From ae43082818bfdf356785964aec2b19162901d504 Mon Sep 17 00:00:00 2001 From: Umbert Date: Wed, 29 May 2024 09:19:05 +0200 Subject: [PATCH 1/2] Feat: Enable CIS 3.0.0 when cis option is selected --- modules/securityhub-baseline/main.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/securityhub-baseline/main.tf b/modules/securityhub-baseline/main.tf index bb87b7e6..abfcdeba 100644 --- a/modules/securityhub-baseline/main.tf +++ b/modules/securityhub-baseline/main.tf @@ -40,6 +40,14 @@ resource "aws_securityhub_invite_accepter" "invitee" { # Subscribe standards # -------------------------------------------------------------------------------------------------- +resource "aws_securityhub_standards_subscription" "cis" { + count = var.enable_cis_standard ? 1 : 0 + + standards_arn = "arn:aws:securityhub:${data.aws_region.current.name}::standards/cis-aws-foundations-benchmark/v/3.0.0" + + depends_on = [aws_securityhub_account.main] +} + resource "aws_securityhub_standards_subscription" "cis" { count = var.enable_cis_standard ? 1 : 0 From c67471e51d46ee5251533fdca6e98ad67a18608e Mon Sep 17 00:00:00 2001 From: Umbert Pensato Bosch <708948+umbertix@users.noreply.github.com> Date: Mon, 24 Jun 2024 15:35:51 +0200 Subject: [PATCH 2/2] fix: The resource name to avoid collision --- modules/securityhub-baseline/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/securityhub-baseline/main.tf b/modules/securityhub-baseline/main.tf index abfcdeba..a58738e0 100644 --- a/modules/securityhub-baseline/main.tf +++ b/modules/securityhub-baseline/main.tf @@ -40,7 +40,7 @@ resource "aws_securityhub_invite_accepter" "invitee" { # Subscribe standards # -------------------------------------------------------------------------------------------------- -resource "aws_securityhub_standards_subscription" "cis" { +resource "aws_securityhub_standards_subscription" "cis3" { count = var.enable_cis_standard ? 1 : 0 standards_arn = "arn:aws:securityhub:${data.aws_region.current.name}::standards/cis-aws-foundations-benchmark/v/3.0.0"