ghndrx/terraform-foundation
1
0
Fork 0
mirror of https://github.com/ghndrx/terraform-foundation.git synced 2026-02-09 22:35:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
4 Commits 1 Branch 0 Tags
main
Commit Graph

4 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Greg Hendrickson
7e8ef83390 feat(security): add guardduty and security-hub modules 
- guardduty: Full-featured threat detection with SNS alerts, EventBridge,
  S3 export, IPSet/ThreatIntelSet, organization support
- security-hub: Centralized security posture with standards (CIS, PCI, NIST),
  cross-region aggregation, custom actions, built-in insights

Both modules are opt-in via variables with sensible defaults.
 2026-02-06 20:05:03 +00:00
Greg Hendrickson
cae319ee59 feat(finops): add cost-anomaly-detection module 
ML-powered anomaly detection using AWS Cost Explorer:
- Flexible monitoring (service-level, account-level, or Cost Category)
- Dual thresholds (percentage OR absolute impact)
- Service-specific monitors with custom thresholds
- SNS + direct email alerting
- KMS encryption support

Complements budget-alerts by catching spending anomalies
that don't breach budget thresholds but deviate from patterns.
 2026-02-05 18:02:47 +00:00
Greg Hendrickson
a4e07796b8 feat(feature-flags): centralized tenant-wide feature toggles 
Add feature-flags module for organization-wide security controls:
- Environment presets (production/staging/development)
- Security toggles (GuardDuty, Security Hub, Config, CloudTrail)
- Compliance toggles (CIS, PCI, HIPAA, NIST, SOC2)
- IAM toggles (password policy, MFA enforcement)
- Alerting toggles (severity routing, thresholds)
- Cost management toggles (budgets, thresholds)
- Networking toggles (VPC, endpoints, NAT)
- Backup toggles (schedules, retention)

All features are OPT-IN by default. User input overrides presets.
Includes example wiring into security-baseline and alerting modules.
 2026-02-03 20:03:09 +00:00
Greg Hendrickson
6136cde9bb feat: Terraform Foundation - AWS Landing Zone 
Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center
 2026-02-02 02:57:23 +00:00