initial commit

modules/security_identity_compliance/guardduty/README.md

@@ -0,0 +1,17 @@
+# Overview
+This module performs the following tasks:
+
+- Enable AWS config
+- Create AWS config files for CIS benchmark
+- Create s3 bucket for config use
+
+## Inputs:
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:-----:|
+| application | name of application | string | none | yes |
+| environment | capacity of environment (prd/dev/lab) | string | none | yes | 
+| customer-name | owner of aws resources | string | none | yes |
+| project | name of project | string | none | yes |
+| default-tags | tags to be added to resources | list | none | yes | 
+| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
+

modules/security_identity_compliance/guardduty/main.tf

@@ -0,0 +1,8 @@
+data aws_caller_identity this {}
+
+resource aws_guardduty_detector gd {
+  enable = true
+  finding_publishing_frequency = "ONE_HOUR"
+  tags = var.default-tags
+}
+

modules/security_identity_compliance/guardduty/outputs.tf

@@ -0,0 +1,3 @@
+output guardduty-arn {
+  value = aws_guardduty_detector.gd.arn
+}

modules/security_identity_compliance/guardduty/variables.tf

@@ -0,0 +1 @@
+variable "default-tags" {}