diff --git a/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md b/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
index 348c3e9170..8f0fdf0cdb 100644
--- a/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
+++ b/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Security Modules
-View Source
+View Source
Release Notes
@@ -37,23 +37,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [How to install Auto Update](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/auto-update/core-concepts.md#installation)
+* [How to install Auto Update](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/auto-update/core-concepts.md#installation)
-* [How Auto Update works on Ubuntu](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/auto-update/core-concepts.md#ubuntu-support)
+* [How Auto Update works on Ubuntu](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/auto-update/core-concepts.md#ubuntu-support)
-* [How Auto Update works on Amazon Linux and CentOS](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/auto-update/core-concepts.md#amazon-linux-and-centos-support)
+* [How Auto Update works on Amazon Linux and CentOS](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/auto-update/core-concepts.md#amazon-linux-and-centos-support)
-* [Auto Update Limitations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/auto-update/core-concepts.md#limitations)
+* [Auto Update Limitations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/auto-update/core-concepts.md#limitations)
-* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/README.adoc#core-concepts)
+* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/README.adoc#core-concepts)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -61,7 +61,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [auto-update example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/auto-update): The `examples/auto-update` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [auto-update example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/auto-update): The `examples/auto-update` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -73,11 +73,11 @@ If you want to deploy this repo in production, check out the following resources
diff --git a/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md b/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
index 4bfe4d8838..f8a32b5948 100644
--- a/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
+++ b/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Auth Helper
-View Source
+View Source
Release Notes
@@ -175,7 +175,7 @@ eval $(aws-auth --serial-number arn:aws:iam::123456789011:mfa/jondoe --token-cod
If you store your secrets in a CLI-friendly password manager, such as [pass](https://www.passwordstore.org/),
[lpass](https://github.com/lastpass/lastpass-cli) or
-[1Password CLI](https://support.1password.com/command-line-getting-started/), then you can reduce this even further! Instructions on how to set this up for Lastpass / `lpass` can be found [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-auth/AWS-AUTH-LASTPASS.md) and 1Password / `op` [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-auth/AWS-AUTH-1PASSWORD.md).
+[1Password CLI](https://support.1password.com/command-line-getting-started/), then you can reduce this even further! Instructions on how to set this up for Lastpass / `lpass` can be found [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-auth/AWS-AUTH-LASTPASS.md) and 1Password / `op` [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-auth/AWS-AUTH-1PASSWORD.md).
First, store your permanent AWS credentials in `pass`:
@@ -250,11 +250,11 @@ If you you need to run `aws-auth` with a cronjob, you may want to set the `$USER
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md b/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
index 32e7140b15..a98cb6c2f4 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
@@ -9,19 +9,19 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config Bucket
-View Source
+View Source
Release Notes
This module creates an S3 bucket for storing AWS Config data, including all the appropriate lifecycle, encryption, and
permission settings for AWS Config.
-This module is not meant to be used directly. Instead, it's used under the hood in the [aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config)
-and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/account-baseline-root) modules. Please see those modules for more information.
+This module is not meant to be used directly. Instead, it's used under the hood in the [aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config)
+and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/account-baseline-root) modules. Please see those modules for more information.
## Sample Usage
@@ -36,7 +36,7 @@ and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-securi
module "aws_config_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -153,7 +153,7 @@ module "aws_config_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v0.69.0"
}
inputs = {
@@ -497,11 +497,11 @@ The name of the S3 bucket used by AWS Config to store configuration items.
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md b/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
index 4570daba94..55efc6f92f 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config Multi Region Module
-View Source
+View Source
Release Notes
-This module wraps the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config/README.md) to configure [AWS Config](https://aws.amazon.com/config/) in all enabled regions for the AWS Account, and optionally can aggregate AWS Config across multiple accounts.
+This module wraps the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config/README.md) to configure [AWS Config](https://aws.amazon.com/config/) in all enabled regions for the AWS Account, and optionally can aggregate AWS Config across multiple accounts.
@@ -45,25 +45,25 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* Learn more about AWS Config in the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config/README.adoc).
+* Learn more about AWS Config in the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config/README.adoc).
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
* [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/)
-* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
+* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
## Sample Usage
@@ -78,7 +78,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
module "aws_config_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -374,7 +374,7 @@ module "aws_config_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v0.69.0"
}
inputs = {
@@ -1311,11 +1311,11 @@ The ARNs of the SNS Topic used by the config notifications.
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md b/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
index 7affc58af6..acb24a3e18 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Organizations Config Rules
-View Source
+View Source
Release Notes
@@ -41,27 +41,27 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
+* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
-* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config/core-concepts.md#what-is-aws-config)
+* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config/core-concepts.md#what-is-aws-config)
-* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config/core-concepts.md#what-are-config-rules)
+* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config/core-concepts.md#what-are-config-rules)
-* [What are Managed Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config-rules/core-concepts.md#what-are-managed-config-rules)
+* [What are Managed Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config-rules/core-concepts.md#what-are-managed-config-rules)
-* [How do Organization-Level Config Rules Compare to Account-Level Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config-rules/core-concepts.md#how-do-organization-level-config-rules-compare-to-account-level-config-rules)
+* [How do Organization-Level Config Rules Compare to Account-Level Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config-rules/core-concepts.md#how-do-organization-level-config-rules-compare-to-account-level-config-rules)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config-rules/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config-rules/core-concepts.md#what-resources-does-this-module-create)
* [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -69,7 +69,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-config-rules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/aws-config-rules): The `examples/aws-organizations-config-rules` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-config-rules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/aws-config-rules): The `examples/aws-organizations-config-rules` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -83,11 +83,11 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [How do I configure the rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config-rules/core-concepts.md#how-do-i-configure-the-rules)
+* [How do I configure the rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config-rules/core-concepts.md#how-do-i-configure-the-rules)
-* [How do I add additional rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config-rules/core-concepts.md#how-do-i-add-additional-rules)
+* [How do I add additional rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config-rules/core-concepts.md#how-do-i-add-additional-rules)
-* [How do I exclude specific accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config-rules/core-concepts.md#how-do-i-exclude-specific-accounts)
+* [How do I exclude specific accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config-rules/core-concepts.md#how-do-i-exclude-specific-accounts)
## Sample Usage
@@ -102,7 +102,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_config_rules" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -237,7 +237,7 @@ module "aws_config_rules" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v0.69.0"
}
inputs = {
@@ -678,11 +678,11 @@ Map of config rule ARNs. Key is rule ID, value is rule ARN
diff --git a/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md b/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
index d938116e04..81a2d31640 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config
-View Source
+View Source
Release Notes
@@ -39,19 +39,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config/core-concepts.md#what-is-aws-config)
+* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config/core-concepts.md#what-is-aws-config)
-* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config/core-concepts.md#what-are-config-rules)
+* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config/core-concepts.md#what-are-config-rules)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config/core-concepts.md#what-resources-does-this-module-create)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -59,7 +59,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/aws-config): The `examples/aws-config` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/aws-config): The `examples/aws-config` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -71,9 +71,9 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [What does a configuration item look like, and how do I view it?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config/core-concepts.md#what-does-a-configuration-item-look-like-and-how-do-i-view-it)
+* [What does a configuration item look like, and how do I view it?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config/core-concepts.md#what-does-a-configuration-item-look-like-and-how-do-i-view-it)
-* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
+* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
## Sample Usage
@@ -88,7 +88,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_config" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -312,7 +312,7 @@ module "aws_config" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v0.69.0"
}
inputs = {
@@ -966,11 +966,11 @@ The ARN of the SNS topic to which Config delivers notifications.
diff --git a/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md b/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
index b2484289f4..9d80d3c052 100644
--- a/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
+++ b/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Organizations
-View Source
+View Source
Release Notes
@@ -39,23 +39,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
+* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
-* [What is a Root account?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-organizations/core-concepts.md#what-is-a-root-account)
+* [What is a Root account?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-organizations/core-concepts.md#what-is-a-root-account)
-* [What are Organization Accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-organizations/core-concepts.md#what-are-organization-accounts)
+* [What are Organization Accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-organizations/core-concepts.md#what-are-organization-accounts)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-organizations/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-organizations/core-concepts.md#what-resources-does-this-module-create)
* [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -63,7 +63,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-organizations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/aws-organizations): The `examples/aws-organizations` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-organizations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/aws-organizations): The `examples/aws-organizations` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -77,9 +77,9 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [How do I provision new accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-organizations/core-concepts.md#how-do-i-provision-new-accounts)
+* [How do I provision new accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-organizations/core-concepts.md#how-do-i-provision-new-accounts)
-* [How do I remove accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-organizations/core-concepts.md#how-do-i-remove-accounts)
+* [How do I remove accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-organizations/core-concepts.md#how-do-i-remove-accounts)
## Sample Usage
@@ -94,7 +94,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_organizations" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -153,7 +153,7 @@ module "aws_organizations" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v0.69.0"
}
inputs = {
@@ -424,11 +424,11 @@ Identifier of the root of this organization.
diff --git a/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md b/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
index 2886e6ce22..96cb215fe6 100644
--- a/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
@@ -9,21 +9,21 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# CloudTrail Bucket
-View Source
+View Source
Release Notes
This module creates an S3 bucket for storing CloudTrail data and a KMS Customer Master Key (CMK) for encrypting that
data, including all the appropriate lifecycle, encryption, and permission settings for CloudTrail.
-This module is used under the hood in the [cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail)
-and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/account-baseline-root) modules.
+This module is used under the hood in the [cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail)
+and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/account-baseline-root) modules.
-It can also be used directly when configuring cross account access, for example when it is desirable to [have the central Cloudtrail S3 bucket exist outside of the management account.](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#multi-account-cloudtrail-setup-storing-the-cloudtrail-bucket-in-an-account-other-than-the-management-account)
+It can also be used directly when configuring cross account access, for example when it is desirable to [have the central Cloudtrail S3 bucket exist outside of the management account.](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#multi-account-cloudtrail-setup-storing-the-cloudtrail-bucket-in-an-account-other-than-the-management-account)
## Sample Usage
@@ -38,7 +38,7 @@ It can also be used directly when configuring cross account access, for example
module "cloudtrail_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -210,7 +210,7 @@ module "cloudtrail_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v0.69.0"
}
inputs = {
@@ -907,11 +907,11 @@ The name of the S3 bucket where cloudtrail logs are delivered.
diff --git a/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md b/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
index d06156d03e..3ab0eba6d8 100644
--- a/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
+++ b/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS CloudTrail
-View Source
+View Source
Release Notes
@@ -39,25 +39,25 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#what-is-cloudtrail)
+* [What is CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#what-is-cloudtrail)
-* [Why use CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#why-use-cloudtrail)
+* [Why use CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#why-use-cloudtrail)
-* [What is a CloudTrail Trail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#what-is-a-cloudtrail-trail)
+* [What is a CloudTrail Trail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#what-is-a-cloudtrail-trail)
-* [What’s the difference between CloudTrail and AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#whats-the-difference-between-cloudtrail-and-aws-config)
+* [What’s the difference between CloudTrail and AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#whats-the-difference-between-cloudtrail-and-aws-config)
-* [CloudTrail Threat Model](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#cloudtrail-threat-model)
+* [CloudTrail Threat Model](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#cloudtrail-threat-model)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#resources-created)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#resources-created)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -65,7 +65,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/cloudtrail): The `examples/cloudtrail` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/cloudtrail): The `examples/cloudtrail` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -81,15 +81,15 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [Where are CloudTrail logs stored?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#where-are-cloudtrail-logs-stored)
+* [Where are CloudTrail logs stored?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#where-are-cloudtrail-logs-stored)
-* [What kind of data do CloudTrail log entries contain?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#what-kind-of-data-do-cloudtrail-log-entries-contain)
+* [What kind of data do CloudTrail log entries contain?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#what-kind-of-data-do-cloudtrail-log-entries-contain)
-* [What’s the best way to view CloudTrail Log Data?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#whats-the-best-way-to-view-cloudtrail-log-data)
+* [What’s the best way to view CloudTrail Log Data?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#whats-the-best-way-to-view-cloudtrail-log-data)
### Major changes
-* [Can you get alerted when certain API events occur?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cloudtrail/core-concepts.md#can-you-get-alerted-when-certain-api-events-occur)
+* [Can you get alerted when certain API events occur?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cloudtrail/core-concepts.md#can-you-get-alerted-when-certain-api-events-occur)
## Sample Usage
@@ -104,7 +104,7 @@ If you want to deploy this repo in production, check out the following resources
module "cloudtrail" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -361,7 +361,7 @@ Refer to
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v0.69.0"
}
inputs = {
@@ -1405,11 +1405,11 @@ The name of the cloudtrail trail.
