chore: cleanup

.gitignore

@@ -63,4 +63,4 @@ terraform.rc
 
 # Support for Project snippet scope
 
-# End of https://www.toptal.com/developers/gitignore/api/terraform,visualstudiocode
+# End of https://www.toptal.com/developers/gitignore/api/terraform,visualstudiocode

README.md

@@ -1 +1,54 @@
-# terraform-aws-guardduty
+# Terraform AWS GuardDuty Module
+
+## Usage
+See usage at `examples/simple`
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.00 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.00 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_eventbridge_mail"></a> [eventbridge\_mail](#module\_eventbridge\_mail) | oozou/eventbridge/aws | 1.0.1 |
+| <a name="module_sns_email"></a> [sns\_email](#module\_sns\_email) | oozou/sns/aws | 1.0.1 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_guardduty_detector.guardduty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector) | resource |
+| [aws_iam_policy_document.cwe](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment Variable used as a prefix | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | Name of the ECS cluster and s3 also redis to create | `string` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix name of customer to be displayed in AWS console and resource | `string` | n/a | yes |
+| <a name="input_custom_tags"></a> [custom\_tags](#input\_custom\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | `map(any)` | `{}` | no |
+| <a name="input_finding_publishing_frequency"></a> [finding\_publishing\_frequency](#input\_finding\_publishing\_frequency) | Specifies the frequency of notifications sent for subsequent finding occurrences. <br>If the detector is a GuardDuty member account, the value is determined by the GuardDuty <br>primary account and cannot be modified, otherwise defaults to SIX\_HOURS. For standalone <br>and GuardDuty primary accounts, it must be configured in Terraform to enable drift detection. <br>Valid values for standalone and primary accounts: FIFTEEN\_MINUTES, ONE\_HOUR, SIX\_HOURS. <br>See AWS Documentation for more information., see:<br>https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency | `string` | `null` | no |
+| <a name="input_is_enabled_notification"></a> [is\_enabled\_notification](#input\_is\_enabled\_notification) | n/a | <pre>object({<br>    email_notify = object({<br>      enable                                = bool<br>      mail_list                             = list(string)<br>      is_enabled_low_severity_notification  = bool<br>      is_enabled_med_severity_notification  = bool<br>      is_enabled_high_severity_notification = bool<br>    })<br>  })</pre> | <pre>{<br>  "email_notify": {<br>    "enable": false,<br>    "is_enabled_high_severity_notification": true,<br>    "is_enabled_low_severity_notification": false,<br>    "is_enabled_med_severity_notification": false,<br>    "mail_list": []<br>  }<br>}</pre> | no |
+| <a name="input_is_kubernetes_protection_enabled"></a> [is\_kubernetes\_protection\_enabled](#input\_is\_kubernetes\_protection\_enabled) | n/a | `bool` | `true` | no |
+| <a name="input_is_malware_protection_enabled"></a> [is\_malware\_protection\_enabled](#input\_is\_malware\_protection\_enabled) | n/a | `bool` | `false` | no |
+| <a name="input_is_s3_protection_enabled"></a> [is\_s3\_protection\_enabled](#input\_is\_s3\_protection\_enabled) | Enables Amazon GuardDuty to monitor object-level API operations to identify potential security risks for data within your S3 buckets.<br>, see:<br>https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector | `bool` | `false` | no |
+| <a name="input_retry_policy"></a> [retry\_policy](#input\_retry\_policy) | n/a | <pre>object({<br>    maximum_retry_attempts       = number<br>    maximum_event_age_in_seconds = number<br>  })</pre> | <pre>{<br>  "maximum_event_age_in_seconds": 3600,<br>  "maximum_retry_attempts": 100<br>}</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_guardduty_detector"></a> [guardduty\_detector](#output\_guardduty\_detector) | GuardDuty detector |
+<!-- END_TF_DOCS -->

