Skip to content

aws-samples/aws-continuous-compliance-for-terraform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
security-and-compliance-account
security-and-compliance-account
 
 
workload-account
workload-account
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Config
Config
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Continuous Compliance For Terraform Using Terraform Compliance Framework and Code Pipeline

This codebase is associated with a blog (blog url to be posted soon) There are two sub-projects in this codebase that need to be deployed in two separate AWS accounts

  1. Security and compliance account
  2. Workload account

Security and compliance codebase

Here we deploy two CDK stacks.

  1. Cross Account Roles that give permission to workload account to pull compliance checks from security and compliance account repo to carry out compliance checks
  2. Pipeline stack that consists of AWS CodePipeline which implements continuous compliance workflow using which we release new compliance checks. It also create a AWS CodeCommit repository where you can checkin the compliance checks. Both the stacks can be found under security-and-compliance-account/stacks folder. security-and-compliance-account/app.py represents the main CDK app that brings together the above two stacks and deploys them one after the other. The main CDK app is invoked when we run cdk commands. Besides this, we have provided sample compliance checks implemented using terraform-compliance framework. The code is accompanied by buildspecs as required by the AWS CodeBuild projects in the pipeline.

In order to deploy security and compliance account stacks run below command security-and-compliance-accountdeploy/deploy.sh <aws-profile-name> You need to first create an AWS profile before you execute the cdk command

Workload codebase

Here we deploy two CDK stacks.

  1. Cross Account Roles that give permission to security and compliance account to pull terraform code from workload account repo to carry out compliance checks
  2. Pipeline stack that consists of AWS CodePipeline which implements CICD workflow to deploy AWS resources written in terraform. It also create a AWS CodeCommit repository where you can checkin the terraform. Both the stacks can be found under workload-account/stacks folder. workload-account/app.py represents the main CDK app that brings together the above two stacks and deploys them one after the other. The main CDK app is invoked when we run cdk commands. Besides this, we have provided terraform workload to be deployed by the workload pipeline after it successfully carries out compliance checks. The code is accompanied by buildspecs as required by the AWS CodeBuild projects in the pipeline.

In order to deploy security and compliance account stacks run below command workload-account/deploy.sh <aws-profile-name> You need to first create an AWS profile before you execute the cdk command

About

No description, website, or topics provided.

Resources

Readme

License

MIT-0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages