-
Notifications
You must be signed in to change notification settings - Fork 371
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from nozaq/readme
doc: update README
- Loading branch information
Showing
1 changed file
with
32 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,33 @@ | ||
# terraform-aws-secure-baseline | ||
A terraform module to set up your AWS account with reasonably secure configurations. | ||
|
||
[Terraform Module Registry](https://registry.terraform.io/modules/nozaq/secure-baseline/aws) | ||
|
||
A terraform module to set up your AWS account with the reasonably secure configuration baseline. | ||
Most configurations are based on [CIS Amazon web Services Foundations]. | ||
|
||
## Features | ||
|
||
- Set up IAM Password Policy. | ||
- Enable CloudTrail with KMS encryption in all regions and deliver events to CloudWatch Logs. | ||
- Enable AWS Config in all regions to automatically take configuration snapshots. | ||
- All logs are stored in the S3 bucket with access logging enabled. | ||
- Set up CloudWatch alarms to notify you when critical changes happen in your AWS account. | ||
- Enable VPC Flow Logs with the default VPC in all regions. | ||
- Remove all rules in default route tables, default network ACLs and default security groups in the default VPC in all regions. | ||
|
||
## Usage | ||
|
||
```hcl | ||
data "aws_caller_identity" "current" {} | ||
data "aws_region" "current" {} | ||
module "secure-baseline" { | ||
source = "nozaq/secure-baseline/aws" | ||
audit_log_bucket_name = "YOUR_BUCKET_NAME" | ||
aws_account_id = "${data.aws_caller_identity.current.account_id}" | ||
region = "${data.aws_region.current.name}" | ||
} | ||
``` | ||
|
||
[CIS Amazon Web Services Foundations]: https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf |