This module can configure a Linux server to automatically ban malicious ip addresses from connecting to the server
via SSH. This module currently supports Ubuntu, Amazon Linux, Amazon Linux 2, and CentOS (using
fail2ban).
The module also optionally creates CloudWatch Metrics to track the number of Banned and Unbanned IP Addresses per AWS
Instance.
How do you use this module?
Example
See the fail2ban example for an example of how to use this module.
You can configure several options to control the behavior of fail2ban. If you're using gruntwork-install, you'll need to
use the --module-param option, such as gruntwork-install --module fail2ban --module-param ban-time=3600).
Option
Description
Required
Default
--logging-level
The logging level for fail2ban. 1=ERROR, 2=WARN, 3=INFO, 4=DEBUG.
Optional
3=INFO
--target
The target for fail2ban. STDOUT, STDERR, SYSLOG, /path/to/file.
Optional
SYSLOG
--ignore-ip
The space delimited list of ip addresses or CIDR blocks for fail2ban to ignore.
Optional
127.0.0.1/8
--ban-time
The amount of time in seconds a malicious ip address will be banned for.
Optional
86400
--find-time
The time window in seconds to look at for failures
Optional
600
--max-retry
The number of failures (eg. password failures) that constitute a bad actor
Optional
5
--backend
The method used to determine if a logfile contents have changed. Possible values are: auto, pyinotify, gamin, polling
Optional
auto
--ssh-port
The port the ssh daemon being protected is running on
Optional
22 (ssh)
--no-cloudwatch-metrics
Flag to disable creation of cloudwatch metrics
Optional
CloudWatch Metrics
By default the script will report the count of the number of IP Addresses Banned and Unbanned to the BannedIPAddresses
and UnbannedIPAddresses CloudWatch metrics in the Gruntwork/Fail2Ban namespace. This namespace can be changed using
the --cloudwatch-namespace switch.
CloudWatch Metric reporting can be disabled all together during installation using the --no-cloudwatch-metrics switch.
Permissions
If the option to install CloudWatch Metrics is selected (default behavior), it is assumed that the EC2 Instance has
permissions to publish metric data to the CloudWatch API. This can be done by attaching a policy to the EC2 Instance's
IAM Role. The permissions necessary are:
Configure the Fail2Ban CloudWatch Action on your EC2 Instances
In order for the EC2 Instance to send metric data to CloudWatch sucessfully, it needs certain data from the EC2 instance.
When your EC2 Instances are booting up, they should run the configure-fail2ban-cloudwatch.sh script, which will configure
fail2ban to send data to CloudWatch. The script supports one command line option:
--cloudwatch-namespace: The namespace used to define the cloudwatch metrics. Default value is 'Gruntwork/Fail2Ban'. Optional.
The best way to run a script during boot is to put it in User
Data. Here's an example:
Default zone for firewalld (Amazon Linux 2 and CentOS)
On Amazon Linux 2 and CentOS, the implementation of fail2ban uses firewalld to manage the iptables for
implementing the firewall. In a default installation of firewalld on these operating systems, all inbound ports are
blocked on the interfaces except for SSH access. This is caused by the usage of public for the configured default
zone. While this is generally more secure, in practice, this adds a layer of complexity that is typically unnecessary
due to the usage of cloud based firewalls in the form of Security Groups. For example, this requires configuring the
firewalld to allow all the applications you expect to expose on the instance, which may be difficult to track in a
docker cluster like ECS or EKS.
As such, this module updates the default zone of firewalld to be trusted, which means allow all access by default,
and have rules added that block specific IPs. This setup is similar to how fail2ban works on Ubuntu and Amazon Linux
1, which use the more traditional approach of setting iptables rules directly.
If you wish to revert to the original behavior of firewalld, you can update the default zone back to public after
the installation call to fail2ban. For example:
# Install fail2ban using Gruntwork modules
gruntwork-install --module-name bash-commons --tag <BASH_COMMONS_VERSION> --repo https://github.com/gruntwork-io/bash-commons
gruntwork-install --module-name fail2ban --tag <MODULE_SECURITY_VERSION> --repo https://github.com/gruntwork-io/terraform-aws-security
# firewalld cannot be configured using `firewall-cmd` unless it is started
sudo systemctl start firewalld
# Update the default zone back to public, as Gruntwork fail2ban installer will set the default zone to be trusted.
sudo firewall-cmd --set-default-zone=public
# We stop firewalld at the end to avoid it interfering with additional installation setups.
sudo systemctl stop firewalld
The above script will:
Install fail2ban using this module.
Revert the default zone back to public after fail2ban installation completes, since it is set to trusted during
the installation step.
TODO
Add support for protocols/services other than ssh
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"b632050a90683f5823758b18bc3e485874f30530"},{"name":"post-upgrade-test-results.sh","path":".circleci/post-upgrade-test-results.sh","sha":"a4867e8fbdc334b7a90259568ee41ea577fbe764"},{"name":"set-upgrade-test-vars.sh","path":".circleci/set-upgrade-test-vars.sh","sha":"892467768667b771c06e8dd6ff7c7fba1919809f"}]},{"name":".editorconfig","path":".editorconfig","sha":"92ad89fbaccc7ba421a0965c03d8d3c3758e1773"},{"name":".github","children":[{"name":"ISSUE_TEMPLATE","children":[{"name":"bug_report.md","path":".github/ISSUE_TEMPLATE/bug_report.md","sha":"d2e87e27c601e423865ed660ec697082470ca60f"},{"name":"feature_request.md","path":".github/ISSUE_TEMPLATE/feature_request.md","sha":"023a33099be2336476930c96e17ff1ba5dc55348"}]},{"name":"pull_request_template.md","path":".github/pull_request_template.md","sha":"6b100e40e323b5b07f40ed30616277c51c9f4b9e"}]},{"name":".gitignore","path":".gitignore","sha":"0cf4a055250f3a27cf2020436c45fb1e85f0c07f"},{"name":".patcher","children":[{"name":"config.yaml","path":".patcher/config.yaml","sha":"67c22634730a5cc273a909f4c50c377e4ac60657"},{"name":"patches","children":[{"name":"aws-provider-3.64","children":[{"name":"bump_provider_aws_3.64.0.sh","path":".patcher/patches/aws-provider-3.64/bump_provider_aws_3.64.0.sh","sha":"3435a91ff90ece19e39f93f64434ab9bf0339c4b"},{"name":"create_script_for_terraform_init_3.64.0.sh","path":".patcher/patches/aws-provider-3.64/create_script_for_terraform_init_3.64.0.sh","sha":"97193ae68990752a331ecfd713358dd43ce355a3"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-3.64/patch.yaml","sha":"478943e4ba736d5693573d263c32ccdbd2b0532e"}]},{"name":"aws-provider-3.66.0","children":[{"name":"bump_provider_aws_3.66.0.sh","path":".patcher/patches/aws-provider-3.66.0/bump_provider_aws_3.66.0.sh","sha":"161b2df36453676071c35a1f06bfd4d6312034e1"},{"name":"create_script_for_terraform_init_3.66.0.sh","path":".patcher/patches/aws-provider-3.66.0/create_script_for_terraform_init_3.66.0.sh","sha":"00fa34828a360e25d941f37964c8f0defa79f073"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-3.66.0/patch.yaml","sha":"95810f40716247eef97236aad8e4d1c34780eae3"}]},{"name":"aws-provider-4.x-3.75.0","children":[{"name":"bump_provider_aws_3.75.0.sh","path":".patcher/patches/aws-provider-4.x-3.75.0/bump_provider_aws_3.75.0.sh","sha":"7a3efe13136cca239fed10ac79a8235db63b46c7"},{"name":"create_script_for_terraform_init_3.75.0.sh","path":".patcher/patches/aws-provider-4.x-3.75.0/create_script_for_terraform_init_3.75.0.sh","sha":"1f3da8348dbaf12e2493e93f037f75620eba7a5b"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-4.x-3.75.0/patch.yaml","sha":"f17a744f5ca9e00807bff797f6bf32f0f70f0bb4"}]},{"name":"aws-provider-4.x-3.75.1","children":[{"name":"bump_provider_aws_3.75.1.sh","path":".patcher/patches/aws-provider-4.x-3.75.1/bump_provider_aws_3.75.1.sh","sha":"539cffdeb53bfcdf3f9dea8e67d60b4d6b434428"},{"name":"create_script_for_terraform_init_3.75.1.sh","path":".patcher/patches/aws-provider-4.x-3.75.1/create_script_for_terraform_init_3.75.1.sh","sha":"097647deb89942ef8200679ae7e2a58760b011f3"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-4.x-3.75.1/patch.yaml","sha":"8ec256c244c4ba040fd40af9037aaf6a635c8b87"}]}]}]},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"c54725b8fe2e0eb30c15d29380a23f1fb58360fa"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"c95270a440bf3806d929de6a1e25dbbbd4422e6d"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"6e1d6c6f741cb0178f9149a9e2102397e60f3ecd"},{"name":"_ci","children":[{"name":"output-debug-values.sh","path":"_ci/output-debug-values.sh","sha":"39d6d5f080a53f932e3b5ec970b5f268fd00e50a"}]},{"name":"_docs","children":[{"name":"auto-update.png","path":"_docs/auto-update.png","sha":"77bfd1c65de0245ac8b3c67d5b0b64fc440824bf"},{"name":"aws-cloudtrail-architecture.png","path":"_docs/aws-cloudtrail-architecture.png","sha":"a2dd9a08b8ed77744fd5febab3be7bdf633dee79"},{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"acc7dcaf4b46ce3cef1bcc20be0329e12c320e7f"},{"name":"aws-config-architecture.png","path":"_docs/aws-config-architecture.png","sha":"721458048d5e539468c438498863a91fa96e0a85"},{"name":"aws-config-rules-architecture.png","path":"_docs/aws-config-rules-architecture.png","sha":"29fe3f20358b176e385d1bcdc0357bff2c1d5b4a"},{"name":"aws-config-rules.png","path":"_docs/aws-config-rules.png","sha":"ac3f7b35bcac949887e62aee260d9cb70edd3ae8"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"02f4b326aef57372def4f3fafa4f0e4cec07e395"},{"name":"aws-guardduty.png","path":"_docs/aws-guardduty.png","sha":"053b92412fb8e3fb5740acc404b493fe1dd7229b"},{"name":"aws-organizations-architecture.png","path":"_docs/aws-organizations-architecture.png","sha":"bd57412fe85d3fe8d5e358db5e3b7bfef3e786a9"},{"name":"aws-organizations-icon.png","path":"_docs/aws-organizations-icon.png","sha":"b2b3fa04f51a23e5bae1b3389ffedf5e17b3cef2"},