feat: Terraform Foundation - AWS Landing Zone

Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center

terraform/modules/github-oidc/examples/basic/main.tf

@@ -0,0 +1,54 @@
+################################################################################
+# GitHub OIDC - Basic Example
+#
+# Single role with branch restriction
+################################################################################
+
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+}
+
+module "github_oidc" {
+  source = "../../"
+
+  github_org  = "example-org"
+  name_prefix = "github"
+
+  roles = {
+    deploy = {
+      repos    = ["my-app"]
+      branches = ["main"]
+      policy_statements = [
+        {
+          sid       = "S3Access"
+          actions   = ["s3:GetObject", "s3:PutObject"]
+          resources = ["arn:aws:s3:::my-bucket/*"]
+        }
+      ]
+    }
+  }
+
+  tags = {
+    Environment = "production"
+    Project     = "my-app"
+  }
+}
+
+output "role_arn" {
+  value = module.github_oidc.role_arns["deploy"]
+}
+
+output "provider_arn" {
+  value = module.github_oidc.provider_arn
+}