secure-baseline
clouddrove/secure-baseline/aws
Terraform module to create an Secure Basline, inclued module is alarm baseline, config baseline, and clouddtrail baseline.
Terraform AWS Secure Baseline Terraform module to create an Secure Basline, inclued module is alarm baseline, config baseline, and clouddtrail baseline. We eat, drink, sleep and most importantly love DevOps. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems . Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with mini
| Name | Type | Description | Default |
|---|---|---|---|
| guardduty_s3_bucket_name | string | The name of the S3 bucket which will store guardduty files. | |
| require_symbols | bool | Whether to require symbols for user passwords. | true |
| delimiter | string | Delimiter to be used between `organization`, `environment`, `name` and `attribut | "-" |
| EVENT_IGNORE_LIST | string | Event List which event is ignore. | "" |
| cloudtrail_enabled | bool | The boolean flag whether cloudtrail module is enabled or not. No resources are c | true |
| resource_arn | string | The ARN (Amazon Resource Name) of the resource to be protected. | "" |
| enable_pci_dss_standard | bool | Boolean whether PCI DSS standard is enabled. | true |
| attributes | list(any) | Additional attributes (e.g. `1`). | [] |
| s3_bucket_policy_changes | bool | If you want to create alarm when any changes in S3 policy. | true |
| member_list | list(object({ account_id = | The list of member accounts to be added. Each member list need to have values of | [] |
| password_reuse_prevention | number | Number of passwords before allowing reuse. | 24 |
| ipset_iplist | list(any) | IPSet list of trusted IP addresses | [] |
| vpc_changes | bool | If you want to create alarm when any changes in vpc. | true |
| rds_storage_encrypted | bool | Checks whether storage encryption is enabled for your RDS DB instances. | false |
| support_iam_role_policy_name | string | The name of the support role policy. | "IAM-Support-Role" |
| no_mfa_console_signin | bool | If you want to create alarm when MFA not enabled on root user. | true |
| enable_aws_foundational_standard | bool | Boolean whether AWS Foundations standard is enabled. | true |
| schedule_expression | string | AWS Schedule Expression: https://docs.aws.amazon.com/AmazonCloudWatch/latest/eve | "cron(0 14 ? * THU *)" |
| console_signin_failures | bool | If you want to create alarm when any changes in cloudtrail cfg. | true |
| alarm_namespace | string | The namespace in which all alarms are set up. | "CISBenchmark" |
| password_min_length | number | Password minimum length. | 16 |
| … and 10 more inputs | |||
tags — A mapping of tags to assign to the Cloudtrail.cloudtrail_arn — The Amazon Resource Name of the trailAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,