Merge pull request #1 from rhythmictech/demo

Demo

Author: sblack4

README.md

@@ -1,16 +1,16 @@
-# terraform-anycloud-template [![](https://github.com/rhythmictech/terraform-anycloud-template/workflows/pre-commit-check/badge.svg)](https://github.com/rhythmictech/terraform-anycloud-template/actions) <a href="https://twitter.com/intent/follow?screen_name=RhythmicTech"><img src="https://img.shields.io/twitter/follow/RhythmicTech?style=social&logo=RhythmicTech" alt="follow on Twitter"></a>
+# terraform-aws-securityhub-to-sns [![](https://github.com/rhythmictech/terraform-aws-securityhub-to-sns/workflows/pre-commit-check/badge.svg)](https://github.com/rhythmictech/terraform-aws-securityhub-to-sns/actions) <a href="https://twitter.com/intent/follow?screen_name=RhythmicTech"><img src="https://img.shields.io/twitter/follow/RhythmicTech?style=social&logo=RhythmicTech" alt="follow on Twitter"></a>
 Template repository for terraform modules. Good for any cloud and any provider.
 
 ## Example
 Here's what using the module will look like
 ```
 module "example" {
-  source = "rhythmictech/terraform-mycloud-mymodule
+  source = "rhythmictech/terraform-aws-securityhub-to-sns
+  custom_action_notification_arn    = "arn:aws:sns:us-east-1:012345678912:CreateTicket"
+  imported_finding_notification_arn = "arn:aws:sns:us-east-1:012345678912:NotifySlack"
 }
 ```
 
-## About
-A bit about this module
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@@ -19,25 +19,21 @@ No requirements.
 
 ## Providers
 
-No provider.
+| Name | Version |
+|------|---------|
+| aws | n/a |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| name | Moniker to apply to all resources in the module | `string` | n/a | yes |
+| custom\_action\_notification\_arn | Notification ARN to send custom actions to (leave blank if not using custom actions) | `string` | `null` | no |
+| imported\_finding\_notification\_arn | Notification ARN to send imported findings to (leave blank if not using custom actions) | `string` | `null` | no |
+| name | Moniker to apply to or prefix all resources in the module | `string` | `"securityhub"` | no |
 | tags | User-Defined tags | `map(string)` | `{}` | no |
 
 ## Outputs
 
-| Name | Description |
-|------|-------------|
-| tags\_module | Tags Module in it's entirety |
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-
-## The Giants underneath this module
-- pre-commit.com/
-- terraform.io/
-- github.com/tfutils/tfenv
-- github.com/segmentio/terraform-docs

examples/basic/README.md

@@ -1,9 +1,63 @@
 
-module "tags" {
-  source  = "rhythmictech/tags/terraform"
-  version = "1.0.0"
+resource "aws_securityhub_account" "this" {}
 
-  enforce_case = "UPPER"
-  names        = [var.name]
-  tags         = var.tags
+# NOTE: Security Hub now enables these by default
+# resource "aws_securityhub_product_subscription" "guardduty" {
+#   depends_on  = [aws_securityhub_account.account]
+#   product_arn = "arn:aws:securityhub:${var.region}::product/aws/guardduty"
+# }
+
+# resource "aws_securityhub_standards_subscription" "cis" {
+#   depends_on    = [aws_securityhub_account.account]
+#   standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+# }
+
+resource "aws_cloudwatch_event_rule" "imported" {
+  count       = var.imported_finding_notification_arn == null ? 0 : 1
+  name        = "${var.name}-imported-findings"
+  description = "SecurityHubEvent - Imported Findings"
+  tags        = var.tags
+
+  event_pattern = <<PATTERN
+{
+  "source": [
+    "aws.securityhub"
+  ],
+  "detail-type": [
+    "Security Hub Findings - Imported"
+  ]
+}
+PATTERN
+}
+
+resource "aws_cloudwatch_event_target" "imported" {
+  count     = var.imported_finding_notification_arn == null ? 0 : 1
+  rule      = aws_cloudwatch_event_rule.imported[0].name
+  target_id = "SendToSNS"
+  arn       = var.imported_finding_notification_arn
+}
+
+resource "aws_cloudwatch_event_rule" "custom_action" {
+  count       = var.custom_action_notification_arn == null ? 0 : 1
+  name        = "${var.name}-custom-action"
+  description = "SecurityHubEvent - Custom Action"
+  tags        = var.tags
+
+  event_pattern = <<PATTERN
+{
+  "source": [
+    "aws.securityhub"
+  ],
+  "detail-type": [
+    "Security Hub Findings - Custom Action"
+  ]
+}
+PATTERN
+}
+
+resource "aws_cloudwatch_event_target" "custom_action" {
+  count     = var.custom_action_notification_arn == null ? 0 : 1
+  rule      = aws_cloudwatch_event_rule.custom_action[0].name
+  target_id = "SendToSNS"
+  arn       = var.custom_action_notification_arn
 }

examples/basic/main.tf

@@ -1,6 +1,10 @@
+########################################
+# General Vars
+########################################
 
 variable "name" {
-  description = "Moniker to apply to all resources in the module"
+  default     = "securityhub"
+  description = "Moniker to apply to or prefix all resources in the module"
   type        = string
 }
 
@@ -9,3 +13,19 @@ variable "tags" {
   description = "User-Defined tags"
   type        = map(string)
 }
+
+########################################
+# Notification ARNs
+########################################
+
+variable "custom_action_notification_arn" {
+  default     = null
+  description = "Notification ARN to send custom actions to (leave blank if not using custom actions)"
+  type        = string
+}
+
+variable "imported_finding_notification_arn" {
+  default     = null
+  description = "Notification ARN to send imported findings to (leave blank if not using custom actions)"
+  type        = string
+}