Skip to content

Latest commit

 

History

History

macie-account

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
migrations.tf
migrations.tf
 
 
outputs.tf
outputs.tf
 
 
resource-group.tf
resource-group.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

macie-account

This module creates following resources.

  • aws_macie2_account
  • aws_macie2_member (optional)
  • aws_macie2_classification_export_configuration (optional)

Requirements

Name Version
terraform >= 1.5
aws >= 4.14

Providers

Name Version
aws 5.48.0

Modules

Name Source Version
resource_group tedilabs/misc/aws//modules/resource-group ~> 0.10.0

Resources

Name Type
aws_macie2_account.this resource
aws_macie2_classification_export_configuration.this resource
aws_macie2_member.this resource
aws_caller_identity.this data source

Inputs

Name Description Type Default Required
discovery_result_repository (Optional) The configuration for discovery result location and encryption of the macie account. A discovery_result_repository block as defined below.
(Optional) s3_bucket - A configuration for the S3 bucket in which Amazon Macie exports the data discovery results. s3_bucket as defined below.
(Required) name - The name of the S3 bucket in which Amazon Macie exports the data classification results.
(Optional) key_prefix - The key prefix for the specified S3 bucket.
(Required) sse_kms_key - The ARN of the AWS KMS key to be used to encrypt the data.		 
object({
    s3_bucket = optional(object({
      name        = string
      key_prefix  = optional(string, "")
      sse_kms_key = string
    }))
  })
 {} no
enabled (Optional) Whether to enable Amazon Macie and start all Macie activities for the account. Defaults to true. Set false to suspend Macie, it stops monitoring your AWS environment and does not generate new findings. The existing findings remain intact and are not affected. Delete aws_macie2_account resource to disable Macie, it permanently deletes all of your existing findings, classification jobs, and other Macie resources. bool true no
member_accounts (Optional) A list of configurations for member accounts on the macie account. Each block of member_accounts as defined below.
(Required) account_id - The AWS account ID for the account.
(Required) email - The email address for the account.
(Optional) enabled - Whether to enable Amazon Macie and start all Macie activities for the member account. Defaults to true.
(Optional) tags - A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.		 
list(object({
    account_id = string
    email      = string
    enabled    = optional(bool, true)
    tags       = optional(map(string), {})
  }))
 [] no
module_tags_enabled (Optional) Whether to create AWS Resource Tags for the module informations. bool true no
resource_group_description (Optional) The description of Resource Group. string "Managed by Terraform." no
resource_group_enabled (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. bool true no
resource_group_name (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. string "" no
tags (Optional) A map of tags to add to all resources. map(string) {} no
update_frequency (Optional) How often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are 15m, 1h or 6h. Defaults to 15m. string "15m" no

Outputs

Name Description
created_at The date and time, in UTC and extended RFC 3339 format, when the Amazon Macie account was created.
discovery_result_repository The configuration for discovery result location and encryption of the macie account.
enabled Whether the macie account is eanbled.
id The ID of the macie account.
member_accounts The list of configruations for member accounts on the macie account.
name The account ID of the macie account.
service_role The Amazon Resource Name (ARN) of the service-linked role that allows Macie to monitor and analyze data in AWS resources for the account.
update_frequency How often to publish updates to policy findings for the macie account.
updated_at The date and time, in UTC and extended RFC 3339 format, of the most recent change to the status of the Macie account.