add unit varibles

anmolnagpal · anmolnagpal · commit 0c4ae2d485da · 2021-08-24T20:37:22.000+05:30
diff --git a/main.tf b/main.tf
@@ -51,6 +51,7 @@ module "alarm" {
   route_table_changes      = var.route_table_changes
   vpc_changes              = var.vpc_changes
   alarm_namespace          = var.alarm_namespace
+  unit                     = var.unit
 
   cloudtrail_log_group_name = module.cloudtrail.log_group_name
   variables = {
diff --git a/modules/alarm/main.tf b/modules/alarm/main.tf
@@ -110,6 +110,7 @@ resource "aws_cloudwatch_metric_alarm" "unauthorized_api_calls" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.unauthorized_api_calls.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity."
@@ -147,6 +148,7 @@ resource "aws_cloudwatch_metric_alarm" "no_mfa_console_signin" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.no_mfa_console_signin.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring for single-factor console logins will increase visibility into accounts that are not protected by MFA."
@@ -184,6 +186,7 @@ resource "aws_cloudwatch_metric_alarm" "root_usage" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.root_usage.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring for root account logins will provide visibility into the use of a fully privileged account and an opportunity to reduce the use of it."
@@ -221,6 +224,7 @@ resource "aws_cloudwatch_metric_alarm" "iam_changes" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.iam_changes.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring changes to IAM policies will help ensure authentication and authorization controls remain intact."
@@ -258,6 +262,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudtrail_cfg_changes" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.cloudtrail_cfg_changes.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring changes to CloudTrail's configuration will help ensure sustained visibility to activities performed in the AWS account."
@@ -296,6 +301,7 @@ resource "aws_cloudwatch_metric_alarm" "console_signin_failures" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.console_signin_failures.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring failed console logins may decrease lead time to detect an attempt to brute force a credential, which may provide an indicator, such as source IP, that can be used in other event correlation."
@@ -333,6 +339,7 @@ resource "aws_cloudwatch_metric_alarm" "disable_or_delete_cmk" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.disable_or_delete_cmk.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring failed console logins may decrease lead time to detect an attempt to brute force a credential, which may provide an indicator, such as source IP, that can be used in other event correlation."
@@ -370,6 +377,7 @@ resource "aws_cloudwatch_metric_alarm" "s3_bucket_policy_changes" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.s3_bucket_policy_changes.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring changes to S3 bucket policies may reduce time to detect and correct permissive policies on sensitive S3 buckets."
@@ -407,6 +415,7 @@ resource "aws_cloudwatch_metric_alarm" "security_group_changes" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.security_group_changes.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring changes to security group will help ensure that resources and services are not unintentionally exposed."
@@ -443,6 +452,7 @@ resource "aws_cloudwatch_metric_alarm" "nacl_changes" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.nacl_changes.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring changes to NACLs will help ensure that AWS resources and services are not unintentionally exposed."
@@ -481,6 +491,7 @@ resource "aws_cloudwatch_metric_alarm" "network_gw_changes" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.network_gw_changes.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring changes to network gateways will help ensure that all ingress/egress traffic traverses the VPC border via a controlled path."
@@ -518,6 +529,7 @@ resource "aws_cloudwatch_metric_alarm" "route_table_changes" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.route_table_changes.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path."
@@ -555,6 +567,7 @@ resource "aws_cloudwatch_metric_alarm" "vpc_changes" {
   metric_name               = join("", aws_cloudwatch_log_metric_filter.vpc_changes.*.id)
   namespace                 = var.alarm_namespace
   period                    = "300"
+  unit                      = var.unit
   statistic                 = "Sum"
   threshold                 = "1"
   alarm_description         = "Monitoring changes to VPC will help ensure that all VPC traffic flows through an expected path."
diff --git a/modules/alarm/variables.tf b/modules/alarm/variables.tf
@@ -19,13 +19,13 @@ variable "environment" {
 }
 
 variable "label_order" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Label order, e.g. `name`,`application`."
 }
 
 variable "attributes" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Additional attributes (e.g. `1`)."
 }
@@ -37,7 +37,7 @@ variable "delimiter" {
 }
 
 variable "tags" {
-  type        = map
+  type        = map(any)
   default     = {}
   description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
 }
@@ -60,6 +60,11 @@ variable "no_mfa_console_signin" {
   description = "If you want to create alarm when MFA not enabled on root user."
 }
 
