Skip to content

Commit

Permalink
Merge pull request #1 from nozaq/readme
Browse files Browse the repository at this point in the history
doc: update README
  • Loading branch information
nozaq authored Feb 12, 2018
2 parents 41302c4 + d6d43c4 commit 2ddf30a
Showing 1 changed file with 32 additions and 1 deletion.
33 changes: 32 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,33 @@
# terraform-aws-secure-baseline
A terraform module to set up your AWS account with reasonably secure configurations.

[Terraform Module Registry](https://registry.terraform.io/modules/nozaq/secure-baseline/aws)

A terraform module to set up your AWS account with the reasonably secure configuration baseline.
Most configurations are based on [CIS Amazon web Services Foundations].

## Features

- Set up IAM Password Policy.
- Enable CloudTrail with KMS encryption in all regions and deliver events to CloudWatch Logs.
- Enable AWS Config in all regions to automatically take configuration snapshots.
- All logs are stored in the S3 bucket with access logging enabled.
- Set up CloudWatch alarms to notify you when critical changes happen in your AWS account.
- Enable VPC Flow Logs with the default VPC in all regions.
- Remove all rules in default route tables, default network ACLs and default security groups in the default VPC in all regions.

## Usage

```hcl
data "aws_caller_identity" "current" {}
data "aws_region" "current" {}
module "secure-baseline" {
source = "nozaq/secure-baseline/aws"
audit_log_bucket_name = "YOUR_BUCKET_NAME"
aws_account_id = "${data.aws_caller_identity.current.account_id}"
region = "${data.aws_region.current.name}"
}
```

[CIS Amazon Web Services Foundations]: https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf

0 comments on commit 2ddf30a

Please sign in to comment.