Closed nb1016 closed 1 year ago
Voting for Prioritization
Volunteering to Work on This Issue
Hey @nb1016 👋 Thank you for taking the time to raise this! I took a look at the input objects for each of these in the AWS Go SDK (guardduty
and securityhub
respectively), and it looks like neither of them currently support filtering in the way that you've described. In order for us to support this, it will first need to be implemented on the AWS side and introduced to the AWS Go SDK. With that in mind, we'll close this issue for now, but if the necessary changes are made on the AWS side, we'd be happy to take another look at this!
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
Both of these resources provide a way to enable the security tooling across the board.:
In our current use case we want to be able to disable the tooling in a certain subset of accounts while still assuming that all accounts will have the tooling enabled as a default.
An exclusions list which allows us to input account IDs would provide the functionality we need.
Affected Resource(s) and/or Data Source(s)
aws_securityhub_organization_configuration
aws_guardduty_organization_configuration
Potential Terraform Configuration
References
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_organization_configuration https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_organization_configuration
Would you like to implement a fix?
No