Terraform Module for AWS Shield Advanced

Terraform module that creates AWS Shield Advanced Resources

• Terraform Module for AWS Shield Advanced
  • Usage
  • Overview Diagrams
  • Terraform Module
    • Requirements
    • Providers
    • Modules
    • Resources
    • Inputs
    • Outputs

Usage

module "shield_advanced" {
  source = "aws-ia/terraform-aws-shield-advanced/aws"

  name         = "Example protection"
  resource_arn = "${local.arn_prefix}/${aws_eip.example.id}"

  protection_group_config = [
    {
      id          = "Arbitrary Resource"
      aggregation = "MEAN"
      pattern     = "ARBITRARY"
      members     = "${local.arn_prefix}/${aws_eip.example.id}"
    },
    {
      id          = "All Resources"
      aggregation = "MEAN"
      pattern     = "ALL"
    },
    {
      id            = "CloudFront Resource"
      aggregation   = "SUM"
      pattern       = "BY_RESOURCE_TYPE"
      resource_type = "CLOUDFRONT_DISTRIBUTION"
    },
    {
      id            = "Route53 Resource"
      aggregation   = "MAX"
      pattern       = "BY_RESOURCE_TYPE"
      resource_type = "ROUTE_53_HOSTED_ZONE"
    },
    {
      id            = "GlobalAccelerator Resource"
      aggregation   = "SUM"
      pattern       = "BY_RESOURCE_TYPE"
      resource_type = "GLOBAL_ACCELERATOR"
    },
    {
      id            = "ALB Resource"
      aggregation   = "MEAN"
      pattern       = "BY_RESOURCE_TYPE"
      resource_type = "APPLICATION_LOAD_BALANCER"
    },
    {
      id            = "CLB Resource"
      aggregation   = "MEAN"
      pattern       = "BY_RESOURCE_TYPE"
      resource_type = "CLASSIC_LOAD_BALANCER"
    },
    {
      id            = "ElasticIP Resource"
      aggregation   = "SUM"
      pattern       = "BY_RESOURCE_TYPE"
      resource_type = "ELASTIC_IP_ALLOCATION"
    },
  ]
}

Overview Diagrams

Terraform Module

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 4.47

Providers

Name	Version
aws	>= 4.47

Modules

No modules.

Resources

Name	Type
aws_route53_health_check.this	resource
aws_shield_protection.this	resource
aws_shield_protection_group.this	resource
aws_shield_protection_health_check_association.this	resource

Inputs

Name	Description	Type	Default	Required
name	A friendly name for the Protection you are creating.	string	n/a	yes
protection_group_config	id - The name of the protection group, or protection_group_id aggregation - Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events. pattern - The criteria to use to choose the protected resources for inclusion in the group. resource_type - (Optional) The resource type to include in the protection group. You must set this only when you set pattern to BY_RESOURCE_TYPE.	list(object({ id = string aggregation = string pattern = string resource_type = optional(string) }))	n/a	yes
resource_arn	The ARN (Amazon Resource Name) of the resource to be protected.	string	n/a	yes
health_check_configuration	Amazon Route53 Health Check Configuration to be associated to AWS Shield Advanced Protection.	map(any)	null	no
tags	Key-value map of resource tags to apply to all taggable resources created by the module. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. Defaults to {}.	map(string)	{}	no

Outputs

Name	Description
route53_health_check	Amazon Route53 Health Check Configuration.
shied_protection	AWS Shield Advanced Protection and assigned resources.
shied_protection_group	Group of protected resources to be collectivelly handled by AWS Shield Advanced.
shield_protection_health_check_association	Association between an Amazon Route53 Health Check and an AWS Shield Advanced protected resource.