diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf index ceefbc2..99a66d5 100644 --- a/examples/basic/versions.tf +++ b/examples/basic/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.40.0" + version = ">= 5.54.0" } datadog = { source = "datadog/datadog" @@ -13,5 +13,5 @@ terraform { version = ">= 0.4.2" } } - required_version = ">= 1.3" + required_version = ">= 1.6" } diff --git a/guardduty.tf b/guardduty.tf index f66b1ee..b5a42be 100644 --- a/guardduty.tf +++ b/guardduty.tf @@ -6,6 +6,14 @@ resource "aws_guardduty_organization_admin_account" "audit" { } // AWS GuardDuty - Audit account configuration +resource "aws_guardduty_detector" "audit" { + provider = aws.audit + + enable = var.aws_guardduty.enabled + finding_publishing_frequency = var.aws_guardduty.finding_publishing_frequency + tags = var.tags +} + resource "aws_guardduty_organization_configuration" "default" { count = var.aws_guardduty.enabled == true ? 1 : 0 provider = aws.audit @@ -16,14 +24,6 @@ resource "aws_guardduty_organization_configuration" "default" { depends_on = [aws_guardduty_organization_admin_account.audit] } -resource "aws_guardduty_detector" "audit" { - provider = aws.audit - - enable = var.aws_guardduty.enabled - finding_publishing_frequency = var.aws_guardduty.finding_publishing_frequency - tags = var.tags -} - resource "aws_guardduty_organization_configuration_feature" "ebs_malware_protection" { provider = aws.audit @@ -40,20 +40,6 @@ resource "aws_guardduty_organization_configuration_feature" "eks_audit_logs" { auto_enable = var.aws_guardduty.eks_audit_logs_status == true ? "ALL" : "NONE" } -resource "aws_guardduty_organization_configuration_feature" "eks_runtime_monitoring" { - provider = aws.audit - - detector_id = aws_guardduty_detector.audit.id - name = "EKS_RUNTIME_MONITORING" - auto_enable = var.aws_guardduty.eks_runtime_monitoring_status == true ? "ALL" : "NONE" - - - additional_configuration { - name = "EKS_ADDON_MANAGEMENT" - auto_enable = var.aws_guardduty.eks_addon_management_status == true ? "ALL" : "NONE" - } -} - resource "aws_guardduty_organization_configuration_feature" "lambda_network_logs" { provider = aws.audit @@ -77,3 +63,27 @@ resource "aws_guardduty_organization_configuration_feature" "s3_data_events" { name = "S3_DATA_EVENTS" auto_enable = var.aws_guardduty.s3_data_events_status == true ? "ALL" : "NONE" } + +resource "aws_guardduty_organization_configuration_feature" "runtime_monitoring" { + provider = aws.audit + + detector_id = aws_guardduty_detector.audit.id + name = "RUNTIME_MONITORING" + auto_enable = var.aws_guardduty.runtime_monitoring_status.enabled == true ? "ALL" : "NONE" + + + dynamic "additional_configuration" { + for_each = { + for name, status in { + "EKS_ADDON_MANAGEMENT" = var.aws_guardduty.runtime_monitoring_status.eks_addon_management_status + "ECS_FARGATE_AGENT_MANAGEMENT" = var.aws_guardduty.runtime_monitoring_status.ecs_fargate_agent_management_status + "EC2_AGENT_MANAGEMENT" = var.aws_guardduty.runtime_monitoring_status.ec2_agent_management_status + } : name => status if status == true + } + + content { + name = additional_configuration.key + auto_enable = "ALL" + } + } +} diff --git a/variables.tf b/variables.tf index b244d11..ef12798 100644 --- a/variables.tf +++ b/variables.tf @@ -99,23 +99,31 @@ variable "aws_guardduty" { enabled = optional(bool, true) finding_publishing_frequency = optional(string, "FIFTEEN_MINUTES") ebs_malware_protection_status = optional(bool, true) - eks_addon_management_status = optional(bool, true) eks_audit_logs_status = optional(bool, true) - eks_runtime_monitoring_status = optional(bool, true) lambda_network_logs_status = optional(bool, true) rds_login_events_status = optional(bool, true) s3_data_events_status = optional(bool, true) + runtime_monitoring_status = optional(object({ + enabled = optional(bool, true) + eks_addon_management_status = optional(bool, true) + ecs_fargate_agent_management_status = optional(bool, true) + ec2_agent_management_status = optional(bool, true) + }, {})) }) default = { enabled = true finding_publishing_frequency = "FIFTEEN_MINUTES" ebs_malware_protection_status = true - eks_addon_management_status = true eks_audit_logs_status = true - eks_runtime_monitoring_status = true lambda_network_logs_status = true rds_login_events_status = true s3_data_events_status = true + runtime_monitoring_status = { + enabled = true + eks_addon_management_status = true + ecs_fargate_agent_management_status = true + ec2_agent_management_status = true + } } description = "AWS GuardDuty settings" } diff --git a/versions.tf b/versions.tf index 0cb2558..ff18295 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.26.0" + version = ">= 5.54.0" configuration_aliases = [aws.audit, aws.logging] } datadog = { @@ -14,5 +14,5 @@ terraform { version = ">= 0.4.2" } } - required_version = ">= 1.3" + required_version = ">= 1.6" }