mirror of https://github.com/ghndrx/terraform-foundation.git synced 2026-02-10 06:45:06 +00:00

Files

Greg Hendrickson 6136cde9bb feat: Terraform Foundation - AWS Landing Zone

Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center

2026-02-02 02:57:23 +00:00

main.tf

feat: Terraform Foundation - AWS Landing Zone

2026-02-02 02:57:23 +00:00

README.md

feat: Terraform Foundation - AWS Landing Zone

2026-02-02 02:57:23 +00:00

README.md

config-rules

AWS Config Rules Module

Usage

module "config_rules" {
  source = "../modules/config-rules"
  
  # Required variables

  # Optional: see variables.tf for all options
}

Requirements

Name	Version
terraform	>= 1.5.0
aws	>= 5.0

Inputs

Name	Description	Type	Required
enable_aws_config	Enable AWS Config (required for rules)	`bool`	no
config_bucket	S3 bucket for Config snapshots (created if empty)	`string`	no
config_sns_topic_arn	SNS topic for Config notifications	`string`	no
delivery_frequency	Config snapshot delivery frequency	`string`	no
enable_cis_benchmark	Enable CIS AWS Foundations Benchmark rules	`bool`	no
enable_security_best_practices	Enable AWS Security Best Practices rules	`bool`	no
enable_pci_dss	Enable PCI DSS compliance rules	`bool`	no
enable_hipaa	Enable HIPAA compliance rules	`bool`	no
rules		`object({`	no
auto_remediation	Enable auto-remediation for supported rules	`bool`	no
tags		`map(string)`	no

Outputs

Name	Description
config_recorder_id	Config recorder ID
config_bucket	S3 bucket for Config snapshots
enabled_rules
compliance_packs

License

Apache 2.0 - See LICENSE for details.