diff --git a/README.md b/README.md index 60ca0cd..5ca546e 100644 --- a/README.md +++ b/README.md @@ -547,7 +547,7 @@ module "landing_zone" { | [aws\_config\_sns\_subscription](#input\_aws\_config\_sns\_subscription) | Subscription options for the aws-controltower-AggregateSecurityNotifications (AWS Config) SNS topic |
map(object({
endpoint = string
protocol = string
}))
| `{}` | no | | [aws\_ebs\_encryption\_by\_default](#input\_aws\_ebs\_encryption\_by\_default) | Set to true to enable AWS Elastic Block Store encryption by default | `bool` | `true` | no | | [aws\_guardduty](#input\_aws\_guardduty) | AWS GuardDuty settings |
object({
enabled = optional(bool, true)
finding_publishing_frequency = optional(string, "FIFTEEN_MINUTES")
ebs_malware_protection_status = optional(bool, true)
eks_addon_management_status = optional(bool, true)
eks_audit_logs_status = optional(bool, true)
eks_runtime_monitoring_status = optional(bool, true)
lambda_network_logs_status = optional(bool, true)
rds_login_events_status = optional(bool, true)
s3_data_events_status = optional(bool, true)
})
|
{
"ebs_malware_protection_status": true,
"eks_addon_management_status": true,
"eks_audit_logs_status": true,
"eks_runtime_monitoring_status": true,
"enabled": true,
"finding_publishing_frequency": "FIFTEEN_MINUTES",
"lambda_network_logs_status": true,
"rds_login_events_status": true,
"s3_data_events_status": true
}
| no | -| [aws\_inspector](#input\_aws\_inspector) | AWS Inspector settings, at least one of the scan options must be enabled |
object({
enabled = optional(bool, false)
enable_scan_ec2 = optional(bool, true)
enable_scan_ecr = optional(bool, true)
enable_scan_lambda = optional(bool, true)
enable_scan_lambda_code = optional(bool, true)
})
|
{
"enable_scan_ec2": true,
"enable_scan_ecr": true,
"enable_scan_lambda": true,
"enable_scan_lambda_code": true,
"enabled": false
}
| no | +| [aws\_inspector](#input\_aws\_inspector) | AWS Inspector settings, at least one of the scan options must be enabled |
object({
enabled = optional(bool, false)
enable_scan_ec2 = optional(bool, true)
enable_scan_ecr = optional(bool, true)
enable_scan_lambda = optional(bool, true)
enable_scan_lambda_code = optional(bool, true)
resource_create_timeout = optional(string, "15m")
})
|
{
"enable_scan_ec2": true,
"enable_scan_ecr": true,
"enable_scan_lambda": true,
"enable_scan_lambda_code": true,
"enabled": false,
"resource_create_timeout": "15m"
}
| no | | [aws\_required\_tags](#input\_aws\_required\_tags) | AWS Required tags settings |
map(list(object({
name = string
values = optional(list(string))
enforced_for = optional(list(string))
})))
| `null` | no | | [aws\_security\_hub](#input\_aws\_security\_hub) | AWS Security Hub settings |
object({
enabled = optional(bool, true)
auto_enable_controls = optional(bool, true)
auto_enable_default_standards = optional(bool, false)
control_finding_generator = optional(string, "SECURITY_CONTROL")
create_cis_metric_filters = optional(bool, true)
product_arns = optional(list(string), [])
standards_arns = optional(list(string), null)
})
|
{
"auto_enable_controls": true,
"auto_enable_default_standards": false,
"control_finding_generator": "SECURITY_CONTROL",
"create_cis_metric_filters": true,
"enabled": true,
"product_arns": [],
"standards_arns": null
}
| no | | [aws\_security\_hub\_sns\_subscription](#input\_aws\_security\_hub\_sns\_subscription) | Subscription options for the LandingZone-SecurityHubFindings SNS topic |
map(object({
endpoint = string
protocol = string
}))
| `{}` | no |