Skip to content

Terraform modules for on-boarding with Cyber Security services eg define the IAM SecurityAudit role

License

Notifications You must be signed in to change notification settings

alphagov/cyber-security-shared-terraform-modules

Repository files navigation

Cyber Security shared Terraform Modules

CodePipeline and CodeBuild

We have created a number of modules for running common tasks in CodePipeline.

Containers

These modules use scripts from a public container image gdscyber/cyber-security-cd-base-image

The code for the image is here: https://github.com/alphagov/cyber-security-concourse-base-image

The image does things like installing common requirements like pyenv and tfenv.

It also has some helper scripts for doing common tasks like assuming a role into an AWS account.

The modules allow you to specify a different container image but if you do this you will need the dependencies and helper scripts to use the modules so you would need to do a multi-stage container build to pull in the bin directory and install the same dependencies.

Modules

Terraform

Authentication

If something like terraform needs to retrieve a module from a private repository this allows you to setup an SSH config file with a readonly deploy key to use when retrieving the module source.

Building containers

Selectively run pipeline

These modules allow you to query the changed files from a recently merged PR so that you can decide whether tasks in the pipeline are required.

Monitoring

IAM

gds_security_audit

A role implementing the AWS SecurityAudit managed policy along with a few additions which trusts an intermediary role in the organization account.

About

Terraform modules for on-boarding with Cyber Security services eg define the IAM SecurityAudit role

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages