Config monitors your AWS resources (such as EC2 instances, security groups, EBS volumes, CloudFront Distributions, and a whole lot more) for configuration changes. It tracks these changes over time, and can track whether configurations are in compliance with a standard configuration. If the configuration drifts out of compliance, Config can send a notification. You can view and query Config items in the AWS Config console.
What are Config Rules?
Config rules are expressions of a desired configuration state, written in code and executed as Lambda functions. When a resource configuration changes, AWS Config fires the relevant Lambda functions to evaluate whether the configuration changes the state of compliance with the desired configuration. AWS has developed a set of pre-written rules called AWS Config Managed Rules, but you can also author your own custom rules.
This module enables AWS Config but does not manage or enable any Config Rules.
What resources does this module create?
This module creates the requisite elements to enable AWS Config in a given region. The steps include:
Create an S3 Bucket and an SNS Topic to be used by AWS Config to deliver configuration
snapshots and
streams.
Enable the configuration recorder.
To implement these steps, this module creates the following resources:
aws_s3_bucket: An S3 bucket used by AWS Config to store configuration items.
aws_sns_topic: An SNS topic for notifications from AWS Config.
aws_iam_role: An IAM role allowing the Config service to access the supported resources as well as to put S3 objects in the aforementioned bucket and publish notifications to the SNS topic.
aws_config_configuration_recorder: A configuration recorder that records resource configurations.
aws_config_delivery_channel: A delivery channel with the previously noted S3 bucket and SNS destinations.
aws_config_configuration_recorder_status: A resource to enable the configuration recorder.
Note: AWS Config must be enabled on a per-region basis. For a complete view of your AWS resources, use this module
within each region that is enabled in your account.
Day-to-day operations
What does a configuration item look like, and how do I view it?
A configuration item is a JSON-encoded description of configuration change to a resource. Configuration items are delivered by AWS Config each time a resource is created, modified, or deleted. The following snippet is an example of a configuration item (edited for brevity):
The example shows crucial information about how the configuration of a security group has changed. It shows the previous ingress rule configuration, new ingress rule configuration, and the relationship of the security group to other AWS resources, along with some metadata and resource attributes.
How does Config work with multiple AWS accounts and multiple regions?
AWS Config must be enabled on a per-region basis. Once enabled, multiple regions (and accounts) can be combined using the data aggregation features. Multi-account/region Config works both with several individual accounts and with AWS Organizations.
This module enables Config for a single region. To enable Config across multiple regions, call this module once for each desired region. This is considerably easier to accomplish with terragrunt.
For example, if you wish to aggregate regions us-east-1 and eu-west-3 from account 012345678901 to region eu-west-1 in account 123456789012, you would first run terraform apply on account 123456789012 using the following Terraform code:
provider "aws" {
region = "eu-west-1"
}
resource "aws_config_configuration_aggregator""destination_account" {
name = "AggregationExample"
account_aggregation_source {
account_ids = ["012345678901"]
regions = ["us-east-1", "eu-west-3"]
}
}
Then you would run terraform apply on account 012345678901 using this Terraform code:
resource"aws_config_aggregate_authorization""source_account" {
account_id = "123456789012"
region = "eu-west-1"
}
Once authorized, the resources from the source regions will begin to appear in the AWS Config console at the destination.
How can I be alerted by AWS Config when the configuration of a resource changes?
Configuration items (e.g. changes in configuration) are sent to the SNS topic associated with the config recorder. You can subscribe to the SNS topic using the technique of your choice.
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"30bfaa039bf698a640461a3993ccc21b452ccc5d"}]},{"name":".editorconfig","path":".editorconfig","sha":"a5eec1063e66c4cb953cba222dd50b4d314ef3e2"},{"name":".gitignore","path":".gitignore","sha":"981300184e4c7fd06f5076e1b63240ff17127c4a"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"c82ec90fb502dc05e64f92ece2c49ff0a9c3cf55"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"2fa6943dc66863a9f854a55374ed6b89f1dab998"},{"name":"_ci","children":[{"name":"output-debug-values.sh","path":"_ci/output-debug-values.sh","sha":"0ced78063218d2027a2af91368ccb2da3f9762d5"}]},{"name":"_docs","children":[{"name":"auto-update.png","path":"_docs/auto-update.png","sha":"77bfd1c65de0245ac8b3c67d5b0b64fc440824bf"},{"name":"aws-cloudtrail-architecture.png","path":"_docs/aws-cloudtrail-architecture.png","sha":"a2dd9a08b8ed77744fd5febab3be7bdf633dee79"},{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"acc7dcaf4b46ce3cef1bcc20be0329e12c320e7f"},{"name":"aws-config-architecture.png","path":"_docs/aws-config-architecture.png","sha":"721458048d5e539468c438498863a91fa96e0a85"},{"name":"aws-config-rules-architecture.png","path":"_docs/aws-config-rules-architecture.png","sha":"29fe3f20358b176e385d1bcdc0357bff2c1d5b4a"},{"name":"aws-config-rules.png","path":"_docs/aws-config-rules.png","sha":"ac3f7b35bcac949887e62aee260d9cb70edd3ae8"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"02f4b326aef57372def4f3fafa4f0e4cec07e395"},{"name":"aws-guardduty.png","path":"_docs/aws-guardduty.png","sha":"053b92412fb8e3fb5740acc404b493fe1dd7229b"},{"name":"aws-organizations-architecture.png","path":"_docs/aws-organizations-architecture.png","sha":"bd57412fe85d3fe8d5e358db5e3b7bfef3e786a9"},{"name":"aws-organizations-icon.png","path":"_docs/aws-organizations-icon.png","sha":"b2b3fa04f51a23e5bae1b3389ffedf5e17b3cef2"},{"name":"multiaccount_guardduty.png","path":"_docs/multiaccount_guardduty.png","sha":"c56b50bbb4c2a041366b430cada27b88aa02524b"},{"name":"ssh-grunt-architecture.png","path":"_docs/ssh-grunt-architecture.png","sha":"9ced8c68bcc7957e50aa016cad6c5b043a05b470"},{"name":"terminal-icon.png","path":"_docs/terminal-icon.png","sha":"df09d52d5b1176d7e231bab6c7712c3728e45c1b"}]},{"name":"examples","children":[{"name":"auto-update","children":[{"name":"README.md","path":"examples/auto-update/README.md","sha":"d7c630c4585bad7869d55bc6c62fca248eeb521a"},{"name":"auto-update-example.json","path":"examples/auto-update/auto-update-example.json","sha":"cafac0a781f8c675338226eee4b2413f5a4e88c1"}]},{"name":"aws-config","children":[{"name":"README.md","path":"examples/aws-config/README.md","sha":"becfeb3fe2afee81cad4476fd1300a5f26566e7e"},{"name":"main.tf","path":"examples/aws-config/main.tf","sha":"d07263ccd6a96cfbae8dd25fc40c48a364b06f04"},{"name":"outputs.tf","path":"examples/aws-config/outputs.tf","sha":"ddd32698f39772d663a2d9b8a6276260f5431068"},{"name":"vars.tf","path":"examples/aws-config/vars.tf","sha":"52da0c2fdcbaac128d94e3d7ea9ed58cccc396c7"}]},{"name":"aws-organizations-config-rules","children":[{"name":"README.md","path":"examples/aws-organizations-config-rules/README.md","sha":"ce4f53fc37936aec55b2a7e8f358378032dac0d7"},{"name":"main.tf","path":"examples/aws-organizations-config-rules/main.tf","sha":"1dae398d8ed745e3b103f3803b887e61daf7a600"},{"name":"outputs.tf","path":"examples/aws-organizations-config-rules/outputs.tf","sha":"4319400eb4190f58458f2dd9398225869ff08da3"},{"name":"variables.tf","path":"examples/aws-organizations-config-rules/variables.tf","sha":"c97f8c6bdaf4ab3f9e5f26332fc7ec983e881a53"}]},{"name":"aws-organizations","children":[{"name":"README.md","path":"examples/aws-organizations/README.md","sha":"1da3c2fc061fee6ee99564b8b2323ccf69f2c690"},{"name":"main.tf","path":"examples/aws-organizations/main.tf","sha":"7339da612ebccaa785820b0f1e6fb42d5f72e20a"},{"name":"outputs.tf","path":"examples/aws-organizations/outputs.tf","sha":"88ba8f4012111036775958d7dfad4eec6bf84be6"},{"name":"variables.tf","path":"examples/aws-organizations/variables.tf","sha":"59afc28c87bc3c49d11c6faf7e112643f0a95481"}]},{"name":"cloudtrail","children":[{"name":"README.md","path":"examples/cloudtrail/README.md","sha":"a99ca684008a985ba9246e21d480d5aadd8a63bf"},{"name":"main.tf","path":"examples/cloudtrail/main.tf","sha":"68df53c2b732e5febd5c5c5b06f1ba5330565095"},{"name":"outputs.tf","path":"examples/cloudtrail/outputs.tf","sha":"874c4bb56d8c5841ae5d23a14e8572aab2d4adea"},{"name":"vars.tf","path":"examples/cloudtrail/vars.tf","sha":"d760a1693fc326552b1a00a24eb9deb4fb1a0af3"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/README.md","sha":"e29b220abacd7b0ac30a9b30ae15014936e5fc9c"},{"name":"main.tf","path":"examples/cross-account-iam-roles/main.tf","sha":"6c3469ebb3be0666378962f57fb4c8055a1cb565"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/outputs.tf","sha":"459bd44da733bb20e65e17b4e13505c03bb109b7"},{"name":"vars.tf","path":"examples/cross-account-iam-roles/vars.tf","sha":"6e707ac515c0d83d32f8dccbfcfe22c66968351a"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"examples/custom-iam-entity/README.md","sha":"262e2508f648ec95f6bfd32626fbb2d887cfa988"},{"name":"main.tf","path":"examples/custom-iam-entity/main.tf","sha":"c1b2291bb49e98b1b4ac642920751f54bd59c2a3"},{"name":"outputs.tf","path":"examples/custom-iam-entity/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"vars.tf","path":"examples/custom-iam-entity/vars.tf","sha":"4af8f352ddc35352243f8e1ac0dd3fb50f230e11"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"examples/fail2ban/README.md","sha":"7f6b797884ac148c0e34fd6da0eb8224e2255d8a"},{"name":"fail2ban-example.json","path":"examples/fail2ban/fail2ban-example.json","sha":"dca42add6036b1e18f03aaa3f41c500b8767f31d"}]},{"name":"guardduty","children":[{"name":"README.md","path":"examples/guardduty/README.md","sha":"23c75950a1b8b33286b79bd5e9d853cee02d62ea"},{"name":"main.tf","path":"examples/guardduty/main.tf","sha":"1a78e0f65a6d34ef60aba882d36bc2154d214f28"},{"name":"outputs.tf","path":"examples/guardduty/outputs.tf","sha":"2bd66b0621e1ae1602857aa72583fefd219e0bb4"},{"name":"variables.tf","path":"examples/guardduty/variables.tf","sha":"13f4ba729e04c6882101637b9f8a842e13f33fcf"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"examples/iam-groups/README.md","sha":"019d8b433629eb895603e9b4d507b0bf479c3da5"},{"name":"main.tf","path":"examples/iam-groups/main.tf","sha":"3ef8b57b70f9f7f69a619749ce74430888bacebe"},{"name":"outputs.tf","path":"examples/iam-groups/outputs.tf","sha":"2901c51756a4b5d3ce1b040ff006849997650bb0"},{"name":"vars.tf","path":"examples/iam-groups/vars.tf","sha":"4cb4825d0b09ddb2bf1509fbe2e7506a974bae6a"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"examples/iam-user-password-policy/README.md","sha":"0af47723266b57ee39d55d74127ce0c8d902c466"},{"name":"main.tf","path":"examples/iam-user-password-policy/main.tf","sha":"ae22f0ac3173d5c0f191ec537725ea6230962fc5"},{"name":"vars.tf","path":"examples/iam-user-password-policy/vars.tf","sha":"fcdc47d795f3e20427b615e26ea2d60db7109a78"}]},{"name":"iam-users","children":[{"name":"README.md","path":"examples/iam-users/README.md","sha":"f8b65e9756e9f8c8703a854c1363be700b5fe8d9"},{"name":"main.tf","path":"examples/iam-users/main.tf","sha":"892c01c4392d7befe26bb0c7ff80ac0cbefa6563"},{"name":"outputs.tf","path":"examples/iam-users/outputs.tf","sha":"5c7e14248dcd792771f5956d6acc4cd2562887b5"},{"name":"variables.tf","path":"examples/iam-users/variables.tf","sha":"5c27b34c5b14c9222e196441c29576eed1f9fb31"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"examples/ip-lockdown/README.md","sha":"3962ba23a76d8f02e5c0ffc8cb71196991628e38"},{"name":"aws-example","children":[{"name":"README.md","path":"examples/ip-lockdown/aws-example/README.md","sha":"282005cb1cbc63ff7a642bac388a48d6cc3a2087"},{"name":"main.tf","path":"examples/ip-lockdown/aws-example/main.tf","sha":"948172240196c610e26957ca60640191fdfab0ad"},{"name":"outputs.tf","path":"examples/ip-lockdown/aws-example/outputs.tf","sha":"a175a78c9a10f9f2fd9d7c84f9b304aebc1bdb41"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/ip-lockdown/aws-example/user-data/user-data.sh","sha":"c6d308027737a434f4c96bc3eba5bd301897af62"}]},{"name":"vars.tf","path":"examples/ip-lockdown/aws-example/vars.tf","sha":"0db59e9a6307fa940ddf5258130be1c9504c86a5"}]},{"name":"ip-lockdown-sample.json","path":"examples/ip-lockdown/ip-lockdown-sample.json","sha":"2ccf2fe1a5b90bf4ab760ddd4f7714a8e1d43df6"},{"name":"local-test","children":[{"name":"README.md","path":"examples/ip-lockdown/local-test/README.md","sha":"3f0e1a6483ce3155bb04dbb9a4fd76ed41486d35"},{"name":"docker-compose.yml","path":"examples/ip-lockdown/local-test/docker-compose.yml","sha":"1495f82dca93d86fda60fb9dec7ded13852217fc"}]}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"examples/kms-master-key/README.md","sha":"888367af686e25e12f987a100d9d593bc6ca71cc"},{"name":"main.tf","path":"examples/kms-master-key/main.tf","sha":"4e9b50a413bf0844e99281e8611c43479def780f"},{"name":"outputs.tf","path":"examples/kms-master-key/outputs.tf","sha":"bfeb4638cc0ad7540bf7e5258fdc4b73df4b7dc0"},{"name":"vars.tf","path":"examples/kms-master-key/vars.tf","sha":"f8b3c8eb30cdf87d4d7a8cda04dfc001f9872242"}]},{"name":"ntp","children":[{"name":"README.md","path":"examples/ntp/README.md","sha":"b676e802c1d196f6af204d14d143b80864bccd30"},{"name":"ntp-example.json","path":"examples/ntp/ntp-example.json","sha":"ab322bfd9042a9eaf3a9b2ec3418abd7188bc99a"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"examples/os-hardening/README.md","sha":"2518516d2aea0bc3f8d142f0ee8db181ab491d6e"},{"name":"packer-build.sh","path":"examples/os-hardening/packer-build.sh","sha":"7a35196064d70b06cd349d80b64a82b0affe18f0"},{"name":"packer","children":[{"name":"amazon-linux.json","path":"examples/os-hardening/packer/amazon-linux.json","sha":"e75442792ba2588a02bcc93a90eceade50e5a846"},{"name":"files","children":[{"name":"etc","children":[{"name":"fstab","path":"examples/os-hardening/packer/files/etc/fstab","sha":"cbf68cec68a92bc54f514dd0d6906f19cea857e6"}]}]}]},{"name":"terraform","children":[{"name":"main.tf","path":"examples/os-hardening/terraform/main.tf","sha":"0279c513bb48e2a5c966b19298066c04bf6b02f5"},{"name":"outputs.tf","path":"examples/os-hardening/terraform/outputs.tf","sha":"33083aed25a4ed6e323bf84381b896614814c9d1"},{"name":"vars.tf","path":"examples/os-hardening/terraform/vars.tf","sha":"60e4d2707d2f9edba702c9e8edd48ecfc30ae514"}]}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"examples/saml-iam-roles/README.md","sha":"e316aefb1fbf753baa8625c8063e239c799c52b3"},{"name":"main.tf","path":"examples/saml-iam-roles/main.tf","sha":"d0ed7822a55913c6c93391ee345b32a8912ee3ae"},{"name":"outputs.tf","path":"examples/saml-iam-roles/outputs.tf","sha":"1bd4fec9529cddfd2d3f61bba60f9dfb8b286c70"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"vars.tf","path":"examples/saml-iam-roles/vars.tf","sha":"8673df83c8d53eadd579d9ac9ae536711561c746"}]},{"name":"ssh-grunt","children":[{"name":"houston","children":[{"name":"README.md","path":"examples/ssh-grunt/houston/README.md","sha":"ac5cb5fd6c2b55bf198ec4a9ec744d7070bf1875"},{"name":"main.tf","path":"examples/ssh-grunt/houston/main.tf","sha":"36cb5881d191d10eb656af4f1865e1ff6ab2c6e3"},{"name":"outputs.tf","path":"examples/ssh-grunt/houston/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"vars.tf","path":"examples/ssh-grunt/houston/vars.tf","sha":"34c542e9e1afc5dca29476a6ca40d27050aa02d2"}]},{"name":"iam","children":[{"name":"README.md","path":"examples/ssh-grunt/iam/README.md","sha":"d79ebb115ab2452ff3e3dfe57c893e319ffd05ab"},{"name":"main.tf","path":"examples/ssh-grunt/iam/main.tf","sha":"9287afd098898404fa5937818d65e4beaeeef691"},{"name":"outputs.tf","path":"examples/ssh-grunt/iam/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"vars.tf","path":"examples/ssh-grunt/iam/vars.tf","sha":"093c5c41394e22b8308abc432b610a87b75e7680"}]},{"name":"mock-houston","children":[{"name":"README.md","path":"examples/ssh-grunt/mock-houston/README.md","sha":"94c0ef92814db64b5f3d578a4ba7011fb058fedf"},{"name":"main.tf","path":"examples/ssh-grunt/mock-houston/main.tf","sha":"f2bf9160b336a66634bf0f62fb720e00c851412d"},{"name":"outputs.tf","path":"examples/ssh-grunt/mock-houston/outputs.tf","sha":"a25069b6b919c0fa31fc32c3bcf1d326f7c3d46c"},{"name":"vars.tf","path":"examples/ssh-grunt/mock-houston/vars.tf","sha":"984df0c1fa7e7c78d8755652c321dcd06543d030"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/ssh-grunt/packer/README.md","sha":"40dc203c7287544434c7f668ea58782afd2f2386"},{"name":"build-binary.sh","path":"examples/ssh-grunt/packer/build-binary.sh","sha":"6e96bfaa2b82f54ed3f1c5ffb8bb3ee0f99055e4"},{"name":"ssh-grunt-houston.json","path":"examples/ssh-grunt/packer/ssh-grunt-houston.json","sha":"cd3c4a1c2053c238720b0b4111efc3003db7e6cb"},{"name":"ssh-grunt-iam.json","path":"examples/ssh-grunt/packer/ssh-grunt-iam.json","sha":"ab7237cf73deccb4f94837046be2efa0d6df3ebf"}]}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"examples/ssm-healthchecks-iam-permissions/README.md","sha":"f1fe555a3aff887a966def0a1d3ccaff3dd826e7"},{"name":"main.tf","path":"examples/ssm-healthchecks-iam-permissions/main.tf","sha":"2ff78d1f7cc4a484319a74a62880b26ad679f8b5"},{"name":"outputs.tf","path":"examples/ssm-healthchecks-iam-permissions/outputs.tf","sha":"52688c3a4f1f8349500505fb8949fa0d21c385a3"},{"name":"vars.tf","path":"examples/ssm-healthchecks-iam-permissions/vars.tf","sha":"3fb4df876ccbcd8a3ff3af79efaf3479a74261bf"}]}]},{"name":"modules","children":[{"name":"_deprecated","children":[{"name":"custom-iam-group","children":[{"name":"README.md","path":"modules/_deprecated/custom-iam-group/README.md","sha":"e7a0ff783eb1052aa77fe50d7eaa6a06d2d82649"}]}]},{"name":"auto-update","children":[{"name":"README.adoc","path":"modules/auto-update/README.adoc","sha":"6aefe0ec50a3479dc08366ee6ace6f306eec8e7a"},{"name":"core-concepts.md","path":"modules/auto-update/core-concepts.md","sha":"a292e900ff20e205679c5a8a2b382081f338a41f"},{"name":"install-scripts","children":[{"name":"configure-auto-update","path":"modules/auto-update/install-scripts/configure-auto-update","sha":"bf7cdd18bf7c284056071c5e8b905adf2ac772d0"},{"name":"unattended_upgrades_config.txt","path":"modules/auto-update/install-scripts/unattended_upgrades_config.txt","sha":"abe88fd8a5037ce518bec69a6cac0699cb421d47"},{"name":"yum_cron_config.txt","path":"modules/auto-update/install-scripts/yum_cron_config.txt","sha":"e7ef4273f1b2af0c9c032fadaacd03130ba5ea78"}]},{"name":"install.sh","path":"modules/auto-update/install.sh","sha":"7c19fd0d04b11c358af64149b3169d6b2c5e3b58"}]},{"name":"aws-auth","children":[{"name":"AWS-AUTH-LASTPASS.md","path":"modules/aws-auth/AWS-AUTH-LASTPASS.md","sha":"f989822c9600fdb7dec2b67a929f8e4b49947aa8"},{"name":"README.md","path":"modules/aws-auth/README.md","sha":"334b60630b57378a8327981cc6581244a55c2e24"},{"name":"bin","children":[{"name":"aws-auth","path":"modules/aws-auth/bin/aws-auth","sha":"973c0ad62b2ab51cb18abf57d332869171480eff"}]},{"name":"install.sh","path":"modules/aws-auth/install.sh","sha":"ab9611d92d6822ceed981bdff3766724366037f0"}]},{"name":"aws-config","children":[{"name":"README.adoc","path":"modules/aws-config/README.adoc","sha":"dee8d8a1ccfe87003d2bcea8d9446a9d74dbc64a"},{"name":"core-concepts.md","path":"modules/aws-config/core-concepts.md","sha":"7f917cedb2e054a6e7ac4455a92240ff54f15987","toggled":true},{"name":"main.tf","path":"modules/aws-config/main.tf","sha":"ef90c58cb569c459ef803156f3c991bd197fb503"},{"name":"outputs.tf","path":"modules/aws-config/outputs.tf","sha":"8c8c3d4c9fd8d408d34cda20b4302abc6401005b"},{"name":"vars.tf","path":"modules/aws-config/vars.tf","sha":"d65687709db3c58685573be6f9bfa4ae6cd05c5b"}],"toggled":true},{"name":"aws-organizations-config-rules","children":[{"name":"README.adoc","path":"modules/aws-organizations-config-rules/README.adoc","sha":"3d9e43acb1ca6db5571b6915a7980a4ae600e8c4"},{"name":"core-concepts.md","path":"modules/aws-organizations-config-rules/core-concepts.md","sha":"28f0d3a3325c97e0417c01671bbfc8a1b577498a"},{"name":"main.tf","path":"modules/aws-organizations-config-rules/main.tf","sha":"c67d58ca43acafce5f464b969980074631573490"},{"name":"outputs.tf","path":"modules/aws-organizations-config-rules/outputs.tf","sha":"9b78cd00ad242a02579147b390c6ad946620e1f0"},{"name":"variables.tf","path":"modules/aws-organizations-config-rules/variables.tf","sha":"1d8616a01e1db2c0672827920afef50d921fde6d"}]},{"name":"aws-organizations","children