Minor adjustments to GuardDuty for EKS

DrumSlayers · Jul 3, 2023 · d96d693 · d96d693
1 parent ef9b944
commit d96d693
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -101,6 +101,7 @@ module "eks" {
   aws_region_secret_name = var.aws_region_secret_name
   aws_secret_access_key_secret_name = var.aws_secret_access_key_secret_name
   aws_session_token_secret_name = var.aws_session_token_secret_name
+  aws_account_id = var.aws_account_id
 }
 
 module "GuardDuty" {

diff --git a/modules/eks/guardduty.tf b/modules/eks/guardduty.tf
@@ -74,7 +74,7 @@ data "aws_iam_policy_document" "eks_vpc_guardduty" {
       test     = "StringNotEquals"
       variable = "aws:PrincipalAccount"
 
-      values = ["058322885590"]
+      values = [var.aws_account_id]
     }
   }
 }
@@ -92,4 +92,8 @@ resource "aws_eks_addon" "guardduty" {
   tags = {
     "eks_addon" = "guardduty"
   }
+  depends_on = [
+    aws_eks_node_group.eks-cluster,
+    helm_release.cluster_autoscaler
+  ]
 }
diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf
@@ -137,3 +137,7 @@ variable "aws_session_token_secret_name" {
   type        = string
 }
 
+variable "aws_account_id" {
+  description = "AWS account id"
+  type        = string
+}
diff --git a/variables.tf b/variables.tf
@@ -302,3 +302,8 @@ variable "aws_session_token_secret_name" {
   description = "Name of the secret in GitHub for the AWS session token"
   type        = string
 }
+
+variable "aws_account_id" {
+  description = "AWS account id"
+  type        = string
+}