AWS Step Functions Terraform module
Upstream version 5.1.0
3 controls from PCI DSS v4.0 requirements
Terraform Module Source
pcidssv40.compliance.tf/terraform-aws-modules/step-functions/awsBehavioral Summary
This module modifies 2 variable defaults and makes 0 resource changes from the upstream module. All changes are driven by compliance controls and can be reviewed in detail below.
Your Code Impact
If you are migrating from the upstream module, the enforced default changes mean your existing configurations will automatically gain compliance controls. Variables you have explicitly set will continue to use your values. Review the diff below to understand exactly what changes.
Compared to
terraform-aws-modules/step-functions/aws@5.1.02 changesVariables Changed
2| Variable | Upstream | CTF | Reason | Control |
|---|---|---|---|---|
| cloudwatch_log_group_retention_in_days | - | 365 | Ensure a minimum duration of event log data is retained for your log groups to help with troubleshooting and forensics investigations. | cloudwatch_log_group_retention_period_365 |
| logging_configuration | {} | { "level": "ALL" } | This controls checks whether an AWS Step Functions state machine has logging turned on. The control fails if a state machine doesn't have logging turned on. If you provide a custom value for the logLevel parameter, the control passes only if the state machine has the specified logging level turned on. | sfn_state_machine_logging_enabled |