{"name":"iam-access-analyzer.png","path":"_docs/iam-access-analyzer.png","sha":"36e38e69454beae66d35b9bf25b3e5ffe1e68a25"},{"name":"kms-icon.png","path":"_docs/kms-icon.png","sha":"cd4f350a9a3fda41089928a7e396ee8924b7a901"},{"name":"multi-account-multi-region-aws-config.png","path":"_docs/multi-account-multi-region-aws-config.png","sha":"a9c813b1799fe71554c20c8fefc703792293bfe4"},{"name":"multiaccount_guardduty.png","path":"_docs/multiaccount_guardduty.png","sha":"c56b50bbb4c2a041366b430cada27b88aa02524b"},{"name":"ssh-grunt-architecture.png","path":"_docs/ssh-grunt-architecture.png","sha":"9ced8c68bcc7957e50aa016cad6c5b043a05b470"},{"name":"terminal-icon.png","path":"_docs/terminal-icon.png","sha":"df09d52d5b1176d7e231bab6c7712c3728e45c1b"}]},{"name":"codegen","children":[{"name":"README.adoc","path":"codegen/README.adoc","sha":"e2b5314b4f15a8f5b6c1b3932e73de6e87d107f0"},{"name":"core-concepts.md","path":"codegen/core-concepts.md","sha":"84b96ff7db44ca1785f27d873fb559677ceead4a"},{"name":"generate-all.sh","path":"codegen/generate-all.sh","sha":"e95f7a1fe3b75636468472cd072e0d0b559f2eb5"},{"name":"generate-aws-config","children":[{"name":".gitignore","path":"codegen/generate-aws-config/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-config/main.go","sha":"61962b08f49ada32239f40be7dede4830517db00"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-config/static/README.adoc","sha":"dc4b0dc89afdd92984fceca74f2c2e087645d019"},{"name":"core-concepts.md","path":"codegen/generate-aws-config/static/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"variables.tf","path":"codegen/generate-aws-config/static/variables.tf","sha":"5d33ad42f818f943993986c0c3bb964eee84f9ba"}]},{"name":"template_data.go","path":"codegen/generate-aws-config/template_data.go","sha":"3e7e5e495a7f126b671f587554f3d4e08278801a"}]},{"name":"generate-aws-guardduty","children":[{"name":".gitignore","path":"codegen/generate-aws-guardduty/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-guardduty/main.go","sha":"c601f31f76e141d5d119f9e623346762572455ed"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-guardduty/static/README.adoc","sha":"e2959ada579d8b5cb64df19e3c39aac983e9bc40"},{"name":"variables.tf","path":"codegen/generate-aws-guardduty/static/variables.tf","sha":"5e2a75522e60e48888a1da78ac544a38882b9022"}]},{"name":"template_data.go","path":"codegen/generate-aws-guardduty/template_data.go","sha":"10972a350c90666bc4b50819389039fb3b79c528"}]},{"name":"generate-ebs-encryption","children":[{"name":".gitignore","path":"codegen/generate-ebs-encryption/.gitignore","sha":"a3f620a6c9c87b381bf6748917bdf9542792f54b"},{"name":"main.go","path":"codegen/generate-ebs-encryption/main.go","sha":"9a6d91248b2368d26b9cfce7517230b6dd4bfc08"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-ebs-encryption/static/README.adoc","sha":"86b31069c9627391411f7b6cceed08e813a7a37e"},{"name":"variables.tf","path":"codegen/generate-ebs-encryption/static/variables.tf","sha":"4bb22b9bb519462a429baea8ffea9d1a3991be26"}]},{"name":"template_data.go","path":"codegen/generate-ebs-encryption/template_data.go","sha":"fd500cf79337ab316d3c0eb466c47ba408f75346"}]},{"name":"generate-multiregion-iam-access-analyzer","children":[{"name":".gitignore","path":"codegen/generate-multiregion-iam-access-analyzer/.gitignore","sha":"045b82ea48805332afcf6edb7a52b41310f0c72c"},{"name":"main.go","path":"codegen/generate-multiregion-iam-access-analyzer/main.go","sha":"881f4fc8e464c4c4337866692dad7ddbe03c1df0"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-iam-access-analyzer/static/README.adoc","sha":"d87068a71e5a6149ba32dcc1ba33070d8b83aeaa"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-iam-access-analyzer/static/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"variables.tf","path":"codegen/generate-multiregion-iam-access-analyzer/static/variables.tf","sha":"6e8d81aac5af0cba584e6d0884e03cfbc23ba07f"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-iam-access-analyzer/template_data.go","sha":"934f6eed2001f1155777dbdf30399d2cad447c6f"}]},{"name":"generate-multiregion-kms-grant","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms-grant/.gitignore","sha":"ce81abc8eeae39683199307d44536f0a8b1b7862"},{"name":"main.go","path":"codegen/generate-multiregion-kms-grant/main.go","sha":"63601132e88e8a47669e4391f91b9638efc39f95"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms-grant/static/README.adoc","sha":"7c33dc779f289c34d0c72ecce7a4a60d99c38098"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-kms-grant/static/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms-grant/static/variables.tf","sha":"505b2d0cb9ecf78f0364e845cab72bf0c28365d5"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms-grant/template_data.go","sha":"290280e7d9d065b6f8d14f2635daf05cff6607fb"}]},{"name":"generate-multiregion-kms","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms/.gitignore","sha":"dd60654458233c0bdb18892c5989f1828889d55b"},{"name":"main.go","path":"codegen/generate-multiregion-kms/main.go","sha":"129659dc4368e96d289a5a3087376dc50355d581"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms/static/README.adoc","sha":"75402e428cc30fee27dc5dd469788cf1d71320eb"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-kms/static/core-concepts.md","sha":"8ba58b9a40c3aad18e2b804f53c6439b549b756d"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms/static/variables.tf","sha":"b1740fb059927c65f7afd76f902ba616a921a138"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms/template_data.go","sha":"4e3e26c551042fd93ffcad5f96f96a13ed3dbf67"}]},{"name":"generator","children":[{"name":"autogen_variables.tf.tpl.go","path":"codegen/generator/autogen_variables.tf.tpl.go","sha":"2817455872b7ca544e003936ac04723ce4573dbb"},{"name":"aws.go","path":"codegen/generator/aws.go","sha":"6deab752db1f91eac4ea704e037f7f1d9fefe55c"},{"name":"cli.go","path":"codegen/generator/cli.go","sha":"c5b811e482648de2d5315f8bbf1c9383b7477155"},{"name":"errors.go","path":"codegen/generator/errors.go","sha":"21fd1f6d4bef60ea9cb39939783696526ddd02e7"},{"name":"generator.go","path":"codegen/generator/generator.go","sha":"8ee7e0b2b74a5f1e637ffe92106cfdd69459d400"},{"name":"main.tf.tpl.go","path":"codegen/generator/main.tf.tpl.go","sha":"5cc7edcf31fc4a7d8e3c023563d82912d44ad6df"},{"name":"outputs.tf.tpl.go","path":"codegen/generator/outputs.tf.tpl.go","sha":"c345e783f1bbfa91615b60c1aa1d408f2a770560"}]},{"name":"go.mod","path":"codegen/go.mod","sha":"9ec5716f8e080cd7938bbff38710b5b431976c82"},{"name":"go.sum","path":"codegen/go.sum","sha":"01eaf69233f3d5c601db3d59c4a448d1da80c5b3"},{"name":"logging","children":[{"name":"logging.go","path":"codegen/logging/logging.go","sha":"582d5e1f6cdb5c400978162482292fc2ab79bd1d"}]}]},{"name":"examples","children":[{"name":"auto-update","children":[{"name":"README.md","path":"examples/auto-update/README.md","sha":"4638d119d6ab18abcd5b3a1f1b9c7126063b9a7c"},{"name":"auto-update-example.json","path":"examples/auto-update/auto-update-example.json","sha":"6ea066fcb31d5cccb3620483e7d5922a4a135237"}]},{"name":"aws-config-multi-region","children":[{"name":"README.md","path":"examples/aws-config-multi-region/README.md","sha":"5d472db5cdc843b494852a062d8c0880f246fcd0"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/aws-config-multi-region/terraform/main.tf","sha":"2a84cd06ff41c5ff6438a893828cd6b448c314d2"},{"name":"outputs.tf","path":"examples/aws-config-multi-region/terraform/outputs.tf","sha":"77ee90f69634c965b8ebed79a8d3afd6adca4db4"},{"name":"providers.tf","path":"examples/aws-config-multi-region/terraform/providers.tf","sha":"28ed423dfce31e06a3b81adc2bb0f679bb804ea0"},{"name":"variables.tf","path":"examples/aws-config-multi-region/terraform/variables.tf","sha":"59522bebed5385bfd208715d4933208ae9abcbec"}]},{"name":"terragrunt","children":[{"name":"terragrunt.hcl","path":"examples/aws-config-multi-region/terragrunt/terragrunt.hcl","sha":"178f71cd0cddbcb96a6ba8b3a9d9ef5aa1a15352"}]}]},{"name":"aws-config-rules","children":[{"name":"README.md","path":"examples/aws-config-rules/README.md","sha":"6cd2794e82af1e3c3620d8feaed136af5358207e"},{"name":"main.tf","path":"examples/aws-config-rules/main.tf","sha":"d661c81d842e7fcc5ab559dc82cf2a45e566772d"},{"name":"outputs.tf","path":"examples/aws-config-rules/outputs.tf","sha":"4319400eb4190f58458f2dd9398225869ff08da3"},{"name":"variables.tf","path":"examples/aws-config-rules/variables.tf","sha":"7d39063bdc912f043b060e8390a72fe1b984f2c5"}]},{"name":"aws-config","children":[{"name":"README.md","path":"examples/aws-config/README.md","sha":"5d66d09633de365e154669a090edc37fc70548d1"},{"name":"main.tf","path":"examples/aws-config/main.tf","sha":"1ea0236b25a7e57ca400e66dee02c9bec50540f2"},{"name":"outputs.tf","path":"examples/aws-config/outputs.tf","sha":"ddd32698f39772d663a2d9b8a6276260f5431068"},{"name":"variables.tf","path":"examples/aws-config/variables.tf","sha":"f119464824bd2821f2c6e8917e0670010090bc34"}]},{"name":"aws-organizations","children":[{"name":"README.md","path":"examples/aws-organizations/README.md","sha":"1da3c2fc061fee6ee99564b8b2323ccf69f2c690"},{"name":"main.tf","path":"examples/aws-organizations/main.tf","sha":"6e8550569d68880d9fa5eb1ff2c9e8e95a97db72"},{"name":"outputs.tf","path":"examples/aws-organizations/outputs.tf","sha":"58e36aac71c1fd04d5552fa840a9b5f149dcc32a"},{"name":"variables.tf","path":"examples/aws-organizations/variables.tf","sha":"59afc28c87bc3c49d11c6faf7e112643f0a95481"}]},{"name":"cloudtrail-custom-key","children":[{"name":"README.md","path":"examples/cloudtrail-custom-key/README.md","sha":"bb376ddaca4b52bef18a5526aa9cb0465574ff7e"},{"name":"main.tf","path":"examples/cloudtrail-custom-key/main.tf","sha":"4d8659f5463d28160ec3e6ffc1b92234274817d4"},{"name":"outputs.tf","path":"examples/cloudtrail-custom-key/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail-custom-key/variables.tf","sha":"a72f9cabc8968d84ecdd5f2a3cbd5e8e41c064f6"}]},{"name":"cloudtrail","children":[{"name":"README.md","path":"examples/cloudtrail/README.