From f73488abffaa5eee64469c5b8ec314c35c10c551 Mon Sep 17 00:00:00 2001 From: subin Date: Tue, 29 Jul 2025 21:54:31 +0900 Subject: [PATCH 1/2] =?UTF-8?q?feat:=20=EA=B0=81=20=EA=B3=84=EC=A0=95?= =?UTF-8?q?=EB=B3=84=20guardduty=20=ED=99=9C=EC=84=B1=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dev-team-account/guardduty-detector/backend.tf | 9 +++++++++ dev-team-account/guardduty-detector/main.tf | 17 +++++++++++++++++ dev-team-account/state/dynamodb/main.tf | 3 ++- .../guardduty-detector/backend.tf | 9 +++++++++ .../guardduty-detector/main.tf | 17 +++++++++++++++++ identity-team-account/state/dynamodb/main.tf | 3 ++- .../guardduty-detector/backend.tf | 9 +++++++++ .../guardduty-detector/main.tf | 17 +++++++++++++++++ management-team-account/state/dynamodb/main.tf | 3 ++- modules/guardduty-detector/main.tf | 3 +++ modules/guardduty-detector/outputs.tf | 4 ++++ modules/guardduty-detector/variables.tf | 5 +++++ .../guardduty-detector/backend.tf | 9 +++++++++ .../guardduty-detector/main.tf | 17 +++++++++++++++++ operation-team-account/state/dynamodb/main.tf | 3 ++- prod-team-account/guardduty-detector/backend.tf | 9 +++++++++ prod-team-account/guardduty-detector/main.tf | 17 +++++++++++++++++ prod-team-account/state/dynamodb/main.tf | 3 ++- .../guardduty-detector/backend.tf | 9 +++++++++ .../guardduty-detector/main.tf | 17 +++++++++++++++++ security-team-account/state/dynamodb/main.tf | 3 ++- .../guardduty-detector/backend.tf | 9 +++++++++ stage-team-account/guardduty-detector/main.tf | 17 +++++++++++++++++ stage-team-account/state/dynamodb/main.tf | 3 ++- 24 files changed, 208 insertions(+), 7 deletions(-) create mode 100644 dev-team-account/guardduty-detector/backend.tf create mode 100644 dev-team-account/guardduty-detector/main.tf create mode 100644 identity-team-account/guardduty-detector/backend.tf create mode 100644 identity-team-account/guardduty-detector/main.tf create mode 100644 management-team-account/guardduty-detector/backend.tf create mode 100644 management-team-account/guardduty-detector/main.tf create mode 100644 modules/guardduty-detector/main.tf create mode 100644 modules/guardduty-detector/outputs.tf create mode 100644 modules/guardduty-detector/variables.tf create mode 100644 operation-team-account/guardduty-detector/backend.tf create mode 100644 operation-team-account/guardduty-detector/main.tf create mode 100644 prod-team-account/guardduty-detector/backend.tf create mode 100644 prod-team-account/guardduty-detector/main.tf create mode 100644 security-team-account/guardduty-detector/backend.tf create mode 100644 security-team-account/guardduty-detector/main.tf create mode 100644 stage-team-account/guardduty-detector/backend.tf create mode 100644 stage-team-account/guardduty-detector/main.tf diff --git a/dev-team-account/guardduty-detector/backend.tf b/dev-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..ab09c94 --- /dev/null +++ b/dev-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-dev-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-dev-lock" + } +} \ No newline at end of file diff --git a/dev-team-account/guardduty-detector/main.tf b/dev-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/dev-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/dev-team-account/state/dynamodb/main.tf b/dev-team-account/state/dynamodb/main.tf index fe65415..42163e0 100644 --- a/dev-team-account/state/dynamodb/main.tf +++ b/dev-team-account/state/dynamodb/main.tf @@ -19,7 +19,8 @@ locals { "ssm", "cloudwatch", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/identity-team-account/guardduty-detector/backend.tf b/identity-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..589b4ac --- /dev/null +++ b/identity-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-identity-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-identity-lock" + } +} \ No newline at end of file diff --git a/identity-team-account/guardduty-detector/main.tf b/identity-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/identity-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/identity-team-account/state/dynamodb/main.tf b/identity-team-account/state/dynamodb/main.tf index 93e8167..ab7ee63 100644 --- a/identity-team-account/state/dynamodb/main.tf +++ b/identity-team-account/state/dynamodb/main.tf @@ -18,7 +18,8 @@ locals { "ssoadmin", "identitystore", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/management-team-account/guardduty-detector/backend.tf b/management-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..8a098fa --- /dev/null +++ b/management-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-management-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-management-lock" + } +} \ No newline at end of file diff --git a/management-team-account/guardduty-detector/main.tf