i-configure-the-rules)
-* [How do I add additional rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config-rules/core-concepts.md#how-do-i-add-additional-rules)
+* [How do I add additional rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config-rules/core-concepts.md#how-do-i-add-additional-rules)
-* [How do I exclude specific accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config-rules/core-concepts.md#how-do-i-exclude-specific-accounts)
+* [How do I exclude specific accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config-rules/core-concepts.md#how-do-i-exclude-specific-accounts)
## Sample Usage
@@ -102,7 +102,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_config_rules" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -237,7 +237,7 @@ module "aws_config_rules" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v0.74.3"
}
inputs = {
@@ -678,11 +678,11 @@ Map of config rule ARNs. Key is rule ID, value is rule ARN
diff --git a/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md b/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
index 822363c77..8ef4945d1 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config
-View Source
+View Source
Release Notes
@@ -39,19 +39,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config/core-concepts.md#what-is-aws-config)
+* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config/core-concepts.md#what-is-aws-config)
-* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config/core-concepts.md#what-are-config-rules)
+* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config/core-concepts.md#what-are-config-rules)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config/core-concepts.md#what-resources-does-this-module-create)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -59,7 +59,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/aws-config): The `examples/aws-config` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/aws-config): The `examples/aws-config` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -71,9 +71,9 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [What does a configuration item look like, and how do I view it?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config/core-concepts.md#what-does-a-configuration-item-look-like-and-how-do-i-view-it)
+* [What does a configuration item look like, and how do I view it?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config/core-concepts.md#what-does-a-configuration-item-look-like-and-how-do-i-view-it)
-* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
+* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
## Sample Usage
@@ -88,7 +88,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_config" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -213,68 +213,65 @@ module "aws_config" {
opt_in_regions = []
# Map of recording group configurations.
- #
- # See the official AWS provider documentation for futher context
- # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder#recording_group-configuration-block
- #
- # Each configuration can have the following parameters:
- #
- # all_supported bool (required):
- # Whether to records configuration changes for every supported type of regional resource.
- #
- # include_global_resource_types bool (required):
- # Whether to records configuration changes for every supported type of global resource.
- #
- # resource_types list(string) (required):
- # List of resource types to record configuration changes for.
- # Requires that all_supported is false and a recording_strategy of "INCLUSION_BY_RESOURCE_TYPES"
- #
- # recording_strategy object({}) (required):
- # use_only list(string):
- # The recording stratgy to use which can be one of:
- # - "ALL_SUPPORTED_RESOURCE_TYPES"
- # - "EXCLUSION_BY_RESOURCE_TYPES"
- # - "INCLUSION_BY_RESOURCE_TYPES"
- #
- # exclusion_by_resource_types object({}) (optional):
- # resource_types list(string):
- # A list of resource types to exclude from recording.
- # Requires that all_supported is false and a recording_strategy of "EXCLUSION_BY_RESOURCE_TYPES"
- #
+
+See the official AWS provider
+ # documentation for futher context
+ # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder#recording_group-configuration-block
+
+Each
+ # configuration can have the following parameters:
+
+all_supported bool
+ # (required): Whether to records configuration changes for every supported
+ # type of regional resource.
+
+include_global_resource_types bool (required):
+ # Whether to records configuration changes for every supported type of global
+ # resource.
+
+resource_types list(string) (required): List of resource types
+ # to record configuration changes for. Requires that all_supported is false
+ # and a recording_strategy of
+ # "INCLUSION_BY_RESOURCE_TYPES"
+
+recording_strategy object({}) (required):
+ # use_only list(string): The recording stratgy to use which can be one of:
+ # - "ALL_SUPPORTED_RESOURCE_TYPES" - "EXCLUSION_BY_RESOURCE_TYPES" -
+ # "INCLUSION_BY_RESOURCE_TYPES"
+
+exclusion_by_resource_types object({})
+ # (optional): resource_types list(string): A list of resource types to
+ # exclude from recording. Requires that all_supported is false and a
+ # recording_strategy of "EXCLUSION_BY_RESOURCE_TYPES"
recording_groups = {"default_group":{"all_supported":true,"include_global_resource_types":true,"recording_strategy":{"use_only":"ALL_SUPPORTED_RESOURCE_TYPES"},"resource_types":[]}}
- # The mode for AWS Config to record configuration changes.
- #
+ # The mode for AWS Config to record configuration changes.
# recording_frequency:
- # The frequency with which AWS Config records configuration changes (service defaults to CONTINUOUS).
- # - CONTINUOUS
- # - DAILY
- #
- # You can also override the recording frequency for specific resource types.
- # recording_mode_override:
- # description:
- # A description for the override.
- # recording_frequency:
- # The frequency with which AWS Config records configuration changes for the specified resource types.
- # - CONTINUOUS
- # - DAILY
- # resource_types:
- # A list of resource types for which AWS Config records configuration changes. For example, AWS::EC2::Instance.
- #
- # See the following for more information:
- # https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
- #
- # /*
- # recording_mode = {
- # recording_frequency = "DAILY"
- # recording_mode_override = {
- # description = "Override for specific resource types"
- # recording_frequency = "CONTINUOUS"
- # resource_types = ["AWS::EC2::Instance"]
- # }
- # }
- # */
- #
+The frequency with which AWS Config records
+ # configuration changes (service defaults to CONTINUOUS).
+- CONTINUOUS
+-
+ # DAILY
+
+You can also override the recording frequency for specific resource
+ # types.
+recording_mode_override: description: A description for the
+ # override. recording_frequency: The frequency with which AWS Config
+ # records configuration changes for the specified resource types. -
+ # CONTINUOUS - DAILY resource_types: A list of resource types for which
+ # AWS Config records configuration changes. For example, AWS::EC2::Instance.
+ # See the following for more
+ # information:
+https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
+
+/*
+recording_mode
+ # = { recording_frequency = "DAILY" recording_mode_override = {
+ # description = "Override for specific resource types"
+ # recording_frequency = "CONTINUOUS" resource_types =
+ # ["AWS::EC2::Instance"] }
+}
+*/
recording_mode = null
# Set to true to enable replication for this bucket. You can set the role to
@@ -377,7 +374,7 @@ module "aws_config" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v0.74.3"
}
inputs = {
@@ -505,68 +502,65 @@ inputs = {
opt_in_regions = []
# Map of recording group configurations.
- #
- # See the official AWS provider documentation for futher context
- # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder#recording_group-configuration-block
- #
- # Each configuration can have the following parameters:
- #
- # all_supported bool (required):
- # Whether to records configuration changes for every supported type of regional resource.