diff --git a/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md b/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
index 26125b6559..eeefc41e5d 100644
--- a/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
+++ b/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A best-practices set of IAM roles for cross-account access
-View Source
+View Source
-Release Notes
+Release Notes
This module can be used to allow IAM users from other AWS accounts to access your AWS accounts (i.e. [cross-account
access](https://aws.amazon.com/blogs/security/enable-a-new-feature-in-the-aws-management-console-cross-account-access/)).
@@ -34,7 +34,7 @@ This module creates the following IAM roles (all optional):
These IAM Roles are intended to be assumed by human users (i.e., IAM Users in another AWS account). The default
maximum session expiration for these roles is 12 hours (configurable via the `var.max_session_duration_human_users`).
Note that these are the *maximum* session expirations; the actual value for session expiration is specified when
-making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-auth)).
+making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-auth)).
* **allow-read-only-access-from-other-accounts**: Users from the accounts in
`var.allow_read_only_access_from_other_account_arns` will get read-only access to all services in this account.
@@ -65,11 +65,11 @@ making API calls to assume the IAM role (see [aws-auth](https://github.com/grunt
These IAM Roles are intended to be assumed by machine users (i.e., an EC2 Instance in another AWS account). The default
maximum session expiration for these roles is 1 hour (configurable via the `var.max_session_duration_machine_users`).
Note that these are the *maximum* session expirations; the actual value for session expiration is specified when
-making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/aws-auth)).
+making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/aws-auth)).
* **allow-ssh-grunt-access-from-other-accounts**: Users (or more likely, EC2 Instances) from the accounts in
`var.allow_ssh_grunt_access_from_other_account_arns` will get read access to IAM Groups and public SSH keys. This is
- useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
+ useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
connections against IAM users defined in this AWS account.
* **allow-auto-deploy-access-from-other-accounts**: Users from the accounts in `var.allow_auto_deploy_from_other_account_arns`
@@ -96,7 +96,7 @@ roles with the AWS CLI takes quite a few steps, so use the [aws-auth script](htt
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-policies#background-information).
## Sample Usage
@@ -111,7 +111,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "cross_account_iam_roles" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -298,7 +298,7 @@ module "cross_account_iam_roles" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v0.69.0"
}
inputs = {
@@ -1087,11 +1087,11 @@ When true, all IAM policies will be managed as dedicated policies rather than in
diff --git a/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md b/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
index ae53c02d50..8eab39cfaf 100644
--- a/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
+++ b/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Custom IAM Entity
-View Source
+View Source
-Release Notes
+Release Notes
-This Gruntwork Terraform Module creates an IAM group and/or role and attaches a provided set of IAM managed policies to the group. This can be used in conjunction with the [iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-groups), [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cross-account-iam-roles), and [saml-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/saml-iam-roles) modules which create a set of groups and roles with smart defaults. Use this module to easily create IAM groups and roles with a defined set of permissions.
+This Gruntwork Terraform Module creates an IAM group and/or role and attaches a provided set of IAM managed policies to the group. This can be used in conjunction with the [iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-groups), [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cross-account-iam-roles), and [saml-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/saml-iam-roles) modules which create a set of groups and roles with smart defaults. Use this module to easily create IAM groups and roles with a defined set of permissions.
### Requirements
@@ -25,7 +25,7 @@ This Gruntwork Terraform Module creates an IAM group and/or role and attaches a
### Instructions
-Check out the [custom-iam-entity example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/custom-iam-entity) for a working example.
+Check out the [custom-iam-entity example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/custom-iam-entity) for a working example.
#### Resources Created
@@ -36,7 +36,7 @@ If neither role nor group are provided, this module does nothing.
#### Resources NOT Created
-* **IAM users** - This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-users) to create users.
+* **IAM users** - This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-users) to create users.
* **IAM policies** - This module only attaches policies by ARN or by name. It does not create any new policies.
#### MFA support
@@ -51,7 +51,7 @@ The reason for this difference is difficult to explain, but boils down to limita
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-policies#background-information).
## Sample Usage
@@ -66,7 +66,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "custom_iam_entity" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -165,7 +165,7 @@ module "custom_iam_entity" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.69.0"
}
inputs = {
@@ -486,11 +486,11 @@ The name of the IAM role.
diff --git a/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md b/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
index 73b0828622..c72c20629e 100644
--- a/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# EBS Encryption Multi Region Module
-View Source
+View Source
Release Notes
-This module wraps the [ebs-encryption core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ebs-encryption/README.md) to configure [AWS EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in all enabled regions for the AWS Account.
+This module wraps the [ebs-encryption core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ebs-encryption/README.md) to configure [AWS EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in all enabled regions for the AWS Account.
## Features
@@ -37,17 +37,17 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
* [AWS blog: Opt-in to Default Encryption for New EBS Volumes](https://aws.amazon.com/blogs/aws/new-opt-in-to-default-encryption-for-new-ebs-volumes/)
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -66,7 +66,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
module "ebs_encryption_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -108,7 +108,7 @@ module "ebs_encryption_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v0.69.0"
}
inputs = {
@@ -219,11 +219,11 @@ A map from region to the ARN of the KMS key used for default EBS encryption for
diff --git a/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md b/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
index e3fa3abb62..1d373c18bc 100644
--- a/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
+++ b/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
@@ -9,18 +9,18 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Elastic Block Storage Encryption
-View Source
+View Source
Release Notes
This module configures EC2 Elastic Block Storage encryption defaults, allowing encryption to be enabled for all new EBS
volumes and selection of a KMS Customer Managed Key to use by default.
