forked fromCoalfire-CF/terraform-aws-account-setup
- Notifications
You must be signed in to change notification settings - Fork0
Coalfire AWS Account Setup Terraform Module
License
NotificationsYou must be signed in to change notification settings
CiscoOpsStack/terraform-aws-account-setup-ops_stack
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
The AWS account set up module creates the initial account configuration for your project, including IAM roles, KMS keys, S3 installs bucket, and more.
FedRAMP Compliance: High
Resources that are created as a part of this module include:
- IAM roles
- IAM policies
- IAM instance profiles
- KMS keys
- S3 buckets
- Security core module resources
application_account_numbersisn't required - you can feed itapplication_account_numbers=[""]
module "account-setup" { source = "github.com/Coalfire-CF/terraform-aws-account-setup" aws_region = "us-east-1" default_aws_region = "us-east-1" application_account_numbers = ["account-number1", "account-number2", "account-number3"] account_number = "your-account-number" resource_prefix = "pre" create_cloudtrail = true partition = "aws" ad_secrets_manager_path = "your/ad/path" enable_aws_config = true delete_after = 90}| Name | Version |
|---|---|
| terraform | >=1.5.0 |
| aws | ~> 5.0 |
| Name | Version |
|---|---|
| aws | ~> 5.0 |
| Name | Source | Version |
|---|---|---|
| additional_kms_keys | github.com/Coalfire-CF/terraform-aws-kms | v0.0.6 |
| backup_kms_key | github.com/Coalfire-CF/terraform-aws-kms | v0.0.6 |
| cloudwatch_kms_key | github.com/Coalfire-CF/terraform-aws-kms | v0.0.6 |
| ebs_kms_key | github.com/Coalfire-CF/terraform-aws-kms | v0.0.6 |
| lambda_kms_key | github.com/Coalfire-CF/terraform-aws-kms | v0.0.6 |
| rds_kms_key | github.com/Coalfire-CF/terraform-aws-kms | v0.0.6 |
| s3-accesslogs | github.com/Coalfire-CF/terraform-aws-s3 | v1.0.1 |
| s3-backups | github.com/Coalfire-CF/terraform-aws-s3 | v1.0.1 |
| s3-elb-accesslogs | github.com/Coalfire-CF/terraform-aws-s3 | v1.0.1 |
| s3-installs | github.com/Coalfire-CF/terraform-aws-s3 | v1.0.1 |
| security-core | github.com/Coalfire-CF/terraform-aws-securitycore | v0.0.17 |
| sm_kms_key | github.com/Coalfire-CF/terraform-aws-kms | v0.0.6 |
| Name | Type |
|---|---|
| aws_iam_instance_profile.packer_profile | resource |
| aws_iam_policy.packer_policy | resource |
| aws_iam_policy_attachment.packer_access_attach_policy | resource |
| aws_iam_role.packer_role | resource |
| aws_kms_grant.packer_ebs | resource |
| aws_kms_grant.packer_s3 | resource |
| aws_elb_service_account.main | data source |
| aws_iam_policy_document.cloudwatch_key | data source |
| aws_iam_policy_document.ebs_key | data source |
| aws_iam_policy_document.elb_accesslogs_bucket_policy | data source |
| aws_iam_policy_document.packer_assume_role_policy_document | data source |
| aws_iam_policy_document.packer_policy_document | data source |
| aws_iam_policy_document.s3_accesslogs_bucket_policy | data source |
| aws_iam_policy_document.secrets_manager_key | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_number | The AWS account number resources are being deployed into | string | n/a | yes |
| additional_kms_keys | a list of maps of any additional KMS keys that need to be created | list(map(string)) | [] | no |
| application_account_numbers | AWS account numbers for all application accounts | list(string) | n/a | yes |
| aws_backup_plan_name | AWS Backup plan name | string | "fedramp-aws-backup-plan" | no |
| aws_lb_account_ids | https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html | map(string) | { | no |
| aws_region | The AWS region to create resources in | string | n/a | yes |
| backup_rule_name | AWS Backup rule name | string | "fedramp-aws-backup-default-rule" | no |
| backup_selection_tag_value | AWS Backup tag values | string | "fedramp-daily-aws-backups" | no |
| backup_vault_name | AWS Backup vault name | string | "fedramp-aws-backup-vault" | no |
| config_delivery_frequency | AWS Config delivery frequencies | string | "One_Hour" | no |
| create_backup_kms_key | create KMS key for AWS Backups | bool | true | no |
| create_cloudtrail | Whether or not to create cloudtrail resources | bool | false | no |
| create_cloudwatch_kms_key | create KMS key for AWS Cloudwatch | bool | true | no |
| create_dynamo_kms_key | create KMS key for dynamodb | bool | true | no |
| create_ebs_kms_key | create KMS key for ebs | bool | true | no |
| create_lambda_kms_key | create KMS key for lambda | bool | true | no |
| create_rds_kms_key | create KMS key for rds | bool | true | no |
| create_s3_kms_key | create KMS key for S3 | bool | true | no |
| create_sm_kms_key | create KMS key for secrets manager | bool | true | no |
| default_aws_region | The default AWS region to create resources in | string | n/a | yes |
| delete_after | Number of days after which a recovery point should be deleted | number | 35 | no |
| enable_aws_config | Enable AWS config for this account | bool | false | no |
| lambda_time_zone | The time zone for lambda functions | string | "US/Eastern" | no |
| resource_prefix | The prefix for the s3 bucket names | string | n/a | yes |
If you're interested in contributing to our projects, please review theContributing Guidelines. And send an email toour team to receive a copy of our CLA and start the onboarding process.
Copyright © 2023 Coalfire Systems Inc.
About
Coalfire AWS Account Setup Terraform Module
Resources
License
Contributing
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
No packages published
Uh oh!
There was an error while loading.Please reload this page.
Languages
- HCL100.0%