安全协议>> terraform-aws-ssl-checker>> 返回
项目作者: fivexl

项目描述 :
Simple SSL check and expiring certificates reminder with additional DNS check and host availability check.
高级语言: Python
项目地址: git://github.com/fivexl/terraform-aws-ssl-checker.git
创建时间: 2021-02-10T15:05:52Z
项目社区:https://github.com/fivexl/terraform-aws-ssl-checker
开源协议:GNU Affero General Public License v3.0
下载


FivexL

AWS SSL Checker Terraform module

Simple SSL check and expiring certificates reminder with additional DNS check and host availability check.

  1. module "ssl_checker" {
  2.   source         = "fivexl/ssl-checker/aws"
  3.   version        = "1.0.2"
  4.   hostnames      = ["fivexl.io", "google.com"]
  5.   slack_hook_url = "https://hooks.slack.com/services/XXXXXXX/XXXXXXX/XXXXXXXXXXXX"
  6. }

Requirements

Name Version
terraform >= 0.13
aws >= 3.19.0
python >= 3.8
pip

For Mac OS

Please use build_in_docker = true and build inside docker for avoid nassl problem

Inputs

Name Description Type Default Required
build_in_docker Build in docker for avoid problems with local environment bool false no
certificate_expiration_notice_days Days prior to the notification of the expired certificate. string "7" no
cloudwatch_logs_retention_in_days Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. number 14 no
function_name Lambda function name. string "ssl-checker" no
hostnames The list of DNS names that should be monitored. Path is also supported. e.g.: [\”example.com\”,\”example.com/api\”]. list(string) yes
health_check_matcher The response HTTP codes to use when checking for a healthy responses from a hostnames. e.g.: \”200,201,202-399\”. string "200-399" no
scan_commands List of scan commands types witch will run against hostnames. Any type supported by SSLyze. list(string) ["certificate_info", "robot", "tls_compression", "tls_fallback_scsv", "heartbleed","http_headers", "openssl_ccs_injection", "session_renegotiation", "tls_1_1_cipher_suites","tls_1_2_cipher_suites", "tls_1_3_cipher_suites"] no
schedule_expression The scheduling expression. How often check hostnames. For example, cron(0/5 * * * ? *) or rate(5 minutes). string "cron(0/5 * * * ? *)" no
slack_hook_url Slack incoming webhook URL. string yes
additional_slack_hook_urls Additional Slack incoming webhook URLs. Just in case if you need to send events to multiple channels list(string) [] no
tags Tags to apply on created resources. map(string) {} no

Outputs

Name Description

Function

Configuration

Configuration is done via env variables

  • HOOK_URLS - Comma separated string of Slack web hook URLs where to send events. This is a mandatory parameter.
  • HOSTNAMES - Comma separated string with domain names. This is a mandatory parameter.
  • HEALTH_CHECK_MATCHER - The response HTTP codes to use when checking for a healthy responses from a hostnames. You can specify multiple values (for example, “200,202” for HTTP(s)) or a range of values (for example, “200-299” or “0-99”). Default - '200-399'
  • CERTIFICATE_EXPIRATION_NOTICE_DAYS - How many days before the expiration date of the certificate to send reminders. Default - '7'
  • SCAN_COMMANDS - Comma separated string with scan commands types witch will run against hostnames. Any type supported by SSLyze.

Deployment

Example message

Example