- #
- # include_global_resource_types bool (required):
- # Whether to records configuration changes for every supported type of global resource.
- #
- # resource_types list(string) (required):
- # List of resource types to record configuration changes for.
- # Requires that all_supported is false and a recording_strategy of "INCLUSION_BY_RESOURCE_TYPES"
- #
- # recording_strategy object({}) (required):
- # use_only list(string):
- # The recording stratgy to use which can be one of:
- # - "ALL_SUPPORTED_RESOURCE_TYPES"
- # - "EXCLUSION_BY_RESOURCE_TYPES"
- # - "INCLUSION_BY_RESOURCE_TYPES"
- #
- # exclusion_by_resource_types object({}) (optional):
- # resource_types list(string):
- # A list of resource types to exclude from recording.
- # Requires that all_supported is false and a recording_strategy of "EXCLUSION_BY_RESOURCE_TYPES"
- #
+
+See the official AWS provider
+ # documentation for futher context
+ # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder#recording_group-configuration-block
+
+Each
+ # configuration can have the following parameters:
+
+all_supported bool
+ # (required): Whether to records configuration changes for every supported
+ # type of regional resource.
+
+include_global_resource_types bool (required):
+ # Whether to records configuration changes for every supported type of global
+ # resource.
+
+resource_types list(string) (required): List of resource types
+ # to record configuration changes for. Requires that all_supported is false
+ # and a recording_strategy of
+ # "INCLUSION_BY_RESOURCE_TYPES"
+
+recording_strategy object({}) (required):
+ # use_only list(string): The recording stratgy to use which can be one of:
+ # - "ALL_SUPPORTED_RESOURCE_TYPES" - "EXCLUSION_BY_RESOURCE_TYPES" -
+ # "INCLUSION_BY_RESOURCE_TYPES"
+
+exclusion_by_resource_types object({})
+ # (optional): resource_types list(string): A list of resource types to
+ # exclude from recording. Requires that all_supported is false and a
+ # recording_strategy of "EXCLUSION_BY_RESOURCE_TYPES"
recording_groups = {"default_group":{"all_supported":true,"include_global_resource_types":true,"recording_strategy":{"use_only":"ALL_SUPPORTED_RESOURCE_TYPES"},"resource_types":[]}}
- # The mode for AWS Config to record configuration changes.
- #
+ # The mode for AWS Config to record configuration changes.
# recording_frequency:
- # The frequency with which AWS Config records configuration changes (service defaults to CONTINUOUS).
- # - CONTINUOUS
- # - DAILY
- #
- # You can also override the recording frequency for specific resource types.
- # recording_mode_override:
- # description:
- # A description for the override.
- # recording_frequency:
- # The frequency with which AWS Config records configuration changes for the specified resource types.
- # - CONTINUOUS
- # - DAILY
- # resource_types:
- # A list of resource types for which AWS Config records configuration changes. For example, AWS::EC2::Instance.
- #
- # See the following for more information:
- # https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
- #
- # /*
- # recording_mode = {
- # recording_frequency = "DAILY"
- # recording_mode_override = {
- # description = "Override for specific resource types"
- # recording_frequency = "CONTINUOUS"
- # resource_types = ["AWS::EC2::Instance"]
- # }
- # }
- # */
- #
+The frequency with which AWS Config records
+ # configuration changes (service defaults to CONTINUOUS).
+- CONTINUOUS
+-
+ # DAILY
+
+You can also override the recording frequency for specific resource
+ # types.
+recording_mode_override: description: A description for the
+ # override. recording_frequency: The frequency with which AWS Config
+ # records configuration changes for the specified resource types. -
+ # CONTINUOUS - DAILY resource_types: A list of resource types for which
+ # AWS Config records configuration changes. For example, AWS::EC2::Instance.
+ # See the following for more
+ # information:
+https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
+
+/*
+recording_mode
+ # = { recording_frequency = "DAILY" recording_mode_override = {
+ # description = "Override for specific resource types"
+ # recording_frequency = "CONTINUOUS" resource_types =
+ # ["AWS::EC2::Instance"] }
+}
+*/
recording_mode = null
# Set to true to enable replication for this bucket. You can set the role to
@@ -964,7 +958,7 @@ recording_mode_override:
See the following for more information:
https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html
-```
+/*
recording_mode = {
recording_frequency = 'DAILY'
recording_mode_override = {
@@ -973,7 +967,7 @@ recording_mode = {
resource_types = ['AWS::EC2::Instance']
}
}
-```
+*/
@@ -1219,11 +1213,11 @@ The ARN of the SNS topic to which Config delivers notifications.
diff --git a/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md b/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
index 6f217adeb..0f9a7b14c 100644
--- a/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
+++ b/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Organizations
-View Source
+View Source
Release Notes
@@ -39,23 +39,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
+* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
-* [What is a Root account?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-organizations/core-concepts.md#what-is-a-root-account)
+* [What is a Root account?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-organizations/core-concepts.md#what-is-a-root-account)
-* [What are Organization Accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-organizations/core-concepts.md#what-are-organization-accounts)
+* [What are Organization Accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-organizations/core-concepts.md#what-are-organization-accounts)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-organizations/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-organizations/core-concepts.md#what-resources-does-this-module-create)
* [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -63,7 +63,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-organizations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/aws-organizations): The `examples/aws-organizations` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-organizations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/aws-organizations): The `examples/aws-organizations` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -77,9 +77,9 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [How do I provision new accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-organizations/core-concepts.md#how-do-i-provision-new-accounts)
+* [How do I provision new accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-organizations/core-concepts.md#how-do-i-provision-new-accounts)
-* [How do I remove accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-organizations/core-concepts.md#how-do-i-remove-accounts)
+* [How do I remove accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-organizations/core-concepts.md#how-do-i-remove-accounts)
## Sample Usage
@@ -94,7 +94,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_organizations" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -153,7 +153,7 @@ module "aws_organizations" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v0.74.3"
}
inputs = {
@@ -424,11 +424,11 @@ Identifier of the root of this organization.
diff --git a/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md b/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
index b17d5dc55..fbecedaf5 100644
--- a/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
@@ -9,21 +9,21 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# CloudTrail Bucket
-View Source
+View Source
Release Notes
This module creates an S3 bucket for storing CloudTrail data and a KMS Customer Master Key (CMK) for encrypting that
data, including all the appropriate lifecycle, encryption, and permission settings for CloudTrail.
-This module is used under the hood in the [cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail)
-and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/account-baseline-root) modules.
