ghndrx/terraform-foundation
1
0
Fork 0
mirror of https://github.com/ghndrx/terraform-foundation.git synced 2026-02-10 06:45:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6136cde9bbc81aa494013e7bee651dceff16686a
terraform-foundation/terraform/modules/security-baseline/README.md
Greg Hendrickson 6136cde9bb feat: Terraform Foundation - AWS Landing Zone 
Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center
2026-02-02 02:57:23 +00:00

1.3 KiB
Raw Blame History

security-baseline

Security Baseline Module

Usage

module "security_baseline" {
  source = "../modules/security-baseline"
  
  # Required variables
  name = ""
  config_bucket_name = ""

  # Optional: see variables.tf for all options
}

Requirements

Name Version
terraform >= 1.5.0
aws >= 5.0

Inputs

Name Description Type Required
name Name prefix for resources string yes
enable_guardduty bool no
enable_securityhub bool no
enable_config bool no
enable_access_analyzer bool no
enable_macie Macie for S3 data classification (additional cost) bool no
config_bucket_name S3 bucket for AWS Config recordings string yes
guardduty_finding_publishing_frequency string no
securityhub_standards Security Hub standards to enable list(string) no
config_rules Additional AWS Config managed rule identifiers to enable list(string) no
tags map(string) no

Outputs

Name Description
guardduty_detector_id
securityhub_account_id
config_recorder_id
access_analyzer_arn
enabled_services

License

Apache 2.0 - See LICENSE for details.

Reference in New Issue View Git Blame Copy Permalink