Skip to content

Latest commit

History

History

access-analyzer

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
main.tf
main.tf
migrations.tf
migrations.tf
outputs.tf
outputs.tf
resource-group.tf
resource-group.tf
variables.tf
variables.tf
versions.tf
versions.tf

README.md

access-analyzer

This module creates following resources.

  • aws_accessanalyzer_analyzer
  • aws_accessanalyzer_archive_rule (optional)

Requirements

Name Version
terraform >= 1.6
aws >= 5.34

Providers

Name Version
aws 5.46.0

Modules

Name Source Version
resource_group tedilabs/misc/aws//modules/resource-group ~> 0.10.0

Resources

Name Type
aws_accessanalyzer_analyzer.this resource
aws_accessanalyzer_archive_rule.this resource

Inputs

Name Description Type Default Required
name (Required) The name of the Analyzer. string n/a yes
archive_rules (Optional) A list of archive rules for the AccessAnalyzer Analyzer. Each item of archive_rules block as defined below.
(Required) name - The name of archive rule.
(Required) filters - A list of filter criterias for the archive rule. Each item of filters block as defined below.
(Required) criteria - The filter criteria.
(Optional) contains - Contains comparator.
(Optional) exists - Exists comparator (Boolean).
(Optional) eq - Equal comparator.
(Optional) neq - Not Equal comparator.		 any [] no
module_tags_enabled (Optional) Whether to create AWS Resource Tags for the module informations. bool true no
resource_group_description (Optional) The description of Resource Group. string "Managed by Terraform." no
resource_group_enabled (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. bool true no
resource_group_name (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. string "" no
scope (Optional) A scope of Analyzer. Valid values are ACCOUNT or ORGANIZATION. Defaults to ACCOUNT. string "ACCOUNT" no
tags (Optional) A map of tags to add to all resources. map(string) {} no
type (Optional) A finding type of Analyzer. Valid values are EXTERNAL_ACCESS or UNUSED_ACCESS. Defaults to EXTERNAL_ACCESS. string "EXTERNAL_ACCESS" no
unused_access_tracking_period (Optional) A number of days for the tracking the period. Findings will be generated for access that hasn't been used in more than the specified number of days. Defaults to 90. number 90 no

Outputs

Name Description
archive_rules A list of archive rules for the Analyzer.
arn The Amazon Resource Name (ARN) of this Analyzer.
id The ID of this Analyzer.
name The name of the Analyzer.
scope The scope of Analyzer.
type The finding type of Analyzer.
unused_access_tracking_period The scope of Analyzer.