+This module is used under the hood in the [cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail)
+and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/account-baseline-root) modules.
-It can also be used directly when configuring cross account access, for example when it is desirable to [have the central Cloudtrail S3 bucket exist outside of the management account.](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#multi-account-cloudtrail-setup-storing-the-cloudtrail-bucket-in-an-account-other-than-the-management-account)
+It can also be used directly when configuring cross account access, for example when it is desirable to [have the central Cloudtrail S3 bucket exist outside of the management account.](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#multi-account-cloudtrail-setup-storing-the-cloudtrail-bucket-in-an-account-other-than-the-management-account)
## Sample Usage
@@ -38,7 +38,7 @@ It can also be used directly when configuring cross account access, for example
module "cloudtrail_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -210,7 +210,7 @@ module "cloudtrail_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v0.74.3"
}
inputs = {
@@ -907,11 +907,11 @@ The name of the S3 bucket where cloudtrail logs are delivered.
diff --git a/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md b/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
index 151e90f75..4b84489fe 100644
--- a/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
+++ b/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS CloudTrail
-View Source
+View Source
Release Notes
@@ -39,25 +39,25 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#what-is-cloudtrail)
+* [What is CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#what-is-cloudtrail)
-* [Why use CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#why-use-cloudtrail)
+* [Why use CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#why-use-cloudtrail)
-* [What is a CloudTrail Trail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#what-is-a-cloudtrail-trail)
+* [What is a CloudTrail Trail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#what-is-a-cloudtrail-trail)
-* [What’s the difference between CloudTrail and AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#whats-the-difference-between-cloudtrail-and-aws-config)
+* [What’s the difference between CloudTrail and AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#whats-the-difference-between-cloudtrail-and-aws-config)
-* [CloudTrail Threat Model](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#cloudtrail-threat-model)
+* [CloudTrail Threat Model](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#cloudtrail-threat-model)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#resources-created)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#resources-created)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -65,7 +65,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/cloudtrail): The `examples/cloudtrail` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/cloudtrail): The `examples/cloudtrail` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -81,15 +81,15 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [Where are CloudTrail logs stored?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#where-are-cloudtrail-logs-stored)
+* [Where are CloudTrail logs stored?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#where-are-cloudtrail-logs-stored)
-* [What kind of data do CloudTrail log entries contain?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#what-kind-of-data-do-cloudtrail-log-entries-contain)
+* [What kind of data do CloudTrail log entries contain?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#what-kind-of-data-do-cloudtrail-log-entries-contain)
-* [What’s the best way to view CloudTrail Log Data?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#whats-the-best-way-to-view-cloudtrail-log-data)
+* [What’s the best way to view CloudTrail Log Data?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#whats-the-best-way-to-view-cloudtrail-log-data)
### Major changes
-* [Can you get alerted when certain API events occur?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cloudtrail/core-concepts.md#can-you-get-alerted-when-certain-api-events-occur)
+* [Can you get alerted when certain API events occur?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cloudtrail/core-concepts.md#can-you-get-alerted-when-certain-api-events-occur)
## Sample Usage
@@ -104,7 +104,7 @@ If you want to deploy this repo in production, check out the following resources
module "cloudtrail" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -137,12 +137,16 @@ module "cloudtrail" {
# below.
additional_bucket_policy_statements = null
- # Map of advanced event selector name to list of field selectors to apply for that event selector. Advanced event selectors allow for more fine grained data logging of events.
- #
- # Note that you can not configure basic data logging (var.data_logging_enabled) if advanced event logging is enabled.
- #
- # Refer to the AWS docs on data event selection for more details on the difference between basic data logging and advanced data logging.
- #
+ # Map of advanced event selector name to list of field selectors to apply for
+ # that event selector. Advanced event selectors allow for more fine grained
+ # data logging of events.
+
+Note that you can not configure basic data logging
+ # (var.data_logging_enabled) if advanced event logging is enabled.
+
+Refer to
+ # the AWS docs on data event selection for more details on the difference
+ # between basic data logging and advanced data logging.
advanced_event_selectors = {}
# Whether or not to allow kms:DescribeKey to external AWS accounts with write
@@ -357,7 +361,7 @@ module "cloudtrail" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v0.74.3"
}
inputs = {
@@ -393,12 +397,16 @@ inputs = {
# below.
additional_bucket_policy_statements = null
- # Map of advanced event selector name to list of field selectors to apply for that event selector. Advanced event selectors allow for more fine grained data logging of events.
- #
- # Note that you can not configure basic data logging (var.data_logging_enabled) if advanced event logging is enabled.
- #
- # Refer to the AWS docs on data event selection for more details on the difference between basic data logging and advanced data logging.
- #
+ # Map of advanced event selector name to list of field selectors to apply for
+ # that event selector. Advanced event selectors allow for more fine grained
+ # data logging of events.
+
+Note that you can not configure basic data logging
+ # (var.data_logging_enabled) if advanced event logging is enabled.
+
+Refer to
+ # the AWS docs on data event selection for more details on the difference
+ # between basic data logging and advanced data logging.
advanced_event_selectors = {}
# Whether or not to allow kms:DescribeKey to external AWS accounts with write
@@ -1397,11 +1405,11 @@ The name of the cloudtrail trail.
diff --git a/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md b/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
index b34dd1c38..44c00f732 100644
--- a/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
+++ b/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A best-practices set of IAM roles for cross-account access
-View Source
+View Source
Release Notes
@@ -34,7 +34,7 @@ This module creates the following IAM roles (all optional):
These IAM Roles are intended to be assumed by human users (i.e., IAM Users in another AWS account). The default
maximum session expiration for these roles is 12 hours (configurable via the `var.max_session_duration_human_users`).
Note that these are the *maximum* session expirations; the actual value for session expiration is specified when
-making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-auth)).
+making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-auth)).
* **allow-read-only-access-from-other-accounts**: Users from the accounts in
`var.allow_read_only_access_from_other_account_arns` will get read-only access to all services in this account.
@@ -65,11 +65,11 @@ making API calls to assume the IAM role (see [aws-auth](https://github.com/grunt
These IAM Roles are intended to be assumed by machine users (i.e., an EC2 Instance in another AWS account). The default
maximum session expiration for these roles is 1 hour (configurable via the `var.max_session_duration_machine_users`).
Note that these are the *maximum* session expirations; the actual value for session expiration is specified when
-making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/aws-auth)).
+making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/aws-auth)).
* **allow-ssh-grunt-access-from-other-accounts**: Users (or more likely, EC2 Instances) from the accounts in
`var.allow_ssh_grunt_access_from_other_account_arns` will get read access to IAM Groups and public SSH keys. This is
- useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
+ useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
connections against IAM users defined in this AWS account.
* **allow-auto-deploy-access-from-other-accounts**: Users from the accounts in `var.allow_auto_deploy_from_other_account_arns`
@@ -96,7 +96,7 @@ roles with the AWS CLI takes quite a few steps, so use the [aws-auth script](htt
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-policies#background-information).
## Sample Usage
@@ -111,7 +111,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "cross_account_iam_roles" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -298,7 +298,7 @@ module "cross_account_iam_roles" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v0.74.3"
}
inputs = {
@@ -1087,11 +1087,11 @@ When true, all IAM policies will be managed as dedicated policies rather than in
diff --git a/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md b/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
index 628d8f51a..27aa25e38 100644
--- a/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
+++ b/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Custom IAM Entity
-View Source
+View Source
Release Notes
-This Gruntwork Terraform Module creates an IAM group and/or role and attaches a provided set of IAM managed policies to the group. This can be used in conjunction with the [iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-groups), [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cross-account-iam-roles), and [saml-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/saml-iam-roles) modules which create a set of groups and roles with smart defaults. Use this module to easily create IAM groups and roles with a defined set of permissions.
+This Gruntwork Terraform Module creates an IAM group and/or role and attaches a provided set of IAM managed policies to the group. This can be used in conjunction with the [iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-groups), [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cross-account-iam-roles), and [saml-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/saml-iam-roles) modules which create a set of groups and roles with smart defaults. Use this module to easily create IAM groups and roles with a defined set of permissions.
### Requirements
@@ -25,7 +25,7 @@ This Gruntwork Terraform Module creates an IAM group and/or role and attaches a
### Instructions
-Check out the [custom-iam-entity example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/custom-iam-entity) for a working example.
+Check out the [custom-iam-entity example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/custom-iam-entity) for a working example.
#### Resources Created
@@ -36,7 +36,7 @@ If neither role nor group are provided, this module does nothing.
#### Resources NOT Created
-* **IAM users** - This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-users) to create users.
+* **IAM users** - This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-users) to create users.
* **IAM policies** - This module only attaches policies by ARN or by name. It does not create any new policies.
#### MFA support
@@ -51,7 +51,7 @@ The reason for this difference is difficult to explain, but boils down to limita
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-policies#background-information).
## Sample Usage
@@ -66,7 +66,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "custom_iam_entity" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -165,7 +165,7 @@ module "custom_iam_entity" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.74.3"
}
inputs = {
@@ -486,11 +486,11 @@ The name of the IAM role.
diff --git a/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md b/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
index ad99fa5e2..055fda3eb 100644
--- a/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# EBS Encryption Multi Region Module
-View Source
+View Source
Release Notes
-This module wraps the [ebs-encryption core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ebs-encryption/README.md) to configure [AWS EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in all enabled regions for the AWS Account.
+This module wraps the [ebs-encryption core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ebs-encryption/README.md) to configure [AWS EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in all enabled regions for the AWS Account.
## Features
@@ -37,17 +37,17 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
* [AWS blog: Opt-in to Default Encryption for New EBS Volumes](https://aws.amazon.com/blogs/aws/new-opt-in-to-default-encryption-for-new-ebs-volumes/)
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -66,7 +66,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
module "ebs_encryption_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -108,7 +108,7 @@ module "ebs_encryption_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v0.74.3"
}
inputs = {
@@ -219,11 +219,11 @@ A map from region to the ARN of the KMS key used for default EBS encryption for
diff --git a/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md b/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
index 85c1e811c..a16ba6d0f 100644
--- a/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
+++ b/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
@@ -9,18 +9,18 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Elastic Block Storage Encryption
-View Source
+View Source
Release Notes
This module configures EC2 Elastic Block Storage encryption defaults, allowing encryption to be enabled for all new EBS
volumes and selection of a KMS Customer Managed Key to use by default.
-This module is not meant to be used directly. Instead, it's used under the hood in the [account-baseline-\*](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules)
+This module is not meant to be used directly. Instead, it's used under the hood in the [account-baseline-\*](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules)
modules. Please see those modules for more information.
## Background Information
@@ -42,7 +42,7 @@ modules. Please see those modules for more information.
module "ebs_encryption" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -81,7 +81,7 @@ module "ebs_encryption" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v0.74.3"
}
inputs = {
@@ -188,11 +188,11 @@ The default KMS key used for EBS encryption.
diff --git a/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md b/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
index 129b1c176..b0c51496d 100644
--- a/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
+++ b/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Fail2Ban Module
-View Source
+View Source
Release Notes
@@ -28,11 +28,11 @@ Instance.
diff --git a/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md b/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
index a285e4942..4279972bf 100644
--- a/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
+++ b/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# IAM Role for GitHub Actions
-View Source
+View Source
Release Notes
@@ -184,7 +184,7 @@ jobs:
module "github_actions_iam_role" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -269,7 +269,7 @@ module "github_actions_iam_role" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v0.74.3"
}
inputs = {
@@ -587,11 +587,11 @@ The name of the IAM role.
diff --git a/docs/reference/modules/terraform-aws-security/github-actions-openid-connect-provider/github-actions-openid-connect-provider.md b/docs/reference/modules/terraform-aws-security/github-actions-openid-connect-provider/github-actions-openid-connect-provider.md
index 694140c91..d64ac4e18 100644
--- a/docs/reference/modules/terraform-aws-security/github-actions-openid-connect-provider/github-actions-openid-connect-provider.md
+++ b/docs/reference/modules/terraform-aws-security/github-actions-openid-connect-provider/github-actions-openid-connect-provider.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# OpenID Connect Provider for GitHub Actions
-View Source
+View Source
Release Notes
@@ -43,7 +43,7 @@ with the OpenID Connect Provider. In addition to this security measure, you shou
associated with the OpenID Connect Provider have the appropriate trust policy to only allow assumption of the role by
the appropriate GitHub Repos on the appropriate refs.
-See the [GitHub Actions IAM Role](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/github-actions-iam-role/README.md) module for more information.
+See the [GitHub Actions IAM Role](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/github-actions-iam-role/README.md) module for more information.
## Sample Usage
@@ -58,7 +58,7 @@ See the [GitHub Actions IAM Role](https://github.com/gruntwork-io/terraform-aws-
module "github_actions_openid_connect_provider" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-openid-connect-provider?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-openid-connect-provider?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -90,7 +90,7 @@ module "github_actions_openid_connect_provider" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-openid-connect-provider?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-openid-connect-provider?ref=v0.74.3"
}
inputs = {
@@ -173,11 +173,11 @@ Url used for the OIDC provider
diff --git a/docs/reference/modules/terraform-aws-security/guardduty-bucket/guardduty-bucket.md b/docs/reference/modules/terraform-aws-security/guardduty-bucket/guardduty-bucket.md
index 80e0c8004..73650c4c3 100644
--- a/docs/reference/modules/terraform-aws-security/guardduty-bucket/guardduty-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/guardduty-bucket/guardduty-bucket.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# GuardDuty Bucket
-View Source
+View Source
Release Notes
@@ -35,7 +35,7 @@ It is particularly useful when configuring cross account access, for example whe
module "guardduty_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-bucket?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-bucket?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -152,7 +152,7 @@ module "guardduty_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-bucket?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-bucket?ref=v0.74.3"
}
inputs = {
@@ -628,11 +628,11 @@ The name of the S3 bucket where GuardDuty findings are delivered.
diff --git a/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md b/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
index 09703acde..795e87091 100644
--- a/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
@@ -9,19 +9,19 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS GuardDuty Multi Region Module
-View Source
+View Source
Release Notes
-This module wraps the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/README.adoc) to configure [AWS GuardDuty](https://aws.amazon.com/guardduty/) in all enabled regions for the AWS Account.
+This module wraps the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/README.adoc) to configure [AWS GuardDuty](https://aws.amazon.com/guardduty/) in all enabled regions for the AWS Account.
## Features
-* Uses the [guardduty module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty) to enable AWS GuardDuty across all regions (recommended best practice) on your AWS account
+* Uses the [guardduty module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty) to enable AWS GuardDuty across all regions (recommended best practice) on your AWS account
* Continuously monitor your AWS account for malicious activity and unauthorized behavior
@@ -37,19 +37,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* Learn more about GuardDuty in the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/README.adoc).
+* Learn more about GuardDuty in the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/README.adoc).
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -74,7 +74,7 @@ This module depends on Python being available on your system. Python 2.7, 3.5+ a
module "guardduty_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -212,7 +212,7 @@ module "guardduty_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v0.74.3"
}
inputs = {
@@ -658,11 +658,11 @@ The IDs of the GuardDuty detectors.
diff --git a/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md b/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
index 9480a41be..0802b0c37 100644
--- a/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
+++ b/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS GuardDuty
-View Source
+View Source
Release Notes
@@ -37,29 +37,29 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What Is GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/core-concepts.md#what-is-guardduty)
+* [What Is GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/core-concepts.md#what-is-guardduty)
-* [Why Use GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/core-concepts.md#why-use-guardduty)
+* [Why Use GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/core-concepts.md#why-use-guardduty)
-* [What Is A Finding?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/core-concepts.md#what-is-a-finding)
+* [What Is A Finding?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/core-concepts.md#what-is-a-finding)
-* [Where Should I Enable GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/core-concepts.md#where-should-i-enable-guardduty)
+* [Where Should I Enable GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/core-concepts.md#where-should-i-enable-guardduty)
-* [Resources Created](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/core-concepts.md#resources-created)
+* [Resources Created](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/core-concepts.md#resources-created)
-* [Gotchas](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/core-concepts.md#gotchas)
+* [Gotchas](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/core-concepts.md#gotchas)
-* [Known Issues](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty/core-concepts.md#known-issues)
+* [Known Issues](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty/core-concepts.md#known-issues)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -67,7 +67,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this module out, check out the following resources:
-* [guardduty example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/guardduty).
+* [guardduty example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/guardduty).
### Production deployment
@@ -75,7 +75,7 @@ If you want to deploy this module in production, check out the following resourc
* ***Coming soon***. We have not yet added this module to the [Acme example Reference Architecture](https://github.com/gruntwork-io/infrastructure-modules-multi-account-acme).
-* [Terraform Module to enable GuardDuty in all enabled regions of an AWS Account](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/guardduty-multi-region).
+* [Terraform Module to enable GuardDuty in all enabled regions of an AWS Account](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/guardduty-multi-region).
* [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/)
@@ -92,7 +92,7 @@ If you want to deploy this module in production, check out the following resourc
module "guardduty" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -201,7 +201,7 @@ module "guardduty" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v0.74.3"
}
inputs = {
@@ -589,11 +589,11 @@ The ID of the GuardDuty detector.
diff --git a/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md b/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
index 68fa25c1f..171997177 100644
--- a/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS IAM Access Analyzer
-View Source
+View Source
Release Notes
@@ -35,21 +35,21 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is the AWS IAM Access Analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-access-analyzer-multi-region/core-concepts.md#what-is-the-aws-iam-access-analyzer?)
+* [What is the AWS IAM Access Analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-access-analyzer-multi-region/core-concepts.md#what-is-the-aws-iam-access-analyzer?)
-* [What resources does IAM Access Analyzer analyze?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-access-analyzer-multi-region/core-concepts.md#what-resources-does-iam-access-analyzer-analyze?)
+* [What resources does IAM Access Analyzer analyze?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-access-analyzer-multi-region/core-concepts.md#what-resources-does-iam-access-analyzer-analyze?)
* [IAM Access Analyzer documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html)
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -57,13 +57,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [Who can manage the analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-access-analyzer-multi-region/core-concepts.md#who-can-manage-the-analyzer?)
+* [Who can manage the analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-access-analyzer-multi-region/core-concepts.md#who-can-manage-the-analyzer?)
-* [What to do with the access analyzer findings?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-access-analyzer-multi-region/core-concepts.md#what-to-do-with-the-access-analyzer-findings?)
+* [What to do with the access analyzer findings?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-access-analyzer-multi-region/core-concepts.md#what-to-do-with-the-access-analyzer-findings?)
## Sample Usage
@@ -78,7 +78,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "iam_access_analyzer_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -118,7 +118,7 @@ module "iam_access_analyzer_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.74.3"
}
inputs = {
@@ -158,11 +158,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md b/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
index 6ff5fdf7f..3ecdeae62 100644
--- a/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
+++ b/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A Best-Practices Set of IAM Groups
-View Source
+View Source
Release Notes
@@ -52,7 +52,7 @@ This module optionally creates the following IAM Groups:
since users can grant arbitrary permissions!
