docs(readme): update module usage

schubergphilis · Aug 8, 2023 · eb28e1a · eb28e1a
1 parent 6906682
commit eb28e1a
Showing 1 changed file with 58 additions and 32 deletions.
diff --git a/README.md b/README.md
@@ -130,51 +130,77 @@ Suppress finding for specific resources:
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.14 |
-| aws | >= 4.9 |
-| local | >= 1.0 |
-| null | >= 2.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.9 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 4.9 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.9 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_eventbridge_security_hub_suppressor_role"></a> [eventbridge\_security\_hub\_suppressor\_role](#module\_eventbridge\_security\_hub\_suppressor\_role) | github.com/schubergphilis/terraform-aws-mcaf-role | v0.3.2 |
+| <a name="module_lambda_artifacts_bucket"></a> [lambda\_artifacts\_bucket](#module\_lambda\_artifacts\_bucket) | github.com/schubergphilis/terraform-aws-mcaf-s3 | v0.6.0 |
+| <a name="module_lambda_jira_deployment_package"></a> [lambda\_jira\_deployment\_package](#module\_lambda\_jira\_deployment\_package) | terraform-aws-modules/lambda/aws | ~> 3.3.0 |
+| <a name="module_lambda_jira_security_hub"></a> [lambda\_jira\_security\_hub](#module\_lambda\_jira\_security\_hub) | github.com/schubergphilis/terraform-aws-mcaf-lambda | v0.3.3 |
+| <a name="module_lambda_jira_security_hub_role"></a> [lambda\_jira\_security\_hub\_role](#module\_lambda\_jira\_security\_hub\_role) | github.com/schubergphilis/terraform-aws-mcaf-role | v0.3.2 |
+| <a name="module_lambda_security_hub_suppressor_role"></a> [lambda\_security\_hub\_suppressor\_role](#module\_lambda\_security\_hub\_suppressor\_role) | github.com/schubergphilis/terraform-aws-mcaf-role | v0.3.2 |
+| <a name="module_lambda_securityhub_events_suppressor"></a> [lambda\_securityhub\_events\_suppressor](#module\_lambda\_securityhub\_events\_suppressor) | github.com/schubergphilis/terraform-aws-mcaf-lambda | v0.3.3 |
+| <a name="module_lambda_securityhub_streams_suppressor"></a> [lambda\_securityhub\_streams\_suppressor](#module\_lambda\_securityhub\_streams\_suppressor) | github.com/schubergphilis/terraform-aws-mcaf-lambda | v0.3.3 |
+| <a name="module_lambda_suppressor_deployment_package"></a> [lambda\_suppressor\_deployment\_package](#module\_lambda\_suppressor\_deployment\_package) | terraform-aws-modules/lambda/aws | ~> 3.3.0 |
+| <a name="module_servicenow_integration"></a> [servicenow\_integration](#module\_servicenow\_integration) | ./modules/servicenow/ | n/a |
+| <a name="module_step_function_security_hub_suppressor_role"></a> [step\_function\_security\_hub\_suppressor\_role](#module\_step\_function\_security\_hub\_suppressor\_role) | github.com/schubergphilis/terraform-aws-mcaf-role | v0.3.2 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudwatch_event_rule.securityhub_events_suppressor_failed_events](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
+| [aws_cloudwatch_event_target.lambda_securityhub_events_suppressor](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_cloudwatch_event_target.securityhub_suppressor_orchestrator_step_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_dynamodb_table.suppressor_dynamodb_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
+| [aws_iam_role_policy_attachment.lambda_jira_security_hub_role_vpc_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.lambda_security_hub_suppressor_role_vpc_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_lambda_event_source_mapping.lambda_securityhub_streams_mapping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource |
+| [aws_lambda_permission.allow_eventbridge_to_invoke_suppressor_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
+| [aws_sfn_state_machine.securityhub_suppressor_orchestrator](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sfn_state_machine) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.eventbridge_security_hub_suppressor](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.lambda_jira_security_hub](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.lambda_security_hub_suppressor](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.step_function_security_hub_suppressor](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| kms\_key\_arn | The ARN of the KMS key used to encrypt the resources | `string` | n/a | yes |
-| s3\_bucket\_name | The name for the S3 bucket which will be created for storing the function's deployment package | `string` | n/a | yes |
-| tags | A mapping of tags to assign to the resources | `map(string)` | n/a | yes |
-| create\_allow\_all\_egress\_rule | Whether to create a default any/any egress sg rule for lambda | `bool` | `true` | no |
-| create\_servicenow\_access\_keys | Whether Terraform needs to create and output the access keys for the ServiceNow integration | `bool` | `false` | no |
-| dynamodb\_table | The DynamoDB table containing the items to be suppressed in Security Hub | `string` | `"securityhub-suppression-list"` | no |
-| eventbridge\_suppressor\_iam\_role\_name | The name of the role which will be assumed by EventBridge rules | `string` | `"EventBridgeSecurityHubSuppressorRole"` | no |
-| jira\_exclude\_account\_filter | A list of account IDs for which no issue will be created in Jira | `list(string)` | `[]` | no |
-| jira\_finding\_severity\_normalized | Finding severity(in normalized form) threshold for jira ticket creation | `number` | `70` | no |
-| jira\_integration | Whether to create Jira tickets for Security Hub findings. This requires the variables `jira_project_key` and `jira_secret_arn` to be set | `bool` | `false` | no |
-| jira\_issue\_type | The issue type for which the Jira issue will be created | `string` | `"Security Advisory"` | no |
-| jira\_project\_key | The project key the Jira issue will be created under | `string` | `null` | no |
-| jira\_secret\_arn | Secret arn that stores the secrets for Jira api calls. The Secret should include url, apiuser and apikey | `string` | `null` | no |
-| lambda\_events\_suppressor\_name | The Lambda which will supress the Security Hub findings in response to EventBridge Trigger | `string` | `"securityhub-events-suppressor"` | no |
-| lambda\_jira\_iam\_role\_name | The name of the role which will be assumed by Jira Lambda function | `string` | `"LambdaJiraSecurityHubRole"` | no |
-| lambda\_jira\_name | The Lambda which will create jira ticket and set the Security Hub workflow status to notified | `string` | `"securityhub-jira"` | no |
-| lambda\_log\_level | Sets how verbose lambda Logger should be | `string` | `"INFO"` | no |
-| lambda\_streams\_suppressor\_name | The Lambda which will supress the Security Hub findings in response to DynamoDB streams | `string` | `"securityhub-streams-suppressor"` | no |
-| lambda\_suppressor\_iam\_role\_name | The name of the role which will be assumed by Suppressor Lambda functions | `string` | `"LambdaSecurityHubSuppressorRole"` | no |
-| servicenow\_integration | Whether to enable the ServiceNow integration | `bool` | `false` | no |
-| step\_function\_suppressor\_iam\_role\_name | The name of the role which will be assumed by Suppressor Step function | `string` | `"StepFunctionSecurityHubSuppressorRole"` | no |
-| subnet\_ids | The subnet ids where the lambda's needs to run | `list(string)` | `null` | no |
+| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS key used to encrypt the resources | `string` | n/a | yes |
+| <a name="input_s3_bucket_name"></a> [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name for the S3 bucket which will be created for storing the function's deployment package | `string` | n/a | yes |
+| <a name="input_create_allow_all_egress_rule"></a> [create\_allow\_all\_egress\_rule](#input\_create\_allow\_all\_egress\_rule) | Whether to create a default any/any egress sg rule for lambda | `bool` | `false` | no |
+| <a name="input_dynamodb_table"></a> [dynamodb\_table](#input\_dynamodb\_table) | The DynamoDB table containing the items to be suppressed in Security Hub | `string` | `"securityhub-suppression-list"` | no |
+| <a name="input_eventbridge_suppressor_iam_role_name"></a> [eventbridge\_suppressor\_iam\_role\_name](#input\_eventbridge\_suppressor\_iam\_role\_name) | The name of the role which will be assumed by EventBridge rules | `string` | `"EventBridgeSecurityHubSuppressorRole"` | no |
+| <a name="input_jira_integration"></a> [jira\_integration](#input\_jira\_integration) | Jira integration settings | <pre>object({<br>    enabled                               = optional(bool, false)<br>    credentials_secret_arn                = string<br>    exclude_account_ids                   = optional(list(string), [])<br>    finding_severity_normalized_threshold = optional(number, 70)<br>    issue_type                            = optional(string, "Security Advisory")<br>    project_key                           = string<br>    lambda_settings = optional(object({<br>      name          = optional(string, "securityhub-jira")<br>      iam_role_name = optional(string, "LambdaJiraSecurityHubRole")<br>      log_level     = optional(string, "INFO")<br>      memory_size   = optional(number, 256)<br>      timeout       = optional(number, 60)<br>    }))<br><br>  })</pre> | <pre>{<br>  "credentials_secret_arn": null,<br>  "enabled": false,<br>  "exclude_account_ids": [],<br>  "finding_severity_normalized_threshold": 70,<br>  "issue_type": "Security Advisory",<br>  "lambda_settings": {<br>    "iam_role_name": "LambdaJiraSecurityHubRole",<br>    "log_level": "INFO",<br>    "memory_size": 256,<br>    "name": "securityhub-jira",<br>    "timeout": 60<br>  },<br>  "project_key": null<br>}</pre> | no |
