Skip to content

Commit

Permalink
docs(readme): update module usage
Browse files Browse the repository at this point in the history
  • Loading branch information
@github-actions
github-actions[bot] committed Dec 23, 2024
1 parent 6287bb8 commit db75b3f
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -555,9 +555,8 @@ module "landing_zone" {

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_allowed_regions"></a> [allowed\_regions](#input\_allowed\_regions) | List of AWS regions where operations are allowed and for which central services like Security Hub and AWS Config are configured. | `list(string)` | n/a | yes |
| <a name="input_control_tower_account_ids"></a> [control\_tower\_account\_ids](#input\_control\_tower\_account\_ids) | Control Tower core account IDs | <pre>object({<br> audit = string<br> logging = string<br> })</pre> | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | Map of tags | `map(string)` | n/a | yes |
| <a name="input_regions"></a> [regions](#input\_regions) | Region configuration. See the README for more information on the configuration options. | <pre>object({<br> allowed_regions = list(string)<br> home_region = string<br> linked_regions = optional(list(string), ["us-east-1"])<br> })</pre> | n/a | yes |
| <a name="input_additional_auditing_trail"></a> [additional\_auditing\_trail](#input\_additional\_auditing\_trail) | CloudTrail configuration for additional auditing trail | <pre>object({<br> name = string<br> bucket = string<br> kms_key_id = string<br><br> event_selector = optional(object({<br> data_resource = optional(object({<br> type = string<br> values = list(string)<br> }))<br> exclude_management_event_sources = optional(set(string), null)<br> include_management_events = optional(bool, true)<br> read_write_type = optional(string, "All")<br> }))<br> })</pre> | `null` | no |
| <a name="input_aws_account_password_policy"></a> [aws\_account\_password\_policy](#input\_aws\_account\_password\_policy) | AWS account password policy parameters for the audit, logging and master account | <pre>object({<br> allow_users_to_change = bool<br> max_age = number<br> minimum_length = number<br> require_lowercase_characters = bool<br> require_numbers = bool<br> require_symbols = bool<br> require_uppercase_characters = bool<br> reuse_prevention_history = number<br> })</pre> | <pre>{<br> "allow_users_to_change": true,<br> "max_age": 90,<br> "minimum_length": 14,<br> "require_lowercase_characters": true,<br> "require_numbers": true,<br> "require_symbols": true,<br> "require_uppercase_characters": true,<br> "reuse_prevention_history": 24<br>}</pre> | no |
| <a name="input_aws_auditmanager"></a> [aws\_auditmanager](#input\_aws\_auditmanager) | AWS Audit Manager config settings | <pre>object({<br> enabled = bool<br> reports_bucket_prefix = string<br> })</pre> | <pre>{<br> "enabled": true,<br> "reports_bucket_prefix": "audit-manager-reports"<br>}</pre> | no |
Expand All @@ -567,9 +566,9 @@ module "landing_zone" {
| <a name="input_aws_guardduty"></a> [aws\_guardduty](#input\_aws\_guardduty) | AWS GuardDuty settings | <pre>object({<br> enabled = optional(bool, true)<br> finding_publishing_frequency = optional(string, "FIFTEEN_MINUTES")<br> ebs_malware_protection_status = optional(bool, true)<br> eks_audit_logs_status = optional(bool, true)<br> lambda_network_logs_status = optional(bool, true)<br> rds_login_events_status = optional(bool, true)<br> s3_data_events_status = optional(bool, true)<br> runtime_monitoring_status = optional(object({<br> enabled = optional(bool, true)<br> eks_addon_management_status = optional(bool, true)<br> ecs_fargate_agent_management_status = optional(bool, true)<br> ec2_agent_management_status = optional(bool, true)<br> }), {})<br> })</pre> | `{}` | no |
| <a name="input_aws_inspector"></a> [aws\_inspector](#input\_aws\_inspector) | AWS Inspector settings, at least one of the scan options must be enabled | <pre>object({<br> enabled = optional(bool, false)<br> enable_scan_ec2 = optional(bool, true)<br> enable_scan_ecr = optional(bool, true)<br> enable_scan_lambda = optional(bool, true)<br> enable_scan_lambda_code = optional(bool, true)<br> resource_create_timeout = optional(string, "15m")<br> })</pre> | <pre>{<br> "enable_scan_ec2": true,<br> "enable_scan_ecr": true,<br> "enable_scan_lambda": true,<br> "enable_scan_lambda_code": true,<br> "enabled": false,<br> "resource_create_timeout": "15m"<br>}</pre> | no |
| <a name="input_aws_required_tags"></a> [aws\_required\_tags](#input\_aws\_required\_tags) | AWS Required tags settings | <pre>map(list(object({<br> name = string<br> values = optional(list(string))<br> enforced_for = optional(list(string))<br> })))</pre> | `null` | no |