* **use-existing-iam-roles:** IAM Users in this group can pass *existing* IAM Roles to AWS resources to which they have
been granted access. These IAM Users cannot create *new* IAM Roles, only use existing ones. See
- [the three levels of IAM permissions](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-policies#the-three-levels-of-iam-permissions) for more information.
+ [the three levels of IAM permissions](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-policies#the-three-levels-of-iam-permissions) for more information.
* **ssh-grunt-sudo-users:** IAM Users in this group have SSH access with `sudo` privileges to any EC2 Instance configured
to use this group to manage SSH logins.
* **ssh-grunt-users:** IAM Users in this group have SSH access without `sudo` privileges to any EC2 Instance configured
@@ -83,7 +83,7 @@ own account unless this IAM Policy is attached to his account.
### IAM Users
-This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-users) to create users.
+This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-users) to create users.
### IAM Roles
@@ -108,7 +108,7 @@ otherwise enable IAM Users to access the billing console:
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-policies#background-information).
## Sample Usage
@@ -123,7 +123,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "iam_groups" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -309,7 +309,7 @@ module "iam_groups" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v0.74.3"
}
inputs = {
@@ -954,11 +954,11 @@ Should we create the IAM Group for user self-management? Allows users to manage
diff --git a/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md b/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
index 671766c05..92fe1a3bb 100644
--- a/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
+++ b/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A Best-Practices Set of IAM Policy Documents
-View Source
+View Source
Release Notes
@@ -25,7 +25,7 @@ Note that these documents are Terraform [data sources](https://www.terraform.io/
so they don't create anything themselves and are not intended to be used on their own. The way to use them is to take
the outputs from this module (which are all JSON IAM documents) and plug them into other Terraform resources, such
as `aws_iam_policy`, `aws_iam_user_policy`, `aws_iam_group_policy`, and `aws_iam_role_policy`. See the
-[iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/iam-groups) and [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/cross-account-iam-roles) modules for examples.
+[iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/iam-groups) and [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/cross-account-iam-roles) modules for examples.
If you're not familiar with IAM concepts, start with the [Background Information](#background-information) section as a
way to familiarize yourself with the terminology.
@@ -82,7 +82,7 @@ This module creates the following IAM Policy documents:
certain IAM roles in other AWS accounts (e.g. stage, prod). The documents that are created and which IAM roles they
have access to is controlled by the variable `var.allow_access_from_other_account_arns`.
-* **ssh_grunt_permissions**: provides the permissions [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt) needs to validate SSH keys with
+* **ssh_grunt_permissions**: provides the permissions [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt) needs to validate SSH keys with
IAM.
* **auto_deploy_permissions**: provides the permissions in `var.auto_deploy_permissions` to do automated deployment.
@@ -263,7 +263,7 @@ Instead, use these Terraform resources so you don't have to worry about this pro
module "iam_policies" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -350,7 +350,7 @@ module "iam_policies" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v0.74.3"
}
inputs = {
@@ -681,11 +681,11 @@ If set to true, all the Policies created by this module that are used as Trust P
diff --git a/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md b/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
index 13d631191..c1d9ff1ba 100644
--- a/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
+++ b/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Set a Password Policy for IAM Users
-View Source
+View Source
-Release Notes
+Release Notes
This Gruntwork Terraform Module sets the [AWS Account Password Policy](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html) that will govern password
requirements for IAM Users.
@@ -46,7 +46,7 @@ password policy you already have in place!
module "iam_user_password_policy" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -102,7 +102,7 @@ module "iam_user_password_policy" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v0.74.3"
}
inputs = {
@@ -336,11 +336,11 @@ Whether to require uppercase characters for user passwords.
diff --git a/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md b/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
index d5d1a9b12..71794d95a 100644
--- a/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
+++ b/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# IAM Users
-View Source
+View Source
Release Notes
@@ -139,7 +139,7 @@ Under the hood, this module uses the [`aws_iam_user` resource](https://registry.
module "iam_users" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -205,7 +205,7 @@ module "iam_users" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v0.74.3"
}
inputs = {
@@ -527,11 +527,11 @@ A map of usernames to that user's AWS SSH Security Credential ID
diff --git a/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md b/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
index 5276a9d34..5d0408d41 100644
--- a/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
+++ b/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# ip-lockdown Module
-View Source
+View Source
Release Notes
@@ -33,7 +33,7 @@ In the example below we restrict access to [ec2-instance-metadata endpoint](http
Normally users make a `curl` call to get metadata like the AWS region or credentials associated with this EC2 Instance's IAM Role. Following the invocation of ip-lockdown, only users foo, bar, and root can query that data.
-The complete example of using terraform to deploy a generated AMI into your AWS account and automatically invoke `ip-lockdown` from the `User Data` is also available in the [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/ip-lockdown/aws-example) folder.
+The complete example of using terraform to deploy a generated AMI into your AWS account and automatically invoke `ip-lockdown` from the `User Data` is also available in the [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/ip-lockdown/aws-example) folder.
#### Installation
@@ -62,11 +62,11 @@ gruntwork-install --module-name ip-lockdown --tag --re
diff --git a/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md b/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
index b5c3f1b6f..bae7ebb88 100644
--- a/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
+++ b/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# KMS Customer Managed Key Multi-Region Replication module
-View Source
+View Source
Release Notes
@@ -22,7 +22,7 @@ Key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#custome
[the multi-region replication feature of
KMS](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html).
-This module is intended to be used in conjunction with the [kms-master-key module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-master-key) to replicate a KMS
+This module is intended to be used in conjunction with the [kms-master-key module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-master-key) to replicate a KMS
key managed with that module to other regions. Note that the KMS key must be marked as multi-region in order to support
multi-region replication.
@@ -39,7 +39,7 @@ multi-region replication.
module "kms_cmk_replica" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -97,7 +97,7 @@ module "kms_cmk_replica" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v0.74.3"
}
inputs = {
@@ -373,11 +373,11 @@ A map of CMK name to CMK ID.
diff --git a/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md b/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
index 278bafcaa..183917146 100644
--- a/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS KMS Grants
-View Source
+View Source
Release Notes
@@ -31,21 +31,21 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-master-key/README.md#what-is-kms)
+* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-master-key/README.md#what-is-kms)
-* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-master-key/README.md#what-is-a-customer-master-key)
+* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-master-key/README.md#what-is-a-customer-master-key)
* [KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html): Amazon’s docs for KMS that cover core concepts such as various key types, how to encrypt and decrypt, deletion of keys, and automatic key rotation.
