Skip to content

Commit

Permalink
Ensure home region is not used for findings aggregator
Browse files Browse the repository at this point in the history
  • Loading branch information
Johan Steenhoven authored and Johan Steenhoven committed Dec 17, 2024
1 parent 5ece85b commit b24ad07
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion security_hub.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
locals {
all_regions_except_home_region = [for region in var.allowed_regions : region if region != data.aws_region.current.name]
}

// AWS Security Hub - Management account configuration and enrollment
resource "aws_securityhub_organization_admin_account" "default" {
admin_account_id = data.aws_caller_identity.audit.account_id
Expand Down Expand Up @@ -110,7 +114,7 @@ resource "aws_securityhub_finding_aggregator" "default" {
provider = aws.audit

linking_mode = var.aws_security_hub.aggregator_linking_mode
specified_regions = var.aws_security_hub.aggregator_linking_mode == "SPECIFIED_REGIONS" ? var.allowed_regions : null
specified_regions = var.aws_security_hub.aggregator_linking_mode == "SPECIFIED_REGIONS" ? local.all_regions_except_home_region : null

depends_on = [aws_securityhub_account.default]
}
Expand Down

0 comments on commit b24ad07

Please sign in to comment.