dmarc-import-tf-module contains the Terraform configuration files to
build the AWS infrastructure used for parsing DMARC aggregate reports.
This repository goes along with
dmarc-import, which
contains the actual source code for ingesting, parsing, and saving the
DMARC aggregate reports.
Here is a Cloudcraft.co diagram of the basic
infrastructure created by these Terraform files:
module "dmarc_import" {
source = "github.com/cisagov/dmarc-import-tf-module"
providers = {
aws = aws.dnsprovisionaccount
}
aws_region = var.aws_region
elasticsearch_domain_name = var.elasticsearch_domain_name
elasticsearch_index = var.elasticsearch_index
elasticsearch_type = var.elasticsearch_type
emails = var.emails
lambda_function_name = var.lambda_function_name
lambda_function_zip_file = var.lambda_function_zip_file
permanent_bucket_name = var.permanent_bucket_name
queue_name = var.queue_name
rule_set_name = var.rule_set_name
temporary_bucket_name = var.temporary_bucket_name
}No examples.
| Name | Version |
|---|---|
| terraform | >= 1.1 |
| aws | >= 4.9 |
| Name | Version |
|---|---|
| aws | >= 4.9 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_region | The AWS region to deploy into (e.g. us-east-1). | string |
"us-east-1" |
no |
| cognito_authenticated_role_name | The name of the IAM role that grants authenticated access to the Elasticsearch database. | string |
"dmarc-import-authenticated" |
no |
| cognito_identity_pool_name | The name of the Cognito identity pool to use for access to the Elasticsearch database. | string |
"dmarc-import" |
no |
| cognito_user_pool_client_name | The name of the Cognito user pool client to use for access to the Elasticsearch database. | string |
"dmarc-import" |
no |
| cognito_user_pool_domain | The domain to use for the Cognito endpoint. For custom domains, this is the fully-qualified domain name, such as auth.example.com. For Amazon Cognito prefix domains, this is the prefix alone, such as auth. | string |
"dmarc-import" |
no |
| cognito_user_pool_name | The name of the Cognito user pool to use for access to the Elasticsearch database. | string |
"dmarc-import" |
no |
| cognito_usernames | A map whose keys are the usernames of each Cognito user and whose values are a map containing supported user attributes. The only currently-supported attribute is "email" (string). Example: { "firstname1.lastname1" = { "email" = "firstname1.lastname1@foo.gov" }, "firstname2.lastname2" = { "email" = "firstname2.lastname2@foo.gov" } } |
map(object({ email = string })) |
{} |
no |
| elasticsearch_domain_name | The domain name of the Elasticsearch instance. | string |
n/a | yes |
| elasticsearch_index | The Elasticsearch index to which to write DMARC aggregate report data. | string |
n/a | yes |
| elasticsearch_type | The Elasticsearch type corresponding to a DMARC aggregate report. | string |
n/a | yes |
| emails | A list of the email addresses at which DMARC aggregate reports are being received. | list(string) |
n/a | yes |
| lambda_function_name | The name to use for the Lambda function. | string |
n/a | yes |
| lambda_function_zip_file | The location of the zip file for the Lambda function. | string |
n/a | yes |
| opensearch_service_role_for_auth_name | The name of the IAM role that gives Amazon OpenSearch Service permissions to configure the Amazon Cognito user and identity pools and use them for OpenSearch Dashboards/Kibana authentication. | string |
"opensearch-service-cognito-access" |
no |
| permanent_bucket_name | The name of the S3 bucket where the DMARC aggregate report emails are stored permanently. | string |
n/a | yes |
| queue_name | The name of the SQS queue where events will be sent as DMARC aggregate reports are received. | string |
n/a | yes |
| rule_set_name | The name of the SES rule set that processes DMARC aggregate reports. | string |
n/a | yes |
| temporary_bucket_name | The name of the S3 bucket where the DMARC aggregate report emails are stored temporarily (until processed). | string |
n/a | yes |
| Name | Description |
|---|---|
| elasticsearch_domain | The Elasticsearch domain. |
Running pre-commit requires running terraform init in every directory that
contains Terraform code. In this repository, this is just the main directory.
We welcome contributions! Please see CONTRIBUTING.md for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.