From 52ee5ca70a384f7f7ded7036051d6aa98cf58b05 Mon Sep 17 00:00:00 2001
From: "docs-sourcer[bot]"
<99042413+docs-sourcer[bot]@users.noreply.github.com>
Date: Fri, 10 Oct 2025 15:29:17 +0000
Subject: [PATCH] Updated with the [latest
changes](https://github.com/gruntwork-io/terraform-aws-security/releases/tag/v1.1.0)
from the `terraform-aws-security@v1.1.0` source branch.
---
.../auto-update/auto-update.md | 30 ++++++-------
.../aws-auth/aws-auth.md | 14 +++---
.../aws-config-bucket/aws-config-bucket.md | 20 ++++-----
.../aws-config-multi-region.md | 34 +++++++-------
.../aws-config-rules/aws-config-rules.md | 42 +++++++++---------
.../aws-config/aws-config.md | 36 +++++++--------
.../aws-organizations/aws-organizations.md | 36 +++++++--------
.../cloudtrail-bucket/cloudtrail-bucket.md | 22 +++++-----
.../cloudtrail/cloudtrail.md | 44 +++++++++----------
.../cross-account-iam-roles.md | 24 +++++-----
.../custom-iam-entity/custom-iam-entity.md | 24 +++++-----
.../ebs-encryption-multi-region.md | 30 ++++++-------
.../ebs-encryption/ebs-encryption.md | 20 ++++-----
.../fail2ban/fail2ban.md | 12 ++---
.../github-actions-iam-role.md | 16 +++----
.../github-actions-openid-connect-provider.md | 18 ++++----
.../gitlab-pipelines-iam-role.md | 18 ++++----
...itlab-pipelines-openid-connect-provider.md | 18 ++++----
.../guardduty-bucket/guardduty-bucket.md | 16 +++----
.../guardduty-multi-region.md | 34 +++++++-------
.../guardduty/guardduty.md | 44 +++++++++----------
.../iam-access-analyzer-multi-region.md | 36 +++++++--------
.../iam-groups/iam-groups.md | 22 +++++-----
.../iam-policies/iam-policies.md | 20 ++++-----
.../iam-user-password-policy.md | 16 +++----
.../iam-users/iam-users.md | 16 +++----
.../ip-lockdown/ip-lockdown.md | 14 +++---
.../kms-cmk-replica/kms-cmk-replica.md | 18 ++++----
.../kms-grant-multi-region.md | 36 +++++++--------
.../kms-master-key-multi-region.md | 42 +++++++++---------
.../kms-master-key/kms-master-key.md | 18 ++++----
.../modules/terraform-aws-security/ntp/ntp.md | 12 ++---
.../os-hardening/os-hardening.md | 30 ++++++-------
.../private-s3-bucket/private-s3-bucket.md | 16 +++----
.../saml-iam-roles/saml-iam-roles.md | 18 ++++----
.../secrets-manager-resource-policies.md | 16 +++----
.../ssh-grunt-selinux-policy.md | 14 +++---
.../ssh-grunt/ssh-grunt.md | 32 +++++++-------
.../terraform-aws-security/ssh-iam/ssh-iam.md | 16 +++----
.../ssm-healthchecks-iam-permissions.md | 16 +++----
.../tls-cert-private/tls-cert-private.md | 14 +++---
41 files changed, 487 insertions(+), 487 deletions(-)
diff --git a/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md b/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
index 88406a942e..f1e74b9c11 100644
--- a/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
+++ b/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Security Modules
-View Source
+View Source
Release Notes
@@ -37,23 +37,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [How to install Auto Update](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/auto-update/core-concepts.md#installation)
+* [How to install Auto Update](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/auto-update/core-concepts.md#installation)
-* [How Auto Update works on Ubuntu](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/auto-update/core-concepts.md#ubuntu-support)
+* [How Auto Update works on Ubuntu](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/auto-update/core-concepts.md#ubuntu-support)
-* [How Auto Update works on Amazon Linux 2](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/auto-update/core-concepts.md#amazon-linux-support)
+* [How Auto Update works on Amazon Linux 2](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/auto-update/core-concepts.md#amazon-linux-support)
-* [Auto Update Limitations](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/auto-update/core-concepts.md#limitations)
+* [Auto Update Limitations](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/auto-update/core-concepts.md#limitations)
-* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/README.adoc#core-concepts)
+* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/README.adoc#core-concepts)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -61,7 +61,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [auto-update example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/auto-update): The `examples/auto-update` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [auto-update example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/auto-update): The `examples/auto-update` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -72,11 +72,11 @@ If you want to deploy this repo in production, check out the following resources
diff --git a/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md b/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
index 3824892927..29b4eb9655 100644
--- a/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
+++ b/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Auth Helper
-View Source
+View Source
Release Notes
@@ -175,7 +175,7 @@ eval $(aws-auth --serial-number arn:aws:iam::123456789011:mfa/jondoe --token-cod
If you store your secrets in a CLI-friendly password manager, such as [pass](https://www.passwordstore.org/),
[lpass](https://github.com/lastpass/lastpass-cli) or
-[1Password CLI](https://support.1password.com/command-line-getting-started/), then you can reduce this even further! Instructions on how to set this up for Lastpass / `lpass` can be found [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-auth/AWS-AUTH-LASTPASS.md) and 1Password / `op` [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-auth/AWS-AUTH-1PASSWORD.md).
+[1Password CLI](https://support.1password.com/command-line-getting-started/), then you can reduce this even further! Instructions on how to set this up for Lastpass / `lpass` can be found [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-auth/AWS-AUTH-LASTPASS.md) and 1Password / `op` [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-auth/AWS-AUTH-1PASSWORD.md).
First, store your permanent AWS credentials in `pass`:
@@ -249,11 +249,11 @@ If you you need to run `aws-auth` with a cronjob, you may want to set the `$USER
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md b/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
index 99da6888d3..5f31a4d16c 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md
@@ -9,19 +9,19 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config Bucket
-View Source
+View Source
Release Notes
This module creates an S3 bucket for storing AWS Config data, including all the appropriate lifecycle, encryption, and
permission settings for AWS Config.
-This module is not meant to be used directly. Instead, it's used under the hood in the [aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config)
-and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/account-baseline-root) modules. Please see those modules for more information.
+This module is not meant to be used directly. Instead, it's used under the hood in the [aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config)
+and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/account-baseline-root) modules. Please see those modules for more information.
## Sample Usage
@@ -36,7 +36,7 @@ and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-securi
module "aws_config_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -153,7 +153,7 @@ module "aws_config_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-bucket?ref=v1.1.0"
}
inputs = {
@@ -496,11 +496,11 @@ The name of the S3 bucket used by AWS Config to store configuration items.
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md b/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
index 3a028d9e2e..d23b736365 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config Multi Region Module
-View Source
+View Source
-Release Notes
+Release Notes
-This module wraps the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config/README.md) to configure [AWS Config](https://aws.amazon.com/config/) in all enabled regions for the AWS Account, and optionally can aggregate AWS Config across multiple accounts.
