Enable AWS Config in management account #575

martingaleano · 2024-05-25T14:06:32Z

What?

Upgrade AWS Config Module version for all accounts
Enable AWS Config in management account
Remove unsupported attribute (check_instances_in_vpc)
Add policy to DevOps permissionSet to allow the creation of organization-wide config (organizations:ListDelegatedAdministrators)

Why?

We need to monitor the compliance in mgmt account

References

github-actions · 2024-05-25T14:07:34Z

💰 Infracost report

Monthly cost will not change

Changed project	Baseline cost	Usage cost*	Total change	New monthly cost
binbashar/le-tf-infra-aws/apps-...-east-1/security-compliance --	+$0	+$0	+$0	$0
binbashar/le-tf-infra-aws/apps-...-east-1/security-compliance --	+$0	+$0	+$0	$0
binbashar/le-tf-infra-aws/manag.../us-east-1/security-compliance	+$0	+$0	+$0	$0
binbashar/le-tf-infra-aws/netwo...-east-1/security-compliance --	+$0	+$0	+$0	$0
binbashar/le-tf-infra-aws/secur...-east-1/security-compliance --	+$0	+$0	+$0	$0
binbashar/le-tf-infra-aws/share...-east-1/security-compliance --	+$0	+$0	+$0	$0

*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

Cost details (includes details of unsupported resources and skipped projects due to errors)

Key: * usage cost, ~ changed, + added, - removed

──────────────────────────────────
Project: apps-devstg-us-east-1-security-compliance --
Module path: apps-devstg/us-east-1/security-compliance --

+ module.terraform-aws-config.aws_config_config_rule.access_keys_rotated[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloud-trail-cloud-watch-logs-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cmk_backing_key_rotation_enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.dynamodb-table-encryption-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-image-scanning-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-lifecycle-policy-configured[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-awsvpc-networking-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-nonprivileged[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-readonly-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.elb-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-admin-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-full-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

- module.terraform-aws-config.aws_config_config_rule.instances-in-vpc[0]
  Monthly cost depends on usage

    - Rule evaluations (first 100K)
      Monthly cost depends on usage
        -$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.mfa_enabled_for_iam_console_access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.nacl-no-unrestricted-ssh-rdp[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-cluster-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-snapshot-encrypted[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.restricted_ssh[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.s3-bucket-acl-prohibited[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

Monthly cost change for binbashar/le-tf-infra-aws/apps-devstg/us-east-1/security-compliance -- (Module path: apps-devstg/us-east-1/security-compliance --)
Amount:  $0.00 ($0.00 → $0.00)

──────────────────────────────────
Project: apps-prd-us-east-1-security-compliance --
Module path: apps-prd/us-east-1/security-compliance --

+ module.terraform-aws-config.aws_config_config_rule.access_keys_rotated[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloud-trail-cloud-watch-logs-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cmk_backing_key_rotation_enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.dynamodb-table-encryption-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-image-scanning-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-lifecycle-policy-configured[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-awsvpc-networking-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-nonprivileged[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-readonly-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.elb-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-admin-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-full-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

- module.terraform-aws-config.aws_config_config_rule.instances-in-vpc[0]
  Monthly cost depends on usage

    - Rule evaluations (first 100K)
      Monthly cost depends on usage
        -$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.mfa_enabled_for_iam_console_access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.nacl-no-unrestricted-ssh-rdp[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-cluster-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-snapshot-encrypted[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.restricted_ssh[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.s3-bucket-acl-prohibited[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

Monthly cost change for binbashar/le-tf-infra-aws/apps-prd/us-east-1/security-compliance -- (Module path: apps-prd/us-east-1/security-compliance --)
Amount:  $0.00 ($0.00 → $0.00)

──────────────────────────────────
Project: management-us-east-1-security-compliance
Module path: management/us-east-1/security-compliance

+ module.terraform-aws-config.aws_config_config_rule.access_keys_rotated[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.acm-certificate-expiration-check[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.approved-amis-by-tag[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloud-trail-cloud-watch-logs-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloud-trail-encryption-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloud-trail-log-file-validation-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloudtrail-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloudwatch_log_group_encrypted[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cmk_backing_key_rotation_enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.dynamodb-table-encryption-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ebs_snapshot_public_restorable[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ec2-encrypted-volumes[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ec2-volume-inuse-check[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-image-scanning-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-lifecycle-policy-configured[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-awsvpc-networking-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-nonprivileged[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-readonly-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.eip_attached[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.elb-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.guardduty-enabled-centralized[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-group-has-users-check[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-password-policy[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-admin-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-full-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-user-no-policies-check[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam_root_access_key[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.mfa_enabled_for_iam_console_access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.multi-region-cloud-trail-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.nacl-no-unrestricted-ssh-rdp[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-cluster-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-instance-public-access-check[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-snapshot-encrypted[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-snapshots-public-prohibited[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-storage-encrypted[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.required-tags[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.restricted_ssh[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.root-account-mfa-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.s3-bucket-acl-prohibited[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.s3-bucket-public-write-prohibited[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.s3_bucket_ssl_requests_only[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.vpc_default_security_group_closed[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_configuration_recorder.main[0]
  Monthly cost depends on usage

    + Config items
      Monthly cost depends on usage
        +$0.003 per records

    + Custom config items
      Monthly cost depends on usage
        +$0.003 per records

Monthly cost change for binbashar/le-tf-infra-aws/management/us-east-1/security-compliance (Module path: management/us-east-1/security-compliance)
Amount:  $0.00 ($0.00 → $0.00)

──────────────────────────────────
Project: network-us-east-1-security-compliance --
Module path: network/us-east-1/security-compliance --

+ module.terraform-aws-config.aws_config_config_rule.access_keys_rotated[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloud-trail-cloud-watch-logs-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cmk_backing_key_rotation_enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.dynamodb-table-encryption-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-image-scanning-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-lifecycle-policy-configured[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-awsvpc-networking-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-nonprivileged[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-readonly-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.elb-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-admin-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-full-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

- module.terraform-aws-config.aws_config_config_rule.instances-in-vpc[0]
  Monthly cost depends on usage

    - Rule evaluations (first 100K)
      Monthly cost depends on usage
        -$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.mfa_enabled_for_iam_console_access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.nacl-no-unrestricted-ssh-rdp[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-cluster-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-snapshot-encrypted[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.restricted_ssh[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.s3-bucket-acl-prohibited[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

Monthly cost change for binbashar/le-tf-infra-aws/network/us-east-1/security-compliance -- (Module path: network/us-east-1/security-compliance --)
Amount:  $0.00 ($0.00 → $0.00)

──────────────────────────────────
Project: security-us-east-1-security-compliance --
Module path: security/us-east-1/security-compliance --

+ module.config_logs.aws_s3_bucket_lifecycle_configuration.aws_logs
  Monthly cost depends on usage

    + Standard
    
        + Storage
          Monthly cost depends on usage
            +$0.023 per GB
    
        + PUT, COPY, POST, LIST requests
          Monthly cost depends on usage
            +$0.005 per 1k requests
    
        + GET, SELECT, and all other requests
          Monthly cost depends on usage
            +$0.0004 per 1k requests
    
        + Select data scanned
          Monthly cost depends on usage
            +$0.002 per GB
    
        + Select data returned
          Monthly cost depends on usage
            +$0.0007 per GB

+ module.terraform-aws-config.aws_config_config_rule.access_keys_rotated[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloud-trail-cloud-watch-logs-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cmk_backing_key_rotation_enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.dynamodb-table-encryption-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-image-scanning-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-lifecycle-policy-configured[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-awsvpc-networking-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-nonprivileged[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-readonly-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.elb-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-admin-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-full-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

- module.terraform-aws-config.aws_config_config_rule.instances-in-vpc[0]
  Monthly cost depends on usage

    - Rule evaluations (first 100K)
      Monthly cost depends on usage
        -$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.mfa_enabled_for_iam_console_access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.nacl-no-unrestricted-ssh-rdp[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-cluster-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-snapshot-encrypted[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.restricted_ssh[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.s3-bucket-acl-prohibited[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

Monthly cost change for binbashar/le-tf-infra-aws/security/us-east-1/security-compliance -- (Module path: security/us-east-1/security-compliance --)
Amount:  $0.00 ($0.00 → $0.00)

──────────────────────────────────
Project: shared-us-east-1-security-compliance --
Module path: shared/us-east-1/security-compliance --

+ module.terraform-aws-config.aws_config_config_rule.access_keys_rotated[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cloud-trail-cloud-watch-logs-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.cmk_backing_key_rotation_enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.dynamodb-table-encryption-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-image-scanning-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecr-private-lifecycle-policy-configured[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-awsvpc-networking-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-nonprivileged[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.ecs-containers-readonly-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.elb-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-admin-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.iam-policy-no-statements-with-full-access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

- module.terraform-aws-config.aws_config_config_rule.instances-in-vpc[0]
  Monthly cost depends on usage

    - Rule evaluations (first 100K)
      Monthly cost depends on usage
        -$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.mfa_enabled_for_iam_console_access[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.nacl-no-unrestricted-ssh-rdp[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-cluster-deletion-protection-enabled[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.rds-snapshot-encrypted[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.restricted_ssh[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

+ module.terraform-aws-config.aws_config_config_rule.s3-bucket-acl-prohibited[0]
  Monthly cost depends on usage

    + Rule evaluations (first 100K)
      Monthly cost depends on usage
        +$0.001 per evaluations

Monthly cost change for binbashar/le-tf-infra-aws/shared/us-east-1/security-compliance -- (Module path: shared/us-east-1/security-compliance --)
Amount:  $0.00 ($0.00 → $0.00)

──────────────────────────────────
Key: * usage cost, ~ changed, + added, - removed
125 projects have no cost estimate changes.
Run the following command to see their breakdown: infracost breakdown --path=/path/to/code

──────────────────────────────────
*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

2364 cloud resources were detected:
∙ 620 were estimated
∙ 1634 were free
∙ 110 are not supported yet, see https://infracost.io/requested-resources:
  ∙ 42 x aws_identitystore_group_membership
  ∙ 23 x aws_identitystore_user
  ∙ 10 x aws_guardduty_member
  ∙ 8 x aws_ssoadmin_permission_set
  ∙ 7 x aws_identitystore_group
  ∙ 5 x aws_fms_policy
  ∙ 4 x aws_guardduty_detector
  ∙ 2 x aws_guardduty_organization_admin_account
  ∙ 2 x aws_guardduty_organization_configuration
  ∙ 1 x aws_eks_access_entry
  ∙ 1 x aws_fms_admin_account
  ∙ 1 x aws_organizations_delegated_administrator
  ∙ 1 x aws_organizations_organization
  ∙ 1 x aws_route53_resolver_firewall_domain_list
  ∙ 1 x aws_route53_resolver_firewall_rule
  ∙ 1 x aws_route53_resolver_firewall_rule_group

_{This comment will be updated when code changes.}

martingaleano · 2024-05-25T14:09:00Z

@diego-ojeda-binbash Should we include AWS Config in data-science account?

Enable AWS Config in management account

enable AWS Config in management account

fbfe355

martingaleano requested a review from a team as a code owner May 25, 2024 14:06

martingaleano requested a review from a team May 25, 2024 14:06

martingaleano self-assigned this May 25, 2024

exequielrafaela added enhancement New feature or request patch labels May 25, 2024

exequielrafaela approved these changes May 25, 2024

View reviewed changes

martingaleano merged commit de79ba6 into master May 27, 2024
8 checks passed

rodriguez-matias pushed a commit that referenced this pull request May 30, 2024

Enable AWS Config in management account (#575)

fbd5866

Enable AWS Config in management account

exequielrafaela deleted the feature/aws-config-management branch July 2, 2024 16:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable AWS Config in management account #575

Enable AWS Config in management account #575

martingaleano commented May 25, 2024

github-actions bot commented May 25, 2024

martingaleano commented May 25, 2024

Enable AWS Config in management account #575

Enable AWS Config in management account #575

Conversation

martingaleano commented May 25, 2024

What?

Why?

References

github-actions bot commented May 25, 2024

💰 Infracost report

Monthly cost will not change

martingaleano commented May 25, 2024