diff --git a/dev-team-account/guardduty-detector/backend.tf b/dev-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..a683ddb --- /dev/null +++ b/dev-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-dev-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-dev-lock" + } +} \ No newline at end of file diff --git a/dev-team-account/guardduty-detector/main.tf b/dev-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/dev-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/dev-team-account/state/dynamodb/main.tf b/dev-team-account/state/dynamodb/main.tf index fe65415..42163e0 100644 --- a/dev-team-account/state/dynamodb/main.tf +++ b/dev-team-account/state/dynamodb/main.tf @@ -19,7 +19,8 @@ locals { "ssm", "cloudwatch", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/identity-team-account/guardduty-detector/backend.tf b/identity-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..80d9cdb --- /dev/null +++ b/identity-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-identity-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-identity-lock" + } +} \ No newline at end of file diff --git a/identity-team-account/guardduty-detector/main.tf b/identity-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/identity-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/identity-team-account/state/dynamodb/main.tf b/identity-team-account/state/dynamodb/main.tf index 93e8167..ab7ee63 100644 --- a/identity-team-account/state/dynamodb/main.tf +++ b/identity-team-account/state/dynamodb/main.tf @@ -18,7 +18,8 @@ locals { "ssoadmin", "identitystore", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/management-team-account/guardduty-detector/backend.tf b/management-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..5d8f43d --- /dev/null +++ b/management-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-management-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-management-lock" + } +} \ No newline at end of file diff --git a/management-team-account/guardduty-detector/main.tf b/management-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/management-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/management-team-account/state/dynamodb/main.tf b/management-team-account/state/dynamodb/main.tf index d4bd25b..f4841c2 100644 --- a/management-team-account/state/dynamodb/main.tf +++ b/management-team-account/state/dynamodb/main.tf @@ -16,7 +16,8 @@ locals { resources = [ "cloudtrail", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/modules/guardduty-detector/main.tf b/modules/guardduty-detector/main.tf new file mode 100644 index 0000000..3ce643a --- /dev/null +++ b/modules/guardduty-detector/main.tf @@ -0,0 +1,3 @@ +resource "aws_guardduty_detector" "this" { + enable = var.enable +} \ No newline at end of file diff --git a/modules/guardduty-detector/outputs.tf b/modules/guardduty-detector/outputs.tf new file mode 100644 index 0000000..81c0c99 --- /dev/null +++ b/modules/guardduty-detector/outputs.tf @@ -0,0 +1,4 @@ +output "guardduty_detector_id" { + description = "The ID of the GuardDuty detector" + value = aws_guardduty_detector.this.id +} \ No newline at end of file diff --git a/modules/guardduty-detector/variables.tf b/modules/guardduty-detector/variables.tf new file mode 100644 index 0000000..9c03547 --- /dev/null +++ b/modules/guardduty-detector/variables.tf @@ -0,0 +1,5 @@ +variable "enable" { + type = bool + description = "Whether to enable GuardDuty" + default = true +} diff --git a/operation-team-account/guardduty-detector/backend.tf b/operation-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..4143198 --- /dev/null +++ b/operation-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-operation-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-operation-lock" + } +} \ No newline at end of file diff --git a/operation-team-account/guardduty-detector/main.tf b/operation-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/operation-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/operation-team-account/state/dynamodb/main.tf b/operation-team-account/state/dynamodb/main.tf index 6e66ef0..aa9e5df 100644 --- a/operation-team-account/state/dynamodb/main.tf +++ b/operation-team-account/state/dynamodb/main.tf @@ -21,7 +21,8 @@ locals { "eventbridge", "lambda", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/prod-team-account/guardduty-detector/backend.tf b/prod-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..d05e330 --- /dev/null +++ b/prod-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-prod-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-prod-lock" + } +} \ No newline at end of file diff --git a/prod-team-account/guardduty-detector/main.tf b/prod-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/prod-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/prod-team-account/state/dynamodb/main.tf b/prod-team-account/state/dynamodb/main.tf index 519954d..be71b09 100644 --- a/prod-team-account/state/dynamodb/main.tf +++ b/prod-team-account/state/dynamodb/main.tf @@ -22,7 +22,8 @@ locals { "codedeploy", "deploy", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/security-team-account/guardduty-detector/backend.tf b/security-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..6ea94e5 --- /dev/null +++ b/security-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-security-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-security-lock" + } +} \ No newline at end of file diff --git a/security-team-account/guardduty-detector/main.tf b/security-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/security-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/security-team-account/state/dynamodb/main.tf b/security-team-account/state/dynamodb/main.tf index fca0936..6100aba 100644 --- a/security-team-account/state/dynamodb/main.tf +++ b/security-team-account/state/dynamodb/main.tf @@ -20,7 +20,8 @@ locals { "securityhub", "config", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/stage-team-account/guardduty-detector/backend.tf b/stage-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..1e980f4 --- /dev/null +++ b/stage-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-stage-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-stage-lock" + } +} \ No newline at end of file diff --git a/stage-team-account/guardduty-detector/main.tf b/stage-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/stage-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/stage-team-account/state/dynamodb/main.tf b/stage-team-account/state/dynamodb/main.tf index e81e3cf..11f354e 100644 --- a/stage-team-account/state/dynamodb/main.tf +++ b/stage-team-account/state/dynamodb/main.tf @@ -22,7 +22,8 @@ locals { "codedeploy", "deploy", "dynamodb", - "s3" + "s3", + "guardduty" ] }