":[{"name":"README.adoc","path":"modules/aws-organizations/README.adoc","sha":"711b480a00245dc87a73e1c13a18867498eb6f7b"},{"name":"core-concepts.md","path":"modules/aws-organizations/core-concepts.md","sha":"ff397622de5a23581ae9792f4161aa0f1a1e1085"},{"name":"main.tf","path":"modules/aws-organizations/main.tf","sha":"0813956755b64165bddc6a9e883ee36e686079dd"},{"name":"outputs.tf","path":"modules/aws-organizations/outputs.tf","sha":"5d71fce583011b7351615821e6a888eb8f73906a"},{"name":"variables.tf","path":"modules/aws-organizations/variables.tf","sha":"4eac97565d5ab76a5e0c03cde4a9337001125156"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"cb56736b0eff0b10521fc5a42e6fd30e6660f165"},{"name":"core-concepts.md","path":"modules/cloudtrail/core-concepts.md","sha":"beed0fe088229f9c33e58ad62f213964f4571349"},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"7e98e2b4fa6e8142b28ae3ad3e7ddf1d91c6d54c"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"20e598a564e2362f8e199d710699dedded900dfb"},{"name":"vars.tf","path":"modules/cloudtrail/vars.tf","sha":"59c5979a5bd9cfe391ac30e74e05709802a7858d"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"modules/cross-account-iam-roles/README.md","sha":"9185ef34dd25c4da8d907a180495c377fdbcff49"},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"d4b66fff9f7acee9999f6674a86441e09ca9b393"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"73b26ff9804cb98404c81fa07e084042898482cf"},{"name":"vars.tf","path":"modules/cross-account-iam-roles/vars.tf","sha":"9a45fb999b66e057a1f23d2457c130963b7ddbdc"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"modules/custom-iam-entity/README.md","sha":"98ab8129418c43978d46d58896b6e64172995aba"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"3a6866b29cf106c185bf7452595315666ec41398"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"23cc0eb151da4ab2f146c89d9ad53dfc0e5c8c82"},{"name":"vars.tf","path":"modules/custom-iam-entity/vars.tf","sha":"28688569e02fb678fa65637d99bc2d379d48b767"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"modules/fail2ban/README.md","sha":"2301349c1b8775809b7362189a72655ce58b26fb"},{"name":"install-scripts","children":[{"name":"cloudwatch-metric.conf","path":"modules/fail2ban/install-scripts/cloudwatch-metric.conf","sha":"f78f5f55f585a6efe60a51a2c0f41e4a63f99749"},{"name":"configure-fail2ban","path":"modules/fail2ban/install-scripts/configure-fail2ban","sha":"19e281057d9e5ac91e7497441febfe633d231cd1"},{"name":"fail2ban.local","path":"modules/fail2ban/install-scripts/fail2ban.local","sha":"8292c4a18c825bfbf0a8d52cfb2746aa43f76ca4"},{"name":"filters.sshd.amazon.conf","path":"modules/fail2ban/install-scripts/filters.sshd.amazon.conf","sha":"093bb1baf88a1e283a43b7dd7d04c64992abecc6"},{"name":"jail.amazon.local","path":"modules/fail2ban/install-scripts/jail.amazon.local","sha":"a0aef73873e461c46ff63a4a3e5166ad3453c5e3"},{"name":"jail.amazon2.local","path":"modules/fail2ban/install-scripts/jail.amazon2.local","sha":"73993857d9a9424bb991666a58adc080024fe720"},{"name":"jail.ubuntu.local","path":"modules/fail2ban/install-scripts/jail.ubuntu.local","sha":"3ba6255a331696f384c0fcc385cd599687f60199"}]},{"name":"install.sh","path":"modules/fail2ban/install.sh","sha":"8f7b536f08506dabc2f6beb6cd5a50f7282168aa"},{"name":"user-data-scripts","children":[{"name":"configure-fail2ban-cloudwatch.sh","path":"modules/fail2ban/user-data-scripts/configure-fail2ban-cloudwatch.sh","sha":"64b7c27b8aa50302f4f7e35ebd8bbf93064bb777"}]}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"modules/guardduty-multi-region/README.adoc","sha":"b57160a6a71d3f7f5b1e1a7ec070bb47991b50ed"},{"name":"core-concepts.md","path":"modules/guardduty-multi-region/core-concepts.md","sha":"2eab0fd6c0548ba11104b6d778eb224df5622886"},{"name":"generate-main.py","path":"modules/guardduty-multi-region/generate-main.py","sha":"dbae0442bf30a95c97e3dc0c001d547472876d09"},{"name":"main.tf","path":"modules/guardduty-multi-region/main.tf","sha":"cbd2d875a68d852ef9ccb8ccc44ab85a06bba1b5"},{"name":"outputs.tf","path":"modules/guardduty-multi-region/outputs.tf","sha":"fd9b6d8e742af5b74d875ff6c796e289f32ba191"},{"name":"variables.tf","path":"modules/guardduty-multi-region/variables.tf","sha":"952903ce482d54464dd8454107f94d719e29c12c"}]},{"name":"guardduty-single-region","children":[{"name":"README.md","path":"modules/guardduty-single-region/README.md","sha":"abed69e3d0b928f47a80fdac8838f1efe354de4d"},{"name":"main.tf","path":"modules/guardduty-single-region/main.tf","sha":"6768c3c9d874062c45180bd0504948ac4285de4b"},{"name":"outputs.tf","path":"modules/guardduty-single-region/outputs.tf","sha":"0fd6fdc76d8bc1bb4c544028c802248999d309f7"},{"name":"variables.tf","path":"modules/guardduty-single-region/variables.tf","sha":"79d6e08f8992744de45d733a5ca58a97bb3991e2"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"modules/iam-groups/README.md","sha":"072baead8ab54d99d6c9232802c42522a9785c96"},{"name":"_docs","children":[{"name":"iam-user-access-to-billing.png","path":"modules/iam-groups/_docs/iam-user-access-to-billing.png","sha":"063f6cf8dc766b4d44942de89660e8ab9e1f3d63"},{"name":"my-account.png","path":"modules/iam-groups/_docs/my-account.png","sha":"387320200ed756ce4191afef87f0ab76e2c3d89a"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"09854772868b6351d46a29a3fa717804b1460f83"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"59cbe8c8417ce370880236a1596998f26bdf7f07"},{"name":"vars.tf","path":"modules/iam-groups/vars.tf","sha":"bb2c89d70441cf6e19b1df8d929cbbae1726bc6d"}]},{"name":"iam-policies","children":[{"name":"README.md","path":"modules/iam-policies/README.md","sha":"a6b450cb3dc9b7f0809223c37dcc79451ac573d9"},{"name":"main.tf","path":"modules/iam-policies/main.tf","sha":"8648ecc0eae6ced94c1b10197186f760760dbf8b"},{"name":"outputs.tf","path":"modules/iam-policies/outputs.tf","sha":"6e9206ee3029eb480b6ede1bf55e4ef15b0a0673"},{"name":"vars.tf","path":"modules/iam-policies/vars.tf","sha":"6204c2d4b1b7ec860b4cc5d4d206990a91dfdc9c"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"modules/iam-user-password-policy/README.md","sha":"5bea6ba56fc796be5b860549156a3a251735fc2a"},{"name":"main.tf","path":"modules/iam-user-password-policy/main.tf","sha":"9670fa0991057e03a72b72987c02a71e14611724"},{"name":"vars.tf","path":"modules/iam-user-password-policy/vars.tf","sha":"7c08eef88a7b13226cc4e18aa8338db64fdf83f0"}]},{"name":"iam-users","children":[{"name":"README.md","path":"modules/iam-users/README.md","sha":"9da56f1341cc4b4dc67038391ea8f52198bb3b21"},{"name":"main.tf","path":"modules/iam-users/main.tf","sha":"4d9e3efab76e509a9715fc276833254b9500169a"},{"name":"outputs.tf","path":"modules/iam-users/outputs.tf","sha":"67020f9214a30c4fddd150c67209a231d4aec00e"},{"name":"variables.tf","path":"modules/iam-users/variables.tf","sha":"3e49197e1f1b4251f5fff088974cb6e40c3677b0"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"modules/ip-lockdown/README.md","sha":"af806e396600aed64922eac