fix: resolved the macie configuration

gambol99 · gambol99 · commit 295ef2c2ef8c · 2026-02-19T09:50:09.000Z
diff --git a/README.md b/README.md
@@ -698,7 +698,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0.0 |
 
 ## Inputs
 
diff --git a/examples/basic/README.md b/examples/basic/README.md
@@ -1,32 +1,9 @@
 <!-- BEGIN_TF_DOCS -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
-
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws.audit_eu_west_2"></a> [aws.audit\_eu\_west\_2](#provider\_aws.audit\_eu\_west\_2) | >= 5.0.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_compliance"></a> [compliance](#module\_compliance) | ../.. | n/a |
-| <a name="module_config_home"></a> [config\_home](#module\_config\_home) | ../../modules/config | n/a |
-| <a name="module_config_us_east_1"></a> [config\_us\_east\_1](#module\_config\_us\_east\_1) | ../../modules/config | n/a |
-| <a name="module_guardduty_home"></a> [guardduty\_home](#module\_guardduty\_home) | ../../modules/guardduty | n/a |
-| <a name="module_guardduty_us_east_1"></a> [guardduty\_us\_east\_1](#module\_guardduty\_us\_east\_1) | ../../modules/guardduty | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_guardduty_detector.guardduty](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/guardduty_detector) | data source |
+| <a name="provider_aws.audit_eu_west_2"></a> [aws.audit\_eu\_west\_2](#provider\_aws.audit\_eu\_west\_2) | >= 6.0.0 |
 
 ## Inputs
 
diff --git a/examples/basic/terraform.tf b/examples/basic/terraform.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0.0"
+      version = ">= 6.0.0"
     }
   }
 }
diff --git a/macie.tf b/macie.tf
@@ -1,7 +1,7 @@
 
 locals {
   ## Determine if the macie service is managed by the landing zone
-  macie_enabled = var.macie != null
+  macie_enabled = try(var.macie.enable, false)
 }
 
 ## Provision the stackset to enable the macie service across all the accounts
@@ -10,9 +10,11 @@ module "macie" {
   source  = "appvia/stackset/aws"
   version = "0.2.6"
 
-  name             = try(var.macie.stackset_name, null)
+  name             = try(var.macie.stackset_name, "lz-macie-configuration")
   description      = "Configuration for the AWS macie service, configured by the landing zone"
+  call_as          = "DELEGATED_ADMIN"
   exclude_accounts = try(var.macie.exclude_accounts, null)
+  permission_model = "SERVICE_MANAGED"
   region           = var.region
   tags             = local.tags
 
diff --git a/modules/config/README.md b/modules/config/README.md
@@ -1,44 +1,19 @@
 <!-- BEGIN_TF_DOCS -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
-
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_cloudformation_stack.mgmt_config_rules_cloudformation_stack](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack) | resource |
-| [aws_config_configuration_recorder.mgmt_config_recorder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder) | resource |
-| [aws_config_configuration_recorder_status.mgmt_config_recorder_status](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder_status) | resource |
-| [aws_config_delivery_channel.mgmt_config_delivery_channel](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_delivery_channel) | resource |
-| [aws_config_retention_configuration.mgmt_config_retention](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_retention_configuration) | resource |
-| [aws_iam_role.mgmt_config_recorder_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_policy_document.mgmt_config_recorder_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0.0 |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_config"></a> [config](#input\_config) | Configuration for the securityhub organization managed rules | <pre>object({<br/>    stackset_name_prefix = optional(string, "lza-config-")<br/><br/>    # The prefix added to the stacksets<br/>    rule_groups = optional(map(object({<br/>      associations = list(string)<br/>      # List of organizational units to deploy the managed rules<br/>      description = string<br/>      # Description for the rule group<br/>      enabled_regions = optional(list(string), null)<br/>      # List of regions to enable these rules<br/>      exclude_accounts = optional(list(string), null)<br/>      # The list of accounts to exclude from the organization managed rule<br/>      rules = map(object({<br/>        description = string<br/>        # The description of the organization managed rules<br/>        identifier = string<br/>        # The identifier of the organization managed rule<br/>        inputs = optional(map(string), {})<br/>        # The identifier of the organization managed rule scope<br/>        resource_types = list(string)<br/>        # The list of resource types to scope the organization managed rule<br/>        max_execution_frequency = optional(string, null)<br/>        # The max_execution_frequency of the rule<br/>      }))<br/>    })), {})<br/>    # The configuration for the securityhub organization managed rules<br/>  })</pre> | n/a | yes |
-| <a name="input_config_retention_in_days"></a> [config\_retention\_in\_days](#input\_config\_retention\_in\_days) | The number of days to store config historical data (defaults to one year) | `number` | `366` | no |
 | <a name="input_control_tower_sns_topic_arn"></a> [control\_tower\_sns\_topic\_arn](#input\_control\_tower\_sns\_topic\_arn) | The ARN of the SNS topic created by Control Tower for AWS notifications | `string` | n/a | yes |
 | <a name="input_home_region"></a> [home\_region](#input\_home\_region) | The home Region in which Control Tower created the Config S3 buckiet (namely, in logarchive account | `string` | n/a | yes |
 | <a name="input_logarchive_account_id"></a> [logarchive\_account\_id](#input\_logarchive\_account\_id) | The AWS account id for the logarchive account created by Control Tower | `string` | n/a | yes |
+| <a name="input_config_retention_in_days"></a> [config\_retention\_in\_days](#input\_config\_retention\_in\_days) | The number of days to store config historical data (defaults to one year) | `number` | `366` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to the resources | `map(string)` | `{}` | no |
 
 ## Outputs
diff --git a/modules/config/terraform.tf b/modules/config/terraform.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0.0"
+      version = ">= 6.0.0"
     }
   }
 }
diff --git a/modules/guardduty/README.md b/modules/guardduty/README.md
@@ -3,7 +3,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0.0 |
 
 ## Inputs
 
diff --git a/modules/guardduty/terraform.tf b/modules/guardduty/terraform.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0.0"
+      version = ">= 6.0.0"
     }
   }
 }
diff --git a/terraform.tf b/terraform.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0.0"
+      version = ">= 6.0.0"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ terraform {`
`5`	`5`	`required_providers {`
`6`	`6`	`aws = {`
`7`	`7`	`source = "hashicorp/aws"`
`8`		`- version = ">= 5.0.0"`
	`8`	`+ version = ">= 6.0.0"`
`9`	`9`	`}`
`10`	`10`	`}`
`11`	`11`	`}`