A CMK is a key managed by AWS that you never see (and can therefore never compromise). You use use a CMK via the AWS API
to encrypt and decrypt small amounts of data and to generate Data Keys
that can be used to encrypt and decrypt larger amounts of data.
Using the AWS API with KMS can be clumsy. For a more streamlined experience, try gruntkms.
How do you use this module?
See the root README for instructions on using Terraform modules.
See variables.tf for all the variables you can set on this module.
Note: This module creates a Master Key in KMS. Each Master Key costs $1/month, even if you delete it immediately
after. So please be aware that using this module will cost you money!
CMK Administrators vs. CMK Users
This CMK Key Policy declares three levels of access to the CMK:
Key Administrators: Administrators can manage the CMK, including updating the Key Policy, revoking the CMK, and
getting additional info about the CMK. Administrators get no permissions to actually use the CMK, for example, with
encrypt or decrypt operations.
Key Users: Users can use the CMK for encrypt and decrypt operations but cannot manage it.
External Key Users: Users from external AWS accounts can use the CMK for encrypt and decrypt operations but cannot manage it.
You must have at least one IAM ARN for Key Administrators and Key Users user types. External Key Users are optional. Note that this ARN can be an IAM User, IAM Group, or IAM Role.
Background
What is KMS?
Amazon's Key Management Service (KMS) is a managed service that makes it easy for you to
create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect
the security of your keys.
What is a Customer Master Key?
A Customer Master Key (CMK) is a secret key that KMS stores and manages for you. You can use the CMK to encrypt small
amounts of data using the AWS APIs or a tool like gruntkms. It is a "master"
key in the sense that you can also use a CMK to generate a "Data Key" that you can use in your own encryption algorithms
to encrypt and decrypt large amounts of data.
When you use a Data Key, you typically store it, encrypted via the CMK, in version control or co-located with your data
itself, and decrypt it via the AWS API or gruntkms whenever you need to use it to decrypt or encrypt data.
Amazon never grants you access to the CMK itself, only to operations that use the key.
Managing a Key's Permissions with the Key Policy vs. IAM Policies
When you want to grant a permission on most AWS resources, you attach an IAM Policy
to an IAM User, IAM Group, or IAM Role. This works well for most resources, but when it comes to CMK's, it means that any
admin-level IAM User has full access to all CMK's.
But maybe this isn't what you want. For example, suppose your DevOps team has admin-level access to your AWS account, but
they still shouldn't have access to a prod CMK used to encrypt production data. Fortunately, AWS gives us a solution
for such situations: the CMK Key Policy.
By default, only the permissions granted in a CMK Key Policy are honored. For example, the CMK Key Policy might
grant IAM User jane.doe the kms:encrypt and kms:decrypt permissions. But if john.doe has an IAM Policy that grants
him those same permissions on the CMK, that IAM Policy will actually have no effect.
If you do want to honor IAM Policies for a particular CMK, you can include a setting in the CMK Key Policy that
grants this permission to IAM. In this case, jane.doe will retain her rights granted from the CMK Key Policy, but now
john.doe will have access, too.
In general, we recommend using only the CMK Key Policy if possible. This has the benefit of explicitly declaring who has
access to the CMK, versus allowing any possible number of IAM Policy configurations to determine access. But the biggest
downside is that it's now possible to lock yourself out of the CMK, so if you're not confident about your ability to
manage the CMK, you may wish to use IAM policies. In addition, IAM is a central place for managing all permissions, whereas
using just the CMK Key Policy means you now need to update the Key Policy any time the perissions change, which may be
more onerous.
TODO
Explicitly test that granting another AWS resource such as an S3 Bucket privileges on the KMS Key works as expected
for key users.
