From e06c0be5850c7d13005c82b302ba3b23131c7783 Mon Sep 17 00:00:00 2001 From: RoseSecurity Date: Fri, 18 Oct 2024 09:59:51 -0400 Subject: [PATCH 1/3] fix: update deprecated resource collection to extended_resource_collection_enabled and add to examples for testing --- README.md | 2 +- docs/terraform.md | 28 ++++++++++++++-------------- examples/complete/main.tf | 15 ++++++++------- examples/complete/variables.tf | 7 +++++++ examples/rds-enhanced/main.tf | 15 ++++++++------- examples/rds-enhanced/variables.tf | 7 +++++++ main.tf | 20 ++++++++++---------- variables.tf | 5 +++-- 8 files changed, 58 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 3fbb4b7..be51a18 100644 --- a/README.md +++ b/README.md @@ -169,6 +169,7 @@ Available targets: | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [excluded\_regions](#input\_excluded\_regions) | An array of AWS regions to exclude from metrics collection | `list(string)` | `null` | no | +| [extended\_resource\_collection\_enabled](#input\_extended\_resource\_collection\_enabled) | Whether Datadog collects additional attributes and configuration information about the resources in your AWS account. Required for `cspm_resource_collection_enabled` | `bool` | `null` | no | | [filter\_tags](#input\_filter\_tags) | An array of EC2 tags (in the form `key:value`) that defines a filter that Datadog use when collecting metrics from EC2. Wildcards, such as ? (for single characters) and * (for multiple characters) can also be used | `list(string)` | `null` | no | | [host\_tags](#input\_host\_tags) | An array of tags (in the form `key:value`) to add to all hosts and metrics reporting through this integration | `list(string)` | `null` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | @@ -181,7 +182,6 @@ Available targets: | [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| [resource\_collection\_enabled](#input\_resource\_collection\_enabled) | Whether Datadog collects a standard set of resources from your AWS account. | `bool` | `null` | no | | [security\_audit\_policy\_enabled](#input\_security\_audit\_policy\_enabled) | Enable/disable attaching the AWS managed `SecurityAudit` policy to the Datadog IAM role to collect information about how AWS resources are configured (used in Datadog Cloud Security Posture Management to read security configuration metadata). If var.cspm\_resource\_collection\_enabled, this is enabled automatically. | `bool` | `false` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 6c876bc..df94c46 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -44,32 +44,32 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [account\_specific\_namespace\_rules](#input\_account\_specific\_namespace\_rules) | An object, (in the form {"namespace1":true/false, "namespace2":true/false} ), that enables or disables metric collection for specific AWS namespaces for this AWS account only | `map(string)` | `null` | no | -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | -| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | +| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [cspm\_resource\_collection\_enabled](#input\_cspm\_resource\_collection\_enabled) | Whether Datadog collects cloud security posture management resources from your AWS account. | `bool` | `null` | no | | [datadog\_aws\_account\_id](#input\_datadog\_aws\_account\_id) | The AWS account ID Datadog's integration servers use for all integrations | `string` | `"464622532012"` | no | -| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | +| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [excluded\_regions](#input\_excluded\_regions) | An array of AWS regions to exclude from metrics collection | `list(string)` | `null` | no | +| [extended\_resource\_collection\_enabled](#input\_extended\_resource\_collection\_enabled) | Whether Datadog collects additional attributes and configuration information about the resources in your AWS account. Required for `cspm_resource_collection_enabled` | `bool` | `null` | no | | [filter\_tags](#input\_filter\_tags) | An array of EC2 tags (in the form `key:value`) that defines a filter that Datadog use when collecting metrics from EC2. Wildcards, such as ? (for single characters) and * (for multiple characters) can also be used | `list(string)` | `null` | no | | [host\_tags](#input\_host\_tags) | An array of tags (in the form `key:value`) to add to all hosts and metrics reporting through this integration | `list(string)` | `null` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [integrations](#input\_integrations) | List of AWS permission names to apply for different integrations (e.g. 