md","sha":"2fbe4b7494d970738d054910d86d0ae31718c8ec"},{"name":"main.tf","path":"examples/cloudtrail/main.tf","sha":"8ad8feda9bbe421ca2d7fa23015bb3bac6b3dcae"},{"name":"outputs.tf","path":"examples/cloudtrail/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail/variables.tf","sha":"cbeb938286bd999d6072ef3093254e8fd435f529"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/README.md","sha":"bac6fd37f7f7009454a66e55e8ff377fff36aefb"},{"name":"main.tf","path":"examples/cross-account-iam-roles/main.tf","sha":"501afff7e5cb2d3f287a240cc982cac6af71f8ba"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/outputs.tf","sha":"44af3be56d0a80e4d509fcd62c0e6dd8628072fa"},{"name":"variables.tf","path":"examples/cross-account-iam-roles/variables.tf","sha":"749900f2e1e1d18ca039847f30676461c14cb7a8"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"examples/custom-iam-entity/README.md","sha":"7e6c2e15f44a4ddc28ef276da4b323d2fd326a3f"},{"name":"main.tf","path":"examples/custom-iam-entity/main.tf","sha":"6a5f13f53d4e1a5c891e1ca4746d78725d55002f"},{"name":"outputs.tf","path":"examples/custom-iam-entity/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"variables.tf","path":"examples/custom-iam-entity/variables.tf","sha":"098b2744c093aac9a50c36df4a88d12f4a9baa50"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.md","path":"examples/ebs-encryption-multi-region/README.md","sha":"6052c04a4f885b2e37658652bd174a59c56273de"},{"name":"main.tf","path":"examples/ebs-encryption-multi-region/main.tf","sha":"6291958eefcadfc4284ff2e6b84b0017c2b9d86c"},{"name":"outputs.tf","path":"examples/ebs-encryption-multi-region/outputs.tf","sha":"49520778a1fc9e5e82777cbb5aa0250e032e1817"},{"name":"providers.tf","path":"examples/ebs-encryption-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/ebs-encryption-multi-region/variables.tf","sha":"7693921b9f8ac0a0211b69b8417ac849c6b0a6b2"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"examples/fail2ban/README.md","sha":"6599f8481a3e7666ffe7924707c89b0701d57689"},{"name":"fail2ban-example.json","path":"examples/fail2ban/fail2ban-example.json","sha":"27869b3c43d34d5e862c101673e7e32842f2cf5d"},{"name":"main.tf","path":"examples/fail2ban/main.tf","sha":"445dc77faa7282b6e83cb990743e53ea212c2d7e"},{"name":"outputs.tf","path":"examples/fail2ban/outputs.tf","sha":"77a6ab8a992cd106de126f24b2950c1efa499229"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/fail2ban/user-data/user-data.sh","sha":"460b230fb025451e06e8cdd73f83bb5bfea21110"}]},{"name":"variables.tf","path":"examples/fail2ban/variables.tf","sha":"65cae65d6dde1f7c3b4fa83f0bd722617444c18d"}]},{"name":"github-actions-iam-role-existing-oidc-provider","children":[{"name":"main.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/main.tf","sha":"e111d2e80649aba1000b06c955c8ccc7b9e6e79a"},{"name":"outputs.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/outputs.tf","sha":"d440f596aefbccbe3b4e76f8262a7201a89688c1"},{"name":"variables.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/variables.tf","sha":"ac6e2249daba4410a22dd09b9a6912a1ef645da0"}]},{"name":"github-actions-iam-role","children":[{"name":"main.tf","path":"examples/github-actions-iam-role/main.tf","sha":"acab78c433504d8d0002cca1c194efbb86f303b6"},{"name":"outputs.tf","path":"examples/github-actions-iam-role/outputs.tf","sha":"d440f596aefbccbe3b4e76f8262a7201a89688c1"},{"name":"variables.tf","path":"examples/github-actions-iam-role/variables.tf","sha":"ac6e2249daba4410a22dd09b9a6912a1ef645da0"}]},{"name":"guardduty","children":[{"name":"README.md","path":"examples/guardduty/README.md","sha":"23c75950a1b8b33286b79bd5e9d853cee02d62ea"},{"name":"main.tf","path":"examples/guardduty/main.tf","sha":"f6b5ebdf79855b9fcb5e14ad681408997d41e67f"},{"name":"outputs.tf","path":"examples/guardduty/outputs.tf","sha":"37cb3c11ae6c6fcbc0dd9bdd5e0c25efa056e82b"},{"name":"providers.tf","path":"examples/guardduty/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/guardduty/variables.tf","sha":"088c6aebe9496507e3a7c2d224ed4936e55c8700"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.md","path":"examples/iam-access-analyzer-multi-region/README.md","sha":"51c398bec469b1d95f4e59e2fb1f287fe621bf20"},{"name":"main.tf","path":"examples/iam-access-analyzer-multi-region/main.tf","sha":"80c4ea9fc63638d47f92a94b808668b0738bda6f"},{"name":"providers.tf","path":"examples/iam-access-analyzer-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/iam-access-analyzer-multi-region/variables.tf","sha":"63a155cedce7a2119429f3e200c4c501c7715489"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"examples/iam-groups/README.md","sha":"7bd21c82fd8f28f7b3155497a0524d86ce17cfdd"},{"name":"main.tf","path":"examples/iam-groups/main.tf","sha":"1296371bcfc2b526f65d28a1484d7755f0590af1"},{"name":"outputs.tf","path":"examples/iam-groups/outputs.tf","sha":"5076c13be431d7844e1ce524bcd40076450c051e"},{"name":"variables.tf","path":"examples/iam-groups/variables.tf","sha":"a7790e3207316f9e6216574fe2e0dd50fb39b767"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"examples/iam-user-password-policy/README.md","sha":"bc62258833767d2e383a130c43d57a11e229af27"},{"name":"main.tf","path":"examples/iam-user-password-policy/main.tf","sha":"3154b54ed5aaa34ceb3617a70fb162a12468ad13"},{"name":"outputs.tf","path":"examples/iam-user-password-policy/outputs.tf","sha":"36e88e92cf2568fb06a8da0453a85bcb4bd199dd"},{"name":"variables.tf","path":"examples/iam-user-password-policy/variables.tf","sha":"7f920bda19b0928773bb37203859a68453a12231"}]},{"name":"iam-users","children":[{"name":"README.md","path":"examples/iam-users/README.md","sha":"f8b65e9756e9f8c8703a854c1363be700b5fe8d9"},{"name":"main.tf","path":"examples/iam-users/main.tf","sha":"f78bc115fccc493045472ac2c2046bff60ea5559"},{"name":"outputs.tf","path":"examples/iam-users/outputs.tf","sha":"dfa5ea6a81c8d28ffbfb0bf34e9ee3871eb80619"},{"name":"variables.tf","path":"examples/iam-users/variables.tf","sha":"52c97ebc727f29aa1c7cbc7e3947967a04dd4e52"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"examples/ip-lockdown/README.md","sha":"3962ba23a76d8f02e5c0ffc8cb71196991628e38"},{"name":"aws-example","children":[{"name":"README.md","path":"examples/ip-lockdown/aws-example/README.md","sha":"da44a1265bdd321d10b4a6e3471a655da91033bb"},{"name":"main.tf","path":"examples/ip-lockdown/aws-example/main.tf","sha":"6c6d4838eb381869ff38d61d19b255d653bd0c9d"},{"name":"outputs.tf","path":"examples/ip-lockdown/aws-example/outputs.tf","sha":"a175a78c9a10f9f2fd9d7c84f9b304aebc1bdb41"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/ip-lockdown/aws-example/user-data/user-data.sh","sha":"c6d308027737a434f4c96bc3eba5bd301897af62"}]},{"name":"variables.tf","path":"examples/ip-lockdown/aws-example/variables.tf","sha":"85be46b79dfe349e32974eccdc9c3206211787ac"}]},{"name":"ip-lockdown-sample.json","path":"examples/ip-lockdown/ip-lockdown-sample.json","sha":"b0cae4cdbc52a57e496b925c8532ca8186949291"},{"name":"local-test","children":[{"name":"README.md","path":"examples/ip-lockdown/local-test/README.md","sha":"3f0e1a6483ce3155bb04dbb9a4fd76ed41486d35"},{"name":"docker-compose.yml","path":"examples/ip-lockdown/local-test/docker-compose.yml","sha":"7c8e3a5d1fd40a95ef99b4bba0911c63ed43b530"}]}]},{"name":"kms-grant-multi-region","children":[{"name":"main.tf","path":"examples/kms-grant-multi-region/main.tf","sha":"a457457ce558e7c71927e973608bdc66cb8bc285"},{"name":"providers.tf","path":"examples/kms-grant-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/kms-grant-multi-region/variables.tf","sha":"5c82ac63c161e1c7e7191dbb709926da4aebb4d5"}]},{"name":"kms-master-key-multi-region","children":[{"name":"main.tf","path":"examples/kms-master-key-multi-region/main.tf","sha":"3483cd9fbac54c347658b632213f99680da468fe"},{"name":"outputs.tf","path":"examples/kms-master-key-multi-region/outputs.tf","sha":"c2685a282b5ce295c2dd80a78841711a40e80dcb"},{"name":"providers.tf","path":"examples/kms-master-key-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/kms-master-key-multi-region/variables.tf","sha":"5199b550d4a05ab5920099a9b791a0394c2c1492"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"examples/kms-master-key/README.md","sha":"821565d831f2afcf7a2ffeea9a0854fabdaae033"},{"name":"main.tf","path":"examples/kms-master-key/main.tf","sha":"6056269e71058398aba9c7d51791d84e2e862e31"},{"name":"outputs.tf","path":"examples/kms-master-key/outputs.tf","sha":"4d5fd0a19ea917beff0241f169b51417ff9935b9"},{"name":"variables.tf","path":"examples/kms-master-key/variables.tf","sha":"c1de5a7b1c0859710d1253b61baf86c4564560e3"}]},{"name":"ntp","children":[{"name":"README.md","path":"examples/ntp/README.md","sha":"b676e802c1d196f6af204d14d143b80864bccd30"},{"name":"ntp-example.json","path":"examples/ntp/ntp-example.json","sha":"e8a7cf3dcdf7637db8041a486c458f795b3678c0"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"examples/os-hardening/README.md","sha":"1e846b7a8c85f76dab7f2db87b30118ba2598b69"},{"name":"packer-build.sh","path":"examples/os-hardening/packer-build.sh","sha":"2c2b5c007ba9024873bfee11292482113a8a2f40"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/os-hardening/terraform/main.tf","sha":"3153d380d27f69b9f7e2598d6319031d326cd0d5"},{"name":"outputs.tf","path":"examples/os-hardening/terraform/outputs.tf","sha":"60fa5faaa18d1a146332c851f4a068e2f2785c58"},{"name":"packer","children":[{"name":"amazon-linux.json","path":"examples/os-hardening/terraform/packer/amazon-linux.json","sha":"9cb139394ce9f295e6ed47742eab12d4c99c15cf"},{"name":"files","children":[{"name":"etc","children":[{"name":"fstab","path":"examples/os-hardening/terraform/packer/files/etc/fstab","sha":"cbf68cec68a92bc54f514dd0d6906f19cea857e6"}]}]}]},{"name":"variables.tf","path":"examples/os-hardening/terraform/variables.tf","sha":"3166fe1f2f6f281a2b1e8b0c7b20238fed614ac7"}]}]},{"name":"private-s3-bucket-null-ownership","children":[{"name":"README.md","path":"examples/private-s3-bucket-null-ownership/README.md","sha":"537dea0ff4b17fcc8c8a9f17d55a5cae392edf39"},{"name":"main.tf","path":"examples/private-s3-bucket-null-ownership/main.tf","sha":"39cde90b3946dead4926e618231c2a5e9e243862"},{"name":"outputs.tf","path":"examples/private-s3-bucket-null-ownership/outputs.tf","sha":"efddeeb33901e91f4f28a438afb3455f2cca5e18"},{"name":"variables.tf","path":"examples/private-s3-bucket-null-ownership/variables.tf","sha":"ce9cb926cc79a19e527ec6b6b8f918232dad4168"}]},{"name":"private-s3-bucket-with-replication","children":[{"name":"README.md","path":"examples/private-s3-bucket-with-replication/README.md","sha":"8e47c9c013750aab08f8200383a9a468af233816"},{"name":"main.tf","path":"examples/private-s3-bucket-with-replication/main.tf","sha":"1646b9dfa0d6194ab3d10b335e31d734c8f18df5"},{"name":"outputs.tf","path":"examples/private-s3-bucket-with-replication/outputs.tf","sha":"e0ca6c1c51d90124a0f6aa588f2286106766f7e7"},{"name":"variables.tf","path":"examples/private-s3-bucket-with-replication/variables.tf","sha":"4ba072428192f007a6511ee27aadfc49d9da9bb2"}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"examples/private-s3-bucket/README.md","sha":"5214e6225de5e051cb2842fa2eb6e04a92184a10"},{"name":"main.tf","path":"examples/private-s3-bucket/main.tf","sha":"926dd654288f092fefb6ac1b6a4e8092aff34c3d"},{"name":"outputs.tf","path":"examples/private-s3-bucket/outputs.tf","sha":"efddeeb33901e91f4f28a438afb3455f2cca5e18"},{"name":"variables.tf","path":"examples/private-s3-bucket/variables.tf","sha":"ce9cb926cc79a19e527ec6b6b8f918232dad4168"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"examples/saml-iam-roles/README.md","sha":"b4ef2b28d5704aec892ea54cc28a61fbb46378c9"},{"name":"main.tf","path":"examples/saml-iam-roles/main.tf","sha":"e08a534b5d83f212442d394949be3d5304d5dda0"},{"name":"outputs.tf","path":"examples/saml-iam-roles/outputs.tf","sha":"1bd4fec9529cddfd2d3f61bba60f9dfb8b286c70"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"variables.tf","path":"examples/saml-iam-roles/variables.tf","sha":"28705aa859940aa4b8027a19fe0b5b4affba939e"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"README.md","path":"examples/secrets-manager-resource-policies/README.md","sha":"289a83c28bd9142fc7bbb4e603a4b25b4c9c1b98"},{"name":"main.tf","path":"examples/secrets-manager-resource-policies/main.tf","sha":"03943a159f858357c8b02a2a12b3916dddd98151"},{"name":"variables.tf","path":"examples/secrets-manager-resource-policies/variables.tf","sha":"d6f5c45fbc2173475cec7c4e77ac8f5caed4dc27"}]},{"name":"ssh-grunt","children":[{"name":"iam","children":[{"name":"README.md","path":"examples/ssh-grunt/iam/README.md","sha":"b1ae6d51c6f6d3eeb7df2b51dab8d0d238f53132"},{"name":"main.tf","path":"examples/ssh-grunt/iam/main.tf","sha":"4c06b110db63bee079e3387ab7341d208bbd498e"},{"name":"outputs.tf","path":"examples/ssh-grunt/iam/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"variables.tf","path":"examples/ssh-grunt/iam/variables.tf","sha":"a81647a7dff82c3ffaf849bba4883d8a518f9b69"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/ssh-grunt/packer/README.md","sha":"b44b220f168e6e682bbf5f68065b8269a706fca5"},{"name":"build-binary.sh","path":"examples/ssh-grunt/packer/build-binary.sh","sha":"fe84ead78eb3e87e4855272f28c83d681c58ffff"},{"name":"ssh-grunt-iam.json","path":"examples/ssh-grunt/packer/ssh-grunt-iam.json","sha":"e1c5559f7f75676018239c773c7176ab8c9355c1"}]}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"examples/ssm-healthchecks-iam-permissions/README.md","sha":"f1fe555a3aff887a966def0a1d3ccaff3dd826e7"},{"name":"main.tf","path":"examples/ssm-healthchecks-iam-permissions/main.tf","sha":"4c38ac5325ef7be7c5a2d8df3b8c5154fcf7a1c6"},{"name":"outputs.tf","path":"examples/ssm-healthchecks-iam-permissions/outputs.tf","sha":"52688c3a4f1f8349500505fb8949fa0d21c385a3"},{"name":"variables.tf","path":"examples/ssm-healthchecks-iam-permissions/variables.tf","sha":"217574c100974ae601b2a1478e0ac183d351d4a0"}]}]},{"name":"modules","children":[{"name":"_deprecated","children":[{"name":"account-baseline-app","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-app/README.md","sha":"289d35b15becbf5164ee355fecd892edf12c60bc"}]},{"name":"account-baseline-root","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-root/README.md","sha":"0ac4e867ee61387b76475d7eb36bba673a30fd76"}]},{"name":"account-baseline-security","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-security/README.md","sha":"ace992c3b31b9320aa1d559bbde597cc945c4430"}]},{"name":"custom-iam-group","children":[{"name":"README.md","path":"modules/_deprecated/custom-iam-group/README.md","sha":"e7a0ff783eb1052aa77fe50d7eaa6a06d2d82649"}]}]},{"name":"auto-update","children":[{"name":"README.adoc","path":"modules/auto-update/README.adoc","sha":"1e193ac18cb6a1863518b95d621a7802b09c1fab"},{"name":"core-concepts.md","path":"modules/auto-update/core-concepts.md","sha":"636f7283fa9f2e49c69d90360bdabbc13f75e131"},{"name":"install-scripts","children":[{"name":"configure-auto-update","path":"modules/auto-update/install-scripts/configure-auto-update","sha":"e4be89eb671a0e13be461a6ca3a1ec89badba469"},{"name":"dnf-automatic.txt","path":"modules/auto-update/install-scripts/dnf-automatic.txt","sha":"a196902703beea8f5020ebae8fc667bc2eeecf5c"},{"name":"unattended_upgrades_config.txt","path":"modules/auto-update/install-scripts/unattended_upgrades_config.txt","sha":"abe88fd8a5037ce518bec69a6cac0699cb421d47"},{"name":"yum_cron_config.txt","path":"modules/auto-update/install-scripts/yum_cron_config.txt","sha":"e7ef4273f1b2af0c9c032fadaacd03130ba5ea78"}]},{"name":"install.sh","path":"modules/auto-update/install.sh","sha":"7c19fd0d04b11c358af64149b3169d6b2c5e3b58"}]},{"name":"aws-auth","children":[{"name":"AWS-AUTH-1PASSWORD.md","path":"modules/aws-auth/AWS-AUTH-1PASSWORD.md","sha":"d7a63db66ddf11b485a2850069d52edf6bea37eb"},{"name":"AWS-AUTH-LASTPASS.md","path":"modules/aws-auth/AWS-AUTH-LASTPASS.md","sha":"d9b65d95892c1e2275894eb2ca3dd8f334a3a8b8"},{"name":"README.md","path":"modules/aws-auth/README.md","sha":"10f5164db2016bda84383b598e0262a188a39599"},{"name":"bin","children":[{"name":"aws-auth","path":"modules/aws-auth/bin/aws-auth","sha":"85039ffd1720f9b93a34e8998852bdd3b9502bcc"}]},{"name":"install.sh","path":"modules/aws-auth/install.sh","sha":"ab9611d92d6822ceed981bdff3766724366037f0"}]},{"name":"aws-config-bucket","children":[{"name":"README.md","path":"modules/aws-config-bucket/README.md","sha":"2988d934e16617289522a4ea711ee07589ce96d7"},{"name":"main.tf","path":"modules/aws-config-bucket/main.tf","sha":"c8ca2220391bfab6d6c4f1a4501b6d6d39bb1a38"},{"name":"outputs.tf","path":"modules/aws-config-bucket/outputs.tf","sha":"8ac7ab1c4c5ded586bee63ce460b25cd60eb4a18"},{"name":"variables.tf","path":"modules/aws-config-bucket/variables.tf","sha":"ba6b30c18ca75ab991f42abb845ef89af8e9cb6e"}]},{"name":"aws-config-multi-region","children":[{"name":"README.adoc","path":"modules/aws-config-multi-region/README.adoc","sha":"dc4b0dc89afdd92984fceca74f2c2e087645d019"},{"name":"core-concepts.md","path":"modules/aws-config-multi-region/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"main.tf","path":"modules/aws-config-multi-region/main.tf","sha":"ae07fd9a32796db21e04230faa77d12e36828664"},{"name":"outputs.tf","path":"modules/aws-config-multi-region/outputs.tf","sha":"e076d643a4e3e28452332f7cc20ae6667b6cb6ac"},{"name":"variables.autogen.tf","path":"modules/aws-config-multi-region/variables.autogen.tf","sha":"3ea138065b8386950e13b049c9532d185c145f76"},{"name":"variables.tf","path":"modules/aws-config-multi-region/variables.tf","sha":"5d33ad42f818f943993986c0c3bb964eee84f9ba"}]},{"name":"aws-config-rules","children":[{"name":"README.adoc","path":"modules/aws-config-rules/README.adoc","sha":"2b550ac006ee6189aef5221748d03339bcf9806e"},{"name":"core-concepts.md","path":"modules/aws-config-rules/core-concepts.md","sha":"af111230b6262be339d220c7b2308493781fef49"},{"name":"main.tf","path":"modules/aws-config-rules/main.tf","sha":"4ca86c3be590d39cc0c79fd72d60efd0aba94eb4"},{"name":"outputs.tf","path":"modules/aws-config-rules/outputs.tf","sha":"c297ad118d46f79f286d6577770ab46e59555ccb"},{"name":"variables.tf","path":"modules/aws-config-rules/variables.tf","sha":"e0645e3cfa20c357ae31401a32b7ea2d81d30d5b"}]},{"name":"aws-config","children":[{"name":"README.adoc","path":"modules/aws-config/README.adoc","sha":"191a82102e5fc9778d777052fc9efd616ddeb9db"},{"name":"core-concepts.md","path":"modules/aws-config/core-concepts.md","sha":"e5a7b8646bab42398ff7f5224549e528ce8c0d52"},{"name":"main.tf","path":"modules/aws-config/main.tf","sha":"8b73507b99a6865a2ec9249777ddc9b71868fab4"},{"name":"outputs.tf","path":"modules/aws-config/outputs.tf","sha":"bcd505e4ac4102bc09750adb36c99398a06eb1a6"},{"name":"variables.tf","path":"modules/aws-config/variables.tf","sha":"d7a45f6dda0ca5edb7550a280fda29b5d6d97a39"}]},{"name":"aws-organizations","children":[{"name":"README.adoc","path":"modules/aws-organizations/README.adoc","sha":"52cda8fa0eaa15b00e5f389ba9dfb73a1f3c9d56"},{"name":"core-concepts.md","path":"modules/aws-organizations/core-concepts.md","sha":"8766c8f36eef9e8992bf13a44f6571261c43995d"},{"name":"main.tf","path":"modules/aws-organizations/main.tf","sha":"7d4851f605760cc8806fbee5cf24af9299c4ee78"},{"name":"outputs.tf","path":"modules/aws-organizations/outputs.tf","sha":"feed57b33ab7eb9b100712647942f1a8d7245b3d"},{"name":"variables.tf","path":"modules/aws-organizations/variables.tf","sha":"cf9e1673e458c5c7644b1e94e128eddb6feca0d3"}]},{"name":"cloudtrail-bucket","children":[{"name":"README.md","path":"modules/cloudtrail-bucket/README.md","sha":"acc86c32958e8f6d90944e714a7731a82f404c82"},{"name":"main.tf","path":"modules/cloudtrail-bucket/main.tf","sha":"4e60d8c2292cd3e3df31c2a66d227f5db83ee45c"},{"name":"outputs.tf","path":"modules/cloudtrail-bucket/outputs.tf","sha":"1e560e9b0cc1c8f40e81d5fe8bbbf1c03258fdae"},{"name":"variables.tf","path":"modules/cloudtrail-bucket/variables.tf","sha":"f19a90d0974a3babe235277112e6fcf63164d575"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"b3090f9aa7b062f2028af50c3da17a3293ef3cd2"},{"name":"core-concepts.md","path":"modules/cloudtrail/core-concepts.md","sha":"debe79403a177aaf1de5396c85213652dbc85481"},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"1439232cef630b5cb4973d67a1a0b99a35088c08"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"d161a32bbcd6f824955c273c49ef9e00bcdb57b3"},{"name":"variables.tf","path":"modules/cloudtrail/variables.tf","sha":"db83b06f385c23aee940c5ed2217bc0b2502f15d"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"modules/cross-account-iam-roles/README.md","sha":"3627935a8b6b81efd1bec7cb936de086c2e4b300"},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"22d5531b3bc04b9ba76f6e6248333b939932ff4b"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"e8e61a415e0ef8c02281d531485688d2e2fd51e9"},{"name":"variables.tf","path":"modules/cross-account-iam-roles/variables.tf","sha":"61652a91bbd09909cf06eb485e029532e8f82c66"}]},{"name":"custom-iam-entity","children":[{"name":"CHANGELOG.md","path":"modules/custom-iam-entity/CHANGELOG.md","sha":"038c90120fa1fba1d961966baa5939c6c7cd7776"},{"name":"README.md","path":"modules/custom-iam-entity/README.md","sha":"a4dedbd0cbaad6561eaf42774054c4c640cbb478"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"52b30cd79f1c2681e74208d0ffac44a0c65f5a65"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"b94249803e78991682b8542d8f39e5a728432b97"},{"name":"variables.tf","path":"modules/custom-iam-entity/variables.tf","sha":"a9dc17f7ccdf58c57aaee13764304504c6cd4055"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.adoc","path":"modules/ebs-encryption-multi-region/README.adoc","sha":"86b31069c9627391411f7b6cceed08e813a7a37e"},{"name":"main.tf","path":"modules/ebs-encryption-multi-region/main.tf","sha":"73537c9461cdf7deb056899c9dcfe283409260f5"},{"name":"outputs.tf","path":"modules/ebs-encryption-multi-region/outputs.tf","sha":"0263a12a0cf37116db77ec5ac43667a76bac0706"},{"name":"variables.autogen.tf","path":"modules/ebs-encryption-multi-region/variables.autogen.tf","sha":"e016bd3d20f933e3b802d5facfd9665055f5140b"},{"name":"variables.tf","path":"modules/ebs-encryption-multi-region/variables.tf","sha":"4bb22b9bb519462a429baea8ffea9d1a3991be26"}]},{"name":"ebs-encryption","children":[{"name":"README.md","path":"modules/ebs-encryption/README.md","sha":"f9f23a71b7725648a9fdc9300de92d38014e6f63"},{"name":"main.tf","path":"modules/ebs-encryption/main.tf","sha":"958efee5cd8023fd72ed57fe879ceb610c9598b4"},{"name":"outputs.tf","path":"modules/ebs-encryption/outputs.tf","sha":"6caa6eba337ae7aa9ad7db82dbd2cf6223f42cb9"},{"name":"variables.tf","path":"modules/ebs-encryption/variables.tf","sha":"d47c23a0c98c7561fcf0d95fa22fc40b34182bf9"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"modules/fail2ban/README.md","sha":"d3423a1bc6a2ba26f2ff203b1af9ac7bc0d0fdb6","toggled":true},{"name":"install-scripts","children":[{"name":"cloudwatch-metric.conf","path":"modules/fail2ban/install-scripts/cloudwatch-metric.conf","sha":"b2fb301180aeb253f5168a6fedd3e5c44b6938ff"},{"name":"configure-fail2ban","path":"modules/fail2ban/install-scripts/configure-fail2ban","sha":"45377c7878b00e5d1b62c1abb4ba42a14ba312ce"},{"name":"fail2ban.local","path":"modules/fail2ban/install-scripts/fail2ban.local","sha":"ea80bf8058a1f9bb1a80a59031981b2a37445750"},{"name":"filters.sshd.amazon.conf","path":"modules/fail2ban/install-scripts/filters.sshd.amazon.conf","sha":"093bb1baf88a1e283a43b7dd7d04c64992abecc6"},{"name":"jail.amazon.local","path":"modules/fail2ban/install-scripts/jail.amazon.local","sha":"1284b66ca5a007b77a40c27b66662425e7fe8c91"},{"name":"jail.amazon2.local","path":"modules/fail2ban/install-scripts/jail.amazon2.local","sha":"8f0285c493c406aa0db98f40b8bf9aa238f52353"},{"name":"jail.ubuntu.local","path":"modules/fail2ban/install-scripts/jail.ubuntu.local","sha":"b3485d20a2b1fad7949167d30eff2b4caf357d81"}]},{"name":"install.sh","path":"modules/fail2ban/install.sh","sha":"8f7b536f08506dabc2f6beb6cd5a50f7282168aa"},{"name":"user-data-scripts","children":[{"name":"configure-fail2ban-cloudwatch.sh","path":"modules/fail2ban/user-data-scripts/configure-fail2ban-cloudwatch.sh","sha":"c11016c29c86476704b99db953afd6c9f1520cb4"}]}],"toggled":true},{"name":"github-actions-iam-role","children":[{"name":"README.md","path":"modules/github-actions-iam-role/README.md","sha":"295142b48d9430e2579c234a2f385405fcb079de"},{"name":"main.tf","path":"modules/github-actions-iam-role/main.tf","sha":"7e7f5ac5125f23a56016ebf7a12f258e55a8c5d8"},{"name":"outputs.tf","path":"modules/github-actions-iam-role/outputs.tf","sha":"145ba3cb4b8ec3ea26aa4f6557bc9159c9f38cc1"},{"name":"variables.tf","path":"modules/github-actions-iam-role/variables.tf","sha":"fac510010d58be06a878d9d080375732a7d3d310"}]},{"name":"github-actions-openid-connect-provider","children":[{"name":"README.md","path":"modules/github-actions-openid-connect-provider/README.md","sha":"3d2bbcd7c42ac2efb956eb25079ac2563625a70f"},{"name":"main.tf","path":"modules/github-actions-openid-connect-provider/main.tf","sha":"7d7e63f8f862590161116b27cf0c886c40ec2585"},{"name":"outputs.tf","path":"modules/github-actions-openid-connect-provider/outputs.tf","sha":"7e9e6b8c3f2d6c23cd949c90f35acec41d31c422"},{"name":"variables.tf","path":"modules/github-actions-openid-connect-provider/variables.tf","sha":"4c6ec0a863cae667b550194a3753831f25e76093"}]},{"name":"guardduty-bucket","children":[{"name":"README.md","path":"modules/guardduty-bucket/README.md","sha":"d9bc2eae83a3e78dc836ff25d6a6c913e3b86db8"},{"name":"main.tf","path":"modules/guardduty-bucket/main.tf","sha":"70c5c3cc317fa97c6171075c3481c0ac174a4fd2"},{"name":"outputs.tf","path":"modules/guardduty-bucket/outputs.tf","sha":"8ca4b9b652a538d5b9da3222db796f2a88942577"},{"name":"variables.tf","path":"modules/guardduty-bucket/variables.tf","sha":"7fca332cc94ae083904d266a451eab5cc6fd3260"}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"modules/guardduty-multi-region/README.adoc","sha":"e2959ada579d8b5cb64df19e3c39aac983e9bc40"},{"name":"main.tf","path":"modules/guardduty-multi-region/main.tf","sha":"297abe88696944802e0f2a6e86e5426ad9bf2e5a"},{"name":"outputs.tf","path":"modules/guardduty-multi-region/outputs.tf","sha":"b3b7ac1b4344c4ac0aae0111c2ec84d8aecf655c"},{"name":"variables.autogen.tf","path":"modules/guardduty-multi-region/variables.autogen.tf","sha":"05bf9410cb4878450e9e67b90b202437a7458a04"},{"name":"variables.tf","path":"modules/guardduty-multi-region/variables.tf","sha":"5e2a75522e60e48888a1da78ac544a38882b9022"}]},{"name":"guardduty","children":[{"name":"README.adoc","path":"modules/guardduty/README.adoc","sha":"811f7a819c64b185c8fd5b16532efd16dbdcc844"},{"name":"core-concepts.md","path":"modules/guardduty/core-concepts.md","sha":"d100d7d962cca6f5ac69e4c7f5dee939caa484d9"},{"name":"main.tf","path":"modules/guardduty/main.tf","sha":"c5e2f1f302771f62284c963b330a77a9aacaefa3"},{"name":"outputs.tf","path":"modules/guardduty/outputs.tf","sha":"19eb85f6fec78bdfd3e7adc4f193172110b129c8"},{"name":"variables.tf","path":"modules/guardduty/variables.tf","sha":"7e8b31ec8316a436a27e200a3a76eed8ed74c082"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.adoc","path":"modules/iam-access-analyzer-multi-region/README.adoc","sha":"d87068a71e5a6149ba32dcc1ba33070d8b83aeaa"},{"name":"core-concepts.md","path":"modules/iam-access-analyzer-multi-region/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"main.tf","path":"modules/iam-access-analyzer-multi-region/main.tf","sha":"609e489f544abd552db625d24f6d21dd0f439cae"},{"name":"outputs.tf","path":"modules/iam-access-analyzer-multi-region/outputs.tf","sha":"0a4379e38beae72541e7e975f297584db7e98b04"},{"name":"variables.autogen.tf","path":"modules/iam-access-analyzer-multi-region/variables.autogen.tf","sha":"5fe91b51970b05ebc2fdbf4542a806e8c3f792f4"},{"name":"variables.tf","path":"modules/iam-access-analyzer-multi-region/variables.tf","sha":"6e8d81aac5af0cba584e6d0884e03cfbc23ba07f"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"modules/iam-groups/README.md","sha":"07820342d38caf90b08a1ff0df904298ed132c8f"},{"name":"_docs","children":[{"name":"iam-user-access-to-billing.png","path":"modules/iam-groups/_docs/iam-user-access-to-billing.png","sha":"063f6cf8dc766b4d44942de89660e8ab9e1f3d63"},{"name":"my-account.png","path":"modules/iam-groups/_docs/my-account.png","sha":"387320200ed756ce4191afef87f0ab76e2c3d89a"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"e679d2e3081d445c5f9b90f52016278bc32e44be"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"818827357183cb06f399732996c17f98cb3c0527"},{"name":"variables.tf","path":"modules/iam-groups/variables.tf","sha":"ec81e26ef6927ebb867b543acbcceaa9d618be7c"}]},{"name":"iam-policies","children":[{"name":"README.md","path":"modules/iam-policies/README.md","sha":"51835e5cd588f45a050c140c990cc8f04ff7a647"},{"name":"main.tf","path":"modules/iam-policies/main.tf","sha":"92415128130e68ad47aac5973c95d3f38f7049a0"},{"name":"outputs.tf","path":"modules/iam-policies/outputs.tf","sha":"cf0adeec7cd62eb097ed0568facde92f9882b0cf"},{"name":"variables.tf","path":"modules/iam-policies/variables.tf","sha":"6d50aa3e0d8289848c7eee0739a130dfd8e97aee"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"modules/iam-user-password-policy/README.md","sha":"5bea6ba56fc796be5b860549156a3a251735fc2a"},{"name":"main.tf","path":"modules/iam-user-password-policy/main.tf","sha":"6538ef827aac62dd3f1797868b15e0e1d20cf0b3"},{"name":"outputs.tf","path":"modules/iam-user-password-policy/outputs.tf","sha":"825547bd9d41fed1cc1b3506c17f81c48b1bfd1a"},{"name":"variables.tf","path":"modules/iam-user-password-policy/variables.tf","sha":"568582c249e3cfd7899ea23b8b58e43328c9d100"}]},{"name":"iam-users","children":[{"name":"README.md","path":"modules/iam-users/README.md","sha":"ea820bd205fdb8ca28bb0e2eccc29700b99a2b94"},{"name":"main.tf","path":"modules/iam-users/main.tf","sha":"ca5c120c64b190a3b368b5dbab0470450c095eb0"},{"name":"outputs.tf","path":"modules/iam-users/outputs.tf","sha":"b319eacce6916f4904b15d8ff5ea5be09afc29e2"},{"name":"variables