Configures AWS health and account related notifications
Here's what using the module will look like
module "example" {
source = "rhythmictech/rhythmic-account-monitor/aws"
datadog_api_key_secret_arn = ""
}
Rhythmic is an AWS Managed Services Provider. We rely heavily on automation to deliver our services, ingesting configuration, event and state information from AWS via listeners (e.g., EventBridge and SNS), services (e.g., Anomaly Detection), and APIs via custom scripts (e.g., Trusted Advisor).
We open source the vast majority of the resources we use to deliver our managed services because transparency is one of our principles.
Name | Version |
---|---|
terraform | >= 1.5 |
aws | >= 4.62 |
Name | Version |
---|---|
aws | 5.36.0 |
Name | Source | Version |
---|---|---|
tags | rhythmictech/tags/terraform | ~> 1.1.1 |
Name | Type |
---|---|
aws_accessanalyzer_analyzer.analyzer | resource |
aws_accessanalyzer_analyzer.analyzer_unused | resource |
aws_cloudwatch_event_rule.analyzer | resource |
aws_cloudwatch_event_rule.backup | resource |
aws_cloudwatch_event_rule.backup_event | resource |
aws_cloudwatch_event_rule.backup_vaultlock | resource |
aws_cloudwatch_event_rule.glacier_vaultlock | resource |
aws_cloudwatch_event_target.analyzer | resource |
aws_cloudwatch_event_target.backup | resource |
aws_cloudwatch_event_target.backup_event | resource |
aws_cloudwatch_event_target.backup_vaultlock | resource |
aws_cloudwatch_event_target.glacier_vaultlock | resource |
aws_sns_topic.account_alerts | resource |
aws_sns_topic_policy.account_alerts | resource |
aws_sns_topic_subscription.account_alerts | resource |
aws_iam_policy_document.account_alerts | data source |
aws_secretsmanager_secret.datadog_api_key | data source |
aws_secretsmanager_secret_version.datadog_api_key | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
datadog_api_key_secret_arn | ARN of the AWS Secret containing the Datadog API key | string |
n/a | yes |
enable_iam_access_analyzer | A boolean flag to enable/disable IAM Access Analyzer | bool |
false |
no |
iam_analyzer_unused_access_age | The age in days after which IAM access is considered unused. | number |
90 |
no |
tags | User-Defined tags | map(string) |
{} |
no |
No outputs.
This workflow has a few prerequisites which are installed through the ./bin/install-x.sh
scripts and are linked below. The install script will also work on your local machine.
We use tfenv
to manage terraform
versions, so the version is defined in the versions.tf
and tfenv
installs the latest compliant version.
pre-commit
is like a package manager for scripts that integrate with git hooks. We use them to run the rest of the tools before apply.
terraform-docs
creates the beautiful docs (above), tfsec
scans for security no-nos, tflint
scans for best practices.