Skip to content

Coalfire-CF/terraform-aws-securitycore

BranchesTags

Repository files navigation

Coalfire

AWS Security Core Terraform Module

Description

This module creates the necessary resources to store your Terraform code remotely in AWS.

FedRAMP Compliance: Moderate, High

Dependencies

  • IAM AWS Accounts

Resource List

  • S3 for Terraform State
  • DynamoDB for Terraform State
  • KMS keys for DynamoDB and S3
  • IAM roles for above resources

Deployment Steps

This module can be called as outlined below.

  • Change directories to the terraform-aws-securitycore directory.
  • From the terraform-aws-security-core directory run terraform init.
  • Run terraform plan to review the resources being created.
  • If everything looks correct in the plan output, run terraform apply.

Usage

Include example for how to call the module below with generic variables

provider "aws" {
  features {}
}

module "security-core" {
  source = "github.com/Coalfire-CF/terraform-aws-securitycore"
  aws_region = "us-gov-west-1"
  resource_prefix = var.resource_prefix
  application_account_numbers = var.app_account_ids
  account_number = data.aws_caller_identiy.mgmt_account.id
}

Requirements

No requirements.

Providers

Name Version
aws n/a

Modules

Name Source Version
dynamo_kms_key github.com/Coalfire-CF/terraform-aws-kms n/a
s3-tstate github.com/Coalfire-CF/terraform-aws-s3 n/a
s3_kms_key github.com/Coalfire-CF/terraform-aws-kms n/a

Resources

Name Type
aws_dynamodb_table.dynamodb_ resource
aws_iam_policy_document.s3_key data source
aws_iam_policy_document.tfstate_bucket_policy data source
aws_partition.current data source

Inputs

Name Description Type Default Required
account_number account number for the mgmt account string n/a yes
application_account_numbers Account IDs for application accounts to be used in IAM list(string) n/a yes
aws_region The AWS region to create things in string n/a yes
create_dynamo_kms_key create KMS key for dynamodb bool true no
create_s3_kms_key create KMS key for S3 bool true no
resource_prefix The prefix for the s3 bucket names string n/a yes

Outputs

Name Description
dynamo_key_arn The arn of the dynamo kms key
dynamo_key_id The id of the dynamo key
dynamodb_table_name n/a
s3_key_arn The arn of the s3 kms key
s3_key_iam The name of the terraform state bucket
s3_key_id The id of the s3 key
tstate_bucket_name The name of the terraform state bucket

Contributing

Relative or absolute link to contributing.md

License

License

Coalfire Pages

Absolute link to any relevant Coalfire Pages

Copyright

Copyright © 2023 Coalfire Systems Inc.

Requirements

Name Version
terraform >=1.5.0
aws ~> 5.0

Providers

Name Version
aws ~> 5.0

Modules

Name Source Version
s3-tstate github.com/Coalfire-CF/terraform-aws-s3 v1.0.1

Resources

Name Type
aws_dynamodb_table.dynamodb_ resource
aws_iam_policy_document.tfstate_bucket_policy data source

Inputs

Name Description Type Default Required
application_account_numbers Account IDs for application accounts to be used in IAM list(string) n/a yes
aws_region The AWS region to create things in string n/a yes
dynamo_kms_key_arn ARN for the CMK KMS key for DynamoDB string n/a yes
resource_prefix The prefix for the s3 bucket names string n/a yes
s3_kms_key_arn ARN for the CMK KMS key for S3 string n/a yes

Outputs

Name Description
dynamo_key_arn The arn of the dynamo kms key
dynamo_key_id The id of the dynamo key
dynamodb_table_name n/a
s3_key_arn The arn of the s3 kms key
s3_key_iam The name of the terraform state bucket
s3_key_id The id of the s3 key
tstate_bucket_name The name of the terraform state bucket

About

Coalfire AWS Security Core Terraform Module

coalfire.com/opensource

Topics

aws security compliance fedramp terraform-module

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases 6

Release v0.0.21 Latest
Nov 7, 2024
+ 5 releases

Contributors 7

Languages