.tf","path":"modules/iam-users/variables.tf","sha":"892e7b2aaa5179e83a5e3126dbf2551fd421b133"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"modules/ip-lockdown/README.md","sha":"7ec92da38b5b06af9e61ab164bb6b4b0470ed92a"},{"name":"install.sh","path":"modules/ip-lockdown/install.sh","sha":"ce61af763bee9ad29754220ae24521f22c3a956f"},{"name":"ip-lockdown","path":"modules/ip-lockdown/ip-lockdown","sha":"93a0e1f5876e7de5778c595e8801d64986cb118b"}]},{"name":"kms-cmk-replica","children":[{"name":"README.md","path":"modules/kms-cmk-replica/README.md","sha":"9e9827df4990a6967edbcab6f35214ba229d7b18"},{"name":"main.tf","path":"modules/kms-cmk-replica/main.tf","sha":"d35ce6364916b857d06429388e3f266e1f6ca565"},{"name":"outputs.tf","path":"modules/kms-cmk-replica/outputs.tf","sha":"28066251cbac14ae30a24d83f4ab38a550ce08ba"},{"name":"variables.tf","path":"modules/kms-cmk-replica/variables.tf","sha":"3de5459e12a3fc271230c8be243dbdbb9c6ded47"}]},{"name":"kms-grant-multi-region","children":[{"name":"README.adoc","path":"modules/kms-grant-multi-region/README.adoc","sha":"7c33dc779f289c34d0c72ecce7a4a60d99c38098"},{"name":"core-concepts.md","path":"modules/kms-grant-multi-region/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"main.tf","path":"modules/kms-grant-multi-region/main.tf","sha":"d890a452833eebd6b20e70de71e6785c6be3c031"},{"name":"outputs.tf","path":"modules/kms-grant-multi-region/outputs.tf","sha":"b9d84078afacb154536292bddba4afbd6c9158c2"},{"name":"variables.autogen.tf","path":"modules/kms-grant-multi-region/variables.autogen.tf","sha":"185d6c42c1ab4843292b2c911e057303ae971739"},{"name":"variables.tf","path":"modules/kms-grant-multi-region/variables.tf","sha":"505b2d0cb9ecf78f0364e845cab72bf0c28365d5"}]},{"name":"kms-master-key-multi-region","children":[{"name":"README.adoc","path":"modules/kms-master-key-multi-region/README.adoc","sha":"75402e428cc30fee27dc5dd469788cf1d71320eb"},{"name":"core-concepts.md","path":"modules/kms-master-key-multi-region/core-concepts.md","sha":"8ba58b9a40c3aad18e2b804f53c6439b549b756d"},{"name":"main.tf","path":"modules/kms-master-key-multi-region/main.tf","sha":"37274fa5affb26855f54e67282fae57be1cf726d"},{"name":"outputs.tf","path":"modules/kms-master-key-multi-region/outputs.tf","sha":"a47481aa5718ff67a44b86192edf897c160e06ed"},{"name":"variables.autogen.tf","path":"modules/kms-master-key-multi-region/variables.autogen.tf","sha":"fd024d55097a7eee5fbb6ffc65b376fbdfe57c89"},{"name":"variables.tf","path":"modules/kms-master-key-multi-region/variables.tf","sha":"b1740fb059927c65f7afd76f902ba616a921a138"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"modules/kms-master-key/README.md","sha":"1b43a005494f12b05551adb020a31726f28e10d3"},{"name":"main.tf","path":"modules/kms-master-key/main.tf","sha":"1884b84238bdb19452c5e46f6c5d487e14e1b90d"},{"name":"outputs.tf","path":"modules/kms-master-key/outputs.tf","sha":"4d0dbba81e8186243d96a8325a5f643d87543451"},{"name":"variables.tf","path":"modules/kms-master-key/variables.tf","sha":"5129ef297d0647ea6608f1e4c6c08bf75759c4c2"}]},{"name":"ntp","children":[{"name":"README.md","path":"modules/ntp/README.md","sha":"616dec4cceb83cd76898863034d920ce276b5ff4"},{"name":"install.sh","path":"modules/ntp/install.sh","sha":"8ccf8e07fb25ecad451a3cff264f08774fad7c38"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"modules/os-hardening/README.md","sha":"3e864b0e9208eb6809adf41968c51e02fc233ee1"},{"name":"_docs","children":[{"name":"Helpful Email.md","path":"modules/os-hardening/_docs/Helpful Email.md","sha":"246a0b80b29f5ff3d2b2f4c5c170fc927e2d9dd7"}]},{"name":"ami-builder","children":[{"name":"files","children":[{"name":"user-data.sh.template","path":"modules/os-hardening/ami-builder/files/user-data.sh.template","sha":"4a3c87a19e1a4caa20b9b425b2a02101566d1166"}]},{"name":"main.tf","path":"modules/os-hardening/ami-builder/main.tf","sha":"b32960948fbd768eec5b77e04ebb88f6acda5db2"},{"name":"outputs.tf","path":"modules/os-hardening/ami-builder/outputs.tf","sha":"8ce2ee598124ca50dd530a33aa60f5d1452a4a2b"},{"name":"variables.tf","path":"modules/os-hardening/ami-builder/variables.tf","sha":"d760f34eeae322790865c1cb30dfe20d0225328f"}]},{"name":"partition-scripts","children":[{"name":"README.md","path":"modules/os-hardening/partition-scripts/README.md","sha":"b55df29c7a3d6dc3ecbbbfe4ab4b8749f053f00b"},{"name":"bin","children":[{"name":"cleanup-volume","path":"modules/os-hardening/partition-scripts/bin/cleanup-volume","sha":"c7cbf3ecebd915235238557d27a1ce25e6fc10fa"},{"name":"partition-volume","path":"modules/os-hardening/partition-scripts/bin/partition-volume","sha":"f4f8566a1ef6aa4ff0c0268bd28721488aa6dfc4"}]},{"name":"install.sh","path":"modules/os-hardening/partition-scripts/install.sh","sha":"606776c068260836e8612a681ff4e3edc8abdb41"}]}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"modules/private-s3-bucket/README.md","sha":"cd44b2d3e4627ff00fffd217bd3ec36341a72a36"},{"name":"main.tf","path":"modules/private-s3-bucket/main.tf","sha":"6e8e5cb9e95e024a070cb62287373d73a28402cd"},{"name":"mfa-delete-script","children":[{"name":"mfa-delete.sh","path":"modules/private-s3-bucket/mfa-delete-script/mfa-delete.sh","sha":"7dbcc65412467a036756562024cfc84ad128b215"}]},{"name":"outputs.tf","path":"modules/private-s3-bucket/outputs.tf","sha":"7cc62490168e4abb2ce816d74ba9b1a8153cf3b0"},{"name":"variables.tf","path":"modules/private-s3-bucket/variables.tf","sha":"38f7b68b55878b0c2d55da808ae1f4af3434697e"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"modules/saml-iam-roles/README.md","sha":"5ebc8c20f781a0f0b5654decdcf9bd607fee65b3"},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"e263b4625002ef20fefd35193fb0536fbe648b84"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"c579901907b216c55e4c815d28f0a22171a960e6"},{"name":"variables.tf","path":"modules/saml-iam-roles/variables.tf","sha":"1f3f26ade9fd75d8e66ba12649f45d075b5e0f2b"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"CHANGELOG.md","path":"modules/secrets-manager-resource-policies/CHANGELOG.md","sha":"88ead5d4b698fcefce8a9075ab52e6a560387abf"},{"name":"README.md","path":"modules/secrets-manager-resource-policies/README.md","sha":"b894ce3171c28ae91acbfe6bdcec35615c599bbb"},{"name":"main.tf","path":"modules/secrets-manager-resource-policies/main.tf","sha":"551c1c1041cd2119d9e502617cf38ecdb61bfd8f"},{"name":"outputs.tf","path":"modules/secrets-manager-resource-policies/outputs.tf","sha":"8b237f325d54b84ac2453e8945f61cdf0d24b41b"},{"name":"variables.tf","path":"modules/secrets-manager-resource-policies/variables.tf","sha":"2b45ef099c805c1265e5dc611c138de4a40141eb"}]},{"name":"ssh-grunt-selinux-policy","children":[{"name":"README.md","path":"modules/ssh-grunt-selinux-policy/README.md","sha":"53f02f57185efebc35d6ebfe156ce73d02a5f112"},{"name":"install.sh","path":"modules/ssh-grunt-selinux-policy/install.sh","sha":"3de871d61a9990e7f2c130f23afaf00daeb6bbef"},{"name":"ssh-grunt.pp","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.pp","sha":"7c7050f812cd0e3cb34e37b88c35fb09f369be7d"},{"name":"ssh-grunt.te","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.te","sha":"3317a71feaa633662a00b1dc05b1176cb85c9793"}]},{"name":"ssh-grunt","children":[{"name":".dockerignore","path":"modules/ssh-grunt/.dockerignore","sha":"a725465aee245635a2bd129af54858ed32c84cb8"},{"name":"Dockerfile","path":"modules/ssh-grunt/Dockerfile","sha":"148b2df16c77e8b8aa0ba95447c9e018607e3ac3"},{"name":"README.adoc","path":"modules/ssh-grunt/README.adoc","sha":"c6bb05207d3884b1e70620408d69175027a7f989"},{"name":"_ci","children":[{"name":"build-and-test.sh","path":"modules/ssh-grunt/_ci/build-and-test.sh","sha":"903993de2d7bcde19d472fa5e510ee862d4b10c3"},{"name":"test.sh","path":"modules/ssh-grunt/_ci/test.sh","sha":"235603944316e81f1da1cc0248b80beecf99cb27"}]},{"name":"_docs","children":[{"name":"houston-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/houston-upload-ssh-key.png","sha":"e32519497262f9796a4ea46c53953923975cbd7d"},{"name":"iam-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/iam-upload-ssh-key.png","sha":"8bb1e793185eb0b4822023552899874394342f21"}]},{"name":"core-concepts.md","path":"modules/ssh-grunt/core-concepts.md","sha":"8c7b359b4fbfd52aa18124efe06f1304edbf2db2"},{"name":"docker-compose.yml","path":"modules/ssh-grunt/docker-compose.yml","sha":"74a2c67f6b9dc838ff3bd9c9c5aa68c813db1f0d"},{"name":"go.mod","path":"modules/ssh-grunt/go.mod","sha":"b9ca5510e2b5adc798c35f2882d4c45e407d96da"},{"name":"go.sum","path":"modules/ssh-grunt/go.sum","sha":"3fb7ee290aabdc716f9e233293037bd9fcc32d12"},{"name":"scripts","children":[{"name":"build-linux-binary.sh","path":"modules/ssh-grunt/scripts/build-linux-binary.sh","sha":"2d91cbed3db40f419e6a440ce2735b9d3f2d048b"},{"name":"run.sh","path":"modules/ssh-grunt/scripts/run.sh","sha":"050027e034cd03e53625986eb0f331c043492cf6"}]},{"name":"src","children":[{"name":"cli.go","path":"modules/ssh-grunt/src/cli.go","sha":"bd452b3cd360a5ea07d85c386608b8bfaea8dad7"},{"name":"cli_test.go","path":"modules/ssh-grunt/src/cli_test.go","sha":"4495feee5155a9e1c5dfd973f0a449b8d3764756"},{"name":"collections.go","path":"modules/ssh-grunt/src/collections.go","sha":"aa9b67f00f57088f9bf4e129dcc53003524dd0a7"},{"name":"cron.go","path":"modules/ssh-grunt/src/cron.go","sha":"5087bbffd95b625423d8c9a5a37a12ec8d6b07d7"},{"name":"cron_test.go","path":"modules/ssh-grunt/src/cron_test.go","sha":"dfe543ba69b21fbd24ad026b4c208d4308a743f2"},{"name":"ec2_instance_connect.go","path":"modules/ssh-grunt/src/ec2_instance_connect.go","sha":"99c31ddd2ee34d18dd9e676ec22eef5eebc3187f"},{"name":"errors.go","path":"modules/ssh-grunt/src/errors.go","sha":"1175435b45a980a5ff23dd4bdc880b4d63b24d79"},{"name":"file.go","path":"modules/ssh-grunt/src/file.go","sha":"eb991fd15ac2c3660313e6d4c5669b36ccc9cc21"},{"name":"groups.go","path":"modules/ssh-grunt/src/groups.go","sha":"3e4ecb0ef9ca916e5482e1999b59ceddc4aec077"},{"name":"groups_test.go","path":"modules/ssh-grunt/src/groups_test.go","sha":"b060ded1c37d1b636b7dc59d5071049e640d00e7"},{"name":"iam.go","path":"modules/ssh-grunt/src/iam.go","sha":"dafbc8fbb732d2d6212cade786eb13d7215b9862"},{"name":"iam_test.go","path":"modules/ssh-grunt/src/iam_test.go","sha":"0382c08562fc329876267cf944195f3d8c8738be"},{"name":"logger.go","path":"modules/ssh-grunt/src/logger.go","sha":"93095ba8216709b3178fcc44a76421a765f4e302"},{"name":"main.go","path":"modules/ssh-grunt/src/main.go","sha":"a89d9402d32d371dc9b945ab9c72996808d17b85"},{"name":"shell.go","path":"modules/ssh-grunt/src/shell.go","sha":"7f49eeee4119efde0bd58d7c78fd4ef785dc5f6c"},{"name":"ssh.go","path":"modules/ssh-grunt/src/ssh.go","sha":"17784a1b62fcfc4df6b766bc65f89d53738b9ef2"},{"name":"ssh_test.go","path":"modules/ssh-grunt/src/ssh_test.go","sha":"00dea3ef7d6b6462bc19bcee0207cf24c2dc67b4"},{"name":"string.go","path":"modules/ssh-grunt/src/string.go","sha":"fc61ca9625f9d654c2b3576ff932db1b90ae9dfe"},{"name":"string_test.go","path":"modules/ssh-grunt/src/string_test.go","sha":"752aaaa776d25ff8a3e694588edb3e7c0ce4eb27"},{"name":"sync.go","path":"modules/ssh-grunt/src/sync.go","sha":"6c3d569f1cfa03b87a4292abf2b198d59fb8b17a"},{"name":"sync_test.go","path":"modules/ssh-grunt/src/sync_test.go","sha":"09dd89b492cc7373c49b8b2fc16b17914065340f"},{"name":"url.go","path":"modules/ssh-grunt/src/url.go","sha":"0af5ddc5f3e27af95d6f6ddd41acf0c229962f7f"},{"name":"url_test.go","path":"modules/ssh-grunt/src/url_test.go","sha":"95e062eaaca09900949e0352fffc7b6f9a3524cc"},{"name":"users.go","path":"modules/ssh-grunt/src/users.go","sha":"6c3a8a22006a91656fcc5fd31d684271cdf129e3"},{"name":"users_test.go","path":"modules/ssh-grunt/src/users_test.go","sha":"e695204896bae7436e20a6615a484ae4cc6cf2f7"}]}]},{"name":"ssh-iam","children":[{"name":"README.md","path":"modules/ssh-iam/README.md","sha":"4aa06d6a729e53384b6d2a43c06ee38807092f32"}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"modules/ssm-healthchecks-iam-permissions/README.md","sha":"0a97288d14b005662ae642819eeadb2aaff24534"},{"name":"main.tf","path":"modules/ssm-healthchecks-iam-permissions/main.tf","sha":"0efcc5d8a61683331410fef8340684a0b5e5e1c8"},{"name":"variables.tf","path":"modules/ssm-healthchecks-iam-permissions/variables.tf","sha":"36778c58999e05f20468d118f22e8c9d754b1a4d"}]},{"name":"tls-cert-private","children":[{"name":"Dockerfile","path":"modules/tls-cert-private/Dockerfile","sha":"bc6b1c28764936758a47ceedccf790b56200d6cf"},{"name":"README.md","path":"modules/tls-cert-private/README.md","sha":"c6996ec25d7d9b1ab4f79d8164a14e86e1ac844f"},{"name":"docker-compose.yml","path":"modules/tls-cert-private/docker-compose.yml","sha":"f872026e8d51ceaab2e1c11cc9cf9c35ba81f29c"},{"name":"files","children":[{"name":"openssl.cnf","path":"modules/tls-cert-private/files/openssl.cnf","sha":"2542542c80ab180c47d3e0a27dbded65bed572de"}]},{"name":"scripts","children":[{"name":"generate-ca-keypair.sh","path":"modules/tls-cert-private/scripts/generate-ca-keypair.sh","sha":"395ee97c0e499c660efac5c5cf1f79dfcdbb69f8"},{"name":"generate-tls-keypair.sh","path":"modules/tls-cert-private/scripts/generate-tls-keypair.sh","sha":"f1c3577437fd589087704a9c003de416cb87d232"},{"name":"main.sh","path":"modules/tls-cert-private/scripts/main.sh","sha":"dc7af965ffb783bbef449010818e69294fa2ef75"}]}]}],"toggled":true},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"b44e2152ea21d65a8c51bb58321e18ec7527c22e"},{"name":"common","children":[{"name":"test_helpers.go","path":"test/common/test_helpers.go","sha":"4100e743f0187d84b1462bd76b0d0e5617677477"}]},{"name":"go.mod","path":"test/go.mod","sha":"804924c25b55e7570f5b63183481152ed8cefa67"},{"name":"go.sum","path":"test/go.sum","sha":"c4b0268a4c315171fb5177af372bd8628d03c675"},{"name":"landingzone","children":[{"name":"aws_config_rules_test.go","path":"test/landingzone/aws_config_rules_test.go","sha":"e198464d094ef43a2ff5dc85da38c6cfc3d92fa8"},{"name":"aws_organizations_test.go","path":"test/landingzone/aws_organizations_test.go","sha":"7f4e93e798860d91f590c22cfa2efde0bf4777ac"},{"name":"ebs_encryption_multi_region_test.go","path":"test/landingzone/ebs_encryption_multi_region_test.go","sha":"61eef11a8e10c2426ff700734be90547633d6377"},{"name":"iam_access_analyzer_multiregion_test.go","path":"test/landingzone/iam_access_analyzer_multiregion_test.go","sha":"b8611e739f78e51098223e5100203a9da444955a"},{"name":"kms_grant_multiregion_test.go","path":"test/landingzone/kms_grant_multiregion_test.go","sha":"22028ac3dc9edd21fb568ab2c196d4b224bd011d"},{"name":"kms_master_key_multiregion_test.go","path":"test/landingzone/kms_master_key_multiregion_test.go","sha":"d227a93abe43ebccdc325dbc841d2c8783708bf2"},{"name":"test_helpers.go","path":"test/landingzone/test_helpers.go","sha":"e7f5184b2a759a5f4d830e09cf6f8d3ed86190c5"}]},{"name":"landingzone_b","children":[{"name":"aws_config_test.go","path":"test/landingzone_b/aws_config_test.go","sha":"622a46b0733a9018e87642187aa19a10f473b48a"},{"name":"guardduty_test.go","path":"test/landingzone_b/guardduty_test.go","sha":"d856ec5b0629a02878a21be24d4df288afd9af06"},{"name":"test_helpers.go","path":"test/landingzone_b/test_helpers.go","sha":"7cedab829a1ac86c7d78351b31e5e4b0ec2099c4"}]},{"name":"security","children":[{"name":"auto_update_test.go","path":"test/security/auto_update_test.go","sha":"b0bf3c446844977c5eeec5f43b49de7c6788f47a"},{"name":"cloudtrail_test.go","path":"test/security/cloudtrail_test.go","sha":"e62951f5668848f2c113a1858e73134b62480a42"},{"name":"cross_account_iam_roles_test.go","path":"test/security/cross_account_iam_roles_test.go","sha":"1e1a2a7a3731a89c5beb658ad6f09663e2070ada"},{"name":"custom_iam_entity_test.go","path":"test/security/custom_iam_entity_test.go","sha":"f0c38f5b0d671fd740e8530b28c94e5fe5219d26"},{"name":"fail2ban_test.go","path":"test/security/fail2ban_test.go","sha":"f7c0abbd85c9cb79f3c3e15fe9abb8fb87906cb6"},{"name":"github_actions_iam_role_test.go","path":"test/security/github_actions_iam_role_test.go","sha":"6a886fdef2992b75e2743d2733db21409fa3a890"},{"name":"iam_groups_test.go","path":"test/security/iam_groups_test.go","sha":"ab4f7c03a0490a769e79782cb008d8ffbc9ffa29"},{"name":"iam_ssm_test.go","path":"test/security/iam_ssm_test.go","sha":"28a81aab9873bb6bd02d2f37bdc3ef9c7f27b3c5"},{"name":"iam_user_password_policy_test.go","path":"test/security/iam_user_password_policy_test.go","sha":"5a44f18c469c936fa51b4e9d7911404e1ab76a0f"},{"name":"iam_users_test.go","path":"test/security/iam_users_test.go","sha":"1cd395b72942f05e03959978a72a782d0dd530bd"},{"name":"ip-lockdown-test-scripts","children":[{"name":"allow-several-users.sh","path":"test/security/ip-lockdown-test-scripts/allow-several-users.sh","sha":"2f75dbe0880ed0907b43db58b6ac030a0d0e9bd4"},{"name":"common.sh","path":"test/security/ip-lockdown-test-scripts/common.sh","sha":"cdfe11aca76607a4feaf254a394f32273b738c5c"},{"name":"index.html","path":"test/security/ip-lockdown-test-scripts/index.html","sha":"557db03de997c86a4a028e1ebd3a1ceb225be238"},{"name":"restrict-all-users.sh","path":"test/security/ip-lockdown-test-scripts/restrict-all-users.sh","sha":"a37c1ffc90f2532e7cc3f9f5a859b75c98661dc6"},{"name":"restrict-one-user.sh","path":"test/security/ip-lockdown-test-scripts/restrict-one-user.sh","sha":"4214e1c15102f4568d1e995aa82add46ee430237"},{"name":"sanity-check.sh","path":"test/security/ip-lockdown-test-scripts/sanity-check.sh","sha":"542ed72f4f0952ace67c9cbf2e5ac07e81e6870c"}]},{"name":"ip_lockdown_test.go","path":"test/security/ip_lockdown_test.go","sha":"b10a13dd3b741b5488985cc2722053dac5383589"},{"name":"kms_master_key_test.go","path":"test/security/kms_master_key_test.go","sha":"751dfa23eaa391b567f023c6d1a12a4400a55c28"},{"name":"ntp_test.go","path":"test/security/ntp_test.go","sha":"372edab033e653c151b1c2e3b10d9bc13229515c"},{"name":"os_hardening_test.go","path":"test/security/os_hardening_test.go","sha":"ced303f74cd6908bbd8837cc99f317293707ab30"},{"name":"private_s3_bucket_test.go","path":"test/security/private_s3_bucket_test.go","sha":"9d4b7ab8e35cf1cb49103a4a5528262730600fdf"},{"name":"saml_iam_roles_test.go","path":"test/security/saml_iam_roles_test.go","sha":"efbe2f3e6e9b0da73d1fb58fccc5f5fc1427a61f"},{"name":"secrets_manager_resource_policies_test.go","path":"test/security/secrets_manager_resource_policies_test.go","sha":"07f69b66238517d1f8af61eb9751248372997b70"},{"name":"ssh_grunt_iam_test.go","path":"test/security/ssh_grunt_iam_test.go","sha":"bd1cb7edcd651620fa2187f468b1436ef9f20d6e"},{"name":"test_helpers.go","path":"test/security/test_helpers.go","sha":"d22ca9baa4ec97f41816ce54fc47240562755809"},{"name":"test_helpers_aws_auth.go","path":"test/security/test_helpers_aws_auth.go","sha":"461efcc040ff5024b9fa0762ffcde92081fac163"},{"name":"tls_cert_private_test.go","path":"test/security/tls_cert_private_test.go","sha":"70b2c873f20876497b4a1a0a030871e037dca995"}]},{"name":"upgrades","children":[{"name":"upgrade_test.go","path":"test/upgrades/upgrade_test.go","sha":"f7256916cf2aa7c857e47a865f996760d842fe46"}]},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"53877e64494aad3d4063e01c8009eee731e667c3"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"fail-2-ban-module\">Fail2Ban Module</h1><div class=\"preview__body--border\"></div><p>This module can configure a Linux server to automatically ban malicious ip addresses from connecting to the server\nvia SSH. This module currently supports Ubuntu, Amazon Linux, Amazon Linux 2, and CentOS (using\n<a href=\"https://www.fail2ban.org\" class=\"preview__body--description--blue\" target=\"_blank\">fail2ban</a>).</p>\n<p>The module also optionally creates CloudWatch Metrics to track the number of Banned and Unbanned IP Addresses per AWS\nInstance.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-use-this-module\">How do you use this module?</h2>\n<h4 id=\"example\">Example</h4>\n<p>See the <a href=\"/repos/v0.71.5/module-security/examples/fail2ban\" class=\"preview__body--description--blue\">fail2ban example</a> for an example of how to use this module.