Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enhancement: Enable AWS Audit Manager #197

Merged
merged 4 commits into from
Jan 5, 2024
Merged

enhancement: Enable AWS Audit Manager #197

merged 4 commits into from
Jan 5, 2024

Conversation

stefanwb
Copy link
Contributor

@stefanwb stefanwb commented Dec 14, 2023
edited
Loading

This PR

  • Bumps MCAF KMS module to v0.3.0
  • Enabled AWS Audit Manager
  • Fixes a minor bug

This PR enables AWS Audit Manager on the management account with delegated admin to audit account and also uses the audit account's KMS key.

Recommendations
Following AWS' recommendations the service should be enabled in the Organizations management account with delegated administrator to another account, according to best practice should be used to create assessments.

To allow the management account to configure this key an update to the KMS key policy for the audit account has been added.

Integrations
AWS Config is turned on by enabling AWS Config rules or deploying a conformance pack.
Security Hub is enabled by enabling security standards and the setting: Consolidated control findings: On

Source: https://docs.aws.amazon.com/audit-manager/latest/userguide/setup-recommendations.html

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 14, 2023
edited
Loading

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Lint 📖success

Terraform Validation 🤖success

Validation Output 

Success! The configuration is valid.

@stefanwb stefanwb changed the title Enable AWS Audit Manager enhancement: Enable AWS Audit Manager Dec 14, 2023
@github-actions github-actions bot added the feature New feature or request label Dec 14, 2023
@stefanwb stefanwb force-pushed the audit-manager branch 2 times, most recently from e5f68c9 to 75052e8 Compare December 15, 2023 14:29
@stefanwb stefanwb marked this pull request as ready for review December 15, 2023 14:32
@stefanwb
Bumps MCAF KMS module to v0.3.0
d9d6b66 
Signed-off-by: Stefan Wessels Beljaars <[email protected]>
@stefanwb
Removes duplicate condition on check for 'null' value in 'policy = va…
6f37e70 
…r.aws_service_control_policies.allowed_regions'

Signed-off-by: Stefan Wessels Beljaars <[email protected]>
@stefanwb stefanwb force-pushed the audit-manager branch 2 times, most recently from 65d2dde to 1b42e9f Compare January 4, 2024 10:14
marwinbaumannsbp
marwinbaumannsbp reviewed Jan 4, 2024
View reviewed changes
variables.tf Outdated Show resolved Hide resolved
audit_manager.tf Outdated Show resolved Hide resolved
variables.tf Outdated Show resolved Hide resolved
audit_manager.tf Show resolved Hide resolved
@github-actions github-actions bot added the bug Something isn't working label Jan 4, 2024
marwinbaumannsbp
marwinbaumannsbp reviewed Jan 5, 2024
View reviewed changes
variables.tf Outdated Show resolved Hide resolved
@stefanwb stefanwb force-pushed the audit-manager branch 2 times, most recently from 9f8e373 to 35c6102 Compare January 5, 2024 09:59
@stefanwb
Enabled AWS Audit Manager
8c29d65 
* Adds KMS policy to Audit KMS key that allows setting the key via management account
* Adds S3 bucket for Audit Manager assessment report

Signed-off-by: Stefan Wessels Beljaars <[email protected]>
@marwinbaumannsbp marwinbaumannsbp removed the bug Something isn't working label Jan 5, 2024
@stefanwb stefanwb merged commit 8860aaf into master Jan 5, 2024
@stefanwb stefanwb deleted the audit-manager branch January 5, 2024 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marwinbaumannsbp marwinbaumannsbp marwinbaumannsbp approved these changes

Assignees
No one assigned
Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stefanwb @marwinbaumannsbp