aws_eks_audit

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 2, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AwsEksAuditTerraformModifier

type AwsEksAuditTerraformModifier func(c *GenerateAwsEksAuditTfConfigurationArgs)

func EnableBucketEncryption

func EnableBucketEncryption(enable bool) AwsEksAuditTerraformModifier

EnableBucketEncryption Set the S3 Encryption parameter to true for newly created buckets

func EnableBucketForceDestroy

func EnableBucketForceDestroy() AwsEksAuditTerraformModifier

EnableBucketForceDestroy Set the S3 ForceDestroy parameter to true for newly created buckets

func EnableBucketMfaDelete

func EnableBucketMfaDelete() AwsEksAuditTerraformModifier

EnableBucketMfaDelete Set the S3 MfaDelete parameter to true for newly created buckets

func EnableBucketVersioning

func EnableBucketVersioning(enable bool) AwsEksAuditTerraformModifier

EnableBucketVersioning Set the S3 Bucket versioning parameter to true for newly created buckets

func EnableFirehoseEncryption

func EnableFirehoseEncryption(enable bool) AwsEksAuditTerraformModifier

EnableFirehoseEncryption Set the firehose encryption parameter to true for newly created firehose

func EnableKmsKeyMultiRegion

func EnableKmsKeyMultiRegion(enable bool) AwsEksAuditTerraformModifier

EnableKmsKeyMultiRegion Set whether the KMS key is a multi-region or regional key

func EnableKmsKeyRotation

func EnableKmsKeyRotation(enable bool) AwsEksAuditTerraformModifier

EnableKmsKeyRotation Set KMS automatic key rotation to true

func EnableSnsTopicEncryption

func EnableSnsTopicEncryption(enable bool) AwsEksAuditTerraformModifier

EnableSnsTopicEncryption Set whether encryption should be enabled for the sns topic

func WithAwsProfile

func WithAwsProfile(name string) AwsEksAuditTerraformModifier

WithAwsProfile Set the AWS Profile to utilize when integrating

func WithBucketLifecycleExpirationDays

func WithBucketLifecycleExpirationDays(days int) AwsEksAuditTerraformModifier

WithBucketLifecycleExpirationDays Set the S3 Lifecycle Expiration Days parameter for newly created buckets

func WithBucketSseAlgorithm

func WithBucketSseAlgorithm(algorithm string) AwsEksAuditTerraformModifier

WithBucketSseAlgorithm Set the encryption algorithm to use for S3 bucket server-side encryption

func WithBucketSseKeyArn

func WithBucketSseKeyArn(arn string) AwsEksAuditTerraformModifier

WithBucketSseKeyArn Set the ARN of the KMS encryption key to be used for S3 (Required when bucket_sse_algorithm is aws:kms and using an existing aws_kms_key)

func WithEksAuditIntegrationName

func WithEksAuditIntegrationName(name string) AwsEksAuditTerraformModifier

WithEksAuditIntegrationName Set the name of the EKS audit integration

func WithExistingCloudWatchIamRoleArn

func WithExistingCloudWatchIamRoleArn(arn string) AwsEksAuditTerraformModifier

WithExistingCloudWatchIamRoleArn Set an existing cloudwatch IAM role ARN

func WithExistingCrossAccountIamRole

func WithExistingCrossAccountIamRole(iamDetails *ExistingCrossAccountIamRoleDetails) AwsEksAuditTerraformModifier

WithExistingCrossAccountIamRole Set an existing cross account IAM role configuration to use with the created Terraform code

func WithExistingFirehoseIamRoleArn

func WithExistingFirehoseIamRoleArn(arn string) AwsEksAuditTerraformModifier

WithExistingFirehoseIamRoleArn Set an existing firehose IAM role ARN

func WithFilterPattern

func WithFilterPattern(pattern string) AwsEksAuditTerraformModifier

WithFilterPattern Set the filter pattern for the Cloudwatch subscription filter

func WithFirehoseEncryptionKeyArn

func WithFirehoseEncryptionKeyArn(arn string) AwsEksAuditTerraformModifier

WithFirehoseEncryptionKeyArn Set the ARN of an existing KMS encryption key to be used with the Kinesis Firehose

func WithKmsKeyDeletionDays

func WithKmsKeyDeletionDays(days int) AwsEksAuditTerraformModifier

WithKmsKeyDeletionDays Set the KMS deletion waiting period, specified in number of days

func WithLaceworkAccountID added in v1.7.0

func WithLaceworkAccountID(accountID string) AwsEksAuditTerraformModifier

WithLaceworkAccountID Set the Lacework AWS root account ID to use

func WithLaceworkProfile

func WithLaceworkProfile(name string) AwsEksAuditTerraformModifier

WithLaceworkProfile Set the Lacework Profile to utilize when integrating

func WithParsedRegionClusterMap

func WithParsedRegionClusterMap(regionClusterMap map[string][]string) AwsEksAuditTerraformModifier

WithParsedRegionClusterMap Set the region cluster map. This is a list of clusters per AWS region

func WithPrefix

func WithPrefix(prefix string) AwsEksAuditTerraformModifier

WithPrefix Set the prefix that will be used at the beginning of every generated resource

func WithSnsTopicEncryptionKeyArn

func WithSnsTopicEncryptionKeyArn(arn string) AwsEksAuditTerraformModifier

WithSnsTopicEncryptionKeyArn Set the ARN of an existing KMS encryption key to be used with the SNS Topic

type ExistingCrossAccountIamRoleDetails

type ExistingCrossAccountIamRoleDetails struct {
	// Existing IAM Role ARN
	Arn string

	// Existing IAM Role External ID
	ExternalId string
}

func NewExistingCrossAccountIamRoleDetails

func NewExistingCrossAccountIamRoleDetails(arn string, externalId string) *ExistingCrossAccountIamRoleDetails

NewExistingCrossAccountIamRoleDetails Create new existing IAM role details

func (*ExistingCrossAccountIamRoleDetails) IsPartial

type GenerateAwsEksAuditTfConfigurationArgs

type GenerateAwsEksAuditTfConfigurationArgs struct {

	// Supply an AWS Profile name
	AwsProfile string

	// Should we require MFA for object deletion?
	BucketEnableMfaDelete bool

	// Should we enable bucket encryption?
	BucketEnableEncryption bool

	// Should we force destroy the bucket if it has stuff in it?
	BucketForceDestroy bool

	// The lifetime, in days, of the bucket objects. The value must be a non-zero positive integer
	BucketLifecycleExpirationDays int

	// The encryption algorithm to use for S3 bucket server-side encryption
	BucketSseAlgorithm string

	// Should we use an existing KMS key for the bucket?
	ExistingBucketKmsKey bool

	// The ARN of the KMS encryption key to be used for S3
	// (Required when bucket_sse_algorithm is aws:kms and using an existing kms key)
	BucketSseKeyArn string

	// Should we enable bucket versioning?
	BucketVersioning bool

	// The name of the AWS EKS Audit Log integration in Lacework. Defaults to "TF AWS EKS Audit Log"
	EksAuditIntegrationName string

	// Optionally supply existing cloudwatch IAM role ARN
	ExistingCloudWatchIamRoleArn string

	// Optionally supply existing cross account IAM role details
	ExistingCrossAccountIamRole *ExistingCrossAccountIamRoleDetails

	// Should we allow the user to configure an existing Firehose IAM role?
	ExistingFirehoseIam bool

	// Optionally supply existing firehose role ARN if ExistingFirehoseIam is true
	ExistingFirehoseIamRoleArn string

	// The Cloudwatch Log Subscription Filter pattern
	FilterPattern string

	// Should encryption be enabled on the created firehose? Defaults to true.
	FirehoseEncryptionEnabled bool

	// The ARN of an existing KMS encryption key to be used for the Kinesis Firehose
	FirehoseEncryptionKeyArn string

	// The waiting period, specified in number of days. Defaults to 30.
	KmsKeyDeletionDays int

	// Whether the KMS key is a multi-region or regional key
	KmsKeyMultiRegion bool

	// Enable KMS automatic key rotation
	KmsKeyRotation bool

	// The prefix that will be used at the beginning of every generated resource. Defaults to "lw-eks-al"
	Prefix string

	// Parsed version of RegionClusterMap
	RegionClusterMap map[string]string

	// Parsed version of RegionClusterMap
	ParsedRegionClusterMap map[string][]string

	// Parsed Regions list
	ParsedRegionsList []string

	// Should encryption be enabled for the sns topic? Defaults to true
	SnsTopicEncryptionEnabled bool

	// The ARN of an existing KMS encryption key to be used for the SNS topic
	SnsTopicEncryptionKeyArn string

	// Lacework Profile to use
	LaceworkProfile string

	// The Lacework AWS Root Account ID
	LaceworkAccountID string
}

func NewTerraform

NewTerraform returns an instance of the GenerateAwsEksAuditTfConfigurationArgs struct.

Note: Additional configuration details may be set using modifiers of the AwsEksAuditTerraformModifier type

Basic usage: Initialize a new AwsEksAuditTerraformModifier struct, with a non-default AWS profile set. Then use generate to

           create a string output of the required HCL.

hcl, err := aws.NewTerraform({"us-east-1": ["cluster1", "cluster2"], "us-east-2": ["cluster3"]}
  aws.WithAwsProfile("mycorp-profile")).Generate()

func (*GenerateAwsEksAuditTfConfigurationArgs) Generate

Generate new Terraform code based on the supplied args.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL