README.md

AWS SRA Macie Solution with Terraform

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: CC-BY-SA-4.0

---

⚠️Influence the future of the AWS Security Reference Architecture (AWS SRA) code library by taking a short survey.

Table of Contents

• Introduction
• Deployed Resource Details
• Implementation Instructions
• Requirements
• Providers
• Modules
• Resources
• Inputs
• Outputs

---

Introduction

This Terraform module deploys the Inspector AWS SRA solution.

The common pre-requisite solution must be installed, in the management account, prior to installing this solution.

Information on the resources deployed as well as terraform requirements, providers, modules, resources, and inputs of this module are documented below.

Please navigate to the installing the AWS SRA Solutions section of the documentation for more information and installation instructions.

For the CloudFormation version of this AWS SRA solution as well as more information please navigate to the AWS SRA Macie solution documentation page.

---

Deployed Resource Details

1.0 Organization Management Account

1.1 AWS Lambda Function

• See 1.2 AWS Lambda Function

1.2 Lambda IAM Role

• See 1.3 Lambda IAM Role

1.3 Lambda CloudWatch Log Group

• See 1.4 Lambda CloudWatch Log Group

1.4 Configuration SNS Topic

• See 1.5 Configuration SNS Topic

1.5 Dead Letter Queue (DLQ)

• See 1.6 Dead Letter Queue (DLQ)

1.6 Alarm SNS Topic

• See 1.7 Alarm SNS Topic

1.7 Macie

• See 1.8 Macie

---

2.0 Log Archive Account

2.1 Macie Delivery S3 Bucket

• See 2.2 Macie Delivery S3 Bucket

2.2 Macie

• See 2.3 Macie

---

3.0 Audit Account (Security Tooling)

3.1 Macie Delivery KMS Key

• See 3.2 Macie Delivery KMS Key

3.2 Configuration IAM Role

• See 3.3 Configuration IAM Role

3.3 Macie

• See 3.4 Macie

---

4.0 All Existing and Future Organization Member Accounts

4.1 Macie

• See 4.1 Macie

4.2 Disable Macie Role

• See 4.2 Disable Macie Role

---

Implementation Instructions

Please navigate to the installing the AWS SRA Solutions section of the documentation for installation instructions.

---

Requirements

Name	Version
aws	>= 5.1.0

Providers

Name	Version
aws.main	>= 5.1.0

Modules

Name	Source	Version
configuration_role	./configuration_role	n/a
delivery_kms_key	./delivery_kms_key	n/a
delivery_s3_bucket	./delivery_s3_bucket	n/a
disable_role	./disable_role	n/a
macie_configuration	./configuration	n/a

Resources

Name	Type
aws_caller_identity.current	data source
aws_partition.current	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
audit_account_id	AWS Account ID of the Control Tower Audit account.	string	n/a	yes
disable_macie	Disabled Macie SRA solution	string	n/a	yes
home_region	Name of the Control Tower home region	string	n/a	yes
log_archive_account_id	AWS Account ID of the Control Tower Log Archive account.	string	n/a	yes
macie_finding_publishing_frequency	Macie finding publishing frequency	string	n/a	yes
macie_org_configuration_role_name	Configuration IAM Role Name	string	"sra-macie-org-configuration"	no
macie_org_lambda_role_name	Lambda Role Name	string	"sra-macie-org-lambda"	no
management_account_id	Organization Management Account ID	string	n/a	yes
organization_id	AWS Organization ID	string	n/a	yes
secrets_key_alias_arn	(Optional) SRA Secrets Manager KMS Key Alias ARN	string	""	no

Outputs

No outputs.