ghndrx/terraform-foundation
1
0
Fork 0
mirror of https://github.com/ghndrx/terraform-foundation.git synced 2026-02-10 14:54:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6136cde9bbc81aa494013e7bee651dceff16686a
terraform-foundation/terraform/modules/security-baseline/README.md
Greg Hendrickson 6136cde9bb feat: Terraform Foundation - AWS Landing Zone 
Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center
2026-02-02 02:57:23 +00:00

55 lines
1.3 KiB
Markdown
Raw Blame History

# security-baseline
Security Baseline Module
## Usage
```hcl
module "security_baseline" {
source = "../modules/security-baseline"
# Required variables
name = ""
config_bucket_name = ""
# Optional: see variables.tf for all options
}
```
## Requirements
| Name | Version |
|------|---------|
| terraform | >= 1.5.0 |
| aws | >= 5.0 |
## Inputs
| Name | Description | Type | Required |
|------|-------------|------|----------|
| name | Name prefix for resources | `string` | yes |
| enable_guardduty | | `bool` | no |
| enable_securityhub | | `bool` | no |
| enable_config | | `bool` | no |
| enable_access_analyzer | | `bool` | no |
| enable_macie | Macie for S3 data classification (additional cost) | `bool` | no |
| config_bucket_name | S3 bucket for AWS Config recordings | `string` | yes |
| guardduty_finding_publishing_frequency | | `string` | no |
| securityhub_standards | Security Hub standards to enable | `list(string)` | no |
| config_rules | Additional AWS Config managed rule identifiers to enable | `list(string)` | no |
| tags | | `map(string)` | no |
## Outputs
| Name | Description |
|------|-------------|
| guardduty_detector_id | |
| securityhub_account_id | |
| config_recorder_id | |
| access_analyzer_arn | |
| enabled_services | |
## License
Apache 2.0 - See LICENSE for details.
Reference in New Issue View Git Blame Copy Permalink