nozaq · umbertix · May 30, 2024 · May 30, 2024 · May 30, 2024 · Jun 24, 2024
diff --git a/.chglog/config.yml b/.chglog/config.yml
@@ -2,7 +2,7 @@ style: github
 template: CHANGELOG.tpl.md
 info:
   title: CHANGELOG
-  repository_url: https://github.com/nozaq/terraform-aws-secure-baseline
+  repository_url: https://github.com/Unumed/terraform-aws-secure-baseline
 options:
   commits:
     filters:

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -13,9 +13,9 @@ jobs:
         uses: actions/checkout@v2
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/terraform-min-max@v1.0.4
+        uses: clowdhaus/terraform-min-max@v1.3.1
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.4.1
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}
           terraform-docs-version: v0.16.0

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -2,11 +2,18 @@ on:
   push:
     branches:
       - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
 name: release-please
+
 jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
-      - uses: google-github-actions/release-please-action@v3
+      - uses: googleapis/release-please-action@v4
         with:
           release-type: terraform-module
+          token: ${{ secrets.MY_RELEASE_PLEASE_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.2.1](https://github.com/Unumed/terraform-aws-secure-baseline/compare/v2.2.0...v2.2.1) (2024-06-24)
+
+
+### Bug Fixes
+
+* Readme autogenerated file ([df29386](https://github.com/Unumed/terraform-aws-secure-baseline/commit/df2938681d41049aa004935da2e7b7feaa9e3c53))
+
+## [2.2.0](https://github.com/Unumed/terraform-aws-secure-baseline/compare/v2.1.0...v2.2.0) (2024-06-24)
+
+
+### Features
+
+* Add ap-southeast-3 aws region ([7baa723](https://github.com/Unumed/terraform-aws-secure-baseline/commit/7baa72372c8d384b068017f4ae63b42bfb5cf9c8))
+
 ## [2.1.0](https://github.com/nozaq/terraform-aws-secure-baseline/compare/v2.0.0...v2.1.0) (2022-12-03)
 
 

diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
 # terraform-aws-secure-baseline
 
-[![Github Actions](https://github.com/nozaq/terraform-aws-secure-baseline/actions/workflows/main.yml/badge.svg)](https://github.com/nozaq/terraform-aws-secure-baseline/actions/workflows/main.yml)
-[![Releases](https://img.shields.io/github/v/release/nozaq/terraform-aws-secure-baseline)](https://github.com/nozaq/terraform-aws-secure-baseline/releases/latest)
+[![Github Actions](https://github.com/Unumed/terraform-aws-secure-baseline/actions/workflows/main.yml/badge.svg)](https://github.com/Unumed/terraform-aws-secure-baseline/actions/workflows/main.yml)
+[![Releases](https://img.shields.io/github/v/release/Unumed/terraform-aws-secure-baseline)](https://github.com/Unumed/terraform-aws-secure-baseline/releases/latest)
 
-[Terraform Module Registry](https://registry.terraform.io/modules/nozaq/secure-baseline/aws)
+[Terraform Module Registry](https://registry.terraform.io/modules/Unumed/secure-baseline/aws)
 
 A terraform module to set up your AWS account with the reasonably secure configuration baseline.
 Most configurations are based on [CIS Amazon Web Services Foundations v1.4.0] and [AWS Foundational Security Best Practices v1.0.0].
@@ -48,7 +48,7 @@ data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
 
 module "secure_baseline" {
-  source = "nozaq/secure-baseline/aws"
+  source = "Unumed/secure-baseline/aws"
 
   audit_log_bucket_name           = "YOUR_BUCKET_NAME"
   aws_account_id                  = data.aws_caller_identity.current.account_id
@@ -63,12 +63,14 @@ module "secure_baseline" {
     aws.ap-south-1     = aws.ap-south-1
     aws.ap-southeast-1 = aws.ap-southeast-1
     aws.ap-southeast-2 = aws.ap-southeast-2
+    aws.ap-southeast-3 = aws.ap-southeast-3
     aws.ca-central-1   = aws.ca-central-1
     aws.eu-central-1   = aws.eu-central-1
     aws.eu-north-1     = aws.eu-north-1
     aws.eu-west-1      = aws.eu-west-1
     aws.eu-west-2      = aws.eu-west-2
     aws.eu-west-3      = aws.eu-west-3
+    aws.me-south-1     = aws.me-south-1
     aws.sa-east-1      = aws.sa-east-1
     aws.us-east-1      = aws.us-east-1
     aws.us-east-2      = aws.us-east-2

diff --git a/analyzer_baselines.tf b/analyzer_baselines.tf
@@ -90,6 +90,20 @@ module "analyzer_baseline_ap-southeast-2" {
   tags = var.tags
 }
 
