Skip to content

ministryofjustice/cloud-platform-terraform-awsaccounts-baselines

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
.github
.github
 
 
examples
examples
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

cloud-platform-terraform-awsaccounts-baselines

This module includes security and operational baselines implemented by Cloud Platform team in their AWS Accounts.

Usage

module "baselines" {
  source = "github.com/ministryofjustice/cloud-platform-terraform-awsaccounts-baselines?ref=0.0.1"

  account_name = "cloud-platform-production"
}

Requirements

Name Version
terraform >= 1.2.5

Providers

No providers.

Modules

Name Source Version
access_analyzer ./modules/access-analyzer n/a
cloudwatch ./modules/cloudwatch n/a
lambdas ./modules/lambdas n/a
logging ./modules/logging n/a
slack_integration terraform-aws-modules/notify-slack/aws ~> 6.0

Resources

No resources.

Inputs

Name Description Type Default Required
buckets_prefix Prefix for bucket names string "cp" no
buckets_suffix Suffix for bucket names string "do-not-delete" no
cloudtrail_name The name of the trail which is going to be streaming logs to S3 string "cloud-platform-cloudtrail" no
enable_cloudwatch Enable/Disable cloudwatch module. bool true no
enable_logging Enable/Disable logging module - it creates S3 buckets and forwards all cloudtrail logs to them bool true no
enable_slack_integration Enable/Disable slack integration module - it creates SNS and Lambda function to send slack notifications bool true no
region Region the SNS topic is in string n/a yes
s3_bucket_block_publicaccess_exceptions S3 buckets exceptions for publicaccess remediation list(string) 
[
  ""
]
 no
s3_bucket_enforce_encryption_exceptions S3 buckets exceptions for encryption remediation list(string) 
[
  ""
]
 no
slack_channel Slack channel where alerts are sent string "" no
slack_webhook Slack Webhook URL for sending alerts string "" no
tags A map of tags to add to all resources. map(string) 
{
  "business-unit": "mojdigital",
  "infrastructure-support": "platform@digital.justice.gov.uk",
  "owner": "cloud-platform"
}
 no

Outputs

Name Description
cloudtraillogs_bucket_arn Cloudtrail logs S3 bucket arn
logging_buckets Buckets created for all account logs related
slack_sns_topic Slack integration sns topic name

About

This module includes security and operational baselines implemented by Cloud Platform team in their AWS Accounts.

Topics

cloud-platform-engineering

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

2 forks
Report repository

Releases 17

0.2.2 Latest
Jun 12, 2024
+ 16 releases

Packages

No packages published

Contributors 10

Languages