Terraform module to enable and configure SecurityHub. The module supports independent
accounts with the top-level module, and the cross-account invite/accept workflow with
the modules/cross-account-member module.
You can find example implementations of this module in the tests folder. This module
requires 2 different AWS accounts to test and so the terraform aws provider definitions
are assuming that you will be using a profile with the name aws and awsalternate.
Note: the implementation tests/create_securityhub_member will require you to provide the variables
email_address prior to use
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 4.64.0 |
No providers.
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| action_targets | Schema list of SecurityHub action targets. | list(object({ |
[] |
no |
| auto_enable_controls | Boolean that enables the security standards that Security Hub has designated as automatically enabled including: AWS Foundational Security Best Practices v1.0.0 and CIS AWS Foundations Benchmark v1.2.0 |
bool |
true |
no |
| control_finding_generator | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | string |
null |
no |
| enable_default_standards | Boolean that automatically enables new controls when they are added to standards that are enabled | bool |
true |
no |
| product_subscription_arns | List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html | list(string) |
[] |
no |
| standard_subscription_arns | List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html | list(string) |
[] |
no |
| standards_controls | List of Security Hub standards to enable or disable in current region. | list(object({ |
[] |
no |
| Name | Description |
|---|---|
| account | Object containing the SecurityHub account resource |
| action_targets | Object containing the SecurityHub action targets resources |
| subscriptions | Object containing the SecurityHub subscriptions resources |