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -53,13 +53,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
+* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
-* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
+* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
## Sample Usage
@@ -74,7 +74,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "kms_grant_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -127,7 +127,7 @@ module "kms_grant_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v0.74.3"
}
inputs = {
@@ -180,11 +180,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md b/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
index 708c13d88..aeabbc46c 100644
--- a/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS KMS Customer Master Keys (CMK)
-View Source
+View Source
Release Notes
@@ -37,23 +37,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-master-key/README.md#what-is-kms)
+* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-master-key/README.md#what-is-kms)
-* [What is the difference between creating one key in all regions and creating a single all-region key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-master-key-multi-region/core-concepts.md#what-is-the-difference-between-creating-one-key-in-all-regions-and-creating-a-single-all-region-key)
+* [What is the difference between creating one key in all regions and creating a single all-region key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-master-key-multi-region/core-concepts.md#what-is-the-difference-between-creating-one-key-in-all-regions-and-creating-a-single-all-region-key)
-* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-master-key/README.md#what-is-a-customer-master-key)
+* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-master-key/README.md#what-is-a-customer-master-key)
* [KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html): Amazon’s docs for KMS that cover core concepts such as various key types, how to encrypt and decrypt, deletion of keys, and automatic key rotation.
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -61,17 +61,17 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [Differences between CMK Administrators vs. CMK Users](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-master-key/README.md#cmk-administrators-vs-cmk-users)
+* [Differences between CMK Administrators vs. CMK Users](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-master-key/README.md#cmk-administrators-vs-cmk-users)
-* [Differences between managing access control with KMS key policies vs. IAM policies](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-master-key/README.md#managing-a-keys-permissions-with-the-key-policy-vs-iam-policies)
+* [Differences between managing access control with KMS key policies vs. IAM policies](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-master-key/README.md#managing-a-keys-permissions-with-the-key-policy-vs-iam-policies)
-* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
+* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
-* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
+* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
## Sample Usage
@@ -86,7 +86,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "kms_master_key_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -153,7 +153,7 @@ module "kms_master_key_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v0.74.3"
}
inputs = {
@@ -522,11 +522,11 @@ A map from region to IDs of the replica KMS CMKs that were created. The value wi
diff --git a/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md b/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
index afe3763bb..d0f240643 100644
--- a/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
+++ b/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# KMS Master Key Module
-View Source
+View Source
Release Notes
@@ -87,7 +87,7 @@ more onerous.
module "kms_master_key" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -151,7 +151,7 @@ module "kms_master_key" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v0.74.3"
}
inputs = {
@@ -451,11 +451,11 @@ A map of CMK name to CMK ID.
diff --git a/docs/reference/modules/terraform-aws-security/ntp/ntp.md b/docs/reference/modules/terraform-aws-security/ntp/ntp.md
index e7bc802d7..53b3123b8 100644
--- a/docs/reference/modules/terraform-aws-security/ntp/ntp.md
+++ b/docs/reference/modules/terraform-aws-security/ntp/ntp.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# NTP Module
-View Source
+View Source
Release Notes
@@ -35,11 +35,11 @@ Originally, Amazon recommended installing `ntpd` to prevent clock drift. Today,
diff --git a/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md b/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
index cf1d7e5cc..ed3f77891 100644
--- a/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
+++ b/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# OS Hardening
-View Source
+View Source
Release Notes
@@ -31,8 +31,8 @@ is mounting multiple partitions. We hope to implement more CIS recommendations o
There are two major components to this module:
-* [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/os-hardening/ami-builder): This is a Terraform template that launches an EC2 Instance with Packer pre-installed.
-* [partition-scripts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/os-hardening/partition-scripts): This is a set of bash scripts that create multiple disk partitions, format them
+* [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/os-hardening/ami-builder): This is a Terraform template that launches an EC2 Instance with Packer pre-installed.
+* [partition-scripts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/os-hardening/partition-scripts): This is a set of bash scripts that create multiple disk partitions, format them
as ext4, and mount them to various paths with various mount options such as `noexec` or `nosuid`. These scripts are
meant to be run in a Packer template that uses the Packer [amazon-chroot](https://www.packer.io/docs/builders/amazon-chroot.html)
builder.
@@ -45,7 +45,7 @@ Fundamentally, to generate an AMI you must:
4. SSH into the ami-builder EC2 Instance and run `packer build amazon-linux.json` to build the AMI.
5. Terminate the ami-builder EC2 Instance.
-We recognize that is a lot of manual steps to build a single AMI, so check out the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/os-hardening)
+We recognize that is a lot of manual steps to build a single AMI, so check out the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/os-hardening)
for a pre-built Packer template plus a script (`packer-build.sh`) that will automate all the above steps.
### Why do I need to launch a separate EC2 Instance to run Packer?
@@ -55,7 +55,7 @@ See below for additional details on what this is and how to use it.
## How to Use this Module
-**The best way to use this module is to substantially copy the [os-hardening example code](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/os-hardening).
+**The best way to use this module is to substantially copy the [os-hardening example code](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/os-hardening).
Unlike most Gruntwork examples, the example for this module contains a full Packer build file plus a wrapper script to
create the AMI with a single command and may be viewed as a "canonical" way to instantiate the os-hardening modules.**
@@ -71,11 +71,11 @@ hardened OS will use. Follow these steps:
and sizes:
* `partition-volume`: For each desired partition, add an argument like `--partition '/home:4G'`. For additional
- details see [partition-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/os-hardening/partition-scripts/bin/partition-volume). Note that for the last `--partition` entry only,
+ details see [partition-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/os-hardening/partition-scripts/bin/partition-volume). Note that for the last `--partition` entry only,
you may specify `*` for the size to tell the script to create the largest possible partition based on remaining
disk space. Also, make sure your partition sizes don't exceed the space available on your EBS Volume!
* `cleanup-volume`: For each desired partition, add an argument like `--mount-point '/home'`. For additional details see
- [cleanup-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/os-hardening/partition-scripts/bin/cleanup-volume)
+ [cleanup-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/os-hardening/partition-scripts/bin/cleanup-volume)
Note that you will redundantly pass the same list of partition paths to each of the above scripts, but only
`partition-volume` needs both the mount point *and* the desired partition size.
@@ -86,10 +86,10 @@ That's it! The Packer template will take care of the rest.
### How to Build the AMI with Packer
-Now we're ready to build the actual AMI. Note: The [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/os-hardening) contains a script
+Now we're ready to build the actual AMI. Note: The [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/os-hardening) contains a script
that automates all these steps, but, for the sake of understanding, we'll describe them individually below:
-1. Launch the [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/os-hardening/ami-builder) EC2 Instance. We will execute Packer from this EC2 Instance.
