Skip to content

Commit

Permalink
chore: terraform-docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@spilliams
spilliams committed Oct 9, 2023
1 parent 457ba01 commit 9a83bca
Showing 1 changed file with 40 additions and 85 deletions.
125 changes: 40 additions & 85 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,104 +12,59 @@ Terraform module for configuring an integration with Lacework and AWS for cloud
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35.0, < 5.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35.0 |
| <a name="requirement_lacework"></a> [lacework](#requirement\_lacework) | ~> 1.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.6 |
| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.7 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35.0, < 5.0.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35.0 |
| <a name="provider_lacework"></a> [lacework](#provider\_lacework) | ~> 1.0 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2.1 |
| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.6 |
| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.7 |

## Inputs
## Modules

| Name | Description | Type | Default | Required |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ---------------- | :------: |
| iam_role_arn | The IAM role ARN is required when setting use_existing_iam_role to `true` | `string` | `""` | no |
| iam_role_external_id | The external ID configured inside the IAM role is required when setting use_existing_iam_role to `true` | `string` | `""` | no |
| iam_role_name | The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to `true` | `string` | `""` | no |
| lacework_aws_account_id | The Lacework AWS account that the IAM role will grant access | `string` | `"434813966438"` | no |
| lacework_integration_name | The name of the integration in Lacework | `string` | `"TF config"` | no |
| lacework_audit_policy_name | The name of the custom audit policy (which extends SecurityAudit) to allow Lacework to read configs. Defaults to `lwaudit-policy-${random_id.uniq.hex}` when empty | `string` | `""` | no |
| tags | A map/dictionary of Tags to be assigned to created resources | `map(string)` | `{}` | no |
| use_existing_iam_role | Set this to true to use an existing IAM role | `bool` | `false` | no |
| use_existing_iam_role_policy | Set this to `true` to use an existing policy on the IAM role | `bool` | `false` | no |
| wait_time | Amount of time to wait before the next resource is provisioned | `string` | `"10s"` | no |
| Name | Source | Version |
|------|--------|---------|
| <a name="module_lacework_cfg_iam_role"></a> [lacework\_cfg\_iam\_role](#module\_lacework\_cfg\_iam\_role) | lacework/iam-role/aws | ~> 0.4 |

## Outputs
## Resources

| Name | Description |
| ------------- | -------------------------------------------- |
| external_id | The External ID configured into the IAM role |
| iam_role_arn | The IAM Role ARN |
| iam_role_name | The IAM Role name |
| Name | Type |
|------|------|
| [aws_iam_policy.lacework_audit_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role_policy_attachment.lacework_audit_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.security_audit_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [lacework_integration_aws_cfg.default](https://registry.terraform.io/providers/lacework/lacework/latest/docs/resources/integration_aws_cfg) | resource |
| [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [time_sleep.wait_time](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [aws_iam_policy_document.lacework_audit_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

## Lacework Audit Policy
## Inputs

The Lacework audit policy extends the SecurityAudit policy to facilitate the reading of additional configuration resources.
The audit policy is comprised of the following permissions:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_external_id_length"></a> [external\_id\_length](#input\_external\_id\_length) | **Deprecated** - Will be removed on our next major release v1.0.0 | `number` | `16` | no |
| <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | The IAM role ARN is required when setting use\_existing\_iam\_role to `true` | `string` | `""` | no |
| <a name="input_iam_role_external_id"></a> [iam\_role\_external\_id](#input\_iam\_role\_external\_id) | The external ID configured inside the IAM role is required when setting use\_existing\_iam\_role to `true` | `string` | `""` | no |
| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | The IAM role name. Required to match with iam\_role\_arn if use\_existing\_iam\_role is set to `true` | `string` | `""` | no |
| <a name="input_lacework_audit_policy_name"></a> [lacework\_audit\_policy\_name](#input\_lacework\_audit\_policy\_name) | The name of the custom audit policy (which extends SecurityAudit) to allow Lacework to read configs. Defaults to lwaudit-policy-${random\_id.uniq.hex} when empty | `string` | `""` | no |
| <a name="input_lacework_aws_account_id"></a> [lacework\_aws\_account\_id](#input\_lacework\_aws\_account\_id) | The Lacework AWS account that the IAM role will grant access | `string` | `"434813966438"` | no |
| <a name="input_lacework_integration_name"></a> [lacework\_integration\_name](#input\_lacework\_integration\_name) | The name of the integration in Lacework | `string` | `"TF config"` | no |
| <a name="input_permission_boundary_arn"></a> [permission\_boundary\_arn](#input\_permission\_boundary\_arn) | Optional - ARN of the policy that is used to set the permissions boundary for the role. | `string` | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A map/dictionary of Tags to be assigned to created resources | `map(string)` | `{}` | no |
| <a name="input_use_existing_iam_role"></a> [use\_existing\_iam\_role](#input\_use\_existing\_iam\_role) | Set this to true to use an existing IAM role | `bool` | `false` | no |
| <a name="input_use_existing_iam_role_policy"></a> [use\_existing\_iam\_role\_policy](#input\_use\_existing\_iam\_role\_policy) | Set this to `true` to use an existing policy on the IAM role, rather than attaching a new one | `bool` | `false` | no |
| <a name="input_wait_time"></a> [wait\_time](#input\_wait\_time) | Amount of time to wait before the next resource is provisioned | `string` | `"10s"` | no |