8a3c7ab29a90f858d"},{"name":"install.sh","path":"modules/ip-lockdown/install.sh","sha":"ce61af763bee9ad29754220ae24521f22c3a956f"},{"name":"ip-lockdown","path":"modules/ip-lockdown/ip-lockdown","sha":"93a0e1f5876e7de5778c595e8801d64986cb118b"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"modules/kms-master-key/README.md","sha":"8dfd4d4425c1c69f529e3965629738506a3dd2c1"},{"name":"main.tf","path":"modules/kms-master-key/main.tf","sha":"056fe2d8ed385f12ebfef79c0addc9e97e8b07c8"},{"name":"outputs.tf","path":"modules/kms-master-key/outputs.tf","sha":"b9bd1c5fa06b56d0bd78f7dab15c9f3233443bed"},{"name":"vars.tf","path":"modules/kms-master-key/vars.tf","sha":"47b6750ee300f7ab06bbad17212a859e66d4bf4a"}]},{"name":"ntp","children":[{"name":"README.md","path":"modules/ntp/README.md","sha":"c81ae3adf4d5af364729c5537414de1ada470af5"},{"name":"install.sh","path":"modules/ntp/install.sh","sha":"d31aa46b7f60f621a45166726559c8025efc1aa0"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"modules/os-hardening/README.md","sha":"3e864b0e9208eb6809adf41968c51e02fc233ee1"},{"name":"_docs","children":[{"name":"Helpful Email.md","path":"modules/os-hardening/_docs/Helpful Email.md","sha":"246a0b80b29f5ff3d2b2f4c5c170fc927e2d9dd7"}]},{"name":"ami-builder","children":[{"name":"files","children":[{"name":"user-data.sh.template","path":"modules/os-hardening/ami-builder/files/user-data.sh.template","sha":"4a3c87a19e1a4caa20b9b425b2a02101566d1166"}]},{"name":"main.tf","path":"modules/os-hardening/ami-builder/main.tf","sha":"3b23018276920ce33dab358eab79ef39e269fd98"},{"name":"outputs.tf","path":"modules/os-hardening/ami-builder/outputs.tf","sha":"8ce2ee598124ca50dd530a33aa60f5d1452a4a2b"},{"name":"vars.tf","path":"modules/os-hardening/ami-builder/vars.tf","sha":"c5927cfcebf6781b8b920d8fd7872f2992bb1501"}]},{"name":"partition-scripts","children":[{"name":"README.md","path":"modules/os-hardening/partition-scripts/README.md","sha":"a2986f1ab8f7470d2ba71d5270e5217d64cb10a3"},{"name":"bin","children":[{"name":"cleanup-volume","path":"modules/os-hardening/partition-scripts/bin/cleanup-volume","sha":"c7cbf3ecebd915235238557d27a1ce25e6fc10fa"},{"name":"partition-volume","path":"modules/os-hardening/partition-scripts/bin/partition-volume","sha":"f4f8566a1ef6aa4ff0c0268bd28721488aa6dfc4"}]},{"name":"install.sh","path":"modules/os-hardening/partition-scripts/install.sh","sha":"606776c068260836e8612a681ff4e3edc8abdb41"}]}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"modules/saml-iam-roles/README.md","sha":"fed1904b6d61d7d3fdee2931cfeb0cb79ec54523"},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"e4d97af0e2b812427faaf4e860b593eb9a113d30"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"b2778906a16b2b513808aaea58c06cc3c9fc8c42"},{"name":"vars.tf","path":"modules/saml-iam-roles/vars.tf","sha":"981970525d6fd88bbaad9e72745f390795102333"}]},{"name":"ssh-grunt-selinux-policy","children":[{"name":"README.md","path":"modules/ssh-grunt-selinux-policy/README.md","sha":"8a934c81da696e32c365183b6a707594da99ba79"},{"name":"install.sh","path":"modules/ssh-grunt-selinux-policy/install.sh","sha":"3de871d61a9990e7f2c130f23afaf00daeb6bbef"},{"name":"ssh-grunt.pp","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.pp","sha":"7c7050f812cd0e3cb34e37b88c35fb09f369be7d"},{"name":"ssh-grunt.te","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.te","sha":"3317a71feaa633662a00b1dc05b1176cb85c9793"}]},{"name":"ssh-grunt","children":[{"name":".dockerignore","path":"modules/ssh-grunt/.dockerignore","sha":"a725465aee245635a2bd129af54858ed32c84cb8"},{"name":"Dockerfile","path":"modules/ssh-grunt/Dockerfile","sha":"6a6f21b4742f67f58be809a54ff48f2f6937ae14"},{"name":"Gopkg.lock","path":"modules/ssh-grunt/Gopkg.lock","sha":"f96af3ce514c0a60f18f7fb2b9620e1890e1e764"},{"name":"Gopkg.toml","path":"modules/ssh-grunt/Gopkg.toml","sha":"529ca4ea4ef756052c92315e07b2fbdb92720237"},{"name":"README.adoc","path":"modules/ssh-grunt/README.adoc","sha":"89e1ff7db5620809af182703c45f87601e59a766"},{"name":"_ci","children":[{"name":"build-and-test.sh","path":"modules/ssh-grunt/_ci/build-and-test.sh","sha":"903993de2d7bcde19d472fa5e510ee862d4b10c3"},{"name":"test.sh","path":"modules/ssh-grunt/_ci/test.sh","sha":"235603944316e81f1da1cc0248b80beecf99cb27"}]},{"name":"_docs","children":[{"name":"houston-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/houston-upload-ssh-key.png","sha":"e32519497262f9796a4ea46c53953923975cbd7d"},{"name":"iam-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/iam-upload-ssh-key.png","sha":"8bb1e793185eb0b4822023552899874394342f21"}]},{"name":"core-concepts.md","path":"modules/ssh-grunt/core-concepts.md","sha":"34a386f0b38bbefa147a2890ab80bc2960a7ff9e"},{"name":"docker-compose.yml","path":"modules/ssh-grunt/docker-compose.yml","sha":"0609cfaadf18bb9eb8ff13459cf9f0f10928765e"},{"name":"scripts","children":[{"name":"build-linux-binary.sh","path":"modules/ssh-grunt/scripts/build-linux-binary.sh","sha":"fc74dd9990e9f4526ae2e7cd13e338d4fd0f11c4"},{"name":"run.sh","path":"modules/ssh-grunt/scripts/run.sh","sha":"050027e034cd03e53625986eb0f331c043492cf6"}]},{"name":"src","children":[{"name":"cli.go","path":"modules/ssh-grunt/src/cli.go","sha":"f72f670dcf0ae2e0bcb8ed02e91c706a5e8c3be0"},{"name":"cli_test.go","path":"modules/ssh-grunt/src/cli_test.go","sha":"a65fc7945a800263b6ad153cc0c4354551814f0c"},{"name":"collections.go","path":"modules/ssh-grunt/src/collections.go","sha":"abb602cb1a1df835caf2cfd66dfc058aed75e3ee"},{"name":"cron.go","path":"modules/ssh-grunt/src/cron.go","sha":"ba1ada9e91762b66206025cfc281bea8f35498b0"},{"name":"cron_test.go","path":"modules/ssh-grunt/src/cron_test.go","sha":"0300a91bf9e0b536a2061a2f85c69542f86966a6"},{"name":"errors.go","path":"modules/ssh-grunt/src/errors.go","sha":"0e6361f5d7773d32f7fc9ff48a6d54bafd33508e"},{"name":"file.go","path":"modules/ssh-grunt/src/file.go","sha":"edf84f18ffa9c25038e02c5eb74213a413ee5ad3"},{"name":"groups.go","path":"modules/ssh-grunt/src/groups.go","sha":"fba9e95114aa7aa723913e855b424b76952d5c7b"},{"name":"groups_test.go","path":"modules/ssh-grunt/src/groups_test.go","sha":"c0b0bef6dc58bc640e689c0eab284fe3767359b5"},{"name":"houston.go","path":"modules/ssh-grunt/src/houston.go","sha":"2ba5973deb8a5431946ed0fc401bdc06028d91d7"},{"name":"houston_test.go","path":"modules/ssh-grunt/src/houston_test.go","sha":"088b51302fe48341ba83ac05107910cd5269e50f"},{"name":"iam.go","path":"modules/ssh-grunt/src/iam.go","sha":"dafbc8fbb732d2d6212cade786eb13d7215b9862"},{"name":"iam_test.go","path":"modules/ssh-grunt/src/iam_test.go","sha":"4f69cd90234d025c4368421ca7ce3f7818a52165"},{"name":"logger.go","path":"modules/ssh-grunt/src/logger.go","sha":"e62f5712a083ee1006911a23ee71e03ebd3622cf"},{"name":"main.go","path":"modules/ssh-grunt/src/main.go","sha":"89fe7e90c47dc8b2527e1c8addebca5e55ccfb35"},{"name":"shell.go","path":"modules/ssh-grunt/src/shell.go","sha":"070b861e82973d6cb7b09b91f99ad3055035bb1c"},{"name":"ssh.go","