feat: AWS event triggering module (#62)

* feat: aws event triggering module

* chore: add module to main README

* fix: remove unused parameter

* fix: pre-commit

Author: hayk99

README.md

@@ -116,7 +116,9 @@ Notice that:
 
 **Threat Detection**
 
-Choose one of the rules contained in the `AWS Best Practices` policy and execute it in your AWS account.
+Terraform example module to trigger **Create IAM Policy that Allows All** event can be found on [examples/trigger-events](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/examples/trigger-events).
+
+In another case, you can do it manually. Choose one of the rules contained in the `AWS Best Practices` policy and execute it in your AWS account.
 
 ex.: 'Delete Bucket Public Access Block' can be easily tested going to an
 `S3 bucket > Permissions > Block public access (bucket settings) > edit >

examples/trigger-events/README.md

@@ -0,0 +1,79 @@
+# Sysdig Secure for Cloud in AWS<br/> [ Example :: Trigger-Events]
+
+This example helps to trigger AWS Events. Cloud Connector stack is required to be able to generate events.
+After applying this module, a new AWS IAM Policy will be created. **Create IAM Policy that Allows All** event will prompt once the module is applied.
+
+## Prerequisites
+
+Minimum requirements:
+
+1. Deploy Cloud Connector Stack on AWS.
+2. Configure [Terraform **AWS** Provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)
+
+## Usage
+
+For quick testing, use this snippet on your terraform files
+
+```terraform
+provider "aws" {
+   region = "<AWS-REGION>; ex. us-east-1"
+}
+
+module "secure_for_cloud_aws_trigger-events"{
+   source = "sysdiglabs/secure-for-cloud/aws//examples/trigger-events"
+}
+```
+
+To run this example you need have your [aws account profile configured in CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) and to execute:
+```terraform
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Notice that:
+* This example will create resources that cost money.<br/>Run `terraform destroy` when you don't need them anymore
+* All created resources will be created within the tags `product:sysdig-secure-for-cloud`, within the resource-group `sysdig-secure-for-cloud`
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.74.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy_document.flow_log_cloudwatch_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+
+## Authors
+
+Module is maintained and supported by [Sysdig](https://sysdig.com).
+
+## License
+
+Apache 2 Licensed. See LICENSE for full details.

examples/trigger-events/main.tf

@@ -0,0 +1,16 @@
+data "aws_iam_policy_document" "flow_log_cloudwatch_assume_role" {
+  statement {
+    effect    = "Allow"
+    actions   = ["cloudformation:*"]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_policy" "policy" {
+  name        = "test_policy"
+  description = "Trigger event policy"
+
+  # Terraform's "jsonencode" function converts a
+  # Terraform expression result to valid JSON syntax.
+  policy = data.aws_iam_policy_document.flow_log_cloudwatch_assume_role.json
+}

examples/trigger-events/outputs.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_version = ">= 0.15.0"
+  required_providers {
+    aws = {
+      version = ">= 3.50.0"
+    }
+  }
+}