Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Defaults control_finding_generator to null to allow Org to manage setting #125

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .bumpversion.cfg
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[bumpversion]
current_version = 4.2.0
current_version = 4.2.1
commit = True
message = Bumps version to {new_version}
tag = False
Expand Down
19 changes: 18 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,24 @@
All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).

### [4.2.1](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.2.1)

**Released**: 2023.08.30

**Summary**:

* Defaults `control_finding_generator` to `null` to allow AWS Security Hub Administrator
Account to manage the setting

### [4.2.0](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.2.0)

**Released**: 2023.06.02

**Summary**:

* Adds inputs to account resource for `auto_enable_controls` and `enable_default_standards`

### [4.1.0](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.1.0)

**Released**: 2023.06.01
Expand All @@ -11,7 +29,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p

* Brought Standards_Controls under management to enable or disable specified controls


### [4.0.0](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.0.0)

**Released**: 2023.05.25
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ No resources.
|------|-------------|------|---------|:--------:|
| <a name="input_action_targets"></a> [action\_targets](#input\_action\_targets) | Schema list of SecurityHub action targets. | <pre>list(object({<br> name = string<br> description = string<br> identifer = string<br> }))</pre> | `[]` | no |
| <a name="input_auto_enable_controls"></a> [auto\_enable\_controls](#input\_auto\_enable\_controls) | Boolean that enables the security standards that Security Hub has designated as automatically enabled including: `AWS Foundational Security Best Practices v1.0.0` and `CIS AWS Foundations Benchmark v1.2.0` | `bool` | `true` | no |
| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | `string` | `"SECURITY_CONTROL"` | no |
| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | `string` | `null` | no |
| <a name="input_enable_default_standards"></a> [enable\_default\_standards](#input\_enable\_default\_standards) | Boolean that automatically enables new controls when they are added to standards that are enabled | `bool` | `true` | no |
| <a name="input_product_subscription_arns"></a> [product\_subscription\_arns](#input\_product\_subscription\_arns) | List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html | `list(string)` | `[]` | no |
| <a name="input_standard_subscription_arns"></a> [standard\_subscription\_arns](#input\_standard\_subscription\_arns) | List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html | `list(string)` | `[]` | no |
Expand Down
2 changes: 1 addition & 1 deletion modules/account/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_auto_enable_controls"></a> [auto\_enable\_controls](#input\_auto\_enable\_controls) | Boolean that enables the security standards that Security Hub has designated as automatically enabled including: `AWS Foundational Security Best Practices v1.0.0` and `CIS AWS Foundations Benchmark v1.2.0` | `bool` | `true` | no |
| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | `string` | `"SECURITY_CONTROL"` | no |
| <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard. | `string` | `null` | no |
| <a name="input_enable_default_standards"></a> [enable\_default\_standards](#input\_enable\_default\_standards) | Boolean that automatically enables new controls when they are added to standards that are enabled | `bool` | `true` | no |

## Outputs
Expand Down
11 changes: 10 additions & 1 deletion modules/account/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,16 @@ variable "auto_enable_controls" {
variable "control_finding_generator" {
description = "Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard."
type = string
default = "SECURITY_CONTROL"
default = null

validation {
condition = (
var.control_finding_generator != null ?
contains(["SECURITY_CONTROL", "STANDARDS_CONTROL"], var.control_finding_generator) :
true
)
error_message = "control_finding_generator must be one of: SECURITY_CONTROL, STANDARDS_CONTROL, null"
}
}

variable "enable_default_standards" {
Expand Down
11 changes: 10 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,16 @@ variable "auto_enable_controls" {
variable "control_finding_generator" {
description = "Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard."
type = string
default = "SECURITY_CONTROL"
default = null

validation {
condition = (
var.control_finding_generator != null ?
contains(["SECURITY_CONTROL", "STANDARDS_CONTROL"], var.control_finding_generator) :
true
)
error_message = "control_finding_generator must be one of: SECURITY_CONTROL, STANDARDS_CONTROL, null"
}
}

variable "enable_default_standards" {
Expand Down
Loading