I am trying to create custom security hub insights in AWS, there is a limitation on the number of items that can be passed in so I have split them up into 5 locals.
guardrails = {
guardrail_1 = [
"ACM",
"APIGateway",
"api-gw-endpoint-type-check",
"CloudFront",
"cloudtrail-security-trail-enabled",
"cloudtrail-s3-dataevents-enabled",
"cloudwatch-alarm-action-check",
"cloudwatch-alarm-action-enabled-check",
"cloudwatch-alarm-resource-check",
"cloudwatch-alarm-settings-check",
"cloudwatch-log-group-encrypted",
"DynamoDB.2",
"DynamoDB.3",
"EC2.2",
"EC2.4",
"EC2.6",
"EC2.8",
"EC2.9",
"EC2.16",
"EC2.18"
]
guardrail_2 = [
"EC2.19",
"EC2.21",
"SecurityAmiCompliance",
"ECR.1",
"eks-cluster-oldest-supported-version",
"EKS.2",
"eks-endpoint-no-public-access",
"eks-secrets-encrypted",
"EKSClusterLogging",
"elb-acm-certificate-required",
"elbv2-acm-certificate-required",
"autoscaling-group-elb-healthcheck",
"ELBv2.1",
"ELB.3",
"ELB.4",
"ELB.5",
"ELB.6",
"ELB.8",
"ES",
"ElasticSearchVPCConfigRule"
]
guardrail_3 = [
"GuardDuty.1",
"IAM.4",
"IAM.6",
"Kinesis.1",
"cmk_backing_key_rotation_enabled",
"KMS.3",
"Lambda.1",
"Lambda.2",
"Lambda.5",
"lambda-dlq-check",
"lambda-concurrency-check",
"lambda-function-settings-check",
"lambda-inside-vpc",
"RDS.1",
"RDS.2",
"RDS.3",
"RDS.4",
"RDS.5",
"RDS.6",
"RDS.7"
]
guardrail_4 = [
"RDS.8",
"RDS.9",
"RDS.10",
"RDS.11",
"RDS.12",
"RDS.13",
"RDS.14",
"RDS.15",
"RDS.16",
"RDS.17",
"RDS.18",
"RDS.19",
"RDS.20",
"RDS.21",
"RDS.12",
"Redshift.1",
"Redshift.2",
"S3",
"s3-bucket-policy-not-more-permissive"
]
guardrail_5 = [
"s3-bucket-versioning-enabled",
"s3-default-encryption-kms",
"s3-last-backup-recovery-point-created",
"s3-resources-protected-by-backup-plan",
"s3-bucket-policy-grantee-check",
"SNS.1",
"SQS.1",
"SSM.1",
"WAF.1",
"wafv2-logging-enabled",
"waf-global-rulegroup-not-empty",
"waf-global-rule-not-empty",
"waf-global-webacl-not-empty",
"waf-regional-rulegroup-not empty",
"waf-regional-rule-not-empty",
"waf-regional-webacl-not-empty"
]
}
I am using for_each to loop through and create each insight name using the key from the local and I am trying to pass in the titles using the values but keep getting
Inappropriate value for attribute "value": string required.
This is the resource code
resource "aws_securityhub_insight" "security_guardrails_posture_cmp1" {
for_each = local.guardrails
name = each.key
group_by_attribute = "SeverityLabel"
filters {
dynamic "product_fields" {
for_each = local.insights_account_ids
content {
comparison = "EQUALS"
key = "aws/securityhub/AwsAffectedAccountId"
value = product_fields.value
}
}
workflow_status {
comparison = "EQUALS"
value = "NEW"
}
workflow_status {
comparison = "EQUALS"
value = "NOTIFIED"
}
record_state {
comparison = "EQUALS"
value = "ACTIVE"
}
title {
comparison = "PREFIX"
value = each.value
}
}
}
How do iterate through the map of lists to pass in the strings?