+This module wraps the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config/README.md) to configure [AWS Config](https://aws.amazon.com/config/) in all enabled regions for the AWS Account, and optionally can aggregate AWS Config across multiple accounts.

@@ -45,25 +45,25 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* Learn more about AWS Config in the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config/README.adoc).
+* Learn more about AWS Config in the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config/README.adoc).
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
* [How to configure a production-grade AWS account structure](https://docs.gruntwork.io/guides/build-it-yourself/landing-zone)
-* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
+* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
## Sample Usage
@@ -78,7 +78,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
module "aws_config_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -445,7 +445,7 @@ module "aws_config_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-multi-region?ref=v1.1.0"
}
inputs = {
@@ -1590,11 +1590,11 @@ The ARNs of the SNS Topic used by the config notifications.
diff --git a/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md b/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
index 1ff56f8e3f..bd7c592ab5 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Organizations Config Rules
-View Source
+View Source
Release Notes
@@ -41,27 +41,27 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
+* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
-* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config/core-concepts.md#what-is-aws-config)
+* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config/core-concepts.md#what-is-aws-config)
-* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config/core-concepts.md#what-are-config-rules)
+* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config/core-concepts.md#what-are-config-rules)
-* [What are Managed Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config-rules/core-concepts.md#what-are-managed-config-rules)
+* [What are Managed Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config-rules/core-concepts.md#what-are-managed-config-rules)
-* [How do Organization-Level Config Rules Compare to Account-Level Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config-rules/core-concepts.md#how-do-organization-level-config-rules-compare-to-account-level-config-rules)
+* [How do Organization-Level Config Rules Compare to Account-Level Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config-rules/core-concepts.md#how-do-organization-level-config-rules-compare-to-account-level-config-rules)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config-rules/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config-rules/core-concepts.md#what-resources-does-this-module-create)
* [How to configure a production-grade AWS account structure](https://docs.gruntwork.io/guides/build-it-yourself/landing-zone)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -69,7 +69,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-config-rules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/aws-config-rules): The `examples/aws-organizations-config-rules` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-config-rules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/aws-config-rules): The `examples/aws-organizations-config-rules` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -83,11 +83,11 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [How do I configure the rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config-rules/core-concepts.md#how-do-i-configure-the-rules)
+* [How do I configure the rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config-rules/core-concepts.md#how-do-i-configure-the-rules)
-* [How do I add additional rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config-rules/core-concepts.md#how-do-i-add-additional-rules)
+* [How do I add additional rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config-rules/core-concepts.md#how-do-i-add-additional-rules)
-* [How do I exclude specific accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config-rules/core-concepts.md#how-do-i-exclude-specific-accounts)
+* [How do I exclude specific accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config-rules/core-concepts.md#how-do-i-exclude-specific-accounts)
## Sample Usage
@@ -102,7 +102,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_config_rules" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -237,7 +237,7 @@ module "aws_config_rules" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config-rules?ref=v1.1.0"
}
inputs = {
@@ -677,11 +677,11 @@ Map of config rule ARNs. Key is rule ID, value is rule ARN
diff --git a/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md b/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
index 8278daca65..2da0ce555c 100644
--- a/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
+++ b/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Config
-View Source
+View Source
-Release Notes
+Release Notes
This Terraform Module configures [AWS Config](https://aws.amazon.com/config/), a service that allows you to assess, audit, and evaluate the configurations of your AWS resources. You can use AWS Config to ensure that AWS resources are configured in a manner that is in compliance with your company policies or regulatory requirements.
@@ -39,19 +39,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config/core-concepts.md#what-is-aws-config)
+* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config/core-concepts.md#what-is-aws-config)
-* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config/core-concepts.md#what-are-config-rules)
+* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config/core-concepts.md#what-are-config-rules)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config/core-concepts.md#what-resources-does-this-module-create)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -59,7 +59,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/aws-config): The `examples/aws-config` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/aws-config): The `examples/aws-config` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -71,9 +71,9 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [What does a configuration item look like, and how do I view it?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config/core-concepts.md#what-does-a-configuration-item-look-like-and-how-do-i-view-it)
+* [What does a configuration item look like, and how do I view it?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config/core-concepts.md#what-does-a-configuration-item-look-like-and-how-do-i-view-it)
-* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
+* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions)
## Sample Usage
@@ -88,7 +88,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_config" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -382,7 +382,7 @@ module "aws_config" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-config?ref=v1.1.0"
}
inputs = {
@@ -1237,11 +1237,11 @@ The ARN of the SNS topic to which Config delivers notifications.
diff --git a/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md b/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
index 29ca6767fe..d8d8af2bd2 100644
--- a/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
+++ b/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS Organizations
-View Source
+View Source
Release Notes
@@ -39,23 +39,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
+* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-organizations/core-concepts.md#what-is-aws-organizations)
-* [What is a Root account?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-organizations/core-concepts.md#what-is-a-root-account)
+* [What is a Root account?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-organizations/core-concepts.md#what-is-a-root-account)
-* [What are Organization Accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-organizations/core-concepts.md#what-are-organization-accounts)
+* [What are Organization Accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-organizations/core-concepts.md#what-are-organization-accounts)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-organizations/core-concepts.md#what-resources-does-this-module-create)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-organizations/core-concepts.md#what-resources-does-this-module-create)
* [How to configure a production-grade AWS account structure](https://docs.gruntwork.io/guides/build-it-yourself/landing-zone)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -63,7 +63,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/aws-organizations](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/aws-organizations): The `examples/aws-organizations` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/aws-organizations](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/aws-organizations): The `examples/aws-organizations` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -77,9 +77,9 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [How do I provision new accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-organizations/core-concepts.md#how-do-i-provision-new-accounts)
+* [How do I provision new accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-organizations/core-concepts.md#how-do-i-provision-new-accounts)
-* [How do I remove accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-organizations/core-concepts.md#how-do-i-remove-accounts)
+* [How do I remove accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-organizations/core-concepts.md#how-do-i-remove-accounts)
## Sample Usage
@@ -94,7 +94,7 @@ If you want to deploy this repo in production, check out the following resources
module "aws_organizations" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -160,7 +160,7 @@ module "aws_organizations" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/aws-organizations?ref=v1.1.0"
}
inputs = {
@@ -436,11 +436,11 @@ Identifier of the root of this organization.
diff --git a/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md b/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
index 493279cab3..1b5fb6ca6c 100644
--- a/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md
@@ -9,21 +9,21 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# CloudTrail Bucket
-View Source
+View Source
Release Notes
This module creates an S3 bucket for storing CloudTrail data and a KMS Customer Master Key (CMK) for encrypting that
data, including all the appropriate lifecycle, encryption, and permission settings for CloudTrail.
-This module is used under the hood in the [cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail)
-and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/account-baseline-root) modules.
+This module is used under the hood in the [cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail)
+and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/account-baseline-root) modules.
-It can also be used directly when configuring cross account access, for example when it is desirable to [have the central Cloudtrail S3 bucket exist outside of the management account.](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#multi-account-cloudtrail-setup-storing-the-cloudtrail-bucket-in-an-account-other-than-the-management-account)
+It can also be used directly when configuring cross account access, for example when it is desirable to [have the central Cloudtrail S3 bucket exist outside of the management account.](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#multi-account-cloudtrail-setup-storing-the-cloudtrail-bucket-in-an-account-other-than-the-management-account)
## Sample Usage
@@ -38,7 +38,7 @@ It can also be used directly when configuring cross account access, for example
module "cloudtrail_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -214,7 +214,7 @@ module "cloudtrail_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail-bucket?ref=v1.1.0"
}
inputs = {
@@ -923,11 +923,11 @@ The name of the S3 bucket where cloudtrail logs are delivered.
diff --git a/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md b/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
index 884d8b6b12..0faf8b3419 100644
--- a/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
+++ b/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS CloudTrail
-View Source
+View Source
Release Notes
@@ -39,25 +39,25 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#what-is-cloudtrail)
+* [What is CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#what-is-cloudtrail)
-* [Why use CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#why-use-cloudtrail)
+* [Why use CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#why-use-cloudtrail)
-* [What is a CloudTrail Trail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#what-is-a-cloudtrail-trail)
+* [What is a CloudTrail Trail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#what-is-a-cloudtrail-trail)
-* [What’s the difference between CloudTrail and AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#whats-the-difference-between-cloudtrail-and-aws-config)
+* [What’s the difference between CloudTrail and AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#whats-the-difference-between-cloudtrail-and-aws-config)
-* [CloudTrail Threat Model](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#cloudtrail-threat-model)
+* [CloudTrail Threat Model](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#cloudtrail-threat-model)
-* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#resources-created)
+* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#resources-created)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -65,7 +65,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/cloudtrail): The `examples/cloudtrail` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples/cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/cloudtrail): The `examples/cloudtrail` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -81,15 +81,15 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [Where are CloudTrail logs stored?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#where-are-cloudtrail-logs-stored)
+* [Where are CloudTrail logs stored?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#where-are-cloudtrail-logs-stored)
-* [What kind of data do CloudTrail log entries contain?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#what-kind-of-data-do-cloudtrail-log-entries-contain)
+* [What kind of data do CloudTrail log entries contain?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#what-kind-of-data-do-cloudtrail-log-entries-contain)
-* [What’s the best way to view CloudTrail Log Data?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#whats-the-best-way-to-view-cloudtrail-log-data)
+* [What’s the best way to view CloudTrail Log Data?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#whats-the-best-way-to-view-cloudtrail-log-data)
### Major changes
-* [Can you get alerted when certain API events occur?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cloudtrail/core-concepts.md#can-you-get-alerted-when-certain-api-events-occur)
+* [Can you get alerted when certain API events occur?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cloudtrail/core-concepts.md#can-you-get-alerted-when-certain-api-events-occur)
## Sample Usage
@@ -104,7 +104,7 @@ If you want to deploy this repo in production, check out the following resources
module "cloudtrail" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -361,7 +361,7 @@ module "cloudtrail" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cloudtrail?ref=v1.1.0"
}
inputs = {
@@ -1413,11 +1413,11 @@ The name of the cloudtrail trail.
diff --git a/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md b/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
index 041cebde4e..4bacffdd4d 100644
--- a/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
+++ b/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A best-practices set of IAM roles for cross-account access
-View Source
+View Source
Release Notes
@@ -34,7 +34,7 @@ This module creates the following IAM roles (all optional):
These IAM Roles are intended to be assumed by human users (i.e., IAM Users in another AWS account). The default
maximum session expiration for these roles is 12 hours (configurable via the `var.max_session_duration_human_users`).
Note that these are the *maximum* session expirations; the actual value for session expiration is specified when
-making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-auth)).
+making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-auth)).
* **allow-read-only-access-from-other-accounts**: Users from the accounts in
`var.allow_read_only_access_from_other_account_arns` will get read-only access to all services in this account.
@@ -65,11 +65,11 @@ making API calls to assume the IAM role (see [aws-auth](https://github.com/grunt
These IAM Roles are intended to be assumed by machine users (i.e., an EC2 Instance in another AWS account). The default
maximum session expiration for these roles is 1 hour (configurable via the `var.max_session_duration_machine_users`).
Note that these are the *maximum* session expirations; the actual value for session expiration is specified when
-making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/aws-auth)).
+making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/aws-auth)).
* **allow-ssh-grunt-access-from-other-accounts**: Users (or more likely, EC2 Instances) from the accounts in
`var.allow_ssh_grunt_access_from_other_account_arns` will get read access to IAM Groups and public SSH keys. This is
- useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
+ useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
connections against IAM users defined in this AWS account.
* **allow-auto-deploy-access-from-other-accounts**: Users from the accounts in `var.allow_auto_deploy_from_other_account_arns`
@@ -96,7 +96,7 @@ roles with the AWS CLI takes quite a few steps, so use the [aws-auth script](htt
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-policies#background-information).
## Sample Usage
@@ -111,7 +111,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "cross_account_iam_roles" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -298,7 +298,7 @@ module "cross_account_iam_roles" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/cross-account-iam-roles?ref=v1.1.0"
}
inputs = {
@@ -1086,11 +1086,11 @@ When true, all IAM policies will be managed as dedicated policies rather than in
diff --git a/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md b/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
index de014007de..ef1aed68e7 100644
--- a/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
+++ b/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Custom IAM Entity
-View Source
+View Source
Release Notes
-This Gruntwork Terraform Module creates an IAM group and/or role and attaches a provided set of IAM managed policies to the group. This can be used in conjunction with the [iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-groups), [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cross-account-iam-roles), and [saml-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/saml-iam-roles) modules which create a set of groups and roles with smart defaults. Use this module to easily create IAM groups and roles with a defined set of permissions.
+This Gruntwork Terraform Module creates an IAM group and/or role and attaches a provided set of IAM managed policies to the group. This can be used in conjunction with the [iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-groups), [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cross-account-iam-roles), and [saml-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/saml-iam-roles) modules which create a set of groups and roles with smart defaults. Use this module to easily create IAM groups and roles with a defined set of permissions.
### Requirements
@@ -25,7 +25,7 @@ This Gruntwork Terraform Module creates an IAM group and/or role and attaches a
### Instructions
-Check out the [custom-iam-entity example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/custom-iam-entity) for a working example.
+Check out the [custom-iam-entity example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/custom-iam-entity) for a working example.
#### Resources Created
@@ -36,7 +36,7 @@ If neither role nor group are provided, this module does nothing.
#### Resources NOT Created
-* **IAM users** - This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-users) to create users.
+* **IAM users** - This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-users) to create users.
* **IAM policies** - This module only attaches policies by ARN or by name. It does not create any new policies.
#### MFA support
@@ -51,7 +51,7 @@ The reason for this difference is difficult to explain, but boils down to limita
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-policies#background-information).
## Sample Usage
@@ -66,7 +66,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "custom_iam_entity" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -169,7 +169,7 @@ module "custom_iam_entity" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v1.1.0"
}
inputs = {
@@ -502,11 +502,11 @@ The name of the IAM role.
diff --git a/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md b/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
index ef0a1afb57..070d1d8aba 100644
--- a/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# EBS Encryption Multi Region Module
-View Source
+View Source
-Release Notes
+Release Notes
-This module wraps the [ebs-encryption core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ebs-encryption/README.md) to configure [AWS EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in all enabled regions for the AWS Account.
+This module wraps the [ebs-encryption core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ebs-encryption/README.md) to configure [AWS EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in all enabled regions for the AWS Account.
## Features
@@ -37,17 +37,17 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
* [AWS blog: Opt-in to Default Encryption for New EBS Volumes](https://aws.amazon.com/blogs/aws/new-opt-in-to-default-encryption-for-new-ebs-volumes/)
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -66,7 +66,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
module "ebs_encryption_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -108,7 +108,7 @@ module "ebs_encryption_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption-multi-region?ref=v1.1.0"
}
inputs = {
@@ -218,11 +218,11 @@ A map from region to the ARN of the KMS key used for default EBS encryption for
diff --git a/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md b/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
index 4e9595736b..5e45ffaba1 100644
--- a/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
+++ b/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md
@@ -9,18 +9,18 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Elastic Block Storage Encryption
-View Source
+View Source
-Release Notes
+Release Notes
This module configures EC2 Elastic Block Storage encryption defaults, allowing encryption to be enabled for all new EBS
volumes and selection of a KMS Customer Managed Key to use by default.
-This module is not meant to be used directly. Instead, it's used under the hood in the [account-baseline-\*](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules)
+This module is not meant to be used directly. Instead, it's used under the hood in the [account-baseline-\*](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules)
modules. Please see those modules for more information.
## Background Information
@@ -42,7 +42,7 @@ modules. Please see those modules for more information.
module "ebs_encryption" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -81,7 +81,7 @@ module "ebs_encryption" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ebs-encryption?ref=v1.1.0"
}
inputs = {
@@ -187,11 +187,11 @@ The default KMS key used for EBS encryption.
diff --git a/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md b/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
index fa4621d4d2..8fa4e5e11a 100644
--- a/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
+++ b/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Fail2Ban Module
-View Source
+View Source
Release Notes
@@ -27,11 +27,11 @@ Instance.
diff --git a/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md b/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
index 57988bd1e7..b493f125ac 100644
--- a/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
+++ b/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# IAM Role for GitHub Actions
-View Source
+View Source
Release Notes
@@ -184,7 +184,7 @@ jobs:
module "github_actions_iam_role" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -269,7 +269,7 @@ module "github_actions_iam_role" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-iam-role?ref=v1.1.0"
}
inputs = {
@@ -586,11 +586,11 @@ The name of the IAM role.
diff --git a/docs/reference/modules/terraform-aws-security/github-actions-openid-connect-provider/github-actions-openid-connect-provider.md b/docs/reference/modules/terraform-aws-security/github-actions-openid-connect-provider/github-actions-openid-connect-provider.md
index 19588c3f01..0e2f49a74f 100644
--- a/docs/reference/modules/terraform-aws-security/github-actions-openid-connect-provider/github-actions-openid-connect-provider.md
+++ b/docs/reference/modules/terraform-aws-security/github-actions-openid-connect-provider/github-actions-openid-connect-provider.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# OpenID Connect Provider for GitHub Actions
-View Source
+View Source
Release Notes
@@ -43,7 +43,7 @@ with the OpenID Connect Provider. In addition to this security measure, you shou
associated with the OpenID Connect Provider have the appropriate trust policy to only allow assumption of the role by
the appropriate GitHub Repos on the appropriate refs.
-See the [GitHub Actions IAM Role](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/github-actions-iam-role/README.md) module for more information.
+See the [GitHub Actions IAM Role](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/github-actions-iam-role/README.md) module for more information.
## Sample Usage
@@ -58,7 +58,7 @@ See the [GitHub Actions IAM Role](https://github.com/gruntwork-io/terraform-aws-
module "github_actions_openid_connect_provider" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-openid-connect-provider?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-openid-connect-provider?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -91,7 +91,7 @@ module "github_actions_openid_connect_provider" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-openid-connect-provider?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/github-actions-openid-connect-provider?ref=v1.1.0"
}
inputs = {
@@ -182,11 +182,11 @@ Url used for the OIDC provider
diff --git a/docs/reference/modules/terraform-aws-security/gitlab-pipelines-iam-role/gitlab-pipelines-iam-role.md b/docs/reference/modules/terraform-aws-security/gitlab-pipelines-iam-role/gitlab-pipelines-iam-role.md
index a28b90c14d..aadb0ca5c6 100644
--- a/docs/reference/modules/terraform-aws-security/gitlab-pipelines-iam-role/gitlab-pipelines-iam-role.md
+++ b/docs/reference/modules/terraform-aws-security/gitlab-pipelines-iam-role/gitlab-pipelines-iam-role.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# IAM Role for GitLab Pipelines
-View Source
+View Source
Release Notes
@@ -22,7 +22,7 @@ GitLab Pipelines. This requires you to provision an IAM OpenID Connect Provider
using OpenID Connect, GitLab Pipelines can directly exchange credentials to access AWS without having to store and provide
GitLab with permanent AWS access credentials. This is useful to prevent credential leaks from progressing undetected.
-You can use the [OpenID Connect Provider for GitLab Pipelines](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/gitlab-pipelines-openid-connect-provider/README.md) module in the IAM role creation process like so:
+You can use the [OpenID Connect Provider for GitLab Pipelines](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/gitlab-pipelines-openid-connect-provider/README.md) module in the IAM role creation process like so:
```hcl
module "gitlab_pipelines_openid_connect_provider" {
@@ -140,7 +140,7 @@ TODO
module "gitlab_pipelines_iam_role" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/gitlab-pipelines-iam-role?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/gitlab-pipelines-iam-role?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -219,7 +219,7 @@ module "gitlab_pipelines_iam_role" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/gitlab-pipelines-iam-role?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/gitlab-pipelines-iam-role?ref=v1.1.0"
}
inputs = {
@@ -494,11 +494,11 @@ The name of the IAM role.
diff --git a/docs/reference/modules/terraform-aws-security/gitlab-pipelines-openid-connect-provider/gitlab-pipelines-openid-connect-provider.md b/docs/reference/modules/terraform-aws-security/gitlab-pipelines-openid-connect-provider/gitlab-pipelines-openid-connect-provider.md
index c8d8009f93..661e43a964 100644
--- a/docs/reference/modules/terraform-aws-security/gitlab-pipelines-openid-connect-provider/gitlab-pipelines-openid-connect-provider.md
+++ b/docs/reference/modules/terraform-aws-security/gitlab-pipelines-openid-connect-provider/gitlab-pipelines-openid-connect-provider.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# OpenID Connect Provider for GitLab Pipelines
-View Source
+View Source
Release Notes
@@ -43,7 +43,7 @@ with the OpenID Connect Provider. In addition to this security measure, you shou
associated with the OpenID Connect Provider have the appropriate trust policy to only allow assumption of the role by
the appropriate GitLab Repos on the appropriate refs.
-See the TODO [GitLab Pipelines IAM Role](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/gitlab-pipelines-iam-role/README.md) module for more information.
