Skip to content

infralicious/terraform-aws-securityhub-batchupdatefindings

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.terraform-docs.yml
.terraform-docs.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

terraform-aws-securityhub-batch-update-findings

This is handy when codifying suppressions using terraform and a map structure such as YAML.

Usage

Example of module usage

module "securityhub_batch_update_findings" {
  source  = "infralicious/securityhub-batchupdatefindings/aws"
  # It's recommended to pin every module to a specific version
  # version = "x.x.x"

  findings            = yamldecode(file("${path.module}/findings.yaml")).findings
  default_product_arn = "arn:aws:securityhub:us-east-1:ACCOUNTID:product/ACCOUNTID/default"
  default_workflow    = "SUPPRESSED"
  note_suffix         = "\n\nAdded using terraform"
}

Example of findings.yaml file

# findings.yaml
findings:
  # Every finding should have an adequate note for the suppression.
  # A single resource can have multiple findings.
  # We can codify the resource either in the note or in an inline comment.
  - id: "arn:aws:securityhub:us-east-1:ACCOUNTID:subscription/aws-foundational-security-best-practices/v/1.0.0/S3.11/finding/e4c171dc-12e6-433b-8a51-a382e8d24e37"
    product_arn: "arn:aws:securityhub:us-east-1:ACCOUNTID:product/ACCOUNTID/default"
    note:
      text: "INFOSEC-1234: Suppressed since public IP ingress is for data partner"
    workflow:
      status: "SUPPRESED"

Requirements

Name Version
terraform >= 1.1.0
null > 1

Providers

Name Version
null > 1

Resources

Name Type
null_resource.default resource

Inputs

Name Description Type Default Required
default_product_arn The default product ARN for each finding. This can be overridden using the key product_arn. string n/a yes
findings The list of findings to run the awscli command on. 
list(object({
    id = string
    note = object({
      text       = string
      updated_by = optional(string)
    })
    workflow = object({
      status = string
    })
    product_arn        = optional(string)
    verification_state = optional(string)
    confidence         = optional(number)
    criticality        = optional(number)
  }))
 n/a yes
awscli_additional_arguments n/a string "" no
awscli_command n/a string "aws" no
default_note_updated_by The default UpdatedBy for each finding for its note if a note is provided. This can be overridden using the key note_updatedby. string "terraform" no
default_workflow The default workflow for each finding. This can be overridden using the key workflow. string "SUPPRESSED" no
dryrun_enabled Whether or not to add an echo before the command to verify the commands prior to applying. bool false no
note_suffix Add a suffix to each note. string "" no

References

About

Terraform module to update AWS securityhub findings such as suppressions

Topics

aws security module terraform suppression terraform-module suppressions security-hub securityhub

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 8

v0.1.7 Latest
Jun 18, 2024
+ 7 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages