This repository consists of security-related solutions for our AWS environment, and here is our progression:
- The
rbs
project provides remote-backend-state setup using S3 and DynamoDB. - The
base
project hosts the common resources for our security-related projects: - The
ec2-inspec-scan
project provides configurations/hardening scans on our EC2 instances. - The
aws-config
project enabled selected AWS Config Rules and extract non-compliant resources. - The
extract-iam
project extracts IAM resources, such as user accounts, roles, groups, and policies, to support assessment such as access reviews. - The
monitor
project search for selected AWS resources that are responsible for triggering the above projects. Such resources include:- System Manager Association
- CloudWatch Rule
- Config Rule
Prerequisite
- Install Terraform on your local machine.
- Install AWSCLI on your local machine.
- Configure AWSCLI on your local machine.
- Generate the AWS programmatically token which is required for configuring our AWSCLI.
- Attach the token with
AdministratorAccess
policy, which provides us administrative permission.
Deployment Steps
- Clone this repository to your local machine.
- Browse to the
terraform
folders, in the following order, provide the required inputs invariables.tf
, runterraform init
andterraform apply
to deploy our AWS setups. rbs
for setting up remote-backend-state.base
for setting up common resources for the rest of the projects.ec2-inspec-scan
,aws-config
,monitor
andextract-iam
which are our security-related solutions.