Skip to content

Commit

Permalink
Merge pull request #43 from trussworks/feat/alarm_prefix_ng
Browse files Browse the repository at this point in the history
feat/alarm prefix ng
  • Loading branch information
rpdelaney authored Feb 24, 2023
2 parents 9724360 + 1fc5f1f commit 85f2105
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 14 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| alarm\_namespace | Namespace for generated Cloudwatch alarms | `string` | `"CISBenchmark"` | no |
| alarm\_prefix | Prefix for the alarm name | `string` | `""` | no |
| alarm\_sns\_topic\_arn | SNS topic ARN for generated alarms | `string` | n/a | yes |
| aws\_config\_changes | Toggle AWS Config changes alarm | `bool` | `true` | no |
| cloudtrail\_cfg\_changes | Toggle Cloudtrail config changes alarm | `bool` | `true` | no |
Expand Down
29 changes: 15 additions & 14 deletions main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
locals {
resource_tags = merge(var.tags, { "Automation" = "Terraform" })
alarm_prefix = var.alarm_prefix != "" ? "${var.alarm_prefix}-" : ""
}

resource "aws_cloudwatch_log_metric_filter" "unauthorized_api_calls" {
Expand All @@ -19,7 +20,7 @@ resource "aws_cloudwatch_log_metric_filter" "unauthorized_api_calls" {
resource "aws_cloudwatch_metric_alarm" "unauthorized_api_calls" {
count = var.unauthorized_api_calls ? 1 : 0

alarm_name = "UnauthorizedAPICalls"
alarm_name = "${local.alarm_prefix}UnauthorizedAPICalls"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.unauthorized_api_calls[0].id
Expand Down Expand Up @@ -66,7 +67,7 @@ resource "aws_cloudwatch_log_metric_filter" "no_mfa_console_signin_no_assumed_ro
resource "aws_cloudwatch_metric_alarm" "no_mfa_console_signin" {
count = var.no_mfa_console_login ? 1 : 0

alarm_name = "NoMFAConsoleSignin"
alarm_name = "${local.alarm_prefix}NoMFAConsoleSignin"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = var.disable_assumed_role_login_alerts ? aws_cloudwatch_log_metric_filter.no_mfa_console_signin_no_assumed_role[0].id : aws_cloudwatch_log_metric_filter.no_mfa_console_signin_assumed_role[0].id
Expand Down Expand Up @@ -99,7 +100,7 @@ resource "aws_cloudwatch_log_metric_filter" "root_usage" {
resource "aws_cloudwatch_metric_alarm" "root_usage" {
count = var.root_usage ? 1 : 0

alarm_name = "RootUsage"
alarm_name = "${local.alarm_prefix}RootUsage"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.root_usage[0].id
Expand Down Expand Up @@ -132,7 +133,7 @@ resource "aws_cloudwatch_log_metric_filter" "iam_changes" {
resource "aws_cloudwatch_metric_alarm" "iam_changes" {
count = var.iam_changes ? 1 : 0

alarm_name = "IAMChanges"
alarm_name = "${local.alarm_prefix}IAMChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.iam_changes[0].id
Expand Down Expand Up @@ -165,7 +166,7 @@ resource "aws_cloudwatch_log_metric_filter" "cloudtrail_cfg_changes" {
resource "aws_cloudwatch_metric_alarm" "cloudtrail_cfg_changes" {
count = var.cloudtrail_cfg_changes ? 1 : 0

alarm_name = "CloudTrailCfgChanges"
alarm_name = "${local.alarm_prefix}CloudTrailCfgChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.cloudtrail_cfg_changes[0].id
Expand Down Expand Up @@ -198,7 +199,7 @@ resource "aws_cloudwatch_log_metric_filter" "console_signin_failures" {
resource "aws_cloudwatch_metric_alarm" "console_signin_failures" {
count = var.console_signin_failures ? 1 : 0

alarm_name = "ConsoleSigninFailures"
alarm_name = "${local.alarm_prefix}ConsoleSigninFailures"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.console_signin_failures[0].id
Expand Down Expand Up @@ -231,7 +232,7 @@ resource "aws_cloudwatch_log_metric_filter" "disable_or_delete_cmk" {
resource "aws_cloudwatch_metric_alarm" "disable_or_delete_cmk" {
count = var.disable_or_delete_cmk ? 1 : 0

alarm_name = "DisableOrDeleteCMK"
alarm_name = "${local.alarm_prefix}DisableOrDeleteCMK"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.disable_or_delete_cmk[0].id
Expand Down Expand Up @@ -264,7 +265,7 @@ resource "aws_cloudwatch_log_metric_filter" "s3_bucket_policy_changes" {
resource "aws_cloudwatch_metric_alarm" "s3_bucket_policy_changes" {
count = var.s3_bucket_policy_changes ? 1 : 0

alarm_name = "S3BucketPolicyChanges"
alarm_name = "${local.alarm_prefix}S3BucketPolicyChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.s3_bucket_policy_changes[0].id
Expand Down Expand Up @@ -297,7 +298,7 @@ resource "aws_cloudwatch_log_metric_filter" "aws_config_changes" {
resource "aws_cloudwatch_metric_alarm" "aws_config_changes" {
count = var.aws_config_changes ? 1 : 0

alarm_name = "AWSConfigChanges"
alarm_name = "${local.alarm_prefix}AWSConfigChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.aws_config_changes[0].id
Expand Down Expand Up @@ -330,7 +331,7 @@ resource "aws_cloudwatch_log_metric_filter" "security_group_changes" {
resource "aws_cloudwatch_metric_alarm" "security_group_changes" {
count = var.security_group_changes ? 1 : 0

alarm_name = "SecurityGroupChanges"
alarm_name = "${local.alarm_prefix}SecurityGroupChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.security_group_changes[0].id
Expand Down Expand Up @@ -363,7 +364,7 @@ resource "aws_cloudwatch_log_metric_filter" "nacl_changes" {
resource "aws_cloudwatch_metric_alarm" "nacl_changes" {
count = var.nacl_changes ? 1 : 0

alarm_name = "NACLChanges"
alarm_name = "${local.alarm_prefix}NACLChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.nacl_changes[0].id
Expand Down Expand Up @@ -396,7 +397,7 @@ resource "aws_cloudwatch_log_metric_filter" "network_gw_changes" {
resource "aws_cloudwatch_metric_alarm" "network_gw_changes" {
count = var.network_gw_changes ? 1 : 0

alarm_name = "NetworkGWChanges"
alarm_name = "${local.alarm_prefix}NetworkGWChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.network_gw_changes[0].id
Expand Down Expand Up @@ -429,7 +430,7 @@ resource "aws_cloudwatch_log_metric_filter" "route_table_changes" {
resource "aws_cloudwatch_metric_alarm" "route_table_changes" {
count = var.route_table_changes ? 1 : 0

alarm_name = "RouteTableChanges"
alarm_name = "${local.alarm_prefix}RouteTableChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.route_table_changes[0].id
Expand Down Expand Up @@ -462,7 +463,7 @@ resource "aws_cloudwatch_log_metric_filter" "vpc_changes" {
resource "aws_cloudwatch_metric_alarm" "vpc_changes" {
count = var.vpc_changes ? 1 : 0

alarm_name = "VPCChanges"
alarm_name = "${local.alarm_prefix}VPCChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.vpc_changes[0].id
Expand Down
6 changes: 6 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@ variable "alarm_namespace" {
default = "CISBenchmark"
}

variable "alarm_prefix" {
description = "Prefix for the alarm name"
type = string
default = ""
}

variable "alarm_sns_topic_arn" {
description = "SNS topic ARN for generated alarms"
type = string
Expand Down

0 comments on commit 85f2105

Please sign in to comment.