-This module is not meant to be used directly. Instead, it's used under the hood in the [account-baseline-\*](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules)
+This module is not meant to be used directly. Instead, it's used under the hood in the [account-baseline-\*](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules)
modules. Please see those modules for more information.
## Background Information
@@ -42,7 +42,7 @@ modules. Please see those modules for more information.
module "ebs_encryption" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -81,7 +81,7 @@ module "ebs_encryption" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v0.69.0"
}
inputs = {
@@ -188,11 +188,11 @@ The default KMS key used for EBS encryption.
diff --git a/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md b/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
index a1b2a855f3..3d4ac8e3a1 100644
--- a/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
+++ b/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Fail2Ban Module
-View Source
+View Source
Release Notes
@@ -28,11 +28,11 @@ Instance.
diff --git a/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md b/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
index 809ed3e615..d738358861 100644
--- a/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
+++ b/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# IAM Role for GitHub Actions
-View Source
+View Source
-Release Notes
+Release Notes
This Terraform module can be used to create Assume Role policies and IAM Roles such that they can be used with
GitHub Actions. This requires you to provision an IAM OpenID Connect Provider for GitHub Actions in your account. By
@@ -182,7 +182,7 @@ jobs:
module "github_actions_iam_role" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -193,16 +193,13 @@ module "github_actions_iam_role" {
# (e.g., gruntwork-io/terrraform-aws-ci).
allowed_sources =
- # ARN of the OpenID Connect Provider provisioned for GitHub Actions.
- github_actions_openid_connect_provider_arn =
-
- # URL of the OpenID Connect Provider provisioned for GitHub Actions.
- github_actions_openid_connect_provider_url =
-
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
+ # List of additional thumbprints for the OIDC provider.
+ additional_thumbprints = null
+
# The string operator to use when evaluating the AWS IAM condition for
# determining which GitHub repos are allowed to assume the IAM role. Examples:
# StringEquals, StringLike, etc.
@@ -212,10 +209,19 @@ module "github_actions_iam_role" {
# assume.
create_iam_role = true
+ # Flag to enable/disable the creation of the GitHub OIDC provider.
+ create_oidc_provider = false
+
# The name to use for the custom inline IAM policy that is attached to the
# Role/Group when var.iam_policy is configured.
custom_iam_policy_name = "GrantCustomIAMPolicy"
+ # ARN of the OpenID Connect Provider provisioned for GitHub Actions.
+ github_actions_openid_connect_provider_arn = ""
+
+ # URL of the OpenID Connect Provider provisioned for GitHub Actions.
+ github_actions_openid_connect_provider_url = ""
+
# A list of IAM AWS Managed Policy names to attach to the group.
iam_aws_managed_policy_names = null
@@ -261,7 +267,7 @@ module "github_actions_iam_role" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v0.69.0"
}
inputs = {
@@ -275,16 +281,13 @@ inputs = {
# (e.g., gruntwork-io/terrraform-aws-ci).
allowed_sources =
- # ARN of the OpenID Connect Provider provisioned for GitHub Actions.
- github_actions_openid_connect_provider_arn =
-
- # URL of the OpenID Connect Provider provisioned for GitHub Actions.
- github_actions_openid_connect_provider_url =
-
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
+ # List of additional thumbprints for the OIDC provider.
+ additional_thumbprints = null
+
# The string operator to use when evaluating the AWS IAM condition for
# determining which GitHub repos are allowed to assume the IAM role. Examples:
# StringEquals, StringLike, etc.
@@ -294,10 +297,19 @@ inputs = {
# assume.
create_iam_role = true
+ # Flag to enable/disable the creation of the GitHub OIDC provider.
+ create_oidc_provider = false
+
# The name to use for the custom inline IAM policy that is attached to the
# Role/Group when var.iam_policy is configured.
custom_iam_policy_name = "GrantCustomIAMPolicy"
+ # ARN of the OpenID Connect Provider provisioned for GitHub Actions.
+ github_actions_openid_connect_provider_arn = ""
+
+ # URL of the OpenID Connect Provider provisioned for GitHub Actions.
+ github_actions_openid_connect_provider_url = ""
+
# A list of IAM AWS Managed Policy names to attach to the group.
iam_aws_managed_policy_names = null
@@ -361,24 +373,17 @@ map(list(string))
-
-
-
-ARN of the OpenID Connect Provider provisioned for GitHub Actions.
-
-
-
+### Optional
-
+
-URL of the OpenID Connect Provider provisioned for GitHub Actions.
+List of additional thumbprints for the OIDC provider.
+
-### Optional
-
@@ -397,6 +402,15 @@ Whether to create the IAM role and attach permissions for GitHub Actions to assu
+
+
+
+Flag to enable/disable the creation of the GitHub OIDC provider.
+
+
+
+
+
@@ -406,6 +420,24 @@ The name to use for the custom inline IAM policy that is attached to the Role/Gr
+
+
+
+ARN of the OpenID Connect Provider provisioned for GitHub Actions.
+
+
+
+
+
+
+
+
+URL of the OpenID Connect Provider provisioned for GitHub Actions.
+
+
+
+
+
@@ -537,11 +569,11 @@ The name of the IAM role.
diff --git a/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md b/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
index 89cf27f8b6..ac37e34f3e 100644
--- a/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
@@ -9,19 +9,19 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS GuardDuty Multi Region Module
-View Source
+View Source
Release Notes
-This module wraps the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/README.adoc) to configure [AWS GuardDuty](https://aws.amazon.com/guardduty/) in all enabled regions for the AWS Account.
+This module wraps the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/README.adoc) to configure [AWS GuardDuty](https://aws.amazon.com/guardduty/) in all enabled regions for the AWS Account.
## Features
-* Uses the [guardduty module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty) to enable AWS GuardDuty across all regions (recommended best practice) on your AWS account
+* Uses the [guardduty module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty) to enable AWS GuardDuty across all regions (recommended best practice) on your AWS account
* Continuously monitor your AWS account for malicious activity and unauthorized behavior
@@ -37,19 +37,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* Learn more about GuardDuty in the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/README.adoc).
+* Learn more about GuardDuty in the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/README.adoc).
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -74,7 +74,7 @@ This module depends on Python being available on your system. Python 2.7, 3.5+ a
module "guardduty_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -146,7 +146,7 @@ module "guardduty_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v0.69.0"
}
inputs = {
@@ -356,11 +356,11 @@ The IDs of the GuardDuty detectors.
diff --git a/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md b/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
index 52be0e6e18..88655705e6 100644
--- a/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
+++ b/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS GuardDuty
-View Source
+View Source
Release Notes
@@ -37,29 +37,29 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What Is GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/core-concepts.md#what-is-guardduty)
+* [What Is GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/core-concepts.md#what-is-guardduty)
-* [Why Use GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/core-concepts.md#why-use-guardduty)
+* [Why Use GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/core-concepts.md#why-use-guardduty)
-* [What Is A Finding?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/core-concepts.md#what-is-a-finding)
+* [What Is A Finding?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/core-concepts.md#what-is-a-finding)
-* [Where Should I Enable GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/core-concepts.md#where-should-i-enable-guardduty)
+* [Where Should I Enable GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/core-concepts.md#where-should-i-enable-guardduty)
-* [Resources Created](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/core-concepts.md#resources-created)
+* [Resources Created](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/core-concepts.md#resources-created)
-* [Gotchas](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/core-concepts.md#gotchas)
+* [Gotchas](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/core-concepts.md#gotchas)
-* [Known Issues](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty/core-concepts.md#known-issues)
+* [Known Issues](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty/core-concepts.md#known-issues)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -67,7 +67,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this module out, check out the following resources:
-* [guardduty example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/guardduty).
+* [guardduty example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/guardduty).
### Production deployment
@@ -75,7 +75,7 @@ If you want to deploy this module in production, check out the following resourc
* ***Coming soon***. We have not yet added this module to the [Acme example Reference Architecture](https://github.com/gruntwork-io/infrastructure-modules-multi-account-acme).
-* [Terraform Module to enable GuardDuty in all enabled regions of an AWS Account](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/guardduty-multi-region).
+* [Terraform Module to enable GuardDuty in all enabled regions of an AWS Account](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/guardduty-multi-region).
* [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/)
@@ -92,7 +92,7 @@ If you want to deploy this module in production, check out the following resourc
module "guardduty" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -154,7 +154,7 @@ module "guardduty" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v0.69.0"
}
inputs = {
@@ -369,11 +369,11 @@ The ID of the GuardDuty detector.
diff --git a/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md b/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
index 0d59f8c31f..c494b7686e 100644
--- a/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS IAM Access Analyzer
-View Source
+View Source
Release Notes
@@ -35,21 +35,21 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is the AWS IAM Access Analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-access-analyzer-multi-region/core-concepts.md#what-is-the-aws-iam-access-analyzer?)
+* [What is the AWS IAM Access Analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-access-analyzer-multi-region/core-concepts.md#what-is-the-aws-iam-access-analyzer?)
-* [What resources does IAM Access Analyzer analyze?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-access-analyzer-multi-region/core-concepts.md#what-resources-does-iam-access-analyzer-analyze?)
+* [What resources does IAM Access Analyzer analyze?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-access-analyzer-multi-region/core-concepts.md#what-resources-does-iam-access-analyzer-analyze?)
* [IAM Access Analyzer documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html)
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -57,13 +57,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [Who can manage the analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-access-analyzer-multi-region/core-concepts.md#who-can-manage-the-analyzer?)
+* [Who can manage the analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-access-analyzer-multi-region/core-concepts.md#who-can-manage-the-analyzer?)
-* [What to do with the access analyzer findings?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-access-analyzer-multi-region/core-concepts.md#what-to-do-with-the-access-analyzer-findings?)
+* [What to do with the access analyzer findings?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-access-analyzer-multi-region/core-concepts.md#what-to-do-with-the-access-analyzer-findings?)
## Sample Usage
@@ -78,7 +78,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "iam_access_analyzer_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -118,7 +118,7 @@ module "iam_access_analyzer_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.69.0"
}
inputs = {
@@ -158,11 +158,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md b/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
index 9efe8edb0e..0cf7502747 100644
--- a/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
+++ b/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A Best-Practices Set of IAM Groups
-View Source
+View Source
-Release Notes
+Release Notes
This Gruntwork Terraform Module sets up a set of IAM Groups that will make sense for most organizations and attaches to
them a set of IAM Policies (permissions) that make it easier to manage different permissions levels in your AWS account.
@@ -52,7 +52,7 @@ This module optionally creates the following IAM Groups:
since users can grant arbitrary permissions!
* **use-existing-iam-roles:** IAM Users in this group can pass *existing* IAM Roles to AWS resources to which they have
been granted access. These IAM Users cannot create *new* IAM Roles, only use existing ones. See
- [the three levels of IAM permissions](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-policies#the-three-levels-of-iam-permissions) for more information.
+ [the three levels of IAM permissions](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-policies#the-three-levels-of-iam-permissions) for more information.
* **ssh-grunt-sudo-users:** IAM Users in this group have SSH access with `sudo` privileges to any EC2 Instance configured
to use this group to manage SSH logins.
* **ssh-grunt-users:** IAM Users in this group have SSH access without `sudo` privileges to any EC2 Instance configured
@@ -83,7 +83,7 @@ own account unless this IAM Policy is attached to his account.
### IAM Users
-This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-users) to create users.
+This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-users) to create users.
### IAM Roles
@@ -108,7 +108,7 @@ otherwise enable IAM Users to access the billing console:
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-policies#background-information).
## Sample Usage
@@ -123,7 +123,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "iam_groups" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -309,7 +309,7 @@ module "iam_groups" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v0.69.0"
}
inputs = {
@@ -954,11 +954,11 @@ Should we create the IAM Group for user self-management? Allows users to manage
diff --git a/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md b/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
index d24d1a91cf..3cef86224f 100644
--- a/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
+++ b/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A Best-Practices Set of IAM Policy Documents
-View Source
+View Source
-Release Notes
+Release Notes
This Gruntwork Terraform Module sets up a set of IAM Policy Documents that can be used in IAM users, groups, and roles.