+module "analyzer_baseline_ap-southeast-3" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "ap-southeast-3") ? 1 : 0
+  source = "./modules/analyzer-baseline"
+
+  providers = {
+    aws = aws.ap-southeast-3
+  }
+
+  analyzer_name   = var.analyzer_name
+  is_organization = local.is_master_account
+
+  tags = var.tags
+}
+
 module "analyzer_baseline_ca-central-1" {
   count  = local.is_analyzer_enabled && contains(var.target_regions, "ca-central-1") ? 1 : 0
   source = "./modules/analyzer-baseline"
@@ -174,6 +188,20 @@ module "analyzer_baseline_eu-west-3" {
   tags = var.tags
 }
 
+module "analyzer_baseline_me-south-1" {
+  count  = local.is_analyzer_enabled && contains(var.target_regions, "me-south-1") ? 1 : 0
+  source = "./modules/analyzer-baseline"
+
+  providers = {
+    aws = aws.me-south-1
+  }
+
+  analyzer_name   = var.analyzer_name
+  is_organization = local.is_master_account
+
+  tags = var.tags
+}
+
 module "analyzer_baseline_sa-east-1" {
   count  = local.is_analyzer_enabled && contains(var.target_regions, "sa-east-1") ? 1 : 0
   source = "./modules/analyzer-baseline"

diff --git a/config_baselines.tf b/config_baselines.tf
@@ -6,12 +6,14 @@ locals {
     one(module.config_baseline_ap-south-1[*].config_sns_topic),
     one(module.config_baseline_ap-southeast-1[*].config_sns_topic),
     one(module.config_baseline_ap-southeast-2[*].config_sns_topic),
+    one(module.config_baseline_ap-southeast-3[*].config_sns_topic),
     one(module.config_baseline_ca-central-1[*].config_sns_topic),
     one(module.config_baseline_eu-central-1[*].config_sns_topic),
     one(module.config_baseline_eu-north-1[*].config_sns_topic),
     one(module.config_baseline_eu-west-1[*].config_sns_topic),
     one(module.config_baseline_eu-west-2[*].config_sns_topic),
     one(module.config_baseline_eu-west-3[*].config_sns_topic),
+    one(module.config_baseline_me-south-1[*].config_sns_topic),
     one(module.config_baseline_sa-east-1[*].config_sns_topic),
     one(module.config_baseline_us-east-1[*].config_sns_topic),
     one(module.config_baseline_us-east-2[*].config_sns_topic),
@@ -226,6 +228,27 @@ module "config_baseline_ap-southeast-2" {
   depends_on = [aws_s3_bucket_policy.audit_log]
 }
 
+module "config_baseline_ap-southeast-3" {
+  count  = var.config_baseline_enabled && contains(var.target_regions, "ap-southeast-3") ? 1 : 0
+  source = "./modules/config-baseline"
+
+  providers = {
+    aws = aws.ap-southeast-3
+  }
+
+  iam_role_arn                  = one(aws_iam_role.recorder[*].arn)
+  s3_bucket_name                = local.audit_log_bucket_id
+  s3_key_prefix                 = var.config_s3_bucket_key_prefix
+  delivery_frequency            = var.config_delivery_frequency
+  sns_topic_name                = var.config_sns_topic_name
+  sns_topic_kms_master_key_id   = var.config_sns_topic_kms_master_key_id
+  include_global_resource_types = var.config_global_resources_all_regions ? true : var.region == "ap-southeast-3"
+
+  tags = var.tags
+
+  depends_on = [aws_s3_bucket_policy.audit_log]
+}
+
 module "config_baseline_ca-central-1" {
   count  = var.config_baseline_enabled && contains(var.target_regions, "ca-central-1") ? 1 : 0
   source = "./modules/config-baseline"
@@ -352,6 +375,27 @@ module "config_baseline_eu-west-3" {
   depends_on = [aws_s3_bucket_policy.audit_log]
 }
 
+module "config_baseline_me-south-1" {
+  count  = var.config_baseline_enabled && contains(var.target_regions, "me-south-1") ? 1 : 0
+  source = "./modules/config-baseline"
+
+  providers = {
+    aws = aws.me-south-1
+  }
+
+  iam_role_arn                  = one(aws_iam_role.recorder[*].arn)
+  s3_bucket_name                = local.audit_log_bucket_id
+  s3_key_prefix                 = var.config_s3_bucket_key_prefix
+  delivery_frequency            = var.config_delivery_frequency
+  sns_topic_name                = var.config_sns_topic_name
+  sns_topic_kms_master_key_id   = var.config_sns_topic_kms_master_key_id
+  include_global_resource_types = var.config_global_resources_all_regions ? true : var.region == "me-south-1"
+
+  tags = var.tags
+
+  depends_on = [aws_s3_bucket_policy.audit_log]
+}
+
 module "config_baseline_sa-east-1" {
   count  = var.config_baseline_enabled && contains(var.target_regions, "sa-east-1") ? 1 : 0
   source = "./modules/config-baseline"
@@ -481,12 +525,14 @@ resource "aws_config_config_rule" "iam_mfa" {
     module.config_baseline_ap-south-1,
     module.config_baseline_ap-southeast-1,
     module.config_baseline_ap-southeast-2,
+    module.config_baseline_ap-southeast-3,
     module.config_baseline_ca-central-1,
     module.config_baseline_eu-central-1,
     module.config_baseline_eu-north-1,
     module.config_baseline_eu-west-1,
     module.config_baseline_eu-west-2,
     module.config_baseline_eu-west-3,
+    module.config_baseline_me-south-1,
     module.config_baseline_sa-east-1,
     module.config_baseline_us-east-1,
     module.config_baseline_us-east-2,
@@ -516,12 +562,14 @@ resource "aws_config_config_rule" "unused_credentials" {
     module.config_baseline_ap-south-1,
     module.config_baseline_ap-southeast-1,
     module.config_baseline_ap-southeast-2,
+    module.config_baseline_ap-southeast-3,
     module.config_baseline_ca-central-1,
     module.config_baseline_eu-central-1,
     module.config_baseline_eu-north-1,
     module.config_baseline_eu-west-1,
     module.config_baseline_eu-west-2,
     module.config_baseline_eu-west-3,
+    module.config_baseline_me-south-1,
     module.config_baseline_sa-east-1,
     module.config_baseline_us-east-1,
     module.config_baseline_us-east-2,
@@ -556,12 +604,14 @@ resource "aws_config_config_rule" "user_no_policies" {
     module.config_baseline_ap-south-1,
     module.config_baseline_ap-southeast-1,
     module.config_baseline_ap-southeast-2,
+    module.config_baseline_ap-southeast-3,
     module.config_baseline_ca-central-1,
     module.config_baseline_eu-central-1,
     module.config_baseline_eu-north-1,
     module.config_baseline_eu-west-1,
     module.config_baseline_eu-west-2,
     module.config_baseline_eu-west-3,
+    module.config_baseline_me-south-1,
     module.config_baseline_sa-east-1,
     module.config_baseline_us-east-1,
     module.config_baseline_us-east-2,
@@ -596,12 +646,14 @@ resource "aws_config_config_rule" "no_policies_with_full_admin_access" {
     module.config_baseline_ap-south-1,
     module.config_baseline_ap-southeast-1,
     module.config_baseline_ap-southeast-2,
+    module.config_baseline_ap-southeast-3,
     module.config_baseline_ca-central-1,
     module.config_baseline_eu-central-1,
     module.config_baseline_eu-north-1,
     module.config_baseline_eu-west-1,
     module.config_baseline_eu-west-2,
     module.config_baseline_eu-west-3,
+    module.config_baseline_me-south-1,
     module.config_baseline_sa-east-1,
     module.config_baseline_us-east-1,
     module.config_baseline_us-east-2,

diff --git a/ebs_baselines.tf b/ebs_baselines.tf
@@ -56,6 +56,15 @@ module "ebs_baseline_ap-southeast-2" {
   }
 }
 
+module "ebs_baseline_ap-southeast-3" {
+  count  = contains(var.target_regions, "ap-southeast-3") ? 1 : 0
+  source = "./modules/ebs-baseline"
+
+  providers = {
+    aws = aws.ap-southeast-3
+  }
+}
+
 module "ebs_baseline_ca-central-1" {
   count  = contains(var.target_regions, "ca-central-1") ? 1 : 0
   source = "./modules/ebs-baseline"
@@ -110,6 +119,15 @@ module "ebs_baseline_eu-west-3" {
   }
 }
 
+module "ebs_baseline_me-south-1" {
+  count  = contains(var.target_regions, "me-south-1") ? 1 : 0
+  source = "./modules/ebs-baseline"
+
+  providers = {
+    aws = aws.me-south-1
+  }
+}
+
 module "ebs_baseline_sa-east-1" {
   count  = contains(var.target_regions, "sa-east-1") ? 1 : 0
   source = "./modules/ebs-baseline"

diff --git a/examples/external-bucket/main.tf b/examples/external-bucket/main.tf
@@ -37,12 +37,14 @@ module "secure_baseline" {
     aws.ap-south-1     = aws.ap-south-1
     aws.ap-southeast-1 = aws.ap-southeast-1
     aws.ap-southeast-2 = aws.ap-southeast-2
+    aws.ap-southeast-3 = aws.ap-southeast-3
     aws.ca-central-1   = aws.ca-central-1
     aws.eu-central-1   = aws.eu-central-1
     aws.eu-north-1     = aws.eu-north-1
     aws.eu-west-1      = aws.eu-west-1
     aws.eu-west-2      = aws.eu-west-2
     aws.eu-west-3      = aws.eu-west-3
+    aws.me-south-1     = aws.me-south-1
     aws.sa-east-1      = aws.sa-east-1
     aws.us-east-1      = aws.us-east-1
     aws.us-east-2      = aws.us-east-2

diff --git a/examples/external-bucket/regions.tf b/examples/external-bucket/regions.tf
@@ -33,6 +33,11 @@ provider "aws" {
   alias  = "ap-southeast-2"
 }
 
+provider "aws" {
+  region = "ap-southeast-3"
+  alias  = "ap-southeast-3"
+}
+
 provider "aws" {
   region = "ca-central-1"
   alias  = "ca-central-1"
@@ -63,6 +68,11 @@ provider "aws" {
   alias  = "eu-west-3"
 }
 
+provider "aws" {
+  region = "me-south-1"
+  alias  = "me-south-1"
+}
+
 provider "aws" {
   region = "sa-east-1"
   alias  = "sa-east-1"

diff --git a/examples/organization/master/main.tf b/examples/organization/master/main.tf
@@ -53,12 +53,14 @@ module "secure_baseline" {
     aws.ap-south-1     = aws.ap-south-1
     aws.ap-southeast-1 = aws.ap-southeast-1
     aws.ap-southeast-2 = aws.ap-southeast-2
+    aws.ap-southeast-3 = aws.ap-southeast-3
     aws.ca-central-1   = aws.ca-central-1
     aws.eu-central-1   = aws.eu-central-1
     aws.eu-north-1     = aws.eu-north-1
     aws.eu-west-1      = aws.eu-west-1
     aws.eu-west-2      = aws.eu-west-2
     aws.eu-west-3      = aws.eu-west-3
+    aws.me-south-1     = aws.me-south-1
     aws.sa-east-1      = aws.sa-east-1
     aws.us-east-1      = aws.us-east-1
     aws.us-east-2      = aws.us-east-2

diff --git a/examples/organization/master/regions.tf b/examples/organization/master/regions.tf
@@ -33,6 +33,11 @@ provider "aws" {
   alias  = "ap-southeast-2"
 }
 
+provider "aws" {
+  region = "ap-southeast-3"
+  alias  = "ap-southeast-3"
+}
+
 provider "aws" {
   region = "ca-central-1"
   alias  = "ca-central-1"
@@ -63,6 +68,11 @@ provider "aws" {
   alias  = "eu-west-3"
 }
 
+provider "aws" {
+  region = "me-south-1"
+  alias  = "me-south-1"
+}
+
 provider "aws" {
   region = "sa-east-1"
   alias  = "sa-east-1"

diff --git a/examples/organization/member/main.tf b/examples/organization/member/main.tf
@@ -46,12 +46,14 @@ module "secure_baseline" {
     aws.ap-south-1     = aws.ap-south-1
     aws.ap-southeast-1 = aws.ap-southeast-1
     aws.ap-southeast-2 = aws.ap-southeast-2
+    aws.ap-southeast-3 = aws.ap-southeast-3
     aws.ca-central-1   = aws.ca-central-1
     aws.eu-central-1   = aws.eu-central-1
     aws.eu-north-1     = aws.eu-north-1
     aws.eu-west-1      = aws.eu-west-1
     aws.eu-west-2      = aws.eu-west-2
     aws.eu-west-3      = aws.eu-west-3
+    aws.me-south-1     = aws.me-south-1
     aws.sa-east-1      = aws.sa-east-1
     aws.us-east-1      = aws.us-east-1
     aws.us-east-2      = aws.us-east-2