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"b632050a90683f5823758b18bc3e485874f30530"},{"name":"post-upgrade-test-results.sh","path":".circleci/post-upgrade-test-results.sh","sha":"a4867e8fbdc334b7a90259568ee41ea577fbe764"},{"name":"set-upgrade-test-vars.sh","path":".circleci/set-upgrade-test-vars.sh","sha":"892467768667b771c06e8dd6ff7c7fba1919809f"}]},{"name":".editorconfig","path":".editorconfig","sha":"92ad89fbaccc7ba421a0965c03d8d3c3758e1773"},{"name":".github","children":[{"name":"ISSUE_TEMPLATE","children":[{"name":"bug_report.md","path":".github/ISSUE_TEMPLATE/bug_report.md","sha":"d2e87e27c601e423865ed660ec697082470ca60f"},{"name":"feature_request.md","path":".github/ISSUE_TEMPLATE/feature_request.md","sha":"023a33099be2336476930c96e17ff1ba5dc55348"}]},{"name":"pull_request_template.md","path":".github/pull_request_template.md","sha":"6b100e40e323b5b07f40ed30616277c51c9f4b9e"}]},{"name":".gitignore","path":".gitignore","sha":"0cf4a055250f3a27cf2020436c45fb1e85f0c07f"},{"name":".patcher","children":[{"name":"config.yaml","path":".patcher/config.yaml","sha":"67c22634730a5cc273a909f4c50c377e4ac60657"},{"name":"patches","children":[{"name":"aws-provider-3.64","children":[{"name":"bump_provider_aws_3.64.0.sh","path":".patcher/patches/aws-provider-3.64/bump_provider_aws_3.64.0.sh","sha":"3435a91ff90ece19e39f93f64434ab9bf0339c4b"},{"name":"create_script_for_terraform_init_3.64.0.sh","path":".patcher/patches/aws-provider-3.64/create_script_for_terraform_init_3.64.0.sh","sha":"97193ae68990752a331ecfd713358dd43ce355a3"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-3.64/patch.yaml","sha":"478943e4ba736d5693573d263c32ccdbd2b0532e"}]},{"name":"aws-provider-3.66.0","children":[{"name":"bump_provider_aws_3.66.0.sh","path":".patcher/patches/aws-provider-3.66.0/bump_provider_aws_3.66.0.sh","sha":"161b2df36453676071c35a1f06bfd4d6312034e1"},{"name":"create_script_for_terraform_init_3.66.0.sh","path":".patcher/patches/aws-provider-3.66.0/create_script_for_terraform_init_3.66.0.sh","sha":"00fa34828a360e25d941f37964c8f0defa79f073"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-3.66.0/patch.yaml","sha":"95810f40716247eef97236aad8e4d1c34780eae3"}]},{"name":"aws-provider-4.x-3.75.0","children":[{"name":"bump_provider_aws_3.75.0.sh","path":".patcher/patches/aws-provider-4.x-3.75.0/bump_provider_aws_3.75.0.sh","sha":"7a3efe13136cca239fed10ac79a8235db63b46c7"},{"name":"create_script_for_terraform_init_3.75.0.sh","path":".patcher/patches/aws-provider-4.x-3.75.0/create_script_for_terraform_init_3.75.0.sh","sha":"1f3da8348dbaf12e2493e93f037f75620eba7a5b"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-4.x-3.75.0/patch.yaml","sha":"f17a744f5ca9e00807bff797f6bf32f0f70f0bb4"}]},{"name":"aws-provider-4.x-3.75.1","children":[{"name":"bump_provider_aws_3.75.1.sh","path":".patcher/patches/aws-provider-4.x-3.75.1/bump_provider_aws_3.75.1.sh","sha":"539cffdeb53bfcdf3f9dea8e67d60b4d6b434428"},{"name":"create_script_for_terraform_init_3.75.1.sh","path":".patcher/patches/aws-provider-4.x-3.75.1/create_script_for_terraform_init_3.75.1.sh","sha":"097647deb89942ef8200679ae7e2a58760b011f3"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-4.x-3.75.1/patch.yaml","sha":"8ec256c244c4ba040fd40af9037aaf6a635c8b87"}]}]}]},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"c54725b8fe2e0eb30c15d29380a23f1fb58360fa"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"c95270a440bf3806d929de6a1e25dbbbd4422e6d"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"6e1d6c6f741cb0178f9149a9e2102397e60f3ecd"},{"name":"_ci","children":[{"name":"output-debug-values.sh","path":"_ci/output-debug-values.sh","sha":"39d6d5f080a53f932e3b5ec970b5f268fd00e50a"}]},{"name":"_docs","children":[{"name":"auto-update.png","path":"_docs/auto-update.png","sha":"77bfd1c65de0245ac8b3c67d5b0b64fc440824bf"},{"name":"aws-cloudtrail-architecture.png","path":"_docs/aws-cloudtrail-architecture.png","sha":"a2dd9a08b8ed77744fd5febab3be7bdf633dee79"},{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"acc7dcaf4b46ce3cef1bcc20