feat: Terraform Foundation - AWS Landing Zone

Enterprise-grade multi-tenant AWS cloud foundation. Modules: - GitHub OIDC for keyless CI/CD authentication - IAM account settings and security baseline - AWS Config Rules for compliance - ABAC (Attribute-Based Access Control) - SCPs (Service Control Policies) Features: - Multi-account architecture - Cost optimization patterns - Security best practices - Comprehensive documentation Tech: Terraform, AWS Organizations, IAM Identity Center
2026-02-10 06:45:06 +00:00 · 2026-02-01 20:06:28 +00:00
commit 6136cde9bb
145 changed files with 30832 additions and 0 deletions
--- a/.checkov.yml
+++ b/.checkov.yml
@@ -0,0 +1,36 @@
+# Checkov Configuration
+# Security and compliance scanning for Terraform
+# https://www.checkov.io/
+
+# Framework to scan
+framework:
+  - terraform
+
+# Directories to scan
+directory:
+  - terraform/modules
+  - live
+
+# Skip specific checks with justification
+skip-check:
+  # These are intentionally broad for template/example modules
+  - CKV_AWS_111  # IAM policy allows * in resource - needed for flexible templates
+  - CKV_AWS_355  # IAM policy document allows * - same reason
+  - CKV2_AWS_62  # S3 event notifications - not always needed
+
+# Soft fail for CI (don't block, just warn)
+soft-fail: false
+
+# Output format
+output:
+  - cli
+  - junitxml
+
+# Compact output
+compact: true
+
+# Download external modules
+download-external-modules: false
+
+# Evaluate variables
+evaluate-variables: true