hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.76k stars 9.12k forks source link

[Enhancement]: GuardDuty Organization Configuration support for RDS_LOGIN_EVENTS #37809

Open catlike opened 4 months ago

catlike commented 4 months ago

Description

The aws_guardduty_organization_configuration resource should support RDS_LOGIN_EVENTS as a datasource

Affected Resource(s) and/or Data Source(s)

aws_guardduty_organization_configuration

Potential Terraform Configuration

resource "aws_guardduty_detector" "example" {
  enable = true
}

resource "aws_guardduty_organization_configuration" "example" {
  auto_enable_organization_members = "ALL"

  detector_id = aws_guardduty_detector.example.id

  datasources {
    rds_login_events {
      enable = true
    }
  }
}

References

https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DetectorFeatureConfiguration.html https://docs.aws.amazon.com/guardduty/latest/ug/rds-protection.html https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_organization_configuration

Would you like to implement a fix?

Yes

github-actions[bot] commented 4 months ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

acwwat commented 2 months ago

@catlike According to UpdateOrganizationConfiguration, dataSources is deprecated in favor of features, which already supports RDS_LOGIN_EVENTS. The aws_guardduty_detector_feature resource and the aws_guardduty_organization_configuration_feature resource should help you achieve what you need depending on whether you are working with standalone or organization configuration.

rymancl commented 3 weeks ago

The aws_guardduty_organization_configuration documentation needs to be updated to indicate that datasources is deprecated, in a similar manner to what was done for aws_guardduty_detector.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector#datasources

(I came across this issue and wasn't aware aws_guardduty_organization_configuration_feature existed).