Comments (8)
jarrettj
commented on June 12, 2024
1
Damn my bad somehow the registry was on the wrong version!
from terraform-aws-secure-baseline.
nozaq
commented on June 12, 2024
Hi @jarrettj !
Is is possible to provide the code where you source vpc-baseline module?
Also could you check if you have edited the module source locally?
The error message indicates that there exists tags { .... } block somewhere(the correct way to define tags is to use a map like tags = { ... }), but I haven't found such code in the latest commit.
from terraform-aws-secure-baseline.
jarrettj
commented on June 12, 2024
In my variables.tf:
variable "vpc_flow_logs_group_name" {
default = "vpc_flow_logs"
}
variable "vpc_flow_logs_iam_role_arn" {
default = ""
}
I am not sure what vpc_flow_logs_iam_role_arn should be?
And in my main.tf:
module "secure-baseline_vpc-baseline" {
source = "nozaq/secure-baseline/aws//modules/vpc-baseline"
version = "0.3.0"
vpc_flow_logs_group_name = var.vpc_flow_logs_group_name
vpc_flow_logs_iam_role_arn = var.vpc_flow_logs_iam_role_arn
}
Thanks again for the quick reply. And no I have not modified any of the code.
Of yes and the version I am using as on the terraform registry is 0.3.0, maybe the wrong version then?
from terraform-aws-secure-baseline.
jarrettj
commented on June 12, 2024
Do you have to manually create the vpc_flow_logs_iam_role_arn?
from terraform-aws-secure-baseline.
nozaq
commented on June 12, 2024
@jarrettj
Yes, the reason it's designed so is that vpc-baseline module needs to be enabled in each region but the IAM role can be shared across all of them.
If you want to use vpc-baseline alone without the whole secure-baseline module, you can create your role as below.
- https://github.com/nozaq/terraform-aws-secure-baseline/blob/master/vpc_baselines.tf#L15
- https://github.com/nozaq/terraform-aws-secure-baseline/blob/master/vpc_baselines.tf#L35
from terraform-aws-secure-baseline.
jarrettj
commented on June 12, 2024
Thanks man. That helped, got my iam role setup using that info. So once that is done, how would I go about being able to connect to a machine in the vpc? I tried to boot a machine but I can't access it on any ports. Any idea? Thanks.
from terraform-aws-secure-baseline.
nozaq
commented on June 12, 2024
@jarrettj
Blocking any ports is the expected behavior. The goal of vpc-baseline module is to retrict the use of default VPCs as guided in CIS benchmark.
So I would recommend to create a different VPC in which boot any instances for actual use.
To create a new VPC with secure configurations, I've created secure-vpc module. I guess there should be similar modules out there as well.
from terraform-aws-secure-baseline.
jarrettj
commented on June 12, 2024
Ah yes, that makes sense. This is only for default as you said. Will checkout secure-vpc. Thanks, noob here :).
from terraform-aws-secure-baseline.
Related Issues (20)
- S3 bucket - Terraform AWS Provider 4.0
- Make Audit Bucket Glacier Lifecycle Configuration Optional HOT 3
- GuardDuty: creation of invite accepter for master account? HOT 1
- data.aws_subnets.default.ids known only after apply HOT 3
- Example links on https://registry.terraform.io/modules/nozaq/secure-baseline/aws/2.0.0 are dead HOT 1
- Log delivery for notification messages sent to a topic
- Make audit log & content bucket name fully customizable
- Support for adding Security Hub member accounts via Organizations instead of the Manual process?
- Upgrade Security Hub CIS to v1.4.0 HOT 1
- Issue creating CloudTrail HOT 2
- Alarm baseline HOT 4
- AWS Control Tower Support
- Enable Object Lock for CloudTrail S3 Buckets
- Versioning and MFA Delete is not available for S3 buckets.
- Enable `NIST Special Publication 800-53 Revision 5`
- "The bucket does not allow ACLs" HOT 1
- Allow CloudTrail encryption with SSE-S3
- Setting '*_key_prefix' variables to empty string results in S3 paths containing pointless duplicit slash "/"
- Allow `aws_s3_bucket_policy` to be optionally applied or take on additional external policies
- Open PR's and stale repo?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-secure-baseline.