path":"modules/ssh-grunt/src/ssh.go","sha":"7eddcb4fa3fb3cf51ffa6221bc6552a7d57cfa98"},{"name":"ssh_test.go","path":"modules/ssh-grunt/src/ssh_test.go","sha":"f095f9d6d3618ac50c2ef8e65d6be4a2bff26283"},{"name":"string.go","path":"modules/ssh-grunt/src/string.go","sha":"fc61ca9625f9d654c2b3576ff932db1b90ae9dfe"},{"name":"string_test.go","path":"modules/ssh-grunt/src/string_test.go","sha":"a51e495942cd4364b1b2a511fa68fc4b1dde1237"},{"name":"sync.go","path":"modules/ssh-grunt/src/sync.go","sha":"b5d5bdbc0c1b52fa0008190eb3f97bc99109c3dd"},{"name":"sync_test.go","path":"modules/ssh-grunt/src/sync_test.go","sha":"f0a46bd471c56bde16cb822f8281e975c8aec848"},{"name":"url.go","path":"modules/ssh-grunt/src/url.go","sha":"12ff56939763979f94a8cb6dc35c9775ce0d3474"},{"name":"url_test.go","path":"modules/ssh-grunt/src/url_test.go","sha":"fe77a4563549dc6e0148452c1b03f19b6c0d9dcc"},{"name":"users.go","path":"modules/ssh-grunt/src/users.go","sha":"a40c2d3f26f69a93dac83da731a2407d1b89a083"},{"name":"users_test.go","path":"modules/ssh-grunt/src/users_test.go","sha":"3473766223be802090c695568e696149442ce112"}]}]},{"name":"ssh-iam","children":[{"name":"README.md","path":"modules/ssh-iam/README.md","sha":"4aa06d6a729e53384b6d2a43c06ee38807092f32"}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"modules/ssm-healthchecks-iam-permissions/README.md","sha":"005260025ae51ed9e13f1b6c6f9d737a02d5db68"},{"name":"main.tf","path":"modules/ssm-healthchecks-iam-permissions/main.tf","sha":"6b6b91fa59bc86de7521264ff34217cc88ae3842"},{"name":"vars.tf","path":"modules/ssm-healthchecks-iam-permissions/vars.tf","sha":"731aa1c2f275f723272114ef0357a8c3a246b47e"}]},{"name":"tls-cert-private","children":[{"name":"Dockerfile","path":"modules/tls-cert-private/Dockerfile","sha":"028aa72d434cf4bf28dff92d293e35a85b19fcf0"},{"name":"README.md","path":"modules/tls-cert-private/README.md","sha":"c6996ec25d7d9b1ab4f79d8164a14e86e1ac844f"},{"name":"docker-compose.yml","path":"modules/tls-cert-private/docker-compose.yml","sha":"f872026e8d51ceaab2e1c11cc9cf9c35ba81f29c"},{"name":"files","children":[{"name":"openssl.cnf","path":"modules/tls-cert-private/files/openssl.cnf","sha":"2542542c80ab180c47d3e0a27dbded65bed572de"}]},{"name":"scripts","children":[{"name":"generate-ca-keypair.sh","path":"modules/tls-cert-private/scripts/generate-ca-keypair.sh","sha":"395ee97c0e499c660efac5c5cf1f79dfcdbb69f8"},{"name":"generate-tls-keypair.sh","path":"modules/tls-cert-private/scripts/generate-tls-keypair.sh","sha":"f1c3577437fd589087704a9c003de416cb87d232"},{"name":"main.sh","path":"modules/tls-cert-private/scripts/main.sh","sha":"dc7af965ffb783bbef449010818e69294fa2ef75"}]}]}],"toggled":true},{"name":"test","children":[{"name":"Gopkg.lock","path":"test/Gopkg.lock","sha":"551944ad10e882e62590a33f90f60e480be80d4a"},{"name":"Gopkg.toml","path":"test/Gopkg.toml","sha":"b1dfa116f26fb4b7d7fe6a524e1b5bb074f67365"},{"name":"README.md","path":"test/README.md","sha":"62b43a1b4268805a0a1fdcecd51f4068b07d37b1"},{"name":"auto_update_test.go","path":"test/auto_update_test.go","sha":"1d2a5906849c2ae62c65c0c5ce42a9ba20201f82"},{"name":"aws_config_test.go","path":"test/aws_config_test.go","sha":"df32a8831f033d011743adbc70a679a287f8d899"},{"name":"aws_organizations_config_rules_test.go","path":"test/aws_organizations_config_rules_test.go","sha":"873b1ea607fe800910a02aa5b5d72e1709e3d724"},{"name":"aws_organizations_test.go","path":"test/aws_organizations_test.go","sha":"2eead85751ec47bd1008b795621fa5cff4a2a262"},{"name":"cloudtrail_test.go","path":"test/cloudtrail_test.go","sha":"bfd0e35b8f08e14a55026de1e72a97e6e7f15342"},{"name":"cross_account_iam_roles_test.go","path":"test/cross_account_iam_roles_test.go","sha":"b7dd54b59acb03cb0c5a7581e15de61f4b901c36"},{"name":"custom_iam_entity_test.go","path":"test/custom_iam_entity_test.go","sha":"390cace437fd609e2ad5d81c77d7ffacb0d7555e"},{"name":"fail2ban_test.go","path":"test/fail2ban_test.go","sha":"ac5c2f060a8aefc96d6ddd60630b6c8826182dfc"},{"name":"guardduty_test.go","path":"test/guardduty_test.go","sha":"73372ee85a4f78efd307d9a6d08fd09f41d781ed"},{"name":"iam_groups_test.go","path":"test/iam_groups_test.go","sha":"21d66e7dcdf43cb7725be7ed4c7c8c7eb34dab79"},{"name":"iam_ssm_test.go","path":"test/iam_ssm_test.go","sha":"48e1870a8882f4ad88bd5fb7fb018b33baee82a6"},{"name":"iam_user_password_policy_test.go","path":"test/iam_user_password_policy_test.go","sha":"1fb35eea4e93bd26aad51804094dda325a4893b0"},{"name":"iam_users_test.go","path":"test/iam_users_test.go","sha":"e4934196d3df5d2a506b92fcae3f65b6309eebb8"},{"name":"ip-lockdown-test-scripts","children":[{"name":"allow-several-users.sh","path":"test/ip-lockdown-test-scripts/allow-several-users.sh","sha":"2f75dbe0880ed0907b43db58b6ac030a0d0e9bd4"},{"name":"common.sh","path":"test/ip-lockdown-test-scripts/common.sh","sha":"cdfe11aca76607a4feaf254a394f32273b738c5c"},{"name":"index.html","path":"test/ip-lockdown-test-scripts/index.html","sha":"557db03de997c86a4a028e1ebd3a1ceb225be238"},{"name":"restrict-all-users.sh","path":"test/ip-lockdown-test-scripts/restrict-all-users.sh","sha":"a37c1ffc90f2532e7cc3f9f5a859b75c98661dc6"},{"name":"restrict-one-user.sh","path":"test/ip-lockdown-test-scripts/restrict-one-user.sh","sha":"4214e1c15102f4568d1e995aa82add46ee430237"},{"name":"sanity-check.sh","path":"test/ip-lockdown-test-scripts/sanity-check.sh","sha":"542ed72f4f0952ace67c9cbf2e5ac07e81e6870c"}]},{"name":"ip_lockdown_test.go","path":"test/ip_lockdown_test.go","sha":"8a523ee4446d8f114647bbe76102cf3b755e30d4"},{"name":"kms_master_key_test.go","path":"test/kms_master_key_test.go","sha":"f372cb4e061299de80e2d9b1594d3cd7aa5cf88b"},{"name":"ntp_test.go","path":"test/ntp_test.go","sha":"e4ec90a5d39ed012b87a32d5b0b27b299cd746e8"},{"name":"os_hardening_test.go","path":"test/os_hardening_test.go","sha":"d7b1de96445a8474e323bcde272c909379d11a10"},{"name":"saml_iam_roles_test.go","path":"test/saml_iam_roles_test.go","sha":"78ec14c02892e1cb3d7b5e36756bca532ae27dd2"},{"name":"ssh_grunt_houston_test.go","path":"test/ssh_grunt_houston_test.go","sha":"b8b4d0786e13432f86745acc8e4ae468561c17a7"},{"name":"ssh_grunt_iam_test.go","path":"test/ssh_grunt_iam_test.go","sha":"30c2bf25c90aef2a0f22cf5ed789af9e45e6c86e"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"018ca09c9888db5325fefb9774bad0b5f14670a0"},{"name":"test_helpers_aws_auth.go","path":"test/test_helpers_aws_auth.go","sha":"5be2449c8274695a1f27c235f4c70cbb2416b591"},{"name":"tls_cert_private_test.go","path":"test/tls_cert_private_test.go","sha":"5696a2f5113288b1d4da4327c2a44137ad662ecd"}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"aws-config-core-concepts\">AWS Config Core Concepts</h1><div class=\"preview__body--border\"></div><h2 class=\"preview__body--subtitle\" id=\"background\">Background</h2>\n<h3 class=\"preview__body--subtitle\" id=\"what-is-aws-config\">What is AWS Config?