b/management-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/management-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/management-team-account/state/dynamodb/main.tf b/management-team-account/state/dynamodb/main.tf index d4bd25b..f4841c2 100644 --- a/management-team-account/state/dynamodb/main.tf +++ b/management-team-account/state/dynamodb/main.tf @@ -16,7 +16,8 @@ locals { resources = [ "cloudtrail", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/modules/guardduty-detector/main.tf b/modules/guardduty-detector/main.tf new file mode 100644 index 0000000..3ce643a --- /dev/null +++ b/modules/guardduty-detector/main.tf @@ -0,0 +1,3 @@ +resource "aws_guardduty_detector" "this" { + enable = var.enable +} \ No newline at end of file diff --git a/modules/guardduty-detector/outputs.tf b/modules/guardduty-detector/outputs.tf new file mode 100644 index 0000000..81c0c99 --- /dev/null +++ b/modules/guardduty-detector/outputs.tf @@ -0,0 +1,4 @@ +output "guardduty_detector_id" { + description = "The ID of the GuardDuty detector" + value = aws_guardduty_detector.this.id +} \ No newline at end of file diff --git a/modules/guardduty-detector/variables.tf b/modules/guardduty-detector/variables.tf new file mode 100644 index 0000000..9c03547 --- /dev/null +++ b/modules/guardduty-detector/variables.tf @@ -0,0 +1,5 @@ +variable "enable" { + type = bool + description = "Whether to enable GuardDuty" + default = true +} diff --git a/operation-team-account/guardduty-detector/backend.tf b/operation-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..f67d130 --- /dev/null +++ b/operation-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-operation-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-operation-lock" + } +} \ No newline at end of file diff --git a/operation-team-account/guardduty-detector/main.tf b/operation-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/operation-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/operation-team-account/state/dynamodb/main.tf b/operation-team-account/state/dynamodb/main.tf index 6e66ef0..aa9e5df 100644 --- a/operation-team-account/state/dynamodb/main.tf +++ b/operation-team-account/state/dynamodb/main.tf @@ -21,7 +21,8 @@ locals { "eventbridge", "lambda", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/prod-team-account/guardduty-detector/backend.tf b/prod-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..36c47f8 --- /dev/null +++ b/prod-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-prod-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-prod-lock" + } +} \ No newline at end of file diff --git a/prod-team-account/guardduty-detector/main.tf b/prod-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/prod-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/prod-team-account/state/dynamodb/main.tf b/prod-team-account/state/dynamodb/main.tf index 519954d..be71b09 100644 --- a/prod-team-account/state/dynamodb/main.tf +++ b/prod-team-account/state/dynamodb/main.tf @@ -22,7 +22,8 @@ locals { "codedeploy", "deploy", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/security-team-account/guardduty-detector/backend.tf b/security-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..38555d9 --- /dev/null +++ b/security-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-security-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-security-lock" + } +} \ No newline at end of file diff --git a/security-team-account/guardduty-detector/main.tf b/security-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/security-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/security-team-account/state/dynamodb/main.tf b/security-team-account/state/dynamodb/main.tf index fca0936..6100aba 100644 --- a/security-team-account/state/dynamodb/main.tf +++ b/security-team-account/state/dynamodb/main.tf @@ -20,7 +20,8 @@ locals { "securityhub", "config", "dynamodb", - "s3" + "s3", + "guardduty" ] } diff --git a/stage-team-account/guardduty-detector/backend.tf b/stage-team-account/guardduty-detector/backend.tf new file mode 100644 index 0000000..7fb9bc7 --- /dev/null +++ b/stage-team-account/guardduty-detector/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-stage-state" + key = "guardduty-detector/guardduty.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "guardduty-stage-lock" + } +} \ No newline at end of file diff --git a/stage-team-account/guardduty-detector/main.tf b/stage-team-account/guardduty-detector/main.tf new file mode 100644 index 0000000..867bad1 --- /dev/null +++ b/stage-team-account/guardduty-detector/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} + +provider "aws" { + alias = "operation" + region = "ap-northeast-2" +} + +module "guardduty-detector" { + source = "../../modules/guardduty-detector" + enable = true +} diff --git a/stage-team-account/state/dynamodb/main.tf b/stage-team-account/state/dynamodb/main.tf index e81e3cf..11f354e 100644 --- a/stage-team-account/state/dynamodb/main.tf +++ b/stage-team-account/state/dynamodb/main.tf @@ -22,7 +22,8 @@ locals { "codedeploy", "deploy", "dynamodb", - "s3" + "s3", + "guardduty" ] } From cac9f646f0ef58b61297f614a0f9d4afb1451987 Mon Sep 17 00:00:00 2001 From: subin Date: Tue, 29 Jul 2025 21:58:38 +0900 Subject: [PATCH 2/2] =?UTF-8?q?terraform=20fmt=20-recursive=20=EC=A0=81?