+1. Launch the [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/os-hardening/ami-builder) EC2 Instance. We will execute Packer from this EC2 Instance.
2. On your local machine run `rsync` so that your local directory is continually synced to the ami-builder:
@@ -127,7 +127,7 @@ additional volumes mounted as encrypted volumes.
### Using Your Hardened OS as a "Base AMI"
-A best practice we encourage is to first build your hardened OS Image using these modules and the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/os-hardening).
+A best practice we encourage is to first build your hardened OS Image using these modules and the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/os-hardening).
You can now view this AMI as your "base AMI", and all other Packer builds can be built on top of this AMI. For example,
you might have:
@@ -270,11 +270,11 @@ needed additional space to build a new AMI was not unreasonable.
diff --git a/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md b/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
index 1759fe606..3d553b6fe 100644
--- a/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Private S3 Bucket
-View Source
+View Source
Release Notes
@@ -86,7 +86,7 @@ aws-vault exec --no-session root-prod -- ./mfa-delete.sh --account-id 2264865421
module "private_s_3_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -288,7 +288,7 @@ module "private_s_3_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v0.74.3"
}
inputs = {
@@ -1037,11 +1037,11 @@ The name of an IAM role that can be used to configure replication from various s
diff --git a/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md b/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
index 6dd38da8a..93e76e716 100644
--- a/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
+++ b/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A best-practices set of IAM roles for SAML access
-View Source
+View Source
Release Notes
@@ -47,7 +47,7 @@ This module creates the following IAM roles (all optional):
* **allow-ssh-grunt-access-from-saml**: Users authenticated by the SAML providers in
`var.allow_ssh_grunt_access_from_saml_provider_arns` will get read access to IAM Groups and public SSH keys. This is
- useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
+ useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
connections against IAM users defined in this AWS account.
* **allow-dev-access-from-saml**:Users authenticated by the SAML providers in
@@ -78,7 +78,7 @@ This module creates the following IAM roles (all optional):
module "saml_iam_roles" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -237,7 +237,7 @@ module "saml_iam_roles" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v0.74.3"
}
inputs = {
@@ -896,11 +896,11 @@ A map of tags to apply to the IAM roles.
diff --git a/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md b/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
index f5054db72..61c563bcd 100644
--- a/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
+++ b/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Resource-based policies for Secrets Manager secrets
-View Source
+View Source
Release Notes
@@ -42,7 +42,7 @@ Note also that you should only manage the policy for any given secret one time.
module "secrets_manager_resource_policies" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -71,7 +71,7 @@ module "secrets_manager_resource_policies" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v0.74.3"
}
inputs = {
@@ -100,11 +100,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md b/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
index 7ccf23570..eb9f2d1fb 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSH Grunt SELinux Policy
-View Source
+View Source
Release Notes
-This module installs a SELinux Local Policy Module that is necessary to make [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt) work on
+This module installs a SELinux Local Policy Module that is necessary to make [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt) work on
systems with SELinux, such as CentOS.
The reason we need a policy is that `ssh-grunt` uses is executed on each attempted SSH login by the
@@ -84,11 +84,11 @@ $ sudo semodule -i ssh-grunt.pp
diff --git a/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md b/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
index 48fd7eded..4d33e7823 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSH Grunt
-View Source
+View Source
Release Notes
@@ -47,19 +47,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [How to install ssh-grunt on your servers](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers)
+* [How to install ssh-grunt on your servers](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers)
-* [How SSH Grunt works](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt/core-concepts.md#how-it-works)
+* [How SSH Grunt works](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt/core-concepts.md#how-it-works)
-* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/README.adoc#core-concepts)
+* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/README.adoc#core-concepts)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/test): Automated tests for the modules and examples.
## Deploy
@@ -73,9 +73,9 @@ This module is known to work on **CentOS 7**, **Ubuntu**, **Amazon Linux 2**, an
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [ssh-grunt examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/ssh-grunt): The `examples/ssh-grunt` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [ssh-grunt examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/ssh-grunt): The `examples/ssh-grunt` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
-* [Packer template](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/examples/ssh-grunt/packer/ssh-grunt-iam.json)
+* [Packer template](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/examples/ssh-grunt/packer/ssh-grunt-iam.json)
### Production deployment
@@ -91,19 +91,19 @@ If you want to deploy this module in production, check out the following resourc
### Day-to-day operations
-* [How to manage SSH keys](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys)
+* [How to manage SSH keys](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys)
-* [IAM permissions required for ssh-grunt to work](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions)
+* [IAM permissions required for ssh-grunt to work](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions)
diff --git a/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md b/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
index 4d485de94..840cef495 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
@@ -9,26 +9,26 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# ssh-iam has been renamed!
-View Source
+View Source
Release Notes
-`ssh-iam` has been renamed to [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt). Please update all links to point to
-[ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/ssh-grunt)!
+`ssh-iam` has been renamed to [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt). Please update all links to point to
+[ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/ssh-grunt)!
diff --git a/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md b/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
index b828ab37d..da6f2f7b0 100644
--- a/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
+++ b/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSM Healthchecks IAM Permissions
-View Source
+View Source
Release Notes
@@ -45,7 +45,7 @@ We recommend using this module with just about every single EC2 Instance and Aut
module "ssm_healthchecks_iam_permissions" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v0.74.3"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -69,7 +69,7 @@ module "ssm_healthchecks_iam_permissions" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v0.74.2"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v0.74.3"
}
inputs = {
@@ -93,11 +93,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md b/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
index c503dbf11..2ddc21400 100644
--- a/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
+++ b/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Generate a TLS/SSL Certificate for a Private Service
-View Source
+View Source
Release Notes
@@ -35,7 +35,7 @@ using a commercial CA or public, free CA like [Let's Encrypt](https://letsencryp
1. Edit the `docker-compose.yml` file and fill in your desired argument values.
2. Now run `docker-compose up` and your TLS certs will output to a local `output` directory!
-To see documentation on the arguments in `docker-compose.yml`, see the [main.sh](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.2/modules/tls-cert-private/scripts/main.sh) file.
+To see documentation on the arguments in `docker-compose.yml`, see the [main.sh](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.74.3/modules/tls-cert-private/scripts/main.sh) file.
Note that the Docker Compose file mounts the local machine folder `./output` in the Docker container. Mac and Windows
users sohuld take note that, in some cases, volume mounting may be extremely slow, or even one-way-only if you use an
@@ -177,11 +177,11 @@ TLS certificates for any public services.