This repository has been archived by the owner on May 3, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
67 lines (59 loc) · 2.42 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
resource "aws_guardduty_organization_admin_account" "admin" {
admin_account_id = data.aws_organizations_organization.org.master_account_id
}
resource "aws_guardduty_detector" "detector" {
enable = var.detector_enable
}
resource "aws_guardduty_organization_configuration" "org" {
auto_enable = true
detector_id = aws_guardduty_detector.detector.id
}
resource "aws_s3_bucket" "bucket" {
count = var.bucket_name == "" ? 0 : 1
bucket = var.bucket_name
versioning {
enabled = true
}
policy = data.aws_iam_policy_document.s3_policy.json
force_destroy = var.force_destroy
}
resource "aws_s3_bucket_object" "ipset" {
count = var.bucket_name == "" || var.ipset_iplist == [] ? 0 : 1
acl = "public-read"
content = templatefile("${path.module}/templates/ipset.txt.tpl",
{ ipset_iplist = var.ipset_iplist })
bucket = aws_s3_bucket.bucket[0].id
key = local.ipset_key
}
resource "aws_guardduty_ipset" "ipset" {
count = var.bucket_name == "" || var.ipset_iplist == [] ? 0 : 1
activate = true
detector_id = aws_guardduty_detector.detector.id
format = var.ipset_format
location = "https://s3.amazonaws.com/${aws_s3_bucket.bucket[0].id}/${local.ipset_key}"
name = local.ipset_name
}
resource "aws_s3_bucket_object" "threatintelset" {
count = var.bucket_name == "" || var.threatintelset_iplist == [] ? 0 : 1
acl = "public-read"
content = templatefile("${path.module}/templates/threatintelset.txt.tpl",
{ threatintelset_iplist = var.threatintelset_iplist })
bucket = aws_s3_bucket.bucket[0].id
key = local.threatintelset_key
}
resource "aws_guardduty_threatintelset" "threatintelset" {
count = var.bucket_name == "" || var.threatintelset_iplist == [] ? 0 : 1
activate = true
detector_id = aws_guardduty_detector.detector.id
format = var.threatintelset_format
location = "https://s3.amazonaws.com/${aws_s3_bucket.bucket[0].id}/${local.threatintelset_key}"
name = local.threatintelset_name
}
resource "aws_guardduty_member" "members" {
depends_on = [aws_guardduty_organization_admin_account.admin]
count = length(data.aws_organizations_organization.org.non_master_accounts)
account_id = data.aws_organizations_organization.org.non_master_accounts[count.index]["id"]
detector_id = aws_guardduty_detector.detector.id
email = data.aws_organizations_organization.org.non_master_accounts[count.index]["email"]
invite = true
}