This repository consists of security-related solutions for our AWS environment, and here is our progression:

1. The rbs project provides remote-backend-state setup using S3 and DynamoDB.
2. The base project hosts the common resources for our security-related projects:
3. The ec2-inspec-scan project provides configurations/hardening scans on our EC2 instances.
4. The aws-config project enabled selected AWS Config Rules and extract non-compliant resources.
5. The extract-iam project extracts IAM resources, such as user accounts, roles, groups, and policies, to support assessment such as access reviews.
6. The monitor project search for selected AWS resources that are responsible for triggering the above projects. Such resources include:
   • System Manager Association
   • CloudWatch Rule
   • Config Rule

Prerequisite

• Install Terraform on your local machine.
• Install AWSCLI on your local machine.
• Configure AWSCLI on your local machine.
  • Generate the AWS programmatically token which is required for configuring our AWSCLI.
  • Attach the token with AdministratorAccess policy, which provides us administrative permission.

Deployment Steps

1. Clone this repository to your local machine.
2. Browse to the terraform folders, in the following order, provide the required inputs in variables.tf, run terraform init and terraform apply to deploy our AWS setups.
3. rbs for setting up remote-backend-state.
4. base for setting up common resources for the rest of the projects.
5. ec2-inspec-scan, aws-config, monitor and extract-iam which are our security-related solutions.