Deploys the AWS Operational Best Practices for NZISM conformance pack using Terraform. See the AWS Config conformance packs documentation for background.
As well as deploying the conformance pack, this sample can create the prerequisite AWS Config
configuration recorder
if you don't already have one. To do this, in terraform.tfvars set create_recorder to
true and bucket_name to the name of a new
S3 delivery bucket
to create. If create_recorder is set to false then you must have your own recorder running before you deploy.
The sample pack templates aren't directly available in S3, so before deployment you need to copy the template to your own S3 bucket. For example, use the AWS CLI:
git clone https://github.com/awslabs/aws-config-rules.git
aws s3 cp aws-config-rules/aws-config-conformance-packs/Operational-Best-Practices-for-NZISM.yaml s3://my-bucket/nzism.yaml
In terraform.tfvars set template_s3_uri to the URI of the uploaded template, s3://my-bucket/nzism.yaml
in this example.
To deploy, run:
terraform init
terraform apply
To uninstall, empty the delivery bucket if you deployed with create_recorder=true, then run:
terraform destroy
Although this sample doesn't do it, you can also set input parameters for the conformance pack. To do this,
review the input_parameter section in the
Terraform docs
then edit main.tf as needed.