be0329e12c320e7f"},{"name":"aws-config-architecture.png","path":"_docs/aws-config-architecture.png","sha":"721458048d5e539468c438498863a91fa96e0a85"},{"name":"aws-config-rules-architecture.png","path":"_docs/aws-config-rules-architecture.png","sha":"29fe3f20358b176e385d1bcdc0357bff2c1d5b4a"},{"name":"aws-config-rules.png","path":"_docs/aws-config-rules.png","sha":"ac3f7b35bcac949887e62aee260d9cb70edd3ae8"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"02f4b326aef57372def4f3fafa4f0e4cec07e395"},{"name":"aws-guardduty.png","path":"_docs/aws-guardduty.png","sha":"053b92412fb8e3fb5740acc404b493fe1dd7229b"},{"name":"aws-organizations-architecture.png","path":"_docs/aws-organizations-architecture.png","sha":"bd57412fe85d3fe8d5e358db5e3b7bfef3e786a9"},{"name":"aws-organizations-icon.png","path":"_docs/aws-organizations-icon.png","sha":"b2b3fa04f51a23e5bae1b3389ffedf5e17b3cef2"},{"name":"iam-access-analyzer.png","path":"_docs/iam-access-analyzer.png","sha":"36e38e69454beae66d35b9bf25b3e5ffe1e68a25"},{"name":"kms-icon.png","path":"_docs/kms-icon.png","sha":"cd4f350a9a3fda41089928a7e396ee8924b7a901"},{"name":"multi-account-multi-region-aws-config.png","path":"_docs/multi-account-multi-region-aws-config.png","sha":"a9c813b1799fe71554c20c8fefc703792293bfe4"},{"name":"multiaccount_guardduty.png","path":"_docs/multiaccount_guardduty.png","sha":"c56b50bbb4c2a041366b430cada27b88aa02524b"},{"name":"ssh-grunt-architecture.png","path":"_docs/ssh-grunt-architecture.png","sha":"9ced8c68bcc7957e50aa016cad6c5b043a05b470"},{"name":"terminal-icon.png","path":"_docs/terminal-icon.png","sha":"df09d52d5b1176d7e231bab6c7712c3728e45c1b"}]},{"name":"codegen","children":[{"name":"README.adoc","path":"codegen/README.adoc","sha":"e2b5314b4f15a8f5b6c1b3932e73de6e87d107f0"},{"name":"core-concepts.md","path":"codegen/core-concepts.md","sha":"84b96ff7db44ca1785f27d873fb559677ceead4a"},{"name":"generate-all.sh","path":"codegen/generate-all.sh","sha":"e95f7a1fe3b75636468472cd072e0d0b559f2eb5"},{"name":"generate-aws-config","children":[{"name":".gitignore","path":"codegen/generate-aws-config/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-config/main.go","sha":"61962b08f49ada32239f40be7dede4830517db00"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-config/static/README.adoc","sha":"dc4b0dc89afdd92984fceca74f2c2e087645d019"},{"name":"core-concepts.md","path":"codegen/generate-aws-config/static/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"variables.tf","path":"codegen/generate-aws-config/static/variables.tf","sha":"5d33ad42f818f943993986c0c3bb964eee84f9ba"}]},{"name":"template_data.go","path":"codegen/generate-aws-config/template_data.go","sha":"3e7e5e495a7f126b671f587554f3d4e08278801a"}]},{"name":"generate-aws-guardduty","children":[{"name":".gitignore","path":"codegen/generate-aws-guardduty/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-guardduty/main.go","sha":"c601f31f76e141d5d119f9e623346762572455ed"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-guardduty/static/README.adoc","sha":"e2959ada579d8b5cb64df19e3c39aac983e9bc40"},{"name":"variables.tf","path":"codegen/generate-aws-guardduty/static/variables.tf","sha":"5e2a75522e60e48888a1da78ac544a38882b9022"}]},{"name":"template_data.go","path":"codegen/generate-aws-guardduty/template_data.go","sha":"10972a350c90666bc4b50819389039fb3b79c528"}]},{"name":"generate-ebs-encryption","children":[{"name":".gitignore","path":"codegen/generate-ebs-encryption/.gitignore","sha":"a3f620a6c9c87b381bf6748917bdf9542792f54b"},{"name":"main.go","path":"codegen/generate-ebs-encryption/main.go","sha":"9a6d91248b2368d26b9cfce7517230b6dd4bfc08"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-ebs-encryption/static/README.adoc","sha":"86b31069c9627391411f7b6cceed08e813a7a37e"},{"name":"variables.tf","path":"codegen/generate-ebs-encryption/static/variables.tf","sha":"4bb22b9bb519462a429baea8ffea9d1a3991be26"}]},{"name":"template_data.go","path":"codegen/generate-ebs-encryption/template_data.go","sha":"fd500cf79337ab316d3c0eb466c47ba408f75346"}]},{"name