This module sets up Security Hub in an account with option to send findings to slack and/or email.
The following resources will be created:
- SecurityHub
- Lambda function to send slack notifications (created using cloudformation, based on https://github.com/aws-samples/aws-securityhub-to-slack).
- EventBridge Rules
| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| random | >= 3.3.0 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alarm_email | Enables email notification (optional) | string |
"" |
no |
| alarm_slack_endpoint | Enables slack notification to endpoint passed (optional) | string |
"" |
no |
| chatbot_sns_topic | SNS topic for chatbot notification | string |
"" |
no |
| invite | Invite member accounts? (Use 'false' when this account is the delegated admin by master account) | bool |
true |
no |
| members | List of member AWS accounts as [{account_id: '9999', email: '[email protected]'}, {...}] } | list(any) |
[] |
no |
| severity_list | n/a | list(any) |
[ |
no |
| subscription_cis | Enables CIS Foundations Benchmark Standards subscription | bool |
false |
no |
| subscription_cis_version | The version of the CIS AWS Foundations Benchmark to subscribe to | string |
"3.0.0" |
no |
| subscription_foundational | Enables AWS Foundational Security Best Practices subscription | bool |
false |
no |
| subscription_nist | Enables AWS NIST SP 800-53 subscription | bool |
false |
no |
| subscription_pci | Enables PCI-DSS Standards subscription | bool |
false |
no |
| subscription_resource_tagging | Enables AWS Resource Tagging Standard subscription | bool |
false |
no |
No output.
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.