## Outputs

| sid | actions | resources |
|----------------------------|---------------------------------------------------------|-----------|
| GetEbsEncryptionByDefault | ec2:GetEbsEncryptionByDefault | * |
| GetBucketPublicAccessBlock | s3:GetBucketPublicAccessBlock | * |
| EFS | elasticfilesystem:DescribeFileSystemPolicy | * |
| | elasticfilesystem:DescribeLifecycleConfiguration | |
| | elasticfilesystem:DescribeAccessPoints | |
| | elasticfilesystem:DescribeAccountPreferences | |
| | elasticfilesystem:DescribeBackupPolicy | |
| | elasticfilesystem:DescribeReplicationConfigurations | |
| EMR | elasticmapreduce:ListBootstrapActions | * |
| | elasticmapreduce:ListInstanceFleets | |
| | elasticmapreduce:ListInstanceGroups | |
| SAGEMAKER | sagemaker:GetModelPackageGroupPolicy | * |
| | sagemaker:GetLineageGroupPolicy | |
| IDENTITYSTORE | identitystore:DescribeGroup | * |
| | identitystore:DescribeGroupMembership | |
| | identitystore:DescribeUser | |
| | identitystore:ListGroupMemberships | |
| | identitystore:ListGroupMembershipsForMember | |
| | identitystore:ListGroups | |
| | identitystore:ListUsers | |
| SSO | sso:DescribeAccountAssignmentDeletionStatus | * |
| | sso:DescribeInstanceAccessControlAttributeConfiguration | |
| | sso:GetInlinePolicyForPermissionSet | |
| APIGATEWAY | apigateway:GetApiKeys | * |
| | apigateway:GetAuthorizers | |
| | apigateway:GetBasePathMappings | |
| | apigateway:GetClientCertificates | |
| | apigateway:GetDeployments | |
| | apigateway:GetDocumentationParts | |
| | apigateway:GetDocumentationVersions | |
| | apigateway:GetDomainNames | |
| | apigateway:GetGatewayResponses | |
| | apigateway:GetModels | |
| | apigateway:GetModelTemplate | |
| | apigateway:GetRequestValidators | |
| | apigateway:GetResources | |
| | apigateway:GetRestApis | |
| | apigateway:GetSdk | |
| | apigateway:GetSdkTypes | |
| | apigateway:GetStages | |
| | apigateway:GetTags | |
| | apigateway:GetUsagePlanKeys | |
| | apigateway:GetUsagePlans | |
| | apigateway:GetVpcLinks | |
| APIGATEWAYV2 | apigatewayv2:GetApis | * |
| | apigatewayv2:GetApiMappings | |
| | apigatewayv2:GetAuthorizers | |
| | apigatewayv2:GetDeployments | |
| | apigatewayv2:GetDomainNames | |
| | apigatewayv2:GetIntegrations | |
| | apigatewayv2:GetIntegrationResponses | |
| | apigatewayv2:GetModelTemplate | |
| | apigatewayv2:GetModels | |
| | apigatewayv2:GetRoute | |
| | apigatewayv2:GetRouteResponses | |
| | apigatewayv2:GetStages | |
| | apigatewayv2:GetVpcLinks | |
| Name | Description |
|------|-------------|
| <a name="output_external_id"></a> [external\_id](#output\_external\_id) | The External ID configured into the IAM role |
| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | The IAM Role ARN |
| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | The IAM Role name |

0 comments on commit 9a83bca

Please sign in to comment.