Skip to content

Commit

Permalink
Enable PagerDuty/Slack alerts for Security Hub findings
Browse files Browse the repository at this point in the history
  • Loading branch information
richgreen-moj committed Oct 22, 2024
1 parent 3bc329d commit e25a823
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 0 deletions.
16 changes: 16 additions & 0 deletions modules/securityhub/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -218,4 +218,20 @@ data "aws_iam_policy_document" "sns_kms" {
identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
}
}
}

# Setup PagerDuty Alerting in all enabled regions
module "pagerduty_alerts_securityhub" {
count = (local.account_data.account-type != "member-unrestricted") ? 1 : 0
depends_on = [
aws_sns_topic.sechub_findings_sns_topic
]
source = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4" # v2.0.0
sns_topics = [aws_sns_topic.sechub_findings_sns_topic.name]
pagerduty_integration_key = var.pagerduty_integration_key
}

locals {
account_name = try(regex("^bichard*.|^remote-supervisio*.", terraform.workspace), replace(terraform.workspace, regex("-[^-]*$", terraform.workspace), ""))
account_data = jsondecode(file("../../../../environments/${local.account_name}.json"))
}
6 changes: 6 additions & 0 deletions modules/securityhub/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,10 @@ variable "sechub_sns_kms_key_name" {
description = "SecurityHub SNS Topic KMS key name"
default = "alias/sns-kms-key"
type = string
}

variable "pagerduty_integration_key" {
default = ""
description = "A PagerDuty integration key to pass into a PagerDuty integration"
type = string
}
6 changes: 6 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -65,4 +65,10 @@ variable "enabled_imdsv2_regions" {
variable "reduced_preprod_backup_retention" {
description = "AWS Backup variable, if true, pre prod only retains 7 days of backups"
type = bool
}

variable "pagerduty_integration_key" {
default = ""
description = "A PagerDuty integration key to pass into a PagerDuty integration"
type = string
}

0 comments on commit e25a823

Please sign in to comment.