-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariable.sample.yaml
48 lines (48 loc) · 2.8 KB
/
variable.sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
default:
region: eu-west-3
# Credential profile to use for access to AWS Athena (see README file for required permissions)
profile_athena_access: my-security-account-profile
# Credential profile to use for access to AWS Config advanced query (see README file for required permissions)
profile_config_access: my-security-account-profile
# Credential profile to use for access to AWS Organizations (see README file for required permissions)
profile_org_access: my-security-account-profile
# Optional variable to configure the retrieval of AWS IAM Access Analyzer external access findings.
# If set to 'IAM_ACCESS_ANALYZER', then the external access findings will be retrieved from AWS IAM Access Analyzer.
# If set to 'SECURITY_HUB', then the external access findings will be retrieved from AWS SecurityHub (see README file for more details).
# If not set or with another value, then the external access findings will not be retrieved.
external_access_findings: 'SECURITY_HUB'
# Credential profile to use for access to AWS IAM Access Analyzer findings (cf. README file for required permissions)
profile_iam_access_analyzer: my-security-account-profile
# AWS Config aggregator name
config_aggregator_name: org-config-aggregator
# Athena Workgroup name
athena_workgroup: primary
# Athena database name
athena_database: default
# If, athena_cloudtrail_table_configuration: UNIQUE
# Athena queries will be performed against the table name provided by
# athena_table_name_mgmt_data_event
# If, athena_cloudtrail_table_configuration: SPLIT
# Athena queries will be performed against the tables names provided by
# athena_table_name_mgmt_event for management events
# athena_table_name_data_event for data events
athena_cloudtrail_table_configuration: UNIQUE
athena_table_name_mgmt_data_event: cloudtrail_logs
athena_table_name_mgmt_event:
athena_table_name_data_event:
# partition_date_regex can be equal to
# - a regex following date format and supported by Athena
# - Example: '2023/03/%' for all queries performed in March 2023
# - Not set
# If partition_date_regex is None then partition_date_start and partition_date_end need to be set
partition_date_regex: # Example: 2023/05/%
partition_date_start: 2023/10/20 # Example: 2023/04/20
partition_date_end: 2023/10/30 # Example: 2023/04/30
partition_date_interval: # Example: 1 month, following units are supported: minute|hour|day|month|year
# If use_parameterized_queries is not set or set to true, then parameterized queries are used
use_parameterized_queries: true
cache_referential: true
cache_expire_after_interval: 7 day # Example: 1 month, following units are supported: minute|hour|day|month
list_resource_type_to_cache:
- AWS::Organizations::Account
- AWS::Organizations::Tree