The documents represent a reasonable collection of permissions that will make sense for most organizations for
@@ -25,7 +25,7 @@ Note that these documents are Terraform [data sources](https://www.terraform.io/
so they don't create anything themselves and are not intended to be used on their own. The way to use them is to take
the outputs from this module (which are all JSON IAM documents) and plug them into other Terraform resources, such
as `aws_iam_policy`, `aws_iam_user_policy`, `aws_iam_group_policy`, and `aws_iam_role_policy`. See the
-[iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/iam-groups) and [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/cross-account-iam-roles) modules for examples.
+[iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/iam-groups) and [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/cross-account-iam-roles) modules for examples.
If you're not familiar with IAM concepts, start with the [Background Information](#background-information) section as a
way to familiarize yourself with the terminology.
@@ -82,7 +82,7 @@ This module creates the following IAM Policy documents:
certain IAM roles in other AWS accounts (e.g. stage, prod). The documents that are created and which IAM roles they
have access to is controlled by the variable `var.allow_access_from_other_account_arns`.
-* **ssh_grunt_permissions**: provides the permissions [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt) needs to validate SSH keys with
+* **ssh_grunt_permissions**: provides the permissions [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt) needs to validate SSH keys with
IAM.
* **auto_deploy_permissions**: provides the permissions in `var.auto_deploy_permissions` to do automated deployment.
@@ -263,7 +263,7 @@ Instead, use these Terraform resources so you don't have to worry about this pro
module "iam_policies" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -350,7 +350,7 @@ module "iam_policies" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v0.69.0"
}
inputs = {
@@ -681,11 +681,11 @@ If set to true, all the Policies created by this module that are used as Trust P
diff --git a/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md b/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
index 87cc1a737c..753df33c8f 100644
--- a/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
+++ b/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Set a Password Policy for IAM Users
-View Source
+View Source
Release Notes
@@ -46,7 +46,7 @@ password policy you already have in place!
module "iam_user_password_policy" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -102,7 +102,7 @@ module "iam_user_password_policy" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v0.69.0"
}
inputs = {
@@ -336,11 +336,11 @@ Whether to require uppercase characters for user passwords.
diff --git a/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md b/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
index f8cb86fee1..05d003a623 100644
--- a/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
+++ b/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# IAM Users
-View Source
+View Source
Release Notes
@@ -139,7 +139,7 @@ Under the hood, this module uses the [`aws_iam_user` resource](https://registry.
module "iam_users" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -200,7 +200,7 @@ module "iam_users" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v0.69.0"
}
inputs = {
@@ -508,11 +508,11 @@ A map of usernames to that user's AWS SSH Security Credential ID
diff --git a/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md b/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
index 0c569bfc83..5a0de98748 100644
--- a/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
+++ b/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# ip-lockdown Module
-View Source
+View Source
Release Notes
@@ -33,7 +33,7 @@ In the example below we restrict access to [ec2-instance-metadata endpoint](http
Normally users make a `curl` call to get metadata like the AWS region or credentials associated with this EC2 Instance's IAM Role. Following the invocation of ip-lockdown, only users foo, bar, and root can query that data.
-The complete example of using terraform to deploy a generated AMI into your AWS account and automatically invoke `ip-lockdown` from the `User Data` is also available in the [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/ip-lockdown/aws-example) folder.
+The complete example of using terraform to deploy a generated AMI into your AWS account and automatically invoke `ip-lockdown` from the `User Data` is also available in the [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/ip-lockdown/aws-example) folder.
#### Installation
@@ -62,11 +62,11 @@ gruntwork-install --module-name ip-lockdown --tag --re
diff --git a/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md b/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
index 3b46870df4..2f32893b51 100644
--- a/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
+++ b/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# KMS Customer Managed Key Multi-Region Replication module
-View Source
+View Source
Release Notes
@@ -22,7 +22,7 @@ Key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#custome
[the multi-region replication feature of
KMS](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html).
-This module is intended to be used in conjunction with the [kms-master-key module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-master-key) to replicate a KMS
+This module is intended to be used in conjunction with the [kms-master-key module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-master-key) to replicate a KMS
key managed with that module to other regions. Note that the KMS key must be marked as multi-region in order to support
multi-region replication.
@@ -39,7 +39,7 @@ multi-region replication.
module "kms_cmk_replica" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -97,7 +97,7 @@ module "kms_cmk_replica" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v0.69.0"
}
inputs = {
@@ -373,11 +373,11 @@ A map of CMK name to CMK ID.
diff --git a/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md b/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
index fd825b6439..045f1bc807 100644
--- a/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS KMS Grants
-View Source
+View Source
Release Notes
@@ -31,21 +31,21 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-master-key/README.md#what-is-kms)
+* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-master-key/README.md#what-is-kms)
-* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-master-key/README.md#what-is-a-customer-master-key)
+* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-master-key/README.md#what-is-a-customer-master-key)
* [KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html): Amazon’s docs for KMS that cover core concepts such as various key types, how to encrypt and decrypt, deletion of keys, and automatic key rotation.
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -53,13 +53,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
+* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
-* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
+* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
## Sample Usage
@@ -74,7 +74,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "kms_grant_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -127,7 +127,7 @@ module "kms_grant_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v0.69.0"
}
inputs = {
@@ -180,11 +180,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md b/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
index 6cd0234146..3d347577b5 100644
--- a/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS KMS Customer Master Keys (CMK)
-View Source
+View Source
Release Notes
@@ -37,23 +37,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-master-key/README.md#what-is-kms)
+* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-master-key/README.md#what-is-kms)
-* [What is the difference between creating one key in all regions and creating a single all-region key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-master-key-multi-region/core-concepts.md#what-is-the-difference-between-creating-one-key-in-all-regions-and-creating-a-single-all-region-key)
+* [What is the difference between creating one key in all regions and creating a single all-region key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-master-key-multi-region/core-concepts.md#what-is-the-difference-between-creating-one-key-in-all-regions-and-creating-a-single-all-region-key)
-* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-master-key/README.md#what-is-a-customer-master-key)
+* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-master-key/README.md#what-is-a-customer-master-key)
* [KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html): Amazon’s docs for KMS that cover core concepts such as various key types, how to encrypt and decrypt, deletion of keys, and automatic key rotation.
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -61,17 +61,17 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [Differences between CMK Administrators vs. CMK Users](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-master-key/README.md#cmk-administrators-vs-cmk-users)
+* [Differences between CMK Administrators vs. CMK Users](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-master-key/README.md#cmk-administrators-vs-cmk-users)
-* [Differences between managing access control with KMS key policies vs. IAM policies](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-master-key/README.md#managing-a-keys-permissions-with-the-key-policy-vs-iam-policies)
+* [Differences between managing access control with KMS key policies vs. IAM policies](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-master-key/README.md#managing-a-keys-permissions-with-the-key-policy-vs-iam-policies)
-* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
+* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
-* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
+* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
## Sample Usage
@@ -86,7 +86,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "kms_master_key_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -153,7 +153,7 @@ module "kms_master_key_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v0.69.0"
}
inputs = {
@@ -522,11 +522,11 @@ A map from region to IDs of the replica KMS CMKs that were created. The value wi
diff --git a/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md b/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
index f548e6595a..94937d432d 100644
--- a/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
+++ b/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# KMS Master Key Module
-View Source
+View Source
Release Notes
@@ -87,7 +87,7 @@ more onerous.
module "kms_master_key" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -151,7 +151,7 @@ module "kms_master_key" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v0.69.0"
}
inputs = {
@@ -448,11 +448,11 @@ A map of CMK name to CMK ID.
diff --git a/docs/reference/modules/terraform-aws-security/ntp/ntp.md b/docs/reference/modules/terraform-aws-security/ntp/ntp.md
index 65312ed818..8487eb9359 100644
--- a/docs/reference/modules/terraform-aws-security/ntp/ntp.md
+++ b/docs/reference/modules/terraform-aws-security/ntp/ntp.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# NTP Module
-View Source
+View Source
Release Notes
@@ -35,11 +35,11 @@ Originally, Amazon recommended installing `ntpd` to prevent clock drift. Today,
diff --git a/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md b/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
index 615908f744..a658d91d37 100644
--- a/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
+++ b/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# OS Hardening
-View Source
+View Source
Release Notes
@@ -31,8 +31,8 @@ is mounting multiple partitions. We hope to implement more CIS recommendations o
There are two major components to this module:
-* [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/os-hardening/ami-builder): This is a Terraform template that launches an EC2 Instance with Packer pre-installed.
-* [partition-scripts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/os-hardening/partition-scripts): This is a set of bash scripts that create multiple disk partitions, format them
+* [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/os-hardening/ami-builder): This is a Terraform template that launches an EC2 Instance with Packer pre-installed.
+* [partition-scripts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/os-hardening/partition-scripts): This is a set of bash scripts that create multiple disk partitions, format them
as ext4, and mount them to various paths with various mount options such as `noexec` or `nosuid`. These scripts are
meant to be run in a Packer template that uses the Packer [amazon-chroot](https://www.packer.io/docs/builders/amazon-chroot.html)
builder.
@@ -45,7 +45,7 @@ Fundamentally, to generate an AMI you must:
4. SSH into the ami-builder EC2 Instance and run `packer build amazon-linux.json` to build the AMI.
5. Terminate the ami-builder EC2 Instance.
-We recognize that is a lot of manual steps to build a single AMI, so check out the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/os-hardening)
+We recognize that is a lot of manual steps to build a single AMI, so check out the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/os-hardening)
for a pre-built Packer template plus a script (`packer-build.sh`) that will automate all the above steps.
### Why do I need to launch a separate EC2 Instance to run Packer?
@@ -55,7 +55,7 @@ See below for additional details on what this is and how to use it.
## How to Use this Module
-**The best way to use this module is to substantially copy the [os-hardening example code](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/os-hardening).
+**The best way to use this module is to substantially copy the [os-hardening example code](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/os-hardening).
Unlike most Gruntwork examples, the example for this module contains a full Packer build file plus a wrapper script to
create the AMI with a single command and may be viewed as a "canonical" way to instantiate the os-hardening modules.**
@@ -71,11 +71,11 @@ hardened OS will use. Follow these steps:
and sizes:
* `partition-volume`: For each desired partition, add an argument like `--partition '/home:4G'`. For additional
- details see [partition-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/os-hardening/partition-scripts/bin/partition-volume). Note that for the last `--partition` entry only,
+ details see [partition-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/os-hardening/partition-scripts/bin/partition-volume). Note that for the last `--partition` entry only,
you may specify `*` for the size to tell the script to create the largest possible partition based on remaining
disk space. Also, make sure your partition sizes don't exceed the space available on your EBS Volume!
* `cleanup-volume`: For each desired partition, add an argument like `--mount-point '/home'`. For additional details see
- [cleanup-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/os-hardening/partition-scripts/bin/cleanup-volume)
+ [cleanup-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/os-hardening/partition-scripts/bin/cleanup-volume)
Note that you will redundantly pass the same list of partition paths to each of the above scripts, but only
`partition-volume` needs both the mount point *and* the desired partition size.
@@ -86,10 +86,10 @@ That's it! The Packer template will take care of the rest.
### How to Build the AMI with Packer
-Now we're ready to build the actual AMI. Note: The [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/os-hardening) contains a script
+Now we're ready to build the actual AMI. Note: The [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/os-hardening) contains a script
that automates all these steps, but, for the sake of understanding, we'll describe them individually below:
-1. Launch the [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/os-hardening/ami-builder) EC2 Instance. We will execute Packer from this EC2 Instance.
+1. Launch the [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/os-hardening/ami-builder) EC2 Instance. We will execute Packer from this EC2 Instance.
2. On your local machine run `rsync` so that your local directory is continually synced to the ami-builder:
@@ -127,7 +127,7 @@ additional volumes mounted as encrypted volumes.
### Using Your Hardened OS as a "Base AMI"
-A best practice we encourage is to first build your hardened OS Image using these modules and the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/os-hardening).
+A best practice we encourage is to first build your hardened OS Image using these modules and the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/os-hardening).
You can now view this AMI as your "base AMI", and all other Packer builds can be built on top of this AMI. For example,
you might have:
@@ -270,11 +270,11 @@ needed additional space to build a new AMI was not unreasonable.
diff --git a/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md b/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
index d522595338..45d2ad1d9b 100644
--- a/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Private S3 Bucket
-View Source
+View Source
Release Notes
@@ -86,7 +86,7 @@ aws-vault exec --no-session root-prod -- ./mfa-delete.sh --account-id 2264865421
module "private_s_3_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -288,7 +288,7 @@ module "private_s_3_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v0.69.0"
}
inputs = {
@@ -1037,11 +1037,11 @@ The name of an IAM role that can be used to configure replication from various s
diff --git a/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md b/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
index 9f862fb154..72cb39a140 100644
--- a/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
+++ b/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A best-practices set of IAM roles for SAML access
-View Source
+View Source
-Release Notes
+Release Notes
This module can be used to allow users authenticated via external Security Assertion Markup Language (SAML) identity
providers such as Google, Amazon SSO, Microsoft Active Directory Federation Services (ADFS), Okta, and OneLogin to access
@@ -47,7 +47,7 @@ This module creates the following IAM roles (all optional):
* **allow-ssh-grunt-access-from-saml**: Users authenticated by the SAML providers in
`var.allow_ssh_grunt_access_from_saml_provider_arns` will get read access to IAM Groups and public SSH keys. This is
- useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
+ useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
connections against IAM users defined in this AWS account.
* **allow-dev-access-from-saml**:Users authenticated by the SAML providers in
@@ -78,7 +78,7 @@ This module creates the following IAM roles (all optional):
module "saml_iam_roles" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -237,7 +237,7 @@ module "saml_iam_roles" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v0.69.0"
}
inputs = {
@@ -896,11 +896,11 @@ A map of tags to apply to the IAM roles.
diff --git a/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md b/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
index 1ea710163e..627a58749d 100644
--- a/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
+++ b/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Resource-based policies for Secrets Manager secrets
-View Source
+View Source
Release Notes
@@ -42,7 +42,7 @@ Note also that you should only manage the policy for any given secret one time.
module "secrets_manager_resource_policies" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -71,7 +71,7 @@ module "secrets_manager_resource_policies" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v0.69.0"
}
inputs = {
@@ -100,11 +100,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md b/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
index fa9ff2dc94..67996a74e0 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSH Grunt SELinux Policy
-View Source
+View Source
Release Notes
-This module installs a SELinux Local Policy Module that is necessary to make [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt) work on
+This module installs a SELinux Local Policy Module that is necessary to make [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt) work on
systems with SELinux, such as CentOS.
The reason we need a policy is that `ssh-grunt` uses is executed on each attempted SSH login by the
@@ -84,11 +84,11 @@ $ sudo semodule -i ssh-grunt.pp
diff --git a/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md b/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
index 73c283bdb7..55825ffb98 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSH Grunt
-View Source
+View Source
Release Notes
@@ -47,19 +47,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [How to install ssh-grunt on your servers](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers)
+* [How to install ssh-grunt on your servers](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers)
-* [How SSH Grunt works](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt/core-concepts.md#how-it-works)
+* [How SSH Grunt works](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt/core-concepts.md#how-it-works)
-* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/README.adoc#core-concepts)
+* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/README.adoc#core-concepts)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/test): Automated tests for the modules and examples.
## Deploy
@@ -67,9 +67,9 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [ssh-grunt examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/ssh-grunt): The `examples/ssh-grunt` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [ssh-grunt examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/ssh-grunt): The `examples/ssh-grunt` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
-* [Packer template](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/examples/ssh-grunt/packer/ssh-grunt-iam.json)
+* [Packer template](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/examples/ssh-grunt/packer/ssh-grunt-iam.json)
### Production deployment
@@ -85,19 +85,19 @@ If you want to deploy this module in production, check out the following resourc
### Day-to-day operations
-* [How to manage SSH keys](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys)
+* [How to manage SSH keys](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys)
-* [IAM permissions required for ssh-grunt to work](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions)
+* [IAM permissions required for ssh-grunt to work](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions)
diff --git a/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md b/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
index b2da5a27ab..bbb311126f 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
@@ -9,26 +9,26 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# ssh-iam has been renamed!
-View Source
+View Source
Release Notes
-`ssh-iam` has been renamed to [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt). Please update all links to point to
-[ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/ssh-grunt)!
+`ssh-iam` has been renamed to [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt). Please update all links to point to
+[ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/ssh-grunt)!
diff --git a/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md b/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
index 948e05e76f..5a03ceeb8e 100644
--- a/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
+++ b/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSM Healthchecks IAM Permissions
-View Source
+View Source
Release Notes
@@ -46,7 +46,7 @@ We recommend using this module with just about every single EC2 Instance and Aut
module "ssm_healthchecks_iam_permissions" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v0.69.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -70,7 +70,7 @@ module "ssm_healthchecks_iam_permissions" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v0.68.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v0.69.0"
}
inputs = {
@@ -94,11 +94,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md b/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
index ae948b59e2..06dd83bad9 100644
--- a/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
+++ b/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Generate a TLS/SSL Certificate for a Private Service
-View Source
+View Source
Release Notes
@@ -35,7 +35,7 @@ using a commercial CA or public, free CA like [Let's Encrypt](https://letsencryp
1. Edit the `docker-compose.yml` file and fill in your desired argument values.
2. Now run `docker-compose up` and your TLS certs will output to a local `output` directory!
-To see documentation on the arguments in `docker-compose.yml`, see the [main.sh](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.6/modules/tls-cert-private/scripts/main.sh) file.
+To see documentation on the arguments in `docker-compose.yml`, see the [main.sh](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.69.0/modules/tls-cert-private/scripts/main.sh) file.
Note that the Docker Compose file mounts the local machine folder `./output` in the Docker container. Mac and Windows
users sohuld take note that, in some cases, volume mounting may be extremely slow, or even one-way-only if you use an
@@ -177,11 +177,11 @@ TLS certificates for any public services.