</p>\n<h4 id=\"installation\">Installation</h4>\n<p>To use this module, you just need to:</p>\n<ol>\n<li>Install <a href=\"/repos/bash-commons\" class=\"preview__body--description--blue\">bash-commons</a> on your servers.</li>\n<li>Install the <code>fail2ban</code> module on your servers.</li>\n</ol>\n<p>The best way to do that is to use the <a href=\"/repos/gruntwork-installer\" class=\"preview__body--description--blue\">Gruntwork Installer</a> in a\n<a href=\"https://www.packer.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Packer</a> template (make sure to replace <code><BASH_COMMONS_VERSION></code> and\n<code><MODULE_SECURITY_VERSION></code> below with the latest versions from the <a href=\"#open_modal\" class=\"preview__body--description--blue\">bash-commons releases\npage</a> and <a href=\"#open_modal\" class=\"preview__body--description--blue\">terraform-aws-security releases\npage</a>, respectively):</p>\n<pre>gruntwork-install --<span class=\"hljs-keyword\">module</span>-name bash-commons --tag <BASH_COMMONS_VERSION> --repo https://github.com/gruntwork-io/bash-commons\ngruntwork-install --<span class=\"hljs-keyword\">module</span>-name fail2ban --tag <MODULE_SECURITY_VERSION> --repo https://github.com/gruntwork-io/<span class=\"hljs-keyword\">terraform</span>-aws-security\n</pre>\n<h4 id=\"compatibility\">Compatibility</h4>\n<p>This module is known to work on <strong>CentOS 7</strong>, <strong>Ubuntu</strong>, <strong>Amazon Linux</strong>, and <strong>Amazon Linux 2</strong>. This module does not currently work with Amazon Linux 2023.</p>\n<p>Amazon <a href=\"https://docs.aws.amazon.com/linux/al2023/release-notes/removed-AL2023.3-AL1.html\" class=\"preview__body--description--blue\" target=\"_blank\">removed the <code>fail2ban</code> package</a> as of <strong>Amazon Linux 2023</strong> and\nit will need to be installed and configured from source. See <a href=\"https://repost.aws/questions/QU_Mw5I44TQ_ucMNb73Lakbw/fail2ban-mia-for-amazon-linux-2023\" class=\"preview__body--description--blue\" target=\"_blank\">this AWS community forum thread</a>\nfor tips on installing and configuring <code>fail2ban</code> on Amazon Linux 2023.</p>\n<h4 id=\"configuration-options\">Configuration Options</h4>\n<p>You can configure several options to control the behavior of fail2ban. If you're using gruntwork-install, you'll need to\nuse the --module-param option, such as gruntwork-install --module fail2ban --module-param ban-time=3600).</p>\n<table>\n<thead>\n<tr>\n<th>Option</th>\n<th>Description</th>\n<th>Required</th>\n<th>Default</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>--logging-level</td>\n<td>The logging level for fail2ban. 1=ERROR, 2=WARN, 3=INFO, 4=DEBUG.</td>\n<td>Optional</td>\n<td>3=INFO</td>\n</tr>\n<tr>\n<td>--target</td>\n<td>The target for fail2ban. STDOUT, STDERR, SYSLOG, /path/to/file.</td>\n<td>Optional</td>\n<td>SYSLOG</td>\n</tr>\n<tr>\n<td>--ignore-ip</td>\n<td>The space delimited list of ip addresses or CIDR blocks for fail2ban to ignore.</td>\n<td>Optional</td>\n<td>127.0.0.1/8</td>\n</tr>\n<tr>\n<td>--ban-time</td>\n<td>The amount of time in seconds a malicious ip address will be banned for.</td>\n<td>Optional</td>\n<td>86400</td>\n</tr>\n<tr>\n<td>--find-time</td>\n<td>The time window in seconds to look at for failures</td>\n<td>Optional</td>\n<td>600</td>\n</tr>\n<tr>\n<td>--max-retry</td>\n<td>The number of failures (eg. password failures) that constitute a bad actor</td>\n<td>Optional</td>\n<td>5</td>\n</tr>\n<tr>\n<td>--backend</td>\n<td>The method used to determine if a logfile contents have changed. Possible values are: auto, pyinotify, gamin, polling</td>\n<td>Optional</td>\n<td>auto</td>\n</tr>\n<tr>\n<td>--ssh-port</td>\n<td>The port the ssh daemon being protected is running on</td>\n<td>Optional</td>\n<td>22 (ssh)</td>\n</tr>\n<tr>\n<td>--no-cloudwatch-metrics</td>\n<td>Flag to disable creation of cloudwatch metrics</td>\n<td>Optional</td>\n<td></td>\n</tr>\n</tbody>\n</table>\n<h4 id=\"cloud-watch-metrics\">CloudWatch Metrics</h4>\n<p>By default the script will report the count of the number of IP Addresses Banned and Unbanned to the <code>BannedIPAddresses</code>\nand <code>UnbannedIPAddresses</code> CloudWatch metrics in the <code>Gruntwork/Fail2Ban</code> namespace. This namespace can be changed using\nthe <code>--cloudwatch-namespace</code> switch.</p>\n<p>CloudWatch Metric reporting can be disabled all together during installation using the <code>--no-cloudwatch-metrics</code> switch.</p>\n<h5 id=\"permissions\">Permissions</h5>\n<p>If the option to install CloudWatch Metrics is selected (default behavior), it is assumed that the EC2 Instance has\npermissions to publish metric data to the CloudWatch API. This can be done by attaching a policy to the EC2 Instance's\nIAM Role. The permissions necessary are:</p>\n<pre>{\n <span class=\"hljs-attr\">\"Version\"</span>: <span class=\"hljs-string\">\"2012-10-17\"</span>,\n <span class=\"hljs-attr\">\"Statement\"</span>: [\n {\n <span class=\"hljs-attr\">\"Sid\"</span>: <span class=\"hljs-string\">\"Stmt1493296209000\"</span>,\n <span class=\"hljs-attr\">\"Effect\"</span>: <span class=\"hljs-string\">\"Allow\"</span>,\n <span class=\"hljs-attr\">\"Action\"</span>: [\n <span class=\"hljs-string\">\"cloudwatch:PutMetricData\"</span>\n ],\n <span class=\"hljs-attr\">\"Resource\"</span>: [\n <span class=\"hljs-string\">\"*\"</span>\n ]\n }\n ]\n}\n</pre>\n<h5 id=\"configure-the-fail-2-ban-cloud-watch-action-on-your-ec-2-instances\">Configure the Fail2Ban CloudWatch Action on your EC2 Instances</h5>\n<p>In order for the EC2 Instance to send metric data to CloudWatch sucessfully, it needs certain data from the EC2 instance.</p>\n<p>When your EC2 Instances are booting up, they should run the <code>configure-fail2ban-cloudwatch.sh</code> script, which will configure\nfail2ban to send data to CloudWatch. The script supports one command line option:</p>\n<ul>\n<li><code>--cloudwatch-namespace</code>: The namespace used to define the cloudwatch metrics. Default value is 'Gruntwork/Fail2Ban'. Optional.</li>\n</ul>\n<p>The best way to run a script during boot is to put it in <a href=\"http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-shell-scripts\" class=\"preview__body--description--blue\" target=\"_blank\">User\nData</a>. Here's an example:</p>\n<pre><span class=\"hljs-comment\">#!/bin/bash</span>\n/etc/user-<span class=\"hljs-keyword\">data</span>/configure-fail2ban-cloudwatch/configure-fail2ban-cloudwatch.sh --cloudwatch-namespace Acme/Fail2Ban\n</pre>\n<h5 id=\"default-zone-for-firewalld-amazon-linux-2-and-cent-os\">Default zone for firewalld (Amazon Linux 2 and CentOS)</h5>\n<p>On Amazon Linux 2 and CentOS, the implementation of <code>fail2ban</code> uses <code>firewalld</code> to manage the <code>iptables</code> for\nimplementing the firewall. In a default installation of <code>firewalld</code> on these operating systems, all inbound ports are\nblocked on the interfaces except for SSH access. This is caused by the usage of <code>public</code> for the configured default\nzone. While this is generally more secure, in practice, this adds a layer of complexity that is typically unnecessary\ndue to the usage of cloud based firewalls in the form of Security Groups. For example, this requires configuring the\nfirewalld to allow all the applications you expect to expose on the instance, which may be difficult to track in a\ndocker cluster like ECS or EKS.</p>\n<p>As such, this module updates the default zone of <code>firewalld</code> to be <code>trusted</code>, which means allow all access by default,\nand have rules added that block specific IPs. This setup is similar to how <code>fail2ban</code> works on Ubuntu and Amazon Linux\n1, which use the more traditional approach of setting <code>iptables</code> rules directly.</p>\n<p>If you wish to revert to the original behavior of <code>firewalld</code>, you can update the default zone back to <code>public</code> after\nthe installation call to <code>fail2ban</code>. For example:</p>\n<pre><span class=\"hljs-comment\"># Install fail2ban using Gruntwork modules</span>\ngruntwork-install --<span class=\"hljs-keyword\">module</span>-name bash-commons --tag <BASH_COMMONS_VERSION> --repo https://github.com/gruntwork-io/bash-commons\ngruntwork-install --<span class=\"hljs-keyword\">module</span>-name fail2ban --tag <MODULE_SECURITY_VERSION> --repo https://github.com/gruntwork-io/<span class=\"hljs-keyword\">terraform</span>-aws-security\n\n<span class=\"hljs-comment\"># firewalld cannot be configured using `firewall-cmd` unless it is started</span>\nsudo systemctl start firewalld\n\n<span class=\"hljs-comment\"># Update the default zone back to public, as Gruntwork fail2ban installer will set the default zone to be trusted.</span>\nsudo firewall-cmd --set-default-zone=public\n\n<span class=\"hljs-comment\"># We stop firewalld at the end to avoid it interfering with additional installation setups.</span>\nsudo systemctl stop firewalld\n</pre>\n<p>The above script will:</p>\n<ol>\n<li>Install <code>fail2ban</code> using this module.</li>\n<li>Revert the default zone back to <code>public</code> after <code>fail2ban</code> installation completes, since it is set to <code>trusted</code> during\nthe installation step.</li>\n</ol>\n<h4 id=\"todo\">TODO</h4>\n<ul>\n<li>Add support for protocols/services other than ssh</li>\n</ul>\n","repoName":"module-security","repoRef":"v0.71.5","serviceDescriptor":{"serviceName":"fail2ban","serviceRepoName":"module-security","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/fail2ban","cloudProviders":["aws","gcp"],"description":"Configure a Linux server to automatically ban malicious ip addresses from connecting to the server via SSH.","imageUrl":"fail2ban.png","licenseType":"subscriber","technologies":["Bash"],"compliance":[],"tags":[""]},"serviceCategoryName":"Intrusion prevention","fileName":"README.md","filePath":"/modules/fail2ban","title":"Repo Browser: fail2ban","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}