'all', 'core') | `list(string)` | n/a | yes | -| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | -| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | +| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | +| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | | [metrics\_collection\_enabled](#input\_metrics\_collection\_enabled) | Whether Datadog collects metrics for this AWS account. | `bool` | `null` | no | -| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | +| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| [resource\_collection\_enabled](#input\_resource\_collection\_enabled) | Whether Datadog collects a standard set of resources from your AWS account. | `bool` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [security\_audit\_policy\_enabled](#input\_security\_audit\_policy\_enabled) | Enable/disable attaching the AWS managed `SecurityAudit` policy to the Datadog IAM role to collect information about how AWS resources are configured (used in Datadog Cloud Security Posture Management to read security configuration metadata). If var.cspm\_resource\_collection\_enabled, this is enabled automatically. | `bool` | `false` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | +| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | ## Outputs diff --git a/examples/complete/main.tf b/examples/complete/main.tf index abc899a..8f22016 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,13 +1,14 @@ module "datadog_integration" { source = "../../" - datadog_aws_account_id = var.datadog_aws_account_id - integrations = var.integrations - filter_tags = var.filter_tags - host_tags = var.host_tags - excluded_regions = var.excluded_regions - account_specific_namespace_rules = var.account_specific_namespace_rules - security_audit_policy_enabled = var.security_audit_policy_enabled + datadog_aws_account_id = var.datadog_aws_account_id + integrations = var.integrations + filter_tags = var.filter_tags + host_tags = var.host_tags + excluded_regions = var.excluded_regions + account_specific_namespace_rules = var.account_specific_namespace_rules + security_audit_policy_enabled = var.security_audit_policy_enabled + extended_resource_collection_enabled = var.extended_resource_collection_enabled context = module.this.context } diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index b4d927c..f93ce2a 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -43,3 +43,10 @@ variable "security_audit_policy_enabled" { default = false description = "Enable/disable attaching the AWS managed `SecurityAudit` policy to the Datadog IAM role to collect information about how AWS resources are configured (used in Datadog Cloud Security Posture Management to read security configuration metadata)" } + +variable "extended_resource_collection_enabled" { + type = bool + default = null + description = "Whether Datadog collects additional attributes and configuration information about the resources in your AWS account. Required for `cspm_resource_collection_enabled`" +} + diff --git a/examples/rds-enhanced/main.tf b/examples/rds-enhanced/main.tf index abc899a..8f22016 100644 --- a/examples/rds-enhanced/main.tf +++ b/examples/rds-enhanced/main.tf @@ -1,13 +1,14 @@ module "datadog_integration" { source = "../../" - datadog_aws_account_id = var.datadog_aws_account_id - integrations = var.integrations - filter_tags = var.filter_tags - host_tags = var.host_tags - excluded_regions = var.excluded_regions - account_specific_namespace_rules = var.account_specific_namespace_rules - security_audit_policy_enabled = var.security_audit_policy_enabled + datadog_aws_account_id = var.datadog_aws_account_id + integrations = var.integrations + filter_tags = var.filter_tags + host_tags = var.host_tags + excluded_regions = var.excluded_regions + account_specific_namespace_rules = var.account_specific_namespace_rules + security_audit_policy_enabled = var.security_audit_policy_enabled + extended_resource_collection_enabled = var.extended_resource_collection_enabled context = module.this.context } diff --git a/examples/rds-enhanced/variables.tf b/examples/rds-enhanced/variables.tf index b4d927c..f93ce2a 100644 --- a/examples/rds-enhanced/variables.tf +++ b/examples/rds-enhanced/variables.tf @@ -43,3 +43,10 @@ variable "security_audit_policy_enabled" { default = false description = "Enable/disable attaching the AWS managed `SecurityAudit` policy to the Datadog IAM role to collect information about how AWS resources are configured (used in Datadog Cloud Security Posture Management to read security configuration metadata)" } + +variable "extended_resource_collection_enabled" { + type = bool + default = null + description = "Whether Datadog collects additional attributes and configuration information about the resources in your AWS account. Required for `cspm_resource_collection_enabled`" +} + diff --git a/main.tf b/main.tf index a79e966..fed90ef 100644 --- a/main.tf +++ b/main.tf @@ -16,16 +16,16 @@ data "aws_caller_identity" "current" { # https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/integration_aws # https://docs.datadoghq.com/api/v1/aws-integration/ resource "datadog_integration_aws" "integration" { - count = local.enabled ? 