cool-sharedservices-nessus

This is Terraform for creating a Nessus instance in the COOL Shared Services account. This deployment should be laid down on top of cisagov/cool-sharedservices-networking, after cisagov/cool-sharedservices-freeipa and cisagov/cool-sharedservices-openvpn have been applied.

Requirements

Name	Version
terraform	~> 1.1
aws	~> 4.9
cloudinit	~> 2.0

Providers

Name	Version
aws	~> 4.9
aws.organizationsreadonly	~> 4.9
aws.provisionparameterstorereadrole	~> 4.9
cloudinit	~> 2.0
terraform	n/a

Modules

No modules.

Resources

Name	Type
aws_iam_instance_profile.nessus	resource
aws_iam_policy.nessus_parameterstorereadonly_policy	resource
aws_iam_role.nessus_instance_role	resource
aws_iam_role.nessus_parameterstorereadonly_role	resource
aws_iam_role_policy.nessus_assume_delegated_role_policy	resource
aws_iam_role_policy_attachment.cloudwatch_agent_policy_attachment_nessus	resource
aws_iam_role_policy_attachment.nessus_parameterstorereadonly_policy_attachment	resource
aws_iam_role_policy_attachment.ssm_agent_policy_attachment_nessus	resource
aws_instance.nessus	resource
aws_route53_record.nessus_A	resource
aws_security_group.nessus	resource
aws_security_group_rule.freeipa_server_ingress_from_nessus_via_any_port	resource
aws_security_group_rule.nessus_egress_to_anywhere_via_https	resource
aws_security_group_rule.nessus_egress_to_freeipa_server_sg_via_any_port	resource
aws_security_group_rule.nessus_egress_to_openvpn_sg_via_any_port	resource
aws_security_group_rule.nessus_ingress_from_vpn_users	resource
aws_security_group_rule.openvpn_egress_to_nessus_via_port_8834	resource
aws_security_group_rule.openvpn_ingress_from_nessus_via_any_port	resource
aws_ami.nessus	data source
aws_caller_identity.sharedservices	data source
aws_default_tags.default	data source
aws_iam_policy_document.nessus_assume_delegated_role_policy_doc	data source
aws_iam_policy_document.nessus_assume_role_doc	data source
aws_iam_policy_document.nessus_assume_role_policy_doc	data source
aws_iam_policy_document.nessus_parameterstorereadonly_doc	data source
aws_organizations_organization.cool	data source
aws_subnet.the_subnet	data source
aws_vpc.the_vpc	data source
cloudinit_config.nessus_cloud_init_tasks	data source
terraform_remote_state.freeipa	data source
terraform_remote_state.images_parameterstore	data source
terraform_remote_state.master	data source
terraform_remote_state.networking	data source
terraform_remote_state.openvpn	data source

Inputs

Name	Description	Type	Default	Required
aws_region	The AWS region to deploy into (e.g. us-east-1).	string	"us-east-1"	no
create_nessus_instance	A boolean that determines whether or not to create the Nessus instance.	bool	false	no
nessus_activation_code	The Nessus activation code (e.g. "AAAA-BBBB-CCCC-DDDD").	string	""	no
ssm_key_nessus_admin_password	The AWS SSM Parameter Store parameter that contains the password of the Nessus admin user (e.g. "/nessus/sharedservices/admin_password").	string	"/nessus/sharedservices/admin_password"	no
ssm_key_nessus_admin_username	The AWS SSM Parameter Store parameter that contains the username of the Nessus admin user (e.g. "/nessus/sharedservices/admin_username").	string	"/nessus/sharedservices/admin_username"	no
tags	Tags to apply to all AWS resources created.	map(string)	{}	no

Outputs

Name	Description
instance_id	The Nessus EC2 instance ID.
security_group_id	The ID corresponding to the Nessus security group.

Notes

Running pre-commit requires running terraform init in every directory that contains Terraform code. In this repository, this is only the main directory.

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.