-
Notifications
You must be signed in to change notification settings - Fork 0
/
macie.tf
48 lines (41 loc) · 1.38 KB
/
macie.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
// Enable AWS Macie Service
resource "aws_macie2_account" "macie" {
finding_publishing_frequency = "FIFTEEN_MINUTES"
status = "ENABLED"
}
// Create Macie Custom Data Identifier
resource "aws_macie2_custom_data_identifier" "macie_custom_data_identifier" {
name = "Gotham Passport"
regex = "[ABCDEF]\\d{7}[A-Z]"
description = "Passport number of Gotham Citizens"
maximum_match_distance = 50
keywords = ["passport"]
ignore_words = ["ignore"]
depends_on = [aws_macie2_account.macie]
}
// Create scheduled Macie Analysis Job
resource "aws_macie2_classification_job" "demo-job" {
job_type = "SCHEDULED"
name = "S3-Demo-Job-${random_id.demo_unique-id.hex}_${local.current_timestamp}"
schedule_frequency {
daily_schedule = true
}
s3_job_definition {
bucket_definitions {
account_id = data.aws_caller_identity.current.account_id
buckets = [aws_s3_bucket.macie_demo-bucket-sensitive.id]
}
}
depends_on = [aws_macie2_account.macie]
tags = {
createdBy = var.owner
createdAt = local.current_date
Project = local.project_name
}
}
// Generate sample findings via CLI command
resource "null_resource" "macie_sample_content" {
provisioner "local-exec" {
command = "aws macie2 create-sample-findings --profile bIT-Playground-PowerUser"
}
}