= =?UTF-8?q?=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dev-team-account/guardduty-detector/backend.tf | 4 ++-- identity-team-account/guardduty-detector/backend.tf | 4 ++-- management-team-account/guardduty-detector/backend.tf | 4 ++-- operation-team-account/guardduty-detector/backend.tf | 4 ++-- prod-team-account/guardduty-detector/backend.tf | 4 ++-- security-team-account/guardduty-detector/backend.tf | 4 ++-- stage-team-account/guardduty-detector/backend.tf | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/dev-team-account/guardduty-detector/backend.tf b/dev-team-account/guardduty-detector/backend.tf index ab09c94..a683ddb 100644 --- a/dev-team-account/guardduty-detector/backend.tf +++ b/dev-team-account/guardduty-detector/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "cloudfence-dev-state" + bucket = "cloudfence-dev-state" key = "guardduty-detector/guardduty.tfstate" region = "ap-northeast-2" encrypt = true - dynamodb_table = "guardduty-dev-lock" + dynamodb_table = "guardduty-dev-lock" } } \ No newline at end of file diff --git a/identity-team-account/guardduty-detector/backend.tf b/identity-team-account/guardduty-detector/backend.tf index 589b4ac..80d9cdb 100644 --- a/identity-team-account/guardduty-detector/backend.tf +++ b/identity-team-account/guardduty-detector/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "cloudfence-identity-state" + bucket = "cloudfence-identity-state" key = "guardduty-detector/guardduty.tfstate" region = "ap-northeast-2" encrypt = true - dynamodb_table = "guardduty-identity-lock" + dynamodb_table = "guardduty-identity-lock" } } \ No newline at end of file diff --git a/management-team-account/guardduty-detector/backend.tf b/management-team-account/guardduty-detector/backend.tf index 8a098fa..5d8f43d 100644 --- a/management-team-account/guardduty-detector/backend.tf +++ b/management-team-account/guardduty-detector/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "cloudfence-management-state" + bucket = "cloudfence-management-state" key = "guardduty-detector/guardduty.tfstate" region = "ap-northeast-2" encrypt = true - dynamodb_table = "guardduty-management-lock" + dynamodb_table = "guardduty-management-lock" } } \ No newline at end of file diff --git a/operation-team-account/guardduty-detector/backend.tf b/operation-team-account/guardduty-detector/backend.tf index f67d130..4143198 100644 --- a/operation-team-account/guardduty-detector/backend.tf +++ b/operation-team-account/guardduty-detector/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "cloudfence-operation-state" + bucket = "cloudfence-operation-state" key = "guardduty-detector/guardduty.tfstate" region = "ap-northeast-2" encrypt = true - dynamodb_table = "guardduty-operation-lock" + dynamodb_table = "guardduty-operation-lock" } } \ No newline at end of file diff --git a/prod-team-account/guardduty-detector/backend.tf b/prod-team-account/guardduty-detector/backend.tf index 36c47f8..d05e330 100644 --- a/prod-team-account/guardduty-detector/backend.tf +++ b/prod-team-account/guardduty-detector/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "cloudfence-prod-state" + bucket = "cloudfence-prod-state" key = "guardduty-detector/guardduty.tfstate" region = "ap-northeast-2" encrypt = true - dynamodb_table = "guardduty-prod-lock" + dynamodb_table = "guardduty-prod-lock" } } \ No newline at end of file diff --git a/security-team-account/guardduty-detector/backend.tf b/security-team-account/guardduty-detector/backend.tf index 38555d9..6ea94e5 100644 --- a/security-team-account/guardduty-detector/backend.tf +++ b/security-team-account/guardduty-detector/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "cloudfence-security-state" + bucket = "cloudfence-security-state" key = "guardduty-detector/guardduty.tfstate" region = "ap-northeast-2" encrypt = true - dynamodb_table = "guardduty-security-lock" + dynamodb_table = "guardduty-security-lock" } } \ No newline at end of file diff --git a/stage-team-account/guardduty-detector/backend.tf b/stage-team-account/guardduty-detector/backend.tf index 7fb9bc7..1e980f4 100644 --- a/stage-team-account/guardduty-detector/backend.tf +++ b/stage-team-account/guardduty-detector/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "cloudfence-stage-state" + bucket = "cloudfence-stage-state" key = "guardduty-detector/guardduty.tfstate" region = "ap-northeast-2" encrypt = true - dynamodb_table = "guardduty-stage-lock" + dynamodb_table = "guardduty-stage-lock" } } \ No newline at end of file