+variable "unit" {
+  type    = string
+  default = "None"
+}
+
 variable "root_usage" {
   type        = bool
   default     = true
diff --git a/variables.tf b/variables.tf
@@ -19,7 +19,7 @@ variable "environment" {
 }
 
 variable "label_order" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Label order, e.g. `name`,`application`."
 }
@@ -31,7 +31,7 @@ variable "managedby" {
 }
 
 variable "attributes" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Additional attributes (e.g. `1`)."
 }
@@ -49,7 +49,7 @@ variable "cloudtrail_s3_policy" {
 }
 
 variable "tags" {
-  type        = map
+  type        = map(any)
   default     = {}
   description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
 }
@@ -117,6 +117,11 @@ variable "alarm_enabled" {
   default     = true
 }
 
+variable "unit" {
+  type    = string
+  default = "None"
+}
+
 variable "unauthorized_api_calls" {
   type        = bool
   default     = true
@@ -213,13 +218,13 @@ variable "guardduty_s3_bucket_name" {
 }
 
 variable "ipset_iplist" {
-  type        = list
+  type        = list(any)
   description = "IPSet list of trusted IP addresses"
   default     = []
 }
 
 variable "threatintelset_iplist" {
-  type        = list
+  type        = list(any)
   description = "ThreatIntelSet list of known malicious IP addresses"
   default     = []
 }

Original file line number	Diff line number	Diff line change
`@@ -19,13 +19,13 @@ variable "environment" {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`variable "label_order" {`
`22`		`- type = list`
	`22`	`+ type = list(any)`
`23`	`23`	`default = []`
`24`	`24`	description = "Label order, e.g. `name`,`application`."
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`variable "attributes" {`
`28`		`- type = list`
	`28`	`+ type = list(any)`
`29`	`29`	`default = []`
`30`	`30`	description = "Additional attributes (e.g. `1`)."
`31`	`31`	`}`
`@@ -37,7 +37,7 @@ variable "delimiter" {`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`variable "tags" {`
`40`		`- type = map`
	`40`	`+ type = map(any)`
`41`	`41`	`default = {}`
`42`	`42`	description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
`43`	`43`	`}`
`@@ -60,6 +60,11 @@ variable "no_mfa_console_signin" {`
`60`	`60`	`description = "If you want to create alarm when MFA not enabled on root user."`
`61`	`61`	`}`
`62`	`62`
	`63`	`+variable "unit" {`
	`64`	`+ type = string`
	`65`	`+ default = "None"`
	`66`	`+}`
	`67`	`+`
`63`	`68`	`variable "root_usage" {`
`64`	`69`	`type = bool`
`65`	`70`	`default = true`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ variable "environment" {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`variable "label_order" {`
`22`		`- type = list`
	`22`	`+ type = list(any)`
`23`	`23`	`default = []`
`24`	`24`	description = "Label order, e.g. `name`,`application`."
`25`	`25`	`}`
`@@ -31,7 +31,7 @@ variable "managedby" {`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`variable "attributes" {`
`34`		`- type = list`
	`34`	`+ type = list(any)`
`35`	`35`	`default = []`
`36`	`36`	description = "Additional attributes (e.g. `1`)."
`37`	`37`	`}`
`@@ -49,7 +49,7 @@ variable "cloudtrail_s3_policy" {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`variable "tags" {`
`52`		`- type = map`
	`52`	`+ type = map(any)`
`53`	`53`	`default = {}`
`54`	`54`	description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
`55`	`55`	`}`
`@@ -117,6 +117,11 @@ variable "alarm_enabled" {`
`117`	`117`	`default = true`
`118`	`118`	`}`
`119`	`119`
	`120`	`+variable "unit" {`
	`121`	`+ type = string`
	`122`	`+ default = "None"`
	`123`	`+}`
	`124`	`+`
`120`	`125`	`variable "unauthorized_api_calls" {`
`121`	`126`	`type = bool`
`122`	`127`	`default = true`
`@@ -213,13 +218,13 @@ variable "guardduty_s3_bucket_name" {`
`213`	`218`	`}`
`214`	`219`
`215`	`220`	`variable "ipset_iplist" {`
`216`		`- type = list`
	`221`	`+ type = list(any)`
`217`	`222`	`description = "IPSet list of trusted IP addresses"`
`218`	`223`	`default = []`
`219`	`224`	`}`
`220`	`225`
`221`	`226`	`variable "threatintelset_iplist" {`
`222`		`- type = list`
	`227`	`+ type = list(any)`
`223`	`228`	`description = "ThreatIntelSet list of known malicious IP addresses"`
`224`	`229`	`default = []`
`225`	`230`	`}`