":"generate-multiregion-iam-access-analyzer","children":[{"name":".gitignore","path":"codegen/generate-multiregion-iam-access-analyzer/.gitignore","sha":"045b82ea48805332afcf6edb7a52b41310f0c72c"},{"name":"main.go","path":"codegen/generate-multiregion-iam-access-analyzer/main.go","sha":"881f4fc8e464c4c4337866692dad7ddbe03c1df0"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-iam-access-analyzer/static/README.adoc","sha":"d87068a71e5a6149ba32dcc1ba33070d8b83aeaa"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-iam-access-analyzer/static/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"variables.tf","path":"codegen/generate-multiregion-iam-access-analyzer/static/variables.tf","sha":"6e8d81aac5af0cba584e6d0884e03cfbc23ba07f"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-iam-access-analyzer/template_data.go","sha":"934f6eed2001f1155777dbdf30399d2cad447c6f"}]},{"name":"generate-multiregion-kms-grant","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms-grant/.gitignore","sha":"ce81abc8eeae39683199307d44536f0a8b1b7862"},{"name":"main.go","path":"codegen/generate-multiregion-kms-grant/main.go","sha":"63601132e88e8a47669e4391f91b9638efc39f95"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms-grant/static/README.adoc","sha":"7c33dc779f289c34d0c72ecce7a4a60d99c38098"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-kms-grant/static/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms-grant/static/variables.tf","sha":"505b2d0cb9ecf78f0364e845cab72bf0c28365d5"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms-grant/template_data.go","sha":"290280e7d9d065b6f8d14f2635daf05cff6607fb"}]},{"name":"generate-multiregion-kms","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms/.gitignore","sha":"dd60654458233c0bdb18892c5989f1828889d55b"},{"name":"main.go","path":"codegen/generate-multiregion-kms/main.go","sha":"129659dc4368e96d289a5a3087376dc50355d581"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms/static/README.adoc","sha":"75402e428cc30fee27dc5dd469788cf1d71320eb"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-kms/static/core-concepts.md","sha":"8ba58b9a40c3aad18e2b804f53c6439b549b756d"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms/static/variables.tf","sha":"b1740fb059927c65f7afd76f902ba616a921a138"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms/template_data.go","sha":"4e3e26c551042fd93ffcad5f96f96a13ed3dbf67"}]},{"name":"generator","children":[{"name":"autogen_variables.tf.tpl.go","path":"codegen/generator/autogen_variables.tf.tpl.go","sha":"2817455872b7ca544e003936ac04723ce4573dbb"},{"name":"aws.go","path":"codegen/generator/aws.go","sha":"6deab752db1f91eac4ea704e037f7f1d9fefe55c"},{"name":"cli.go","path":"codegen/generator/cli.go","sha":"c5b811e482648de2d5315f8bbf1c9383b7477155"},{"name":"errors.go","path":"codegen/generator/errors.go","sha":"21fd1f6d4bef60ea9cb39939783696526ddd02e7"},{"name":"generator.go","path":"codegen/generator/generator.go","sha":"8ee7e0b2b74a5f1e637ffe92106cfdd69459d400"},{"name":"main.tf.tpl.go","path":"codegen/generator/main.tf.tpl.go","sha":"5cc7edcf31fc4a7d8e3c023563d82912d44ad6df"},{"name":"outputs.tf.tpl.go","path":"codegen/generator/outputs.tf.tpl.go","sha":"c345e783f1bbfa91615b60c1aa1d408f2a770560"}]},{"name":"go.mod","path":"codegen/go.mod","sha":"9ec5716f8e080cd7938bbff38710b5b431976c82"},{"name":"go.sum","path":"codegen/go.sum","sha":"01eaf69233f3d5c601db3d59c4a448d1da80c5b3"},{"name":"logging","children":[{"name":"logging.go","path":"codegen/logging/logging.go","sha":"582d5e1f6cdb5c400978162482292fc2ab79bd1d"}]}]},{"name":"examples","children":[{"name":"auto-update","children":[{"name":"README.md","path":"examples/auto-update/README.md","sha":"4638d119d6ab18abcd5b3a1f1b9c7126063b9a7c"},{"name":"auto-update-example.json","path":"examples/auto-update/auto-update-example.json","sha":"6ea066fcb31d5cccb3620483e7d5922a4a135237"}]},{"name":"aws-config-multi-region","children":[{"name":"README.md","path":"examples/aws-config-multi-region/README.md","sha":"5d472db5cdc843b494852a062d8c