</h3>\n<p>Config monitors your AWS resources (such as EC2 instances, security groups, EBS volumes, CloudFront Distributions, and <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html\" class=\"preview__body--description--blue\" target=\"_blank\">a whole lot more</a>) for configuration changes. It tracks these changes over time, and can track whether configurations are in compliance with a standard configuration. If the configuration drifts out of compliance, Config can send a notification. You can view and query Config items in the AWS Config console.</p>\n<h3 class=\"preview__body--subtitle\" id=\"what-are-config-rules\">What are Config Rules?</h3>\n<p>Config rules are expressions of a desired configuration state, written in code and executed as Lambda functions. When a resource configuration changes, AWS Config fires the relevant Lambda functions to evaluate whether the configuration changes the state of compliance with the desired configuration. AWS has developed a set of pre-written rules called <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html\" class=\"preview__body--description--blue\" target=\"_blank\">AWS Config Managed Rules</a>, but you can also author your own <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs.html\" class=\"preview__body--description--blue\" target=\"_blank\">custom rules</a>.</p>\n<p>This module enables AWS Config but does not manage or enable any Config Rules.</p>\n<h2 class=\"preview__body--subtitle\" id=\"what-resources-does-this-module-create\">What resources does this module create?</h2>\n<p>This module creates the requisite elements to enable AWS Config in a given region. The steps include:</p>\n<ol>\n<li>Create a <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-recorder\" class=\"preview__body--description--blue\" target=\"_blank\">Configuration\nRecorder</a>.</li>\n<li>Create an S3 Bucket and an SNS Topic to be used by AWS Config to deliver configuration\n<a href=\"https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-snapshot\" class=\"preview__body--description--blue\" target=\"_blank\">snapshots</a> and\n<a href=\"https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-stream\" class=\"preview__body--description--blue\" target=\"_blank\">streams</a>.</li>\n<li>Enable the configuration recorder.</li>\n</ol>\n<p>To implement these steps, this module creates the following resources:</p>\n<ul>\n<li><strong>aws_s3_bucket</strong>: An S3 bucket used by AWS Config to store configuration items.</li>\n<li><strong>aws_sns_topic</strong>: An SNS topic for notifications from AWS Config.</li>\n<li><strong>aws_iam_role</strong>: An IAM role allowing the Config service to access the supported resources as well as to put S3 objects in the aforementioned bucket and publish notifications to the SNS topic.</li>\n<li><strong>aws_config_configuration_recorder</strong>: A configuration recorder that records resource configurations.</li>\n<li><strong>aws_config_delivery_channel</strong>: A delivery channel with the previously noted S3 bucket and SNS destinations.</li>\n<li><strong>aws_config_configuration_recorder_status</strong>: A resource to enable the configuration recorder.</li>\n</ul>\n<p>The module does not create and manage <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#aws-config-rules\" class=\"preview__body--description--blue\" target=\"_blank\">Config\nRules</a> or\n<a href=\"https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#multi-account-multi-region-data-aggregation\" class=\"preview__body--description--blue\" target=\"_blank\">Aggregators</a>.</p>\n<p><strong>Note</strong>: AWS Config must be enabled on a per-region basis. For a complete view of your AWS resources, use this module\nwithin each region that is enabled in your account.</p>\n<h2 class=\"preview__body--subtitle\" id=\"day-to-day-operations\">Day-to-day operations</h2>\n<h3 class=\"preview__body--subtitle\" id=\"what-does-a-configuration-item-look-like-and-how-do-i-view-it\">What does a configuration item look like, and how do I view it?</h3>\n<p>A <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/config-item-table.html\" class=\"preview__body--description--blue\" target=\"_blank\">configuration item</a> is a JSON-encoded description of configuration change to a resource. Configuration items are delivered by AWS Config each time a resource is created, modified, or deleted. The following snippet is an example of a configuration item (edited for brevity):</p>\n<pre>{\n <span class=\"hljs-string\">\"configurationItemDiff\"</span>: {\n <span class=\"hljs-string\">\"changedProperties\"</span>: {\n <span class=\"hljs-string\">\"Configuration.IpPermissions.1\"</span>: {\n <span class=\"hljs-string\">\"updatedValue\"</span>: {\n <span class=\"hljs-string\">\"fromPort\"</span>: <span class=\"hljs-number\">22</span>,\n <span class=\"hljs-string\">\"ipProtocol\"</span>: <span class=\"hljs-string\">\"tcp\"</span>,\n <span class=\"hljs-string\">\"toPort\"</span>: <span class=\"hljs-number\">22</span>,\n <span class=\"hljs-string\">\"ipv4Ranges\"</span>: [ { ... } ],\n <span class=\"hljs-string\">\"ipRanges\"</span>: [ ... ]\n },\n <span class=\"hljs-string\">\"changeType\"</span>: <span class=\"hljs-string\">\"CREATE\"</span>\n },\n <span class=\"hljs-string\">\"Configuration.IpPermissions.2\"</span>: {\n <span class=\"hljs-string\">\"previousValue\"</span>: null,\n <span class=\"hljs-string\">\"updatedValue\"</span>: {\n <span class=\"hljs-string\">\"fromPort\"</span>: <span class=\"hljs-number\">80</span>,\n <span class=\"hljs-string\">\"ipProtocol\"</span>: <span class=\"hljs-string\">\"tcp\"</span>,\n <span class=\"hljs-string\">\"ipv6Ranges\"</span>: [],\n <span class=\"hljs-string\">\"prefixListIds\"</span>: [],\n <span class=\"hljs-string\">\"toPort\"</span>: <span class=\"hljs-number\">80</span>,\n <span class=\"hljs-string\">\"userIdGroupPairs\"</span>: [],\n <span class=\"hljs-string\">\"ipv4Ranges\"</span>: [ { ... } ],\n <span class=\"hljs-string\">\"ipRanges\"</span>: [ ... ]\n },\n <span class=\"hljs-string\">\"changeType\"</span>: <span class=\"hljs-string\">\"CREATE\"</span>\n },\n <span class=\"hljs-string\">\"Configuration.IpPermissions.0\"</span>: {\n <span class=\"hljs-string\">\"previousValue\"</span>: {\n <span class=\"hljs-string\">\"fromPort\"</span>: <span class=\"hljs-number\">22</span>,\n <span class=\"hljs-string\">\"ipProtocol\"</span>: <span class=\"hljs-string\">\"tcp\"</span>,\n <span class=\"hljs-string\">\"toPort\"</span>: <span class=\"hljs-number\">22</span>,\n <span class=\"hljs-string\">\"ipv4Ranges\"</span>: [ { <span class=\"hljs-string\">\"cidrIp\"</span>: <span class=\"hljs-string\">\"0.0.0.0/0\"</span> } ],\n <span class=\"hljs-string\">\"ipRanges\"</span>: [ <span class=\"hljs-string\">\"0.0.0.0/0\"</span> ]\n },\n <span class=\"hljs-string\">\"changeType\"</span>: <span class=\"hljs-string\">\"DELETE\"</span>\n }\n },\n <span class=\"hljs-string\">\"changeType\"</span>: <span class=\"hljs-string\">\"UPDATE\"</span>\n },\n <span class=\"hljs-string\">\"configurationItem\"</span>: {\n <span class=\"hljs-string\">\"relationships\"</span>: [\n {\n <span class=\"hljs-string\">\"resourceId\"</span>: <span class=\"hljs-string\">\"vpc-09a90003b04281036\"</span>,\n <span class=\"hljs-string\">\"resourceName\"</span>: null,\n <span class=\"hljs-string\">\"resourceType\"</span>: <span class=\"hljs-string\">\"AWS::EC2::VPC\"</span>,\n <span class=\"hljs-string\">\"name\"</span>: <span class=\"hljs-string\">\"Is contained in Vpc\"</span>\n }\n ],\n <span class=\"hljs-string\">\"configuration\"</span>: {\n <span class=\"hljs-string\">\"description\"</span>: <span class=\"hljs-string\">\"An Example Security Group\"</span>,\n <span class=\"hljs-string\">\"groupName\"</span>: <span class=\"hljs-string\">\"ExampleGroup\"</span>,\n ...