+See the TODO [GitLab Pipelines IAM Role](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/gitlab-pipelines-iam-role/README.md) module for more information.
## Sample Usage
@@ -58,7 +58,7 @@ See the TODO [GitLab Pipelines IAM Role](https://github.com/gruntwork-io/terrafo
module "gitlab_pipelines_openid_connect_provider" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/gitlab-pipelines-openid-connect-provider?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/gitlab-pipelines-openid-connect-provider?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -94,7 +94,7 @@ module "gitlab_pipelines_openid_connect_provider" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/gitlab-pipelines-openid-connect-provider?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/gitlab-pipelines-openid-connect-provider?ref=v1.1.0"
}
inputs = {
@@ -197,11 +197,11 @@ Url used for the OIDC provider
diff --git a/docs/reference/modules/terraform-aws-security/guardduty-bucket/guardduty-bucket.md b/docs/reference/modules/terraform-aws-security/guardduty-bucket/guardduty-bucket.md
index efbde763a3..a08d6d8985 100644
--- a/docs/reference/modules/terraform-aws-security/guardduty-bucket/guardduty-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/guardduty-bucket/guardduty-bucket.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# GuardDuty Bucket
-View Source
+View Source
Release Notes
@@ -35,7 +35,7 @@ It is particularly useful when configuring cross account access, for example whe
module "guardduty_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-bucket?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-bucket?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -152,7 +152,7 @@ module "guardduty_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-bucket?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-bucket?ref=v1.1.0"
}
inputs = {
@@ -627,11 +627,11 @@ The name of the S3 bucket where GuardDuty findings are delivered.
diff --git a/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md b/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
index 9e48d293be..ea7ce02ac2 100644
--- a/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md
@@ -9,19 +9,19 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS GuardDuty Multi Region Module
-View Source
+View Source
-Release Notes
+Release Notes
-This module wraps the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/README.adoc) to configure [AWS GuardDuty](https://aws.amazon.com/guardduty/) in all enabled regions for the AWS Account.
+This module wraps the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/README.adoc) to configure [AWS GuardDuty](https://aws.amazon.com/guardduty/) in all enabled regions for the AWS Account.
## Features
-* Uses the [guardduty module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty) to enable AWS GuardDuty across all regions (recommended best practice) on your AWS account
+* Uses the [guardduty module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty) to enable AWS GuardDuty across all regions (recommended best practice) on your AWS account
* Continuously monitor your AWS account for malicious activity and unauthorized behavior
@@ -37,19 +37,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* Learn more about GuardDuty in the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/README.adoc).
+* Learn more about GuardDuty in the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/README.adoc).
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -74,7 +74,7 @@ This module depends on Python being available on your system. Python 2.7, 3.5+ a
module "guardduty_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -212,7 +212,7 @@ module "guardduty_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty-multi-region?ref=v1.1.0"
}
inputs = {
@@ -657,11 +657,11 @@ The IDs of the GuardDuty detectors.
diff --git a/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md b/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
index a8f58cd727..ac9c65c114 100644
--- a/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
+++ b/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS GuardDuty
-View Source
+View Source
-Release Notes
+Release Notes
This Terraform Module configures [AWS GuardDuty](https://aws.amazon.com/guardduty/), a service for detecting threats and continuously monitoring your AWS accounts and workloads against malicious activity and unauthorized behavior.
@@ -37,29 +37,29 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What Is GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/core-concepts.md#what-is-guardduty)
+* [What Is GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/core-concepts.md#what-is-guardduty)
-* [Why Use GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/core-concepts.md#why-use-guardduty)
+* [Why Use GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/core-concepts.md#why-use-guardduty)
-* [What Is A Finding?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/core-concepts.md#what-is-a-finding)
+* [What Is A Finding?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/core-concepts.md#what-is-a-finding)
-* [Where Should I Enable GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/core-concepts.md#where-should-i-enable-guardduty)
+* [Where Should I Enable GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/core-concepts.md#where-should-i-enable-guardduty)
-* [Resources Created](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/core-concepts.md#resources-created)
+* [Resources Created](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/core-concepts.md#resources-created)
-* [Gotchas](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/core-concepts.md#gotchas)
+* [Gotchas](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/core-concepts.md#gotchas)
-* [Known Issues](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty/core-concepts.md#known-issues)
+* [Known Issues](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty/core-concepts.md#known-issues)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen): Code generation utilities that help generate modules in this repo.
+* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen): Code generation utilities that help generate modules in this repo.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -67,7 +67,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this module out, check out the following resources:
-* [guardduty example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/guardduty).
+* [guardduty example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/guardduty).
### Production deployment
@@ -75,7 +75,7 @@ If you want to deploy this module in production, check out the following resourc
* ***Coming soon***. We have not yet added this module to the [Acme example Reference Architecture](https://github.com/gruntwork-io/infrastructure-modules-multi-account-acme).
-* [Terraform Module to enable GuardDuty in all enabled regions of an AWS Account](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/guardduty-multi-region).
+* [Terraform Module to enable GuardDuty in all enabled regions of an AWS Account](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/guardduty-multi-region).
* [How to configure a production-grade AWS account structure](https://docs.gruntwork.io/guides/build-it-yourself/landing-zone)
@@ -92,7 +92,7 @@ If you want to deploy this module in production, check out the following resourc
module "guardduty" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -201,7 +201,7 @@ module "guardduty" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/guardduty?ref=v1.1.0"
}
inputs = {
@@ -588,11 +588,11 @@ The ID of the GuardDuty detector.
diff --git a/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md b/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
index 22ca0a1b76..6f3443ffc0 100644
--- a/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS IAM Access Analyzer
-View Source
+View Source
-Release Notes
+Release Notes
This repo contains a Module for creating and enabling [IAM Access Analyzer](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html)
@@ -35,21 +35,21 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is the AWS IAM Access Analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-access-analyzer-multi-region/core-concepts.md#what-is-the-aws-iam-access-analyzer?)
+* [What is the AWS IAM Access Analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-access-analyzer-multi-region/core-concepts.md#what-is-the-aws-iam-access-analyzer?)
-* [What resources does IAM Access Analyzer analyze?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-access-analyzer-multi-region/core-concepts.md#what-resources-does-iam-access-analyzer-analyze?)
+* [What resources does IAM Access Analyzer analyze?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-access-analyzer-multi-region/core-concepts.md#what-resources-does-iam-access-analyzer-analyze?)
* [IAM Access Analyzer documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html)
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -57,13 +57,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [Who can manage the analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-access-analyzer-multi-region/core-concepts.md#who-can-manage-the-analyzer?)
+* [Who can manage the analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-access-analyzer-multi-region/core-concepts.md#who-can-manage-the-analyzer?)
-* [What to do with the access analyzer findings?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-access-analyzer-multi-region/core-concepts.md#what-to-do-with-the-access-analyzer-findings?)
+* [What to do with the access analyzer findings?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-access-analyzer-multi-region/core-concepts.md#what-to-do-with-the-access-analyzer-findings?)
## Sample Usage
@@ -78,7 +78,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "iam_access_analyzer_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -118,7 +118,7 @@ module "iam_access_analyzer_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v1.1.0"
}
inputs = {
@@ -157,11 +157,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md b/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
index 702b5039b0..e967acb974 100644
--- a/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
+++ b/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A Best-Practices Set of IAM Groups
-View Source
+View Source
Release Notes
@@ -52,7 +52,7 @@ This module optionally creates the following IAM Groups:
since users can grant arbitrary permissions!
* **use-existing-iam-roles:** IAM Users in this group can pass *existing* IAM Roles to AWS resources to which they have
been granted access. These IAM Users cannot create *new* IAM Roles, only use existing ones. See
- [the three levels of IAM permissions](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-policies#the-three-levels-of-iam-permissions) for more information.
+ [the three levels of IAM permissions](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-policies#the-three-levels-of-iam-permissions) for more information.
* **ssh-grunt-sudo-users:** IAM Users in this group have SSH access with `sudo` privileges to any EC2 Instance configured
to use this group to manage SSH logins.
* **ssh-grunt-users:** IAM Users in this group have SSH access without `sudo` privileges to any EC2 Instance configured
@@ -83,7 +83,7 @@ own account unless this IAM Policy is attached to his account.
### IAM Users
-This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-users) to create users.
+This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-users) to create users.
### IAM Roles
@@ -108,7 +108,7 @@ otherwise enable IAM Users to access the billing console:
## Background Information
For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in
-the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-policies#background-information).
+the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-policies#background-information).
## Sample Usage
@@ -123,7 +123,7 @@ the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/
module "iam_groups" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -309,7 +309,7 @@ module "iam_groups" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-groups?ref=v1.1.0"
}
inputs = {
@@ -953,11 +953,11 @@ Should we create the IAM Group for user self-management? Allows users to manage
diff --git a/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md b/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
index f5624d847e..2dcc94b57b 100644
--- a/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
+++ b/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A Best-Practices Set of IAM Policy Documents
-View Source
+View Source
Release Notes
@@ -25,7 +25,7 @@ Note that these documents are Terraform [data sources](https://www.terraform.io/
so they don't create anything themselves and are not intended to be used on their own. The way to use them is to take
the outputs from this module (which are all JSON IAM documents) and plug them into other Terraform resources, such
as `aws_iam_policy`, `aws_iam_user_policy`, `aws_iam_group_policy`, and `aws_iam_role_policy`. See the
-[iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/iam-groups) and [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/cross-account-iam-roles) modules for examples.
+[iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/iam-groups) and [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/cross-account-iam-roles) modules for examples.
If you're not familiar with IAM concepts, start with the [Background Information](#background-information) section as a
way to familiarize yourself with the terminology.
@@ -82,7 +82,7 @@ This module creates the following IAM Policy documents:
certain IAM roles in other AWS accounts (e.g. stage, prod). The documents that are created and which IAM roles they
have access to is controlled by the variable `var.allow_access_from_other_account_arns`.
-* **ssh_grunt_permissions**: provides the permissions [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt) needs to validate SSH keys with
+* **ssh_grunt_permissions**: provides the permissions [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt) needs to validate SSH keys with
IAM.
* **auto_deploy_permissions**: provides the permissions in `var.auto_deploy_permissions` to do automated deployment.
@@ -263,7 +263,7 @@ Instead, use these Terraform resources so you don't have to worry about this pro
module "iam_policies" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -350,7 +350,7 @@ module "iam_policies" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-policies?ref=v1.1.0"
}
inputs = {
@@ -680,11 +680,11 @@ If set to true, all the Policies created by this module that are used as Trust P
diff --git a/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md b/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
index 2e62476da9..e773aaeda4 100644
--- a/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
+++ b/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Set a Password Policy for IAM Users
-View Source
+View Source
Release Notes
@@ -46,7 +46,7 @@ password policy you already have in place!
module "iam_user_password_policy" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -102,7 +102,7 @@ module "iam_user_password_policy" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-user-password-policy?ref=v1.1.0"
}
inputs = {
@@ -335,11 +335,11 @@ Whether to require uppercase characters for user passwords.
diff --git a/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md b/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
index 46985c8bca..f14442a59d 100644
--- a/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
+++ b/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# IAM Users
-View Source
+View Source
Release Notes
@@ -139,7 +139,7 @@ Under the hood, this module uses the [`aws_iam_user` resource](https://registry.
module "iam_users" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -210,7 +210,7 @@ module "iam_users" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-users?ref=v1.1.0"
}
inputs = {
@@ -555,11 +555,11 @@ A map of usernames to that user's AWS SSH Security Credential ID
diff --git a/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md b/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
index 4cf88a5278..9883778c15 100644
--- a/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
+++ b/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# ip-lockdown Module
-View Source
+View Source
Release Notes
@@ -33,7 +33,7 @@ In the example below we restrict access to [ec2-instance-metadata endpoint](http
Normally users make a `curl` call to get metadata like the AWS region or credentials associated with this EC2 Instance's IAM Role. Following the invocation of ip-lockdown, only users foo, bar, and root can query that data.
-The complete example of using terraform to deploy a generated AMI into your AWS account and automatically invoke `ip-lockdown` from the `User Data` is also available in the [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/ip-lockdown/aws-example) folder.
+The complete example of using terraform to deploy a generated AMI into your AWS account and automatically invoke `ip-lockdown` from the `User Data` is also available in the [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/ip-lockdown/aws-example) folder.
#### Installation
@@ -61,11 +61,11 @@ gruntwork-install --module-name ip-lockdown --tag --re
diff --git a/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md b/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
index 09d7378c98..df01183a73 100644
--- a/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
+++ b/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# KMS Customer Managed Key Multi-Region Replication module
-View Source
+View Source
Release Notes
@@ -22,7 +22,7 @@ Key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#custome
[the multi-region replication feature of
KMS](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html).
-This module is intended to be used in conjunction with the [kms-master-key module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-master-key) to replicate a KMS
+This module is intended to be used in conjunction with the [kms-master-key module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-master-key) to replicate a KMS
key managed with that module to other regions. Note that the KMS key must be marked as multi-region in order to support
multi-region replication.
@@ -39,7 +39,7 @@ multi-region replication.
module "kms_cmk_replica" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -97,7 +97,7 @@ module "kms_cmk_replica" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-cmk-replica?ref=v1.1.0"
}
inputs = {
@@ -372,11 +372,11 @@ A map of CMK name to CMK ID.
diff --git a/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md b/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
index 6afcdcb287..4c6dfdd28c 100644
--- a/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS KMS Grants
-View Source
+View Source
-Release Notes
+Release Notes
This repo contains a Module for creating and managing [KMS grants](https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) for managing permissions to use CMKs.
@@ -31,21 +31,21 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-master-key/README.md#what-is-kms)
+* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-master-key/README.md#what-is-kms)
-* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-master-key/README.md#what-is-a-customer-master-key)
+* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-master-key/README.md#what-is-a-customer-master-key)
* [KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html): Amazon’s docs for KMS that cover core concepts such as various key types, how to encrypt and decrypt, deletion of keys, and automatic key rotation.
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -53,13 +53,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
+* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
-* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
+* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
## Sample Usage
@@ -74,7 +74,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "kms_grant_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -127,7 +127,7 @@ module "kms_grant_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-grant-multi-region?ref=v1.1.0"
}
inputs = {
@@ -179,11 +179,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md b/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
index 97d86d8d69..8fe5d3b4b4 100644
--- a/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
+++ b/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# AWS KMS Customer Master Keys (CMK)
-View Source
+View Source
-Release Notes
+Release Notes
This repo contains a Module for creating and managing [AWS KMS Customer Master Keys](https://aws.amazon.com/kms/) that you can use for encrypting and decrypting data.
@@ -37,23 +37,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-master-key/README.md#what-is-kms)
+* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-master-key/README.md#what-is-kms)
-* [What is the difference between creating one key in all regions and creating a single all-region key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-master-key-multi-region/core-concepts.md#what-is-the-difference-between-creating-one-key-in-all-regions-and-creating-a-single-all-region-key)
+* [What is the difference between creating one key in all regions and creating a single all-region key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-master-key-multi-region/core-concepts.md#what-is-the-difference-between-creating-one-key-in-all-regions-and-creating-a-single-all-region-key)
-* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-master-key/README.md#what-is-a-customer-master-key)
+* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-master-key/README.md#what-is-a-customer-master-key)
* [KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html): Amazon’s docs for KMS that cover core concepts such as various key types, how to encrypt and decrypt, deletion of keys, and automatic key rotation.
-* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/codegen/core-concepts.md#how-to-use-a-multi-region-module)
+* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/codegen/core-concepts.md#how-to-use-a-multi-region-module)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -61,17 +61,17 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
## Manage
-* [Differences between CMK Administrators vs. CMK Users](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-master-key/README.md#cmk-administrators-vs-cmk-users)
+* [Differences between CMK Administrators vs. CMK Users](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-master-key/README.md#cmk-administrators-vs-cmk-users)
-* [Differences between managing access control with KMS key policies vs. IAM policies](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-master-key/README.md#managing-a-keys-permissions-with-the-key-policy-vs-iam-policies)
+* [Differences between managing access control with KMS key policies vs. IAM policies](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-master-key/README.md#managing-a-keys-permissions-with-the-key-policy-vs-iam-policies)
-* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
+* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies)
-* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
+* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts)
## Sample Usage
@@ -86,7 +86,7 @@ If you just want to try this out for experimenting and learning, check out the f
module "kms_master_key_multi_region" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -153,7 +153,7 @@ module "kms_master_key_multi_region" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key-multi-region?ref=v1.1.0"
}
inputs = {
@@ -521,11 +521,11 @@ A map from region to IDs of the replica KMS CMKs that were created. The value wi
diff --git a/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md b/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
index af9af66e1c..a391d99dbf 100644
--- a/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
+++ b/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# KMS Master Key Module
-View Source
+View Source
-Release Notes
+Release Notes
This Terraform Module creates a new [Customer Master
Key (CMK)](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) in [Amazon's Key Management
@@ -87,7 +87,7 @@ more onerous.
module "kms_master_key" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -151,7 +151,7 @@ module "kms_master_key" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=v1.1.0"
}
inputs = {
@@ -450,11 +450,11 @@ A map of CMK name to CMK ID.
diff --git a/docs/reference/modules/terraform-aws-security/ntp/ntp.md b/docs/reference/modules/terraform-aws-security/ntp/ntp.md
index e1bccfc888..d7c0c17916 100644
--- a/docs/reference/modules/terraform-aws-security/ntp/ntp.md
+++ b/docs/reference/modules/terraform-aws-security/ntp/ntp.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# NTP Module
-View Source
+View Source
Release Notes
@@ -34,11 +34,11 @@ Originally, Amazon recommended installing `ntpd` to prevent clock drift. Today,
diff --git a/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md b/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
index 955742ba62..4f842c14e7 100644
--- a/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
+++ b/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# OS Hardening
-View Source
+View Source
Release Notes
@@ -31,8 +31,8 @@ is mounting multiple partitions. We hope to implement more CIS recommendations o
There are two major components to this module:
-* [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/os-hardening/ami-builder): This is a Terraform template that launches an EC2 Instance with Packer pre-installed.
-* [partition-scripts](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/os-hardening/partition-scripts): This is a set of bash scripts that create multiple disk partitions, format them
+* [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/os-hardening/ami-builder): This is a Terraform template that launches an EC2 Instance with Packer pre-installed.
+* [partition-scripts](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/os-hardening/partition-scripts): This is a set of bash scripts that create multiple disk partitions, format them
as ext4, and mount them to various paths with various mount options such as `noexec` or `nosuid`. These scripts are
meant to be run in a Packer template that uses the Packer [amazon-chroot](https://www.packer.io/docs/builders/amazon-chroot.html)
builder.
@@ -45,7 +45,7 @@ Fundamentally, to generate an AMI you must:
4. SSH into the ami-builder EC2 Instance and run `packer build amazon-linux.json` to build the AMI.
5. Terminate the ami-builder EC2 Instance.
-We recognize that is a lot of manual steps to build a single AMI, so check out the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/os-hardening)
+We recognize that is a lot of manual steps to build a single AMI, so check out the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/os-hardening)
for a pre-built Packer template plus a script (`packer-build.sh`) that will automate all the above steps.
### Why do I need to launch a separate EC2 Instance to run Packer?
@@ -55,7 +55,7 @@ See below for additional details on what this is and how to use it.
## How to Use this Module
-**The best way to use this module is to substantially copy the [os-hardening example code](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/os-hardening).
+**The best way to use this module is to substantially copy the [os-hardening example code](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/os-hardening).
Unlike most Gruntwork examples, the example for this module contains a full Packer build file plus a wrapper script to
create the AMI with a single command and may be viewed as a "canonical" way to instantiate the os-hardening modules.**
@@ -71,11 +71,11 @@ hardened OS will use. Follow these steps:
and sizes:
* `partition-volume`: For each desired partition, add an argument like `--partition '/home:4G'`. For additional
- details see [partition-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/os-hardening/partition-scripts/bin/partition-volume). Note that for the last `--partition` entry only,
+ details see [partition-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/os-hardening/partition-scripts/bin/partition-volume). Note that for the last `--partition` entry only,
you may specify `*` for the size to tell the script to create the largest possible partition based on remaining
disk space. Also, make sure your partition sizes don't exceed the space available on your EBS Volume!
* `cleanup-volume`: For each desired partition, add an argument like `--mount-point '/home'`. For additional details see
- [cleanup-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/os-hardening/partition-scripts/bin/cleanup-volume)
+ [cleanup-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/os-hardening/partition-scripts/bin/cleanup-volume)
Note that you will redundantly pass the same list of partition paths to each of the above scripts, but only
`partition-volume` needs both the mount point *and* the desired partition size.
@@ -86,10 +86,10 @@ That's it! The Packer template will take care of the rest.
