Uses dynamic block for malware protection, to support govcloud

plus3it · Aug 9, 2022 · 2a9c2f5 · 2a9c2f5
1 parent 0508f57
commit 2a9c2f5
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 12 deletions.
diff --git a/main.tf b/main.tf
@@ -18,15 +18,21 @@ resource "aws_guardduty_detector" "this" {
     s3_logs {
       enable = var.enable_s3_protection
     }
+
     kubernetes {
       audit_logs {
         enable = var.enable_kubernetes_protection
       }
     }
-    malware_protection {
-      scan_ec2_instance_with_findings {
-        ebs_volumes {
-          enable = var.enable_malware_protection
+
+    dynamic "malware_protection" {
+      for_each = var.enable_malware_protection != null ? ["one"] : []
+
+      content {
+        scan_ec2_instance_with_findings {
+          ebs_volumes {
+            enable = var.enable_malware_protection
+          }
         }
       }
     }

diff --git a/modules/member/main.tf b/modules/member/main.tf
@@ -13,15 +13,21 @@ resource "aws_guardduty_detector" "this" {
     s3_logs {
       enable = var.enable_s3_protection
     }
+
     kubernetes {
       audit_logs {
         enable = var.enable_kubernetes_protection
       }
     }
-    malware_protection {
-      scan_ec2_instance_with_findings {
-        ebs_volumes {
-          enable = var.enable_malware_protection
+
+    dynamic "malware_protection" {
+      for_each = var.enable_malware_protection != null ? ["one"] : []
+
+      content {
+        scan_ec2_instance_with_findings {
+          ebs_volumes {
+            enable = var.enable_malware_protection
+          }
         }
       }
     }

diff --git a/modules/org-admin-account/main.tf b/modules/org-admin-account/main.tf
@@ -21,15 +21,21 @@ resource "aws_guardduty_organization_configuration" "this" {
     s3_logs {
       auto_enable = var.auto_enable_s3_protection
     }
+
     kubernetes {
       audit_logs {
         enable = var.enable_kubernetes_protection
       }
     }
-    malware_protection {
-      scan_ec2_instance_with_findings {
-        ebs_volumes {
-          auto_enable = var.auto_enable_malware_protection
+
+    dynamic "malware_protection" {
+      for_each = var.auto_enable_malware_protection != null ? ["one"] : []
+
+      content {
+        scan_ec2_instance_with_findings {
+          ebs_volumes {
+            enable = var.auto_enable_malware_protection
+          }
         }
       }
     }