\n <span class=\"hljs-string\">\"groupId\"</span>: <span class=\"hljs-string\">\"sg-040febc38b5233298\"</span>,\n ],\n <span class=\"hljs-string\">\"vpcId\"</span>: <span class=\"hljs-string\">\"vpc-09a90003b04281036\"</span>\n },\n <span class=\"hljs-string\">\"configurationItemVersion\"</span>: <span class=\"hljs-string\">\"1.3\"</span>,\n <span class=\"hljs-string\">\"configurationItemCaptureTime\"</span>: <span class=\"hljs-string\">\"2019-08-22T20:35:49.316Z\"</span>,\n <span class=\"hljs-string\">\"configurationStateId\"</span>: <span class=\"hljs-number\">1566506149316</span>,\n <span class=\"hljs-string\">\"configurationItemStatus\"</span>: <span class=\"hljs-string\">\"OK\"</span>,\n <span class=\"hljs-string\">\"resourceType\"</span>: <span class=\"hljs-string\">\"AWS::EC2::SecurityGroup\"</span>,\n <span class=\"hljs-string\">\"resourceId\"</span>: <span class=\"hljs-string\">\"sg-040febc38b5233298\"</span>,\n <span class=\"hljs-string\">\"ARN\"</span>: <span class=\"hljs-string\">\"arn:aws:ec2:us-east-1::security-group/sg-040febc38b5233298\"</span>,\n <span class=\"hljs-string\">\"awsRegion\"</span>: <span class=\"hljs-string\">\"us-east-1\"</span>,\n <span class=\"hljs-string\">\"configurationStateMd5Hash\"</span>: <span class=\"hljs-string\">\"\"</span>,\n },\n <span class=\"hljs-string\">\"notificationCreationTime\"</span>: <span class=\"hljs-string\">\"2019-08-22T20:35:49.815Z\"</span>,\n <span class=\"hljs-string\">\"messageType\"</span>: <span class=\"hljs-string\">\"ConfigurationItemChangeNotification\"</span>,\n <span class=\"hljs-string\">\"recordVersion\"</span>: <span class=\"hljs-string\">\"1.3\"</span>\n}\n</pre>\n<p>The example shows crucial information about how the configuration of a security group has changed. It shows the previous ingress rule configuration, new ingress rule configuration, and the relationship of the security group to other AWS resources, along with some metadata and resource attributes.</p>\n<h3 class=\"preview__body--subtitle\" id=\"how-does-config-work-with-multiple-aws-accounts-and-multiple-regions\">How does Config work with multiple AWS accounts and multiple regions?</h3>\n<p>AWS Config must be enabled on a per-region basis. Once enabled, multiple regions (and accounts) can be combined using the <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html\" class=\"preview__body--description--blue\" target=\"_blank\">data aggregation</a> features. Multi-account/region Config works both with several individual accounts and with AWS Organizations.</p>\n<p>This module enables Config for a single region. To enable Config across multiple regions, call this module once for each desired region. This is considerably easier to accomplish with <a href=\"/repos/terragrunt\" class=\"preview__body--description--blue\">terragrunt</a>.</p>\n<p>To consolidate multiple regions and accounts, use the <a href=\"https://www.terraform.io/docs/providers/aws/r/config_configuration_aggregator.html\" class=\"preview__body--description--blue\" target=\"_blank\">aws_config_configuration_aggregator</a> resource in the desired destination account/region, and use the <a href=\"https://www.terraform.io/docs/providers/aws/r/config_aggregate_authorization.html\" class=\"preview__body--description--blue\" target=\"_blank\">aws_config_aggregate_authorization</a> resource in the desired source accounts/regions.</p>\n<p>For example, if you wish to aggregate regions <code>us-east-1</code> and <code>eu-west-3</code> from account <code>012345678901</code> to region <code>eu-west-1</code> in account <code>123456789012</code>, you would first run <code>terraform apply</code> on account <code>123456789012</code> using the following Terraform code:</p>\n<pre>provider <span class=\"hljs-string\">\"aws\"</span> {\n region = <span class=\"hljs-string\">\"eu-west-1\"</span>\n}\n<span class=\"hljs-built_in\">\nresource </span><span class=\"hljs-string\">\"aws_config_configuration_aggregator\"</span> <span class=\"hljs-string\">\"destination_account\"</span> {\n name = <span class=\"hljs-string\">\"AggregationExample\"</span>\n\n account_aggregation_source {\n account_ids = [<span class=\"hljs-string\">\"012345678901\"</span>]\n regions = [<span class=\"hljs-string\">\"us-east-1\"</span>, <span class=\"hljs-string\">\"eu-west-3\"</span>]\n }\n}\n</pre>\n<p>Then you would run <code>terraform apply</code> on account <code>012345678901</code> using this Terraform code:</p>\n<pre><span class=\"hljs-attribute\">resource</span> <span class=\"hljs-string\">\"aws_config_aggregate_authorization\"</span> <span class=\"hljs-string\">\"source_account\"</span> {\n <span class=\"hljs-attribute\">account_id</span> = <span class=\"hljs-string\">\"123456789012\"</span>\n region = <span class=\"hljs-string\">\"eu-west-1\"</span>\n}\n</pre>\n<p>Once authorized, the resources from the source regions will begin to appear in the AWS Config console at the destination.</p>\n<h3 class=\"preview__body--subtitle\" id=\"how-can-i-be-alerted-by-aws-config-when-the-configuration-of-a-resource-changes\">How can I be alerted by AWS Config when the configuration of a resource changes?</h3>\n<p>Configuration items (e.g. changes in configuration) are sent to the SNS topic associated with the config recorder. You can <a href=\"https://docs.aws.amazon.com/sns/latest/dg/welcome.html\" class=\"preview__body--description--blue\" target=\"_blank\">subscribe to the SNS topic</a> using the technique of your choice.</p>\n","repoName":"module-security","repoRef":"v0.22.2","serviceDescriptor":{"serviceName":"AWS Config","serviceRepoName":"module-security","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/aws-config","cloudProviders":["aws"],"description":"Run AWS Config to assess, audit, and evaluate the configurations of your AWS resources, ensuring they meet your compliance requirements.","imageUrl":"grunt.png","licenseType":"subscriber","technologies":["Terraform","Go"],"compliance":[],"tags":[""]},"serviceCategoryName":"Landing Zone","fileName":"core-concepts.md","filePath":"/modules/aws-config/core-concepts.md","title":"Repo Browser: AWS Config","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}