mirror of
https://github.com/ghndrx/terraform-foundation.git
synced 2026-02-10 06:45:06 +00:00
Greg Hendrickson
6136cde9bb
Enterprise-grade multi-tenant AWS cloud foundation. Modules: - GitHub OIDC for keyless CI/CD authentication - IAM account settings and security baseline - AWS Config Rules for compliance - ABAC (Attribute-Based Access Control) - SCPs (Service Control Policies) Features: - Multi-account architecture - Cost optimization patterns - Security best practices - Comprehensive documentation Tech: Terraform, AWS Organizations, IAM Identity Center
55 lines
1.0 KiB
HCL
55 lines
1.0 KiB
HCL
################################################################################
|
|
# GitHub OIDC - Basic Example
|
|
#
|
|
# Single role with branch restriction
|
|
################################################################################
|
|
|
|
terraform {
|
|
required_version = ">= 1.5.0"
|
|
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = ">= 5.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "aws" {
|
|
region = "us-east-1"
|
|
}
|
|
|
|
module "github_oidc" {
|
|
source = "../../"
|
|
|
|
github_org = "example-org"
|
|
name_prefix = "github"
|
|
|
|
roles = {
|
|
deploy = {
|
|
repos = ["my-app"]
|
|
branches = ["main"]
|
|
policy_statements = [
|
|
{
|
|
sid = "S3Access"
|
|
actions = ["s3:GetObject", "s3:PutObject"]
|
|
resources = ["arn:aws:s3:::my-bucket/*"]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
tags = {
|
|
Environment = "production"
|
|
Project = "my-app"
|
|
}
|
|
}
|
|
|
|
output "role_arn" {
|
|
value = module.github_oidc.role_arns["deploy"]
|
|
}
|
|
|
|
output "provider_arn" {
|
|
value = module.github_oidc.provider_arn
|
|
}
|