Skip to content

guardianproject-ops/terraform-aws-account-baseline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
modules
modules
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
README.yaml
README.yaml
 
 

Repository files navigation

terraform-aws-account-baseline

The Guardian

Terraform module for bringing an AWS Control Tower workload/application account into governance.

It's 100% Open Source and licensed under the GNU General Public License.

Introduction

This module should be used on your standard workload and application accounts.

The terraform-aws-account-baseline module enforces security and management best practices across AWS accounts. It provides standardized configurations for:

* Account security baselines
* Account management settings
* Compliance requirements

This module helps maintain consistent security controls and configurations when managing multiple AWS accounts through Terraform.

Features

Submodule: Account

Usage: Apply once to an account.

  • AWS IAM Account Alias: Creates a custom account alias for simplified AWS account identification
  • AWS IAM Account Password Policy: Sets strong password requirements for IAM users
  • AWS S3 Account Public Access Block: Prevents public access to S3 buckets at the account level
  • AWS IAM OpenID Connect Provider: Enables identity federation through OpenID Connect
    • GitHub
    • GitLab
    • Keycloak

Submodule: Regional

Usage: Apply to each region in an account.

  • EBS Encryption by Default: Ensures all new EBS volumes are automatically encrypted
  • Block public EBS snapshot sharing: Prevents EBS snapshots from being shared publicly
  • Terraform State Resources:
    • Terraform State Bucket: Stores Terraform state files securely
    • Terraform DynamoDB State Lock Table: Prevents concurrent state modifications

Usage

module "account" {
  source = "git::https://gitlab.com/guardianproject-ops/terraform-aws-account-baseline//modules/account?ref=main"
}

module "region_main" {
  source = "git::https://gitlab.com/guardianproject-ops/terraform-aws-account-baseline//modules/region?ref=main"
  providers = {
  aws =  aws
  }
}

module "region_other" {
  source = "git::https://gitlab.com/guardianproject-ops/terraform-aws-account-baseline//modules/region?ref=main"
  providers = {
    aws =  aws.other
  }
}

Documentation

Docs are nice!

Requirements

No requirements.

Providers

No providers.

Modules

No modules.

Resources

No resources.

Inputs

No inputs.

Outputs

No outputs.

Help

Got a question? We got answers.

File a GitLab issue, send us an email or join our Matrix Community.

Matrix Community

Matrix badge

Join our Open Source Community on Matrix. It's FREE for everyone! This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build on our open source code.

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

If you are interested in being a contributor and want to get involved in developing this project or help out with our other projects, we would love to hear from you! Shoot us an email.

In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

  1. Fork the repo on GitLab
  2. Clone the project to your own machine
  3. Commit changes to your own branch
  4. Push your work back up to your fork
  5. Submit a Pull Request so that we can review your changes

NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!

Copyright

Copyright © 2021-2025 The Guardian Project

License

License: GPL v3

GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.

Trademarks

All other trademarks referenced herein are the property of their respective owners.

About

This project is maintained by The Guardian Project.

The Guardian Project

We're a collective of designers, developers, and ops folk focused on useable privacy and security with a focus on digital human rights and humanitarian projects.

Everything we do is 100% FOSS.

Follow us on Mastodon or twitter, apply for a job, or partner with us.

We offer paid support on all of our projects.

Check out our other DevOps projects or our entire other set of projects related to privacy and security related software, or hire us to get support with using our projects.

Contributors

Abel Luck
Abel Luck

About

Terraform module for bringing application/workload accounts into governance (Mirror of https://gitlab.com/guardianproject-ops/terraform-aws-account-baseline)

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages