security-baseline
DNXLabs/security-baseline/aws
Terraform module to set up AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations.
terraform-aws-security-baseline   This terraform module sets up AWS account with the secure baseline configuration based on Center for Internet Security (CIS) Amazon Web Services Foundations. Submodules: - alarm-baseline - This modules set up CloudWatch alarms to notify when critical changes happen in AWS account. Those CloudWatch metrics and alarms are defined in the CIS benchmark. - Unauthorised api call - No Multi-factor authentication (MFA) console signin - Root Usage - Identity and Access Management (IAM) changes - Cloudtrail configuration changes - Console signin failures - Disable or Delete Customer Master Keys (C
| Name | Type | Description | Default |
|---|---|---|---|
| org_name | string | Name for this organization | |
| account_email | string | AWS Account email to be used with Guardduty | |
| master_account_id | string | Master account ID | |
| config_s3_bucket_name | string | The name of the S3 bucket which will store configuration snapshots. | "" |
| guardduty_detector_id | string | GuardDuty detector ID in the master account | "" |
| guardduty | bool | Enable/Disables guardduty | true |
| tags | map | Specifies object tags key and value. This applies to all resources created by th | {
"Terraform": true
} |
| enable_config_baseline | bool | If true, will create aws config | true |
| config_delivery_frequency | string | The frequency which AWS Config sends a snapshot into the S3 bucket. | "One_Hour" |
| config_include_global_resource_types | bool | Specifies whether AWS Config includes all supported types of global resources wi | true |
Azure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,