SECURITY.md

@@ -20,4 +20,4 @@ Your can also report the vulnerabilities by emailing to Oozou DevOps team at:
 [email protected]
 ```
 
-We will acknowledge your email within 72 hours on workday, and will send a more details response within 5 days. After the initial email start, we will investigate the security issue snd fix it as soon as possible.
+We will acknowledge your email within 72 hours on workday, and will send a more details response within 5 days. After the initial email start, we will investigate the security issue snd fix it as soon as possible.

examples/simple/README.md

@@ -0,0 +1,31 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_gaurdduty_sandbox"></a> [gaurdduty\_sandbox](#module\_gaurdduty\_sandbox) | ../terraform-aws-guardduty | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_environment"></a> [environment](#input\_environment) | [Required] Name prefix used for resource naming in this component | `string` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | [Required] Name prefix used for resource naming in this component | `string` | n/a | yes |
+| <a name="input_custom_tags"></a> [custom\_tags](#input\_custom\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys. | `map(string)` | `{}` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/simple/main.tf

@@ -1,24 +1,24 @@
 module "gaurdduty_sandbox" {
   source = "../terraform-aws-guardduty"
 
-  prefix      = "ms"
+  prefix      = var.prefix
   name        = "pass"
-  environment = "dev"
+  environment = var.environment
 
-  finding_publishing_frequency = "ONE_HOUR"
-  is_malware_protection_enabled = false
+  finding_publishing_frequency     = "ONE_HOUR"
+  is_malware_protection_enabled    = false
   is_kubernetes_protection_enabled = false
 
   # if the mail list not confirm, it won't be deleted by the terraform
   is_enabled_notification = {
     email_notify = {
-      enable    = false
-      mail_list     = ["[email protected]"]
-      is_enabled_low_severity_notification = true
+      enable                                = false
+      mail_list                             = ["[email protected]"]
+      is_enabled_low_severity_notification  = true
       is_enabled_med_severity_notification  = true
       is_enabled_high_severity_notification = true
     }
   }
 
-  custom_tags = { workspace = "ms-local-test"}
-}
+  custom_tags = var.custom_tags
+}

examples/simple/provider.tf

@@ -1,3 +1,3 @@
 provider "aws" {
   region = "ap-southeast-1"
-}
+}

examples/simple/variables.tf

@@ -0,0 +1,15 @@
+variable "prefix" {
+  description = "[Required] Name prefix used for resource naming in this component"
+  type        = string
+}
+
+variable "environment" {
+  description = "[Required] Name prefix used for resource naming in this component"
+  type        = string
+}
+
+variable "custom_tags" {
+  description = "Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys."
+  type        = map(string)
+  default     = {}
+}

iam.tf

@@ -17,4 +17,4 @@ data "aws_iam_policy_document" "cwe" {
     ]
 
   }
-}
+}

locals.tf

@@ -1,11 +1,11 @@
 locals {
-    tags = merge(
+  tags = merge(
     {
       "Environment" = var.environment,
       "Terraform"   = "true"
     },
     var.custom_tags
-  )  
+  )
 }
 
 /* -------------------------------------------------------------------------- */
@@ -57,12 +57,12 @@ locals {
   input_transformer = {
     input_paths = {
       severity     = "$.detail.severity",
-      Finding_ID = "$.detail.id",
+      Finding_ID   = "$.detail.id",
       Finding_Type = "$.detail.type",
-      count = "$.detail.service.count",
-      region = "$.region"
+      count        = "$.detail.service.count",
+      region       = "$.region"
     }
-    input_template ="\"You have a severity <severity> GuardDuty finding type <Finding_Type>. The total occurrence is <count>. For more details open the GuardDuty console at https://console.aws.amazon.com/guardduty/home?region=<region>#/findings?search=id%3D<Finding_ID>\""
+    input_template = "\"You have a severity <severity> GuardDuty finding type <Finding_Type>. The total occurrence is <count>. For more details open the GuardDuty console at https://console.aws.amazon.com/guardduty/home?region=<region>#/findings?search=id%3D<Finding_ID>\""
   }
 }
 
@@ -71,4 +71,4 @@ locals {
 /* -------------------------------------------------------------------------- */
 locals {
   raise_mail_is_empty_with_enable_mail_notification = var.is_enabled_notification.email_notify.enable && length(var.is_enabled_notification.email_notify.mail_list) == 0 ? file("Mail list is empty, Please input at lease 1 address.") : "pass"
-}
+}

main.tf

@@ -14,7 +14,7 @@ resource "aws_guardduty_detector" "guardduty" {
         }
       }
     }
-    
+
     kubernetes {
       audit_logs {
         enable = var.is_kubernetes_protection_enabled
@@ -23,22 +23,23 @@ resource "aws_guardduty_detector" "guardduty" {
 
 
   }
-  
+
 
   tags = local.tags
 }
 
 module "sns_email" {
-  source = "[email protected]:oozou/terraform-aws-sns.git?ref=v1.0.1"
+  source  = "oozou/sns/aws"
+  version = "1.0.1"
 
   prefix       = var.prefix
   environment  = var.environment
   name         = format("%s-gd", var.name)
   display_name = format("%s-GuardDuty", var.name)
 
   # KMS
-  is_enable_encryption = true
-  is_create_kms        = true
+  is_enable_encryption        = true
+  is_create_kms               = true
   additional_kms_key_policies = [data.aws_iam_policy_document.cwe.json]
 
   subscription_configurations = {
@@ -59,7 +60,8 @@ module "sns_email" {
 
 
 module "eventbridge_mail" {
-  source = "[email protected]:oozou/terraform-aws-eventbridge.git?ref=v1.0.1"
+  source  = "oozou/eventbridge/aws"
+  version = "1.0.1"
 
   prefix            = var.prefix
   environment       = var.environment
@@ -70,10 +72,10 @@ module "eventbridge_mail" {
   cloudwatch_event_rule_is_enabled = var.is_enabled_notification.email_notify.enable
 
   input_transformer = local.input_transformer
-  event_pattern = local.event_pattern
+  event_pattern     = local.event_pattern
 
   cloudwatch_event_target_arn = module.sns_email.sns_topic_arn
-  retry_policy = var.retry_policy
+  retry_policy                = var.retry_policy
 
   tags = local.tags
-}
+}

outputs.tf

@@ -0,0 +1,4 @@
+output "guardduty_detector" {
+  description = "GuardDuty detector"
+  value       = aws_guardduty_detector.guardduty
+}

variables.tf

@@ -52,14 +52,14 @@ variable "is_s3_protection_enabled" {
 
 variable "is_malware_protection_enabled" {
   description = ""
-  type = bool
-  default = false
+  type        = bool
+  default     = false
 }
 
 variable "is_kubernetes_protection_enabled" {
   description = ""
-  type = bool
-  default = true
+  type        = bool
+  default     = true
 }
 
 /* -------------------------------------------------------------------------- */
@@ -97,4 +97,4 @@ variable "is_enabled_notification" {
     }
   }
 
-}
+}

version.tf

@@ -9,4 +9,4 @@ terraform {
       version = ">= 4.00"
     }
   }
-}
+}