From 97a10987fcdd62888d36e82f944110dedcc80b44 Mon Sep 17 00:00:00 2001 From: will Farrell Date: Sun, 5 Sep 2021 11:05:21 -0600 Subject: [PATCH 1/4] feat: add in macie baseline Closes: #208 --- macie_baselines.tf | 298 ++++++++++++++++++++++++++++ modules/macie-baseline/README.md | 48 +++++ modules/macie-baseline/main.tf | 30 +++ modules/macie-baseline/outputs.tf | 4 + modules/macie-baseline/variables.tf | 40 ++++ modules/macie-baseline/versions.tf | 10 + variables.tf | 23 +++ 7 files changed, 453 insertions(+) create mode 100644 macie_baselines.tf create mode 100644 modules/macie-baseline/README.md create mode 100644 modules/macie-baseline/main.tf create mode 100644 modules/macie-baseline/outputs.tf create mode 100644 modules/macie-baseline/variables.tf create mode 100644 modules/macie-baseline/versions.tf diff --git a/macie_baselines.tf b/macie_baselines.tf new file mode 100644 index 00000000..648409a1 --- /dev/null +++ b/macie_baselines.tf @@ -0,0 +1,298 @@ +# -------------------------------------------------------------------------------------------------- +# Macie Baseline +# Needs to be set up in each region. +# This is an extra configuration which is not included in CIS benchmark. +# -------------------------------------------------------------------------------------------------- +locals { + macie_master_account_id = var.master_account_id + macie_member_accounts = var.member_accounts +} + +module "macie_baseline_ap-northeast-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.ap-northeast-1 + } + + enabled = contains(var.target_regions, "ap-northeast-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_ap-northeast-2" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.ap-northeast-2 + } + + enabled = contains(var.target_regions, "ap-northeast-2") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_ap-northeast-3" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.ap-northeast-3 + } + + enabled = contains(var.target_regions, "ap-northeast-3") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_ap-south-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.ap-south-1 + } + + enabled = contains(var.target_regions, "ap-south-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_ap-southeast-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.ap-southeast-1 + } + + enabled = contains(var.target_regions, "ap-southeast-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_ap-southeast-2" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.ap-southeast-2 + } + + enabled = contains(var.target_regions, "ap-southeast-2") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_ca-central-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.ca-central-1 + } + + enabled = contains(var.target_regions, "ca-central-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_eu-central-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.eu-central-1 + } + + enabled = contains(var.target_regions, "eu-central-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_eu-north-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.eu-north-1 + } + + enabled = contains(var.target_regions, "eu-north-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_eu-west-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.eu-west-1 + } + + enabled = contains(var.target_regions, "eu-west-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_eu-west-2" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.eu-west-2 + } + + enabled = contains(var.target_regions, "eu-west-2") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_eu-west-3" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.eu-west-3 + } + + enabled = contains(var.target_regions, "eu-west-3") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_sa-east-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.sa-east-1 + } + + enabled = contains(var.target_regions, "sa-east-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_us-east-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.us-east-1 + } + + enabled = contains(var.target_regions, "us-east-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_us-east-2" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.us-east-2 + } + + enabled = contains(var.target_regions, "us-east-2") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_us-west-1" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.us-west-1 + } + + enabled = contains(var.target_regions, "us-west-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} + +module "macie_baseline_us-west-2" { + source = "./modules/macie-baseline" + + providers = { + aws = aws.us-west-2 + } + + enabled = contains(var.target_regions, "us-west-2") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = local.macie_master_account_id + member_accounts = local.macie_member_accounts + + tags = var.tags +} diff --git a/modules/macie-baseline/README.md b/modules/macie-baseline/README.md new file mode 100644 index 00000000..cda0ca82 --- /dev/null +++ b/modules/macie-baseline/README.md @@ -0,0 +1,48 @@ +# macie-baseline + +Enable Macie in all regions. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 3.0.