Minor: Merge pull request #15 from cloudmitigator/region-refactor

Multiregion refactor
reflexivesecurity · May 17, 2020 · 0ea484c · 0ea484c
2 parents 820984c + 00e26ca
commit 0ea484c
Show file tree

Hide file tree

Showing 7 changed files with 80 additions and 53 deletions.
diff --git a/.github/workflows/update_terraform.yaml b/.github/workflows/update_terraform.yaml
@@ -11,4 +11,7 @@ jobs:
  - name: update terraform dependencies
  uses: patrickjahns/dependabot-terraform-action@v1
  with:
+ directory: |
+ 'terraform/cwe/'
+ 'terraform/sqs_lambda/'
  github_dependency_token: ${{ secrets.DEPENDENCY_GITHUB_TOKEN }}
diff --git a/reflex_aws_rds_deletion_protection_disabled.tf b/reflex_aws_rds_deletion_protection_disabled.tf
diff --git a/terraform/cwe/main.tf b/terraform/cwe/main.tf
@@ -0,0 +1,26 @@
+module "cwe" {
+ source = "git::https://github.com/cloudmitigator/reflex-engine.git//modules/cwe?ref=v0.6.0"
+ name = "RdsDeletionProtectionDisabled"
+ description = "Rule to detect if deletion protection is disabled for RDS Instance."
+
+ event_pattern = <<PATTERN
+{
+ "source": [
+ "aws.rds"
+ ],
+ "detail-type": [
+ "AWS API Call via CloudTrail"
+ ],
+ "detail": {
+ "eventSource": [
+ "rds.amazonaws.com"
+ ],
+ "eventName": [
+ "ModifyDBInstance"
+ ]
+ }
+}
+
+PATTERN
+
+}
diff --git a/terraform/cwe/output.tf b/terraform/cwe/output.tf
@@ -0,0 +1,9 @@
+output "id" {
+ description = "Event Rule ID"
+ value = module.cwe.id
+}
+
+output "arn" {
+ description = "Event Rule Arn"
+ value = module.cwe.arn
+}
diff --git a/terraform/sqs_lambda/sqs_lambda.tf b/terraform/sqs_lambda/sqs_lambda.tf
@@ -0,0 +1,23 @@
+module "sqs_lambda" {
+ source = "git::https://github.com/cloudmitigator/reflex-engine.git//modules/sqs_lambda?ref=v0.6.0"
+
+ cloudwatch_event_rule_id = var.cloudwatch_event_rule_id
+ cloudwatch_event_rule_arn = var.cloudwatch_event_rule_arn
+ function_name = "RdsDeletionProtectionDisabled"
+ source_code_dir = "${path.module}/../../source"
+ handler = "reflex_aws_rds_deletion_protection_disabled.lambda_handler"
+ lambda_runtime = "python3.7"
+ environment_variable_map = {
+ SNS_TOPIC = var.sns_topic_arn,
+
+ }
+
+
+ queue_name = "RdsDeletionProtectionDisabled"
+ delay_seconds = 0
+
+ target_id = "RdsDeletionProtectionDisabled"
+
+ sns_topic_arn = var.sns_topic_arn
+ sqs_kms_key_id = var.reflex_kms_key_id
+}
diff --git a/terraform/sqs_lambda/variables.tf b/terraform/sqs_lambda/variables.tf
@@ -0,0 +1,19 @@
+variable "sns_topic_arn" {
+ description = "SNS topic arn of central or local sns topic"
+ type = string
+}
+
+variable "reflex_kms_key_id" {
+ description = "KMS Key Id for common reflex usage."
+ type = string
+}
+
+variable "cloudwatch_event_rule_id" {
+ description = "Easy name of CWE"
+ type = string
+}
+
+variable "cloudwatch_event_rule_arn" {
+ description = "Full arn of CWE"
+ type = string
+}
diff --git a/variables.tf b/variables.tf