1 : 0 - account_id = local.aws_account_id - role_name = module.this.id - filter_tags = var.filter_tags - host_tags = var.host_tags - excluded_regions = var.excluded_regions - account_specific_namespace_rules = var.account_specific_namespace_rules - cspm_resource_collection_enabled = var.cspm_resource_collection_enabled - metrics_collection_enabled = var.metrics_collection_enabled - resource_collection_enabled = var.resource_collection_enabled + count = local.enabled ? 1 : 0 + account_id = local.aws_account_id + role_name = module.this.id + filter_tags = var.filter_tags + host_tags = var.host_tags + excluded_regions = var.excluded_regions + account_specific_namespace_rules = var.account_specific_namespace_rules + cspm_resource_collection_enabled = var.cspm_resource_collection_enabled + metrics_collection_enabled = var.metrics_collection_enabled + extended_resource_collection_enabled = var.extended_resource_collection_enabled } data "aws_iam_policy_document" "assume_role" { diff --git a/variables.tf b/variables.tf index 94ddfa1..4263891 100644 --- a/variables.tf +++ b/variables.tf @@ -51,8 +51,9 @@ variable "metrics_collection_enabled" { description = "Whether Datadog collects metrics for this AWS account." } -variable "resource_collection_enabled" { +variable "extended_resource_collection_enabled" { type = bool default = null - description = "Whether Datadog collects a standard set of resources from your AWS account." + description = "Whether Datadog collects additional attributes and configuration information about the resources in your AWS account. Required for `cspm_resource_collection_enabled`" } + From 6d6a66b9b2746e954d7d4872c4947d478a7ab7d1 Mon Sep 17 00:00:00 2001 From: RoseSecurity Date: Fri, 18 Oct 2024 11:23:13 -0400 Subject: [PATCH 2/3] refactor: added deprecation warning for resource collection variable --- main.tf | 1 + variables.tf | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/main.tf b/main.tf index fed90ef..c31f372 100644 --- a/main.tf +++ b/main.tf @@ -25,6 +25,7 @@ resource "datadog_integration_aws" "integration" { account_specific_namespace_rules = var.account_specific_namespace_rules cspm_resource_collection_enabled = var.cspm_resource_collection_enabled metrics_collection_enabled = var.metrics_collection_enabled + resource_collection_enabled = var.resource_collection_enabled extended_resource_collection_enabled = var.extended_resource_collection_enabled } diff --git a/variables.tf b/variables.tf index 4263891..6d37dea 100644 --- a/variables.tf +++ b/variables.tf @@ -51,6 +51,16 @@ variable "metrics_collection_enabled" { description = "Whether Datadog collects metrics for this AWS account." } +variable "resource_collection_enabled" { + type = bool + default = null + description = <<-EOT + DEPRECATED: Use `extended_resource_collection_enabled` instead. + Historical description: Whether Datadog collects a standard set of resources from your AWS account. + Historical default: `null` + EOT +} + variable "extended_resource_collection_enabled" { type = bool default = null From c15002f617bcc9e0c51427552dd8ad194afa2b1b Mon Sep 17 00:00:00 2001 From: RoseSecurity Date: Fri, 18 Oct 2024 11:23:49 -0400 Subject: [PATCH 3/3] update documentation --- README.md | 1 + docs/terraform.md | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index be51a18..f685536 100644 --- a/README.md +++ b/README.md @@ -182,6 +182,7 @@ Available targets: | [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [resource\_collection\_enabled](#input\_resource\_collection\_enabled) | DEPRECATED: Use `extended_resource_collection_enabled` instead.
Historical description: Whether Datadog collects a standard set of resources from your AWS account.
Historical default: `null` | `bool` | `null` | no | | [security\_audit\_policy\_enabled](#input\_security\_audit\_policy\_enabled) | Enable/disable attaching the AWS managed `SecurityAudit` policy to the Datadog IAM role to collect information about how AWS resources are configured (used in Datadog Cloud Security Posture Management to read security configuration metadata). If var.cspm\_resource\_collection\_enabled, this is enabled automatically. | `bool` | `false` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | diff --git a/docs/terraform.md b/docs/terraform.md index df94c46..ba9154f 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -67,6 +67,7 @@ | [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [resource\_collection\_enabled](#input\_resource\_collection\_enabled) | DEPRECATED: Use `extended_resource_collection_enabled` instead.
Historical description: Whether Datadog collects a standard set of resources from your AWS account.
Historical default: `null` | `bool` | `null` | no | | [security\_audit\_policy\_enabled](#input\_security\_audit\_policy\_enabled) | Enable/disable attaching the AWS managed `SecurityAudit` policy to the Datadog IAM role to collect information about how AWS resources are configured (used in Datadog Cloud Security Posture Management to read security configuration metadata). If var.cspm\_resource\_collection\_enabled, this is enabled automatically. | `bool` | `false` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |