This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CloudWatch Log Group where Macie publishes classification job events | |
| # Macie automatically creates this log group and publishes events to it | |
| # We manage it in Terraform to ensure proper configuration and to create the subscription filter | |
| resource "aws_cloudwatch_log_group" "macie_jobs" { | |
| name = local.macie_log_group_name | |
| retention_in_days = 90 | |
| } | |
| # CloudWatch Logs Subscription Filter | |
| # This filter watches the Macie job log group for job status events |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IAM role for the Lambda function | |
| resource "aws_iam_role" "lambda_execution_role" { | |
| name = "${local.lambda_function.function_name}-execution-role" | |
| assume_role_policy = jsonencode({ | |
| Version = "2012-10-17" | |
| Statement = [{ | |
| Effect = "Allow" | |
| Principal = { | |
| Service = "lambda.amazonaws.com" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_macie2_account" "this" { | |
| finding_publishing_frequency = local.macie.finding_publishing_frequency | |
| } | |
| # Create the Macie classification job to scan the specified S3 buckets | |
| resource "aws_macie2_classification_job" "this" { | |
| name = local.classification_job.name | |
| job_type = local.classification_job.job_type | |
| s3_job_definition { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_caller_identity" "current" {} | |
| data "aws_region" "current" {} | |
| # Get the S3 bucket ARNs for the Macie classification job | |
| data "aws_s3_bucket" "target_buckets" { | |
| for_each = toset(var.s3_bucket_names) | |
| bucket = each.value | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| aws_region = "ap-southeast-2" | |
| default_tags = { | |
| project-name = "Macie Custom EventBridge Events" | |
| environment = var.environment | |
| managed-by = "Terraform" | |
| } | |
| # Macie configuration |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # terraform { | |
| # backend "s3" { | |
| # bucket = "my-terraform-state-bucket" | |
| # key = "terraform/macie-custom-events/terraform.tfstate" | |
| # region = "ap-southeast-2" | |
| # encrypt = true | |
| # use_lockfile = true | |
| # } | |
| # } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "environment" { | |
| description = "Deployment environment (e.g., dev, staging, prod)" | |
| type = string | |
| default = "dev" | |
| } | |
| variable "s3_bucket_names" { | |
| description = "List of S3 bucket names that Macie should scan for sensitive data" | |
| type = list(string) | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_version = ">= 1.0" | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = "~> 5.0" | |
| } | |
| archive = { | |
| source = "hashicorp/archive" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "aws_region" { | |
| type = string | |
| description = "The AWS Region that the resources will be deployed inot" | |
| default = "ap-southeast-2" | |
| } | |
| variable "environment" { | |
| type = string | |
| description = "Deployment environment (e.g., dev, staging, prod)" | |
| default = "dev" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "portfolio_id" { | |
| type = string | |
| description = "The id of the Service Catalog Portfolio to attach this Service Catalog Product to" | |
| } | |
| variable "artifacts_s3_bucket_name" { | |
| type = string | |
| description = "The name of the artifacts s3 bucket" | |
| } |