Adds control_finding_generator input var

README.md

@@ -17,7 +17,7 @@ Note: the implementation `tests/create_securityhub_member` will require you to p
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.29.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.64.0 |
 
 ## Providers
 
@@ -32,6 +32,7 @@ No resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_action_targets"></a> [action\_targets](#input\_action\_targets) | Schema list of SecurityHub action targets. | <pre>list(object({<br>    name        = string<br>    description = string<br>    identifer   = string<br>  }))</pre> | `[]` | no |
+| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | (Optional) Updates whether the calling account has consolidated control findings turned on. | `string` | `"SECURITY_CONTROL"` | no |
 | <a name="input_product_subscription_arns"></a> [product\_subscription\_arns](#input\_product\_subscription\_arns) | List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html | `list(string)` | `[]` | no |
 | <a name="input_standard_subscription_arns"></a> [standard\_subscription\_arns](#input\_standard\_subscription\_arns) | List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html | `list(string)` | `[]` | no |
 

main.tf

@@ -1,6 +1,8 @@
 # Enable SecurityHub
 module "account" {
   source = "./modules/account"
+
+  control_finding_generator = var.control_finding_generator
 }
 
 # Manage subscriptions

modules/account/README.md

@@ -21,7 +21,9 @@
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | (Optional) Updates whether the calling account has consolidated control findings turned on. | `string` | `"SECURITY_CONTROL"` | no |
 
 ## Outputs
 

modules/account/main.tf

@@ -1 +1,3 @@
-resource "aws_securityhub_account" "this" {}
+resource "aws_securityhub_account" "this" {
+  control_finding_generator = var.control_finding_generator
+}

modules/account/variables.tf

@@ -0,0 +1,5 @@
+variable "control_finding_generator" {
+  description = "(Optional) Updates whether the calling account has consolidated control findings turned on."
+  type        = string
+  default     = "SECURITY_CONTROL"
+}

modules/cross-account-member/README.md

@@ -22,6 +22,7 @@ No resources.
 |------|-------------|------|---------|:--------:|
 | <a name="input_member_email"></a> [member\_email](#input\_member\_email) | Email address associated with the member account. Required for the cross-account SecurityHub member invite workflow | `string` | n/a | yes |
 | <a name="input_action_targets"></a> [action\_targets](#input\_action\_targets) | Schema list of SecurityHub action targets. | <pre>list(object({<br>    name        = string<br>    description = string<br>    identifer   = string<br>  }))</pre> | `[]` | no |
+| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | (Optional) Updates whether the calling account has consolidated control findings turned on. | `string` | `"SECURITY_CONTROL"` | no |
 | <a name="input_product_subscription_arns"></a> [product\_subscription\_arns](#input\_product\_subscription\_arns) | List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html | `list(string)` | `[]` | no |
 | <a name="input_standard_subscription_arns"></a> [standard\_subscription\_arns](#input\_standard\_subscription\_arns) | List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html | `list(string)` | `[]` | no |
 

modules/cross-account-member/main.tf

@@ -3,6 +3,7 @@ module "account" {
   source = "../../"
 
   action_targets             = var.action_targets
+  control_finding_generator  = var.control_finding_generator
   product_subscription_arns  = var.product_subscription_arns
   standard_subscription_arns = var.standard_subscription_arns
 }

modules/cross-account-member/variables.tf

@@ -13,6 +13,12 @@ variable "action_targets" {
   default = []
 }
 
+variable "control_finding_generator" {
+  description = "(Optional) Updates whether the calling account has consolidated control findings turned on."
+  type        = string
+  default     = "SECURITY_CONTROL"
+}
+
 variable "product_subscription_arns" {
   description = "List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html"
   type        = list(string)

variables.tf

@@ -8,6 +8,12 @@ variable "action_targets" {
   default = []
 }
 
+variable "control_finding_generator" {
+  description = "(Optional) Updates whether the calling account has consolidated control findings turned on."
+  type        = string
+  default     = "SECURITY_CONTROL"
+}
+
 variable "standard_subscription_arns" {
   description = "List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html"
   type        = list(string)

versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.29.0"
+      version = ">= 4.64.0"
     }
   }
 }