| <a name="input_aws_security_hub"></a> [aws\_security\_hub](#input\_aws\_security\_hub) | AWS Security Hub settings | <pre>object({<br> aggregator_linking_mode = optional(string, "SPECIFIED_REGIONS")<br> auto_enable_controls = optional(bool, true)<br> control_finding_generator = optional(string, "SECURITY_CONTROL")<br> create_cis_metric_filters = optional(bool, true)<br> product_arns = optional(list(string), [])<br> standards_arns = optional(list(string), null)<br> })</pre> | `{}` | no |
| <a name="input_aws_security_hub"></a> [aws\_security\_hub](#input\_aws\_security\_hub) | AWS Security Hub settings | <pre>object({<br> aggregator_linking_mode = optional(string, "SPECIFIED_REGIONS")<br> auto_enable_controls = optional(bool, true)<br> auto_enable_default_standards = optional(bool, false)<br> control_finding_generator = optional(string, "SECURITY_CONTROL")<br> create_cis_metric_filters = optional(bool, true)<br> disabled_control_identifiers = optional(list(string), null)<br> enabled_control_identifiers = optional(list(string), null)<br> product_arns = optional(list(string), [])<br> standards_arns = optional(list(string), null)<br> })</pre> | `{}` | no |
| <a name="input_aws_security_hub_sns_subscription"></a> [aws\_security\_hub\_sns\_subscription](#input\_aws\_security\_hub\_sns\_subscription) | Subscription options for the LandingZone-SecurityHubFindings SNS topic | <pre>map(object({<br> endpoint = string<br> protocol = string<br> }))</pre> | `{}` | no |
| <a name="input_aws_service_control_policies"></a> [aws\_service\_control\_policies](#input\_aws\_service\_control\_policies) | AWS SCP's parameters to disable required/denied policies, set a list of allowed AWS regions, and set principals that are exempt from the restriction | <pre>object({<br> allowed_regions = optional(list(string), [])<br> aws_deny_disabling_security_hub = optional(bool, true)<br> aws_deny_leaving_org = optional(bool, true)<br> aws_deny_root_user_ous = optional(list(string), [])<br> aws_require_imdsv2 = optional(bool, true)<br> principal_exceptions = optional(list(string), [])<br> })</pre> | `{}` | no |
| <a name="input_aws_service_control_policies"></a> [aws\_service\_control\_policies](#input\_aws\_service\_control\_policies) | AWS SCP's parameters to disable required/denied policies, set a list of allowed AWS regions, and set principals that are exempt from the restriction | <pre>object({<br> aws_deny_disabling_security_hub = optional(bool, true)<br> aws_deny_leaving_org = optional(bool, true)<br> aws_deny_root_user_ous = optional(list(string), [])<br> aws_require_imdsv2 = optional(bool, true)<br> principal_exceptions = optional(list(string), [])<br> })</pre> | `{}` | no |
| <a name="input_aws_sso_permission_sets"></a> [aws\_sso\_permission\_sets](#input\_aws\_sso\_permission\_sets) | Map of AWS IAM Identity Center permission sets with AWS accounts and group names that should be granted access to each account | <pre>map(object({<br> assignments = list(map(list(string)))<br> inline_policy = optional(string, null)<br> managed_policy_arns = optional(list(string), [])<br> session_duration = optional(string, "PT4H")<br> }))</pre> | `{}` | no |
| <a name="input_datadog"></a> [datadog](#input\_datadog) | Datadog integration options for the core accounts | <pre>object({<br> api_key = string<br> cspm_resource_collection_enabled = optional(bool, false)<br> enable_integration = bool<br> extended_resource_collection_enabled = optional(bool, false)<br> install_log_forwarder = optional(bool, false)<br> log_collection_services = optional(list(string), [])<br> log_forwarder_version = optional(string)<br> metric_tag_filters = optional(map(string), {})<br> namespace_rules = optional(list(string), [])<br> site_url = string<br> })</pre> | `null` | no |
| <a name="input_datadog_excluded_regions"></a> [datadog\_excluded\_regions](#input\_datadog\_excluded\_regions) | List of regions where metrics collection will be disabled. | `list(string)` | `[]` | no |
Expand All @@ -580,6 +579,7 @@ module "landing_zone" {
| <a name="input_monitor_iam_activity_sns_subscription"></a> [monitor\_iam\_activity\_sns\_subscription](#input\_monitor\_iam\_activity\_sns\_subscription) | Subscription options for the LandingZone-IAMActivity SNS topic | <pre>map(object({<br> endpoint = string<br> protocol = string<br> }))</pre> | `{}` | no |
| <a name="input_path"></a> [path](#input\_path) | Optional path for all IAM users, user groups, roles, and customer managed policies created by this module | `string` | `"/"` | no |
| <a name="input_ses_root_accounts_mail_forward"></a> [ses\_root\_accounts\_mail\_forward](#input\_ses\_root\_accounts\_mail\_forward) | SES config to receive and forward root account emails | <pre>object({<br> domain = string<br> from_email = string<br> recipient_mapping = map(any)<br><br> dmarc = object({<br> policy = optional(string)<br> rua = optional(string)<br> ruf = optional(string)<br> })<br> })</pre> | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Map of tags | `map(string)` | `{}` | no |

## Outputs

Expand Down

0 comments on commit db75b3f

Please sign in to comment.