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_macie2_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/macie2_account) | resource | +| [aws_macie2_invitation_accepter.master](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/macie2_invitation_accepter) | resource | +| [aws_macie2_member.members](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/macie2_member) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [disable\_email\_notification](#input\_disable\_email\_notification) | Boolean whether an email notification is sent to the accounts. | `bool` | `false` | no | +| [enabled](#input\_enabled) | The boolean flag whether this module is enabled or not. No resources are created when set to false. | `bool` | `true` | no | +| [finding\_publishing\_frequency](#input\_finding\_publishing\_frequency) | Specifies the frequency of notifications sent for subsequent finding occurrences. | `string` | `"SIX_HOURS"` | no | +| [invitation\_message](#input\_invitation\_message) | Message for invitation. | `string` | `"This is an automatic invitation message from guardduty-baseline module."` | no | +| [master\_account\_id](#input\_master\_account\_id) | AWS account ID for master account. | `string` | `""` | no | +| [member\_accounts](#input\_member\_accounts) | A list of IDs and emails of AWS accounts which associated as member accounts. | 
list(object({
    account_id = string
    email      = string
  }))
| `[]` | no | +| [tags](#input\_tags) | Specifies object tags key and value. This applies to all resources created by this module. | `map` | 
{
  "Terraform": true
}
| no | + +## Outputs + +| Name | Description | +|------|-------------| +| [macie\_account](#output\_macie\_account) | Macie Account | + diff --git a/modules/macie-baseline/main.tf b/modules/macie-baseline/main.tf new file mode 100644 index 00000000..36dfc735 --- /dev/null +++ b/modules/macie-baseline/main.tf @@ -0,0 +1,30 @@ +# -------------------------------------------------------------------------------------------------- +# Enables GuardDuty. +# -------------------------------------------------------------------------------------------------- + +resource "aws_macie2_account" "default" { + count = var.enabled ? 1 : 0 + + status = "ENABLED" + finding_publishing_frequency = var.finding_publishing_frequency + + tags = var.tags +} + +resource "aws_macie2_member" "members" { + count = var.enabled ? length(var.member_accounts) : 0 + + status = "ENABLED" + invite = true + + account_id = var.member_accounts[count.index].account_id + invitation_disable_email_notification = var.disable_email_notification + email = var.member_accounts[count.index].email + invitation_message = var.invitation_message +} + +resource "aws_macie2_invitation_accepter" "master" { + count = var.enabled && var.master_account_id != "" ? 1 : 0 + + administrator_account_id = var.master_account_id +} diff --git a/modules/macie-baseline/outputs.tf b/modules/macie-baseline/outputs.tf new file mode 100644 index 00000000..0c60df33 --- /dev/null +++ b/modules/macie-baseline/outputs.tf @@ -0,0 +1,4 @@ +output "aws_macie2_account" { + description = "Macie Account" + value = var.enabled ? aws_macie2_account.default[0] : null +} diff --git a/modules/macie-baseline/variables.tf b/modules/macie-baseline/variables.tf new file mode 100644 index 00000000..0aa9d673 --- /dev/null +++ b/modules/macie-baseline/variables.tf @@ -0,0 +1,40 @@ +variable "enabled" { + description = "The boolean flag whether this module is enabled or not. No resources are created when set to false." + default = true +} + +variable "disable_email_notification" { + description = "Boolean whether an email notification is sent to the accounts." + default = false +} + +variable "finding_publishing_frequency" { + description = "Specifies the frequency of notifications sent for subsequent finding occurrences." + default = "SIX_HOURS" +} + +variable "invitation_message" { + description = "Message for invitation." + default = "This is an automatic invitation message from guardduty-baseline module." +} + +variable "master_account_id" { + description = "AWS account ID for master account." + default = "" +} + +variable "member_accounts" { + description = "A list of IDs and emails of AWS accounts which associated as member accounts." + type = list(object({ + account_id = string + email = string + })) + default = [] +} + +variable "tags" { + description = "Specifies object tags key and value. This applies to all resources created by this module." + default = { + "Terraform" = true + } +} diff --git a/modules/macie-baseline/versions.tf b/modules/macie-baseline/versions.tf new file mode 100644 index 00000000..02acfe6e --- /dev/null +++ b/modules/macie-baseline/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 0.13" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.0.0" + } + } +} diff --git a/variables.tf b/variables.tf index a76aaca2..955e778a 100644 --- a/variables.tf +++ b/variables.tf @@ -455,6 +455,29 @@ variable "guardduty_invitation_message" { default = "This is an automatic invitation message from guardduty-baseline module." } +# -------------------------------------------------------------------------------------------------- +# Variables for macie-baseline module. +# -------------------------------------------------------------------------------------------------- +variable "macie_enabled" { + description = "Boolean whether the macie-baseline module is enabled or disabled" + default = true +} + +variable "macie_disable_email_notification" { + description = "Boolean whether an email notification is sent to the accounts." + default = false +} + +variable "macie_finding_publishing_frequency" { + description = "Specifies the frequency of notifications sent for subsequent finding occurrences." + default = "SIX_HOURS" +} + +variable "macie_invitation_message" { + description = "Message for invitation." + default = "This is an automatic invitation message from macie-baseline module." +} + # -------------------------------------------------------------------------------------------------- # Variables for s3-baseline module. # -------------------------------------------------------------------------------------------------- From 0947e935f142dd18ab126cea18f667be0bbbcb3d Mon Sep 17 00:00:00 2001 From: will Farrell Date: Sun, 5 Sep 2021 11:27:31 -0600 Subject: [PATCH 2/4] fix: change macie to global config --- macie_baselines.tf => macie_baselines.tf_ | 0 main.tf | 17 +++++++++++++++++ modules/macie-baseline/main.tf | 2 -- 3 files changed, 17 insertions(+), 2 deletions(-) rename macie_baselines.tf => macie_baselines.tf_ (100%) diff --git a/macie_baselines.tf b/macie_baselines.tf_ similarity index 100% rename from macie_baselines.tf rename to macie_baselines.tf_ diff --git a/main.tf b/main.tf index 59a255ee..2402b764 100644 --- a/main.tf +++ b/main.tf @@ -114,6 +114,23 @@ module "alarm_baseline" { tags = var.tags } +# -------------------------------------------------------------------------------------------------- +# Macie Baseline +# -------------------------------------------------------------------------------------------------- + +module "macie_baseline" { + source = "./modules/macie-baseline" + + enabled = contains(var.target_regions, "ap-northeast-1") && var.macie_enabled + disable_email_notification = var.macie_disable_email_notification + finding_publishing_frequency = var.macie_finding_publishing_frequency + invitation_message = var.macie_invitation_message + master_account_id = var.master_account_id + member_accounts = var.member_accounts + + tags = var.tags +} + # -------------------------------------------------------------------------------------------------- # S3 Baseline # -------------------------------------------------------------------------------------------------- diff --git a/modules/macie-baseline/main.tf b/modules/macie-baseline/main.tf index 36dfc735..b794ad61 100644 --- a/modules/macie-baseline/main.tf +++ b/modules/macie-baseline/main.tf @@ -7,8 +7,6 @@ resource "aws_macie2_account" "default" { status = "ENABLED" finding_publishing_frequency = var.finding_publishing_frequency - - tags = var.tags } resource "aws_macie2_member" "members" { From bedb1d6fb0d34754de71880589091a7b066afe71 Mon Sep 17 00:00:00 2001 From: will Farrell Date: Sun, 5 Sep 2021 11:34:29 -0600 Subject: [PATCH 3/4] docs: add macie details --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index bfea1bbd..1781b976 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ See [Benchmark Compliance](./compliance.md) to check which items in various benc - Enable AWS Config in each regions to automatically take configuration snapshots. - Enable SecurityHub and subscribe available standards. - Enable GuardDuty in each regions. +- Enable Macie. ### Networking & Computing @@ -100,6 +101,7 @@ This module is composed of several submodules and each of which can be used inde - [ebs-baseline](./modules/ebs-baseline) - [guardduty-baseline](./modules/guardduty-baseline) - [iam-baseline](./modules/iam-baseline) +- [macie-baseline](./modules/macie-baseline) - [s3-baseline](./modules/s3-baseline) - [secure-bucket](./modules/secure-bucket) - [securityhub-baseline](./modules/securityhub-baseline) @@ -195,6 +197,7 @@ This module is composed of several submodules and each of which can be used inde | [guardduty\_baseline\_us-west-1](#module\_guardduty\_baseline\_us-west-1) | ./modules/guardduty-baseline | n/a | | [guardduty\_baseline\_us-west-2](#module\_guardduty\_baseline\_us-west-2) | ./modules/guardduty-baseline | n/a | | [iam\_baseline](#module\_iam\_baseline) | ./modules/iam-baseline | n/a | +| [macie\_baseline](#module\_macie\_baseline) | ./modules/macie-baseline | n/a | | [s3\_baseline](#module\_s3\_baseline) | ./modules/s3-baseline | n/a | | [securityhub\_baseline\_ap-northeast-1](#module\_securityhub\_baseline\_ap-northeast-1) | ./modules/securityhub-baseline | n/a | | [securityhub\_baseline\_ap-northeast-2](#module\_securityhub\_baseline\_ap-northeast-2) | ./modules/securityhub-baseline | n/a | @@ -328,6 +331,10 @@ This module is composed of several submodules and each of which can be used inde | [require\_uppercase\_characters](#input\_require\_uppercase\_characters) | Whether to require uppercase characters for user passwords. | `bool` | `true` | no | | [root\_usage\_enabled](#input\_root\_usage\_enabled) | The boolean flag whether the root\_usage alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no | | [route\_table\_changes\_enabled](#input\_route\_table\_changes\_enabled) | The boolean flag whether the route\_table\_changes alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no | +| [macie\_disable\_email\_notification](#input\_macie\_disable\_email\_notification) | Boolean whether an email notification is sent to the accounts. | `bool` | `false` | no | +| [macie\_enabled](#input\_macie\_enabled) | Boolean whether the macie-baseline module is enabled or disabled | `bool` | `true` | no | +| [macie\_finding\_publishing\_frequency](#input\_macie\_finding\_publishing\_frequency) | Specifies the frequency of notifications sent for subsequent finding occurrences. | `string` | `"SIX_HOURS"` | no | +| [macie\_invitation\_message](#input\_macie\_invitation\_message) | Message for invitation. | `string` | `"This is an automatic invitation message from macie-baseline module."` | no | | [s3\_block\_public\_acls](#input\_s3\_block\_public\_acls) | Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. | `bool` | `true` | no | | [s3\_block\_public\_policy](#input\_s3\_block\_public\_policy) | Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. | `bool` | `true` | no | | [s3\_bucket\_policy\_changes\_enabled](#input\_s3\_bucket\_policy\_changes\_enabled) | The boolean flag whether the s3\_bucket\_policy\_changes alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no | From ee2e5dddf944f8abdfebf249da2c168f07560eee Mon Sep 17 00:00:00 2001 From: will Farrell Date: Sat, 11 Sep 2021 03:22:43 -0600 Subject: [PATCH 4/4] fix: remove unused code --- macie_baselines.tf_ | 298 -------------------------------------------- 1 file changed, 298 deletions(-) delete mode 100644 macie_baselines.tf_ diff --git a/macie_baselines.tf_ b/macie_baselines.tf_ deleted file mode 100644 index 648409a1..00000000 --- a/macie_baselines.tf_ +++ /dev/null @@ -1,298 +0,0 @@ -# -------------------------------------------------------------------------------------------------- -# Macie Baseline -# Needs to be set up in each region. -# This is an extra configuration which is not included in CIS benchmark. -# -------------------------------------------------------------------------------------------------- -locals { - macie_master_account_id = var.master_account_id - macie_member_accounts = var.member_accounts -} - -module "macie_baseline_ap-northeast-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.ap-northeast-1 - } - - enabled = contains(var.target_regions, "ap-northeast-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_ap-northeast-2" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.ap-northeast-2 - } - - enabled = contains(var.target_regions, "ap-northeast-2") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_ap-northeast-3" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.ap-northeast-3 - } - - enabled = contains(var.target_regions, "ap-northeast-3") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_ap-south-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.ap-south-1 - } - - enabled = contains(var.target_regions, "ap-south-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_ap-southeast-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.ap-southeast-1 - } - - enabled = contains(var.target_regions, "ap-southeast-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_ap-southeast-2" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.ap-southeast-2 - } - - enabled = contains(var.target_regions, "ap-southeast-2") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_ca-central-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.ca-central-1 - } - - enabled = contains(var.target_regions, "ca-central-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_eu-central-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.eu-central-1 - } - - enabled = contains(var.target_regions, "eu-central-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_eu-north-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.eu-north-1 - } - - enabled = contains(var.target_regions, "eu-north-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_eu-west-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.eu-west-1 - } - - enabled = contains(var.target_regions, "eu-west-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_eu-west-2" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.eu-west-2 - } - - enabled = contains(var.target_regions, "eu-west-2") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_eu-west-3" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.eu-west-3 - } - - enabled = contains(var.target_regions, "eu-west-3") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_sa-east-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.sa-east-1 - } - - enabled = contains(var.target_regions, "sa-east-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_us-east-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.us-east-1 - } - - enabled = contains(var.target_regions, "us-east-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_us-east-2" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.us-east-2 - } - - enabled = contains(var.target_regions, "us-east-2") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_us-west-1" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.us-west-1 - } - - enabled = contains(var.target_regions, "us-west-1") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -} - -module "macie_baseline_us-west-2" { - source = "./modules/macie-baseline" - - providers = { - aws = aws.us-west-2 - } - - enabled = contains(var.target_regions, "us-west-2") && var.macie_enabled - disable_email_notification = var.macie_disable_email_notification - finding_publishing_frequency = var.macie_finding_publishing_frequency - invitation_message = var.macie_invitation_message - master_account_id = local.macie_master_account_id - member_accounts = local.macie_member_accounts - - tags = var.tags -}