+| <a name="input_lambda_events_suppressor"></a> [lambda\_events\_suppressor](#input\_lambda\_events\_suppressor) | Lambda Events Suppressor settings - Supresses the Security Hub findings in response to EventBridge Trigger | <pre>object({<br>    name        = optional(string, "securityhub-events-suppressor")<br>    log_level   = optional(string, "INFO")<br>    memory_size = optional(number, 256)<br>    timeout     = optional(number, 120)<br>  })</pre> | <pre>{<br>  "log_level": "INFO",<br>  "memory_size": 256,<br>  "name": "securityhub-events-suppressor",<br>  "timeout": 120<br>}</pre> | no |
+| <a name="input_lambda_streams_suppressor"></a> [lambda\_streams\_suppressor](#input\_lambda\_streams\_suppressor) | Lambda Streams Suppressor settings - Supresses the Security Hub findings in response to DynamoDB streams | <pre>object({<br>    name        = optional(string, "securityhub-streams-suppressor")<br>    log_level   = optional(string, "INFO")<br>    memory_size = optional(number, 256)<br>    timeout     = optional(number, 120)<br>  })</pre> | <pre>{<br>  "log_level": "INFO",<br>  "memory_size": 256,<br>  "name": "securityhub-events-suppressor",<br>  "timeout": 120<br>}</pre> | no |
+| <a name="input_lambda_suppressor_iam_role_name"></a> [lambda\_suppressor\_iam\_role\_name](#input\_lambda\_suppressor\_iam\_role\_name) | The name of the role which will be assumed by both Suppressor Lambda functions | `string` | `"LambdaSecurityHubSuppressorRole"` | no |
+| <a name="input_servicenow_integration"></a> [servicenow\_integration](#input\_servicenow\_integration) | ServiceNow integration settings | <pre>object({<br>    enabled            = optional(bool, false)<br>    create_access_keys = optional(bool, false)<br>  })</pre> | <pre>{<br>  "create_access_keys": false,<br>  "enabled": false<br>}</pre> | no |
+| <a name="input_step_function_suppressor_iam_role_name"></a> [step\_function\_suppressor\_iam\_role\_name](#input\_step\_function\_suppressor\_iam\_role\_name) | The name of the role which will be assumed by Suppressor Step function | `string` | `"StepFunctionSecurityHubSuppressorRole"` | no |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | The subnet ids where the lambda's needs to run | `list(string)` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resources | `map(string)` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| dynamodb\_arn | ARN of the DynamoDB table |
-| lambda\_jira\_security\_hub\_sg\_id | This will output the security group id attached to the jira\_security\_hub Lambda. This can be used to tune ingress and egress rules. |
-| lambda\_securityhub\_events\_suppressor\_sg\_id | This will output the security group id attached to the securityhub\_events\_suppressor Lambda. This can be used to tune ingress and egress rules. |
-| lambda\_securityhub\_streams\_suppressor\_sg\_id | This will output the security group id attached to the securityhub\_streams\_suppressor Lambda. This can be used to tune ingress and egress rules. |
-
+| <a name="output_dynamodb_arn"></a> [dynamodb\_arn](#output\_dynamodb\_arn) | ARN of the DynamoDB table |
+| <a name="output_lambda_jira_security_hub_sg_id"></a> [lambda\_jira\_security\_hub\_sg\_id](#output\_lambda\_jira\_security\_hub\_sg\_id) | This will output the security group id attached to the jira\_security\_hub Lambda. This can be used to tune ingress and egress rules. |
+| <a name="output_lambda_securityhub_events_suppressor_sg_id"></a> [lambda\_securityhub\_events\_suppressor\_sg\_id](#output\_lambda\_securityhub\_events\_suppressor\_sg\_id) | This will output the security group id attached to the securityhub\_events\_suppressor Lambda. This can be used to tune ingress and egress rules. |
+| <a name="output_lambda_securityhub_streams_suppressor_sg_id"></a> [lambda\_securityhub\_streams\_suppressor\_sg\_id](#output\_lambda\_securityhub\_streams\_suppressor\_sg\_id) | This will output the security group id attached to the securityhub\_streams\_suppressor Lambda. This can be used to tune ingress and egress rules. |
 <!-- END_TF_DOCS -->