### How to Build the AMI with Packer
-Now we're ready to build the actual AMI. Note: The [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/os-hardening) contains a script
+Now we're ready to build the actual AMI. Note: The [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/os-hardening) contains a script
that automates all these steps, but, for the sake of understanding, we'll describe them individually below:
-1. Launch the [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/os-hardening/ami-builder) EC2 Instance. We will execute Packer from this EC2 Instance.
+1. Launch the [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/os-hardening/ami-builder) EC2 Instance. We will execute Packer from this EC2 Instance.
2. On your local machine run `rsync` so that your local directory is continually synced to the ami-builder:
@@ -127,7 +127,7 @@ additional volumes mounted as encrypted volumes.
### Using Your Hardened OS as a "Base AMI"
-A best practice we encourage is to first build your hardened OS Image using these modules and the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/os-hardening).
+A best practice we encourage is to first build your hardened OS Image using these modules and the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/os-hardening).
You can now view this AMI as your "base AMI", and all other Packer builds can be built on top of this AMI. For example,
you might have:
@@ -269,11 +269,11 @@ needed additional space to build a new AMI was not unreasonable.
diff --git a/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md b/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
index 1490817f77..098895a2a8 100644
--- a/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
+++ b/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Private S3 Bucket
-View Source
+View Source
Release Notes
@@ -86,7 +86,7 @@ aws-vault exec --no-session root-prod -- ./mfa-delete.sh --account-id 2264865421
module "private_s_3_bucket" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -304,7 +304,7 @@ module "private_s_3_bucket" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/private-s3-bucket?ref=v1.1.0"
}
inputs = {
@@ -1128,11 +1128,11 @@ The name of an IAM role that can be used to configure replication from various s
diff --git a/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md b/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
index b767a8c3bf..d5f6cb40a3 100644
--- a/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
+++ b/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# A best-practices set of IAM roles for SAML access
-View Source
+View Source
Release Notes
@@ -47,7 +47,7 @@ This module creates the following IAM roles (all optional):
* **allow-ssh-grunt-access-from-saml**: Users authenticated by the SAML providers in
`var.allow_ssh_grunt_access_from_saml_provider_arns` will get read access to IAM Groups and public SSH keys. This is
- useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
+ useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH
connections against IAM users defined in this AWS account.
* **allow-dev-access-from-saml**:Users authenticated by the SAML providers in
@@ -78,7 +78,7 @@ This module creates the following IAM roles (all optional):
module "saml_iam_roles" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -237,7 +237,7 @@ module "saml_iam_roles" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/saml-iam-roles?ref=v1.1.0"
}
inputs = {
@@ -895,11 +895,11 @@ A map of tags to apply to the IAM roles.
diff --git a/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md b/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
index ab38a927de..02a78454ac 100644
--- a/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
+++ b/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Resource-based policies for Secrets Manager secrets
-View Source
+View Source
Release Notes
@@ -42,7 +42,7 @@ Note also that you should only manage the policy for any given secret one time.
module "secrets_manager_resource_policies" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -71,7 +71,7 @@ module "secrets_manager_resource_policies" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/secrets-manager-resource-policies?ref=v1.1.0"
}
inputs = {
@@ -99,11 +99,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md b/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
index db9a45713e..6b8a5cd925 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSH Grunt SELinux Policy
-View Source
+View Source
Release Notes
-This module installs a SELinux Local Policy Module that is necessary to make [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt) work on
+This module installs a SELinux Local Policy Module that is necessary to make [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt) work on
systems with SELinux, such as CentOS.
The reason we need a policy is that `ssh-grunt` uses is executed on each attempted SSH login by the
@@ -83,11 +83,11 @@ $ sudo semodule -i ssh-grunt.pp
diff --git a/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md b/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
index db1bbf475d..c77cf92d00 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSH Grunt
-View Source
+View Source
Release Notes
@@ -47,19 +47,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [How to install ssh-grunt on your servers](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers)
+* [How to install ssh-grunt on your servers](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers)
-* [How SSH Grunt works](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt/core-concepts.md#how-it-works)
+* [How SSH Grunt works](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt/core-concepts.md#how-it-works)
-* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/README.adoc#core-concepts)
+* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/README.adoc#core-concepts)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples): This folder contains working examples of how to use the submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/test): Automated tests for the modules and examples.
+* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/test): Automated tests for the modules and examples.
## Deploy
@@ -73,9 +73,9 @@ This module is known to work on **CentOS 7**, **Ubuntu**, **Amazon Linux 2**, an
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [ssh-grunt examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/ssh-grunt): The `examples/ssh-grunt` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [ssh-grunt examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/ssh-grunt): The `examples/ssh-grunt` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
-* [Packer template](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/examples/ssh-grunt/packer/ssh-grunt-iam.json)
+* [Packer template](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/examples/ssh-grunt/packer/ssh-grunt-iam.json)
### Production deployment
@@ -91,18 +91,18 @@ If you want to deploy this module in production, check out the following resourc
### Day-to-day operations
-* [How to manage SSH keys](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys)
+* [How to manage SSH keys](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys)
-* [IAM permissions required for ssh-grunt to work](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions)
+* [IAM permissions required for ssh-grunt to work](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions)
diff --git a/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md b/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
index afa2e02534..c952a90146 100644
--- a/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
+++ b/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md
@@ -9,25 +9,25 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# ssh-iam has been renamed!
-View Source
+View Source
Release Notes
-`ssh-iam` has been renamed to [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt). Please update all links to point to
-[ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/ssh-grunt)!
+`ssh-iam` has been renamed to [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt). Please update all links to point to
+[ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/ssh-grunt)!
diff --git a/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md b/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
index bd7e2b393e..1c362dd6a5 100644
--- a/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
+++ b/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSM Healthchecks IAM Permissions
-View Source
+View Source
Release Notes
@@ -45,7 +45,7 @@ We recommend using this module with just about every single EC2 Instance and Aut
module "ssm_healthchecks_iam_permissions" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -69,7 +69,7 @@ module "ssm_healthchecks_iam_permissions" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v1.0.5"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/ssm-healthchecks-iam-permissions?ref=v1.1.0"
}
inputs = {
@@ -92,11 +92,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md b/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
index 732cf9bc28..65813692ec 100644
--- a/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
+++ b/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Generate a TLS/SSL Certificate for a Private Service
-View Source
+View Source
Release Notes
@@ -35,7 +35,7 @@ using a commercial CA or public, free CA like [Let's Encrypt](https://letsencryp
1. Edit the `docker-compose.yml` file and fill in your desired argument values.
2. Now run `docker-compose up` and your TLS certs will output to a local `output` directory!
-To see documentation on the arguments in `docker-compose.yml`, see the [main.sh](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.0.5/modules/tls-cert-private/scripts/main.sh) file.
+To see documentation on the arguments in `docker-compose.yml`, see the [main.sh](https://github.com/gruntwork-io/terraform-aws-security/tree/v1.1.0/modules/tls-cert-private/scripts/main.sh) file.
Note that the Docker Compose file mounts the local machine folder `./output` in the Docker container. Mac and Windows
users sohuld take note that, in some cases, volume mounting may be extremely slow, or even one-way-only if you use an
@@ -176,11 +176,11 @@ TLS certificates for any public services.