Skip to content

Commit

Permalink
Merge pull request #125 from lorengordon/patch/null-control-finding-g…
Browse files Browse the repository at this point in the history
…enerator
  • Loading branch information
lorengordon authored Aug 30, 2023
2 parents da889a2 + 6f32268 commit aced605
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 6 deletions.
2 changes: 1 addition & 1 deletion .bumpversion.cfg
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[bumpversion]
current_version = 4.2.0
current_version = 4.2.1
commit = True
message = Bumps version to {new_version}
tag = False
Expand Down
19 changes: 18 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,24 @@
All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).

### [4.2.1](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.2.1)

**Released**: 2023.08.30

**Summary**:

* Defaults `control_finding_generator` to `null` to allow AWS Security Hub Administrator
Account to manage the setting

### [4.2.0](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.2.0)

**Released**: 2023.06.02

**Summary**:

* Adds inputs to account resource for `auto_enable_controls` and `enable_default_standards`

### [4.1.0](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.1.0)

**Released**: 2023.06.01
Expand All @@ -11,7 +29,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p

* Brought Standards_Controls under management to enable or disable specified controls


### [4.0.0](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.0.0)

**Released**: 2023.05.25
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ No resources.
|------|-------------|------|---------|:--------:|
| <a name="input_action_targets"></a> [action\_targets](#input\_action\_targets) | Schema list of SecurityHub action targets. | <pre>list(object({<br> name = string<br> description = string<br> identifer = string<br> }))</pre> | `[]` | no |
| <a name="input_auto_enable_controls"></a> [auto\_enable\_controls](#input\_auto\_enable\_controls) | Boolean that enables the security standards that Security Hub has designated as automatically enabled including: `AWS Foundational Security Best Practices v1.0.0` and `CIS AWS Foundations Benchmark v1.2.0` | `bool` | `true` | no |
| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | `string` | `"SECURITY_CONTROL"` | no |
| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | `string` | `null` | no |
| <a name="input_enable_default_standards"></a> [enable\_default\_standards](#input\_enable\_default\_standards) | Boolean that automatically enables new controls when they are added to standards that are enabled | `bool` | `true` | no |
| <a name="input_product_subscription_arns"></a> [product\_subscription\_arns](#input\_product\_subscription\_arns) | List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html | `list(string)` | `[]` | no |
| <a name="input_standard_subscription_arns"></a> [standard\_subscription\_arns](#input\_standard\_subscription\_arns) | List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html | `list(string)` | `[]` | no |
Expand Down
2 changes: 1 addition & 1 deletion modules/account/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_auto_enable_controls"></a> [auto\_enable\_controls](#input\_auto\_enable\_controls) | Boolean that enables the security standards that Security Hub has designated as automatically enabled including: `AWS Foundational Security Best Practices v1.0.0` and `CIS AWS Foundations Benchmark v1.2.0` | `bool` | `true` | no |
| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | `string` | `"SECURITY_CONTROL"` | no |
| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | `string` | `null` | no |
| <a name="input_enable_default_standards"></a> [enable\_default\_standards](#input\_enable\_default\_standards) | Boolean that automatically enables new controls when they are added to standards that are enabled | `bool` | `true` | no |

## Outputs
Expand Down
11 changes: 10 additions & 1 deletion modules/account/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,16 @@ variable "auto_enable_controls" {
variable "control_finding_generator" {
description = "Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard."
type = string
default = "SECURITY_CONTROL"
default = null

validation {
condition = (
var.control_finding_generator != null ?
contains(["SECURITY_CONTROL", "STANDARDS_CONTROL"], var.control_finding_generator) :
true
)
error_message = "control_finding_generator must be one of: SECURITY_CONTROL, STANDARDS_CONTROL, null"
}
}

variable "enable_default_standards" {
Expand Down
11 changes: 10 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,16 @@ variable "auto_enable_controls" {
variable "control_finding_generator" {
description = "Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard."
type = string
default = "SECURITY_CONTROL"
default = null

validation {
condition = (
var.control_finding_generator != null ?
contains(["SECURITY_CONTROL", "STANDARDS_CONTROL"], var.control_finding_generator) :
true
)
error_message = "control_finding_generator must be one of: SECURITY_CONTROL, STANDARDS_CONTROL, null"
}
}

variable "enable_default_standards" {
Expand Down

0 comments on commit aced605

Please sign in to comment.