ghndrx/terraform-foundation
1
0
Fork 0
mirror of https://github.com/ghndrx/terraform-foundation.git synced 2026-02-10 14:54:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cae319ee5902f80cd46abe4503c26ad98d435bd5
terraform-foundation/terraform/modules/scps/variables.tf
Greg Hendrickson 6136cde9bb feat: Terraform Foundation - AWS Landing Zone 
Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center
2026-02-02 02:57:23 +00:00

76 lines
1.7 KiB
HCL
Raw Blame History

################################################################################
# SCPs - Input Variables
################################################################################
variable "name_prefix" {
type = string
default = "scp"
description = "Prefix for SCP names"
}
variable "enable_deny_leave_org" {
type = bool
default = true
description = "Prevent accounts from leaving organization"
}
variable "enable_require_imdsv2" {
type = bool
default = true
description = "Require IMDSv2 for EC2 instances"
}
variable "enable_deny_root_actions" {
type = bool
default = true
description = "Deny most actions by root user"
}
variable "allowed_regions" {
type = list(string)
default = []
description = "Allowed regions (empty = all regions allowed)"
}
variable "protect_security_services" {
type = bool
default = true
description = "Prevent disabling GuardDuty, Security Hub, Config, Access Analyzer"
}
variable "protect_cloudtrail" {
type = bool
default = true
description = "Prevent CloudTrail modification"
}
variable "require_s3_encryption" {
type = bool
default = true
description = "Require S3 bucket encryption"
}
variable "require_ebs_encryption" {
type = bool
default = true
description = "Require EBS volume encryption"
}
variable "target_ous" {
type = list(string)
default = []
description = "OU IDs to attach SCPs to"
}
variable "target_accounts" {
type = list(string)
default = []
description = "Account IDs to attach SCPs to"
}
variable "tags" {
type = map(string)
default = {}
description = "Tags to apply to SCP resources"
}
Reference in New Issue View Git Blame Copy Permalink