From a0b3e773b92a71bfd3639a358d4cda77df9d2ee9 Mon Sep 17 00:00:00 2001
From: userhas404d <29389186+userhas404d@users.noreply.github.com>
Date: Tue, 23 May 2023 12:16:05 -0400
Subject: [PATCH] Adds control_finding_generator input var

---
 README.md                                 | 3 ++-
 main.tf                                   | 2 ++
 modules/account/README.md                 | 4 +++-
 modules/account/main.tf                   | 4 +++-
 modules/account/variables.tf              | 5 +++++
 modules/cross-account-member/README.md    | 1 +
 modules/cross-account-member/main.tf      | 1 +
 modules/cross-account-member/variables.tf | 6 ++++++
 variables.tf                              | 6 ++++++
 versions.tf                               | 2 +-
 10 files changed, 30 insertions(+), 4 deletions(-)
 create mode 100644 modules/account/variables.tf

diff --git a/README.md b/README.md
index de2a58e..47c752e 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ Note: the implementation `tests/create_securityhub_member` will require you to p
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.29.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.64.0 |
 
 ## Providers
 
@@ -32,6 +32,7 @@ No resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_action_targets"></a> [action\_targets](#input\_action\_targets) | Schema list of SecurityHub action targets. | <pre>list(object({<br>    name        = string<br>    description = string<br>    identifer   = string<br>  }))</pre> | `[]` | no |
+| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | (Optional) Updates whether the calling account has consolidated control findings turned on. | `string` | `"SECURITY_CONTROL"` | no |
 | <a name="input_product_subscription_arns"></a> [product\_subscription\_arns](#input\_product\_subscription\_arns) | List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html | `list(string)` | `[]` | no |
 | <a name="input_standard_subscription_arns"></a> [standard\_subscription\_arns](#input\_standard\_subscription\_arns) | List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html | `list(string)` | `[]` | no |
 
diff --git a/main.tf b/main.tf
index f15b60d..aaa9133 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,8 @@
 # Enable SecurityHub
 module "account" {
   source = "./modules/account"
+
+  control_finding_generator = var.control_finding_generator
 }
 
 # Manage subscriptions
diff --git a/modules/account/README.md b/modules/account/README.md
index 074ca02..21fb553 100644
--- a/modules/account/README.md
+++ b/modules/account/README.md
@@ -21,7 +21,9 @@
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | (Optional) Updates whether the calling account has consolidated control findings turned on. | `string` | `"SECURITY_CONTROL"` | no |
 
 ## Outputs
 
diff --git a/modules/account/main.tf b/modules/account/main.tf
index 4812a49..e80ce05 100644
--- a/modules/account/main.tf
+++ b/modules/account/main.tf
@@ -1 +1,3 @@
-resource "aws_securityhub_account" "this" {}
+resource "aws_securityhub_account" "this" {
+  control_finding_generator = var.control_finding_generator
+}
diff --git a/modules/account/variables.tf b/modules/account/variables.tf
new file mode 100644
index 0000000..5a94461
--- /dev/null
+++ b/modules/account/variables.tf
@@ -0,0 +1,5 @@
+variable "control_finding_generator" {
+  description = "(Optional) Updates whether the calling account has consolidated control findings turned on."
+  type        = string
+  default     = "SECURITY_CONTROL"
+}
diff --git a/modules/cross-account-member/README.md b/modules/cross-account-member/README.md
index 286e751..1b73273 100644
--- a/modules/cross-account-member/README.md
+++ b/modules/cross-account-member/README.md
@@ -22,6 +22,7 @@ No resources.
 |------|-------------|------|---------|:--------:|
 | <a name="input_member_email"></a> [member\_email](#input\_member\_email) | Email address associated with the member account. Required for the cross-account SecurityHub member invite workflow | `string` | n/a | yes |
 | <a name="input_action_targets"></a> [action\_targets](#input\_action\_targets) | Schema list of SecurityHub action targets. | <pre>list(object({<br>    name        = string<br>    description = string<br>    identifer   = string<br>  }))</pre> | `[]` | no |
+| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | (Optional) Updates whether the calling account has consolidated control findings turned on. | `string` | `"SECURITY_CONTROL"` | no |
 | <a name="input_product_subscription_arns"></a> [product\_subscription\_arns](#input\_product\_subscription\_arns) | List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html | `list(string)` | `[]` | no |
 | <a name="input_standard_subscription_arns"></a> [standard\_subscription\_arns](#input\_standard\_subscription\_arns) | List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html | `list(string)` | `[]` | no |
 
diff --git a/modules/cross-account-member/main.tf b/modules/cross-account-member/main.tf
index 11371d5..849ed85 100644
--- a/modules/cross-account-member/main.tf
+++ b/modules/cross-account-member/main.tf
@@ -3,6 +3,7 @@ module "account" {
   source = "../../"
 
   action_targets             = var.action_targets
+  control_finding_generator  = var.control_finding_generator
   product_subscription_arns  = var.product_subscription_arns
   standard_subscription_arns = var.standard_subscription_arns
 }
diff --git a/modules/cross-account-member/variables.tf b/modules/cross-account-member/variables.tf
index 36e20bd..f618590 100644
--- a/modules/cross-account-member/variables.tf
+++ b/modules/cross-account-member/variables.tf
@@ -13,6 +13,12 @@ variable "action_targets" {
   default = []
 }
 
+variable "control_finding_generator" {
+  description = "(Optional) Updates whether the calling account has consolidated control findings turned on."
+  type        = string
+  default     = "SECURITY_CONTROL"
+}
+
 variable "product_subscription_arns" {
   description = "List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html"
   type        = list(string)
diff --git a/variables.tf b/variables.tf
index 885497d..009ba23 100644
--- a/variables.tf
+++ b/variables.tf
@@ -8,6 +8,12 @@ variable "action_targets" {
   default = []
 }
 
+variable "control_finding_generator" {
+  description = "(Optional) Updates whether the calling account has consolidated control findings turned on."
+  type        = string
+  default     = "SECURITY_CONTROL"
+}
+
 variable "standard_subscription_arns" {
   description = "List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html"
   type        = list(string)
diff --git a/versions.tf b/versions.tf
index 966e9bd..076bf5b 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.29.0"
+      version = ">= 4.64.0"
     }
   }
 }