0880f246fcd0"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/aws-config-multi-region/terraform/main.tf","sha":"2a84cd06ff41c5ff6438a893828cd6b448c314d2"},{"name":"outputs.tf","path":"examples/aws-config-multi-region/terraform/outputs.tf","sha":"77ee90f69634c965b8ebed79a8d3afd6adca4db4"},{"name":"providers.tf","path":"examples/aws-config-multi-region/terraform/providers.tf","sha":"28ed423dfce31e06a3b81adc2bb0f679bb804ea0"},{"name":"variables.tf","path":"examples/aws-config-multi-region/terraform/variables.tf","sha":"59522bebed5385bfd208715d4933208ae9abcbec"}]},{"name":"terragrunt","children":[{"name":"terragrunt.hcl","path":"examples/aws-config-multi-region/terragrunt/terragrunt.hcl","sha":"178f71cd0cddbcb96a6ba8b3a9d9ef5aa1a15352"}]}]},{"name":"aws-config-rules","children":[{"name":"README.md","path":"examples/aws-config-rules/README.md","sha":"6cd2794e82af1e3c3620d8feaed136af5358207e"},{"name":"main.tf","path":"examples/aws-config-rules/main.tf","sha":"d661c81d842e7fcc5ab559dc82cf2a45e566772d"},{"name":"outputs.tf","path":"examples/aws-config-rules/outputs.tf","sha":"4319400eb4190f58458f2dd9398225869ff08da3"},{"name":"variables.tf","path":"examples/aws-config-rules/variables.tf","sha":"7d39063bdc912f043b060e8390a72fe1b984f2c5"}]},{"name":"aws-config","children":[{"name":"README.md","path":"examples/aws-config/README.md","sha":"5d66d09633de365e154669a090edc37fc70548d1"},{"name":"main.tf","path":"examples/aws-config/main.tf","sha":"1ea0236b25a7e57ca400e66dee02c9bec50540f2"},{"name":"outputs.tf","path":"examples/aws-config/outputs.tf","sha":"ddd32698f39772d663a2d9b8a6276260f5431068"},{"name":"variables.tf","path":"examples/aws-config/variables.tf","sha":"f119464824bd2821f2c6e8917e0670010090bc34"}]},{"name":"aws-organizations","children":[{"name":"README.md","path":"examples/aws-organizations/README.md","sha":"1da3c2fc061fee6ee99564b8b2323ccf69f2c690"},{"name":"main.tf","path":"examples/aws-organizations/main.tf","sha":"6e8550569d68880d9fa5eb1ff2c9e8e95a97db72"},{"name":"outputs.tf","path":"examples/aws-organizations/outputs.tf","sha":"58e36aac71c1fd04d5552fa840a9b5f149dcc32a"},{"name":"variables.tf","path":"examples/aws-organizations/variables.tf","sha":"59afc28c87bc3c49d11c6faf7e112643f0a95481"}]},{"name":"cloudtrail-custom-key","children":[{"name":"README.md","path":"examples/cloudtrail-custom-key/README.md","sha":"bb376ddaca4b52bef18a5526aa9cb0465574ff7e"},{"name":"main.tf","path":"examples/cloudtrail-custom-key/main.tf","sha":"4d8659f5463d28160ec3e6ffc1b92234274817d4"},{"name":"outputs.tf","path":"examples/cloudtrail-custom-key/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail-custom-key/variables.tf","sha":"a72f9cabc8968d84ecdd5f2a3cbd5e8e41c064f6"}]},{"name":"cloudtrail","children":[{"name":"README.md","path":"examples/cloudtrail/README.md","sha":"2fbe4b7494d970738d054910d86d0ae31718c8ec"},{"name":"main.tf","path":"examples/cloudtrail/main.tf","sha":"8ad8feda9bbe421ca2d7fa23015bb3bac6b3dcae"},{"name":"outputs.tf","path":"examples/cloudtrail/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail/variables.tf","sha":"cbeb938286bd999d6072ef3093254e8fd435f529"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/README.md","sha":"bac6fd37f7f7009454a66e55e8ff377fff36aefb"},{"name":"main.tf","path":"examples/cross-account-iam-roles/main.tf","sha":"501afff7e5cb2d3f287a240cc982cac6af71f8ba"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/outputs.tf","sha":"44af3be56d0a80e4d509fcd62c0e6dd8628072fa"},{"name":"variables.tf","path":"examples/cross-account-iam-roles/variables.tf","sha":"749900f2e1e1d18ca039847f30676461c14cb7a8"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"examples/custom-iam-entity/README.md","sha":"7e6c2e15f44a4ddc28ef276da4b323d2fd326a3f"},{"name":"main.tf","path":"examples/custom-iam-entity/main.tf","sha":"6a5f13f53d4e1a5c891e1ca4746d78725d55002f"},{"name":"outputs.tf","path":"examples/custom-iam-entity/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"variables.tf","path":"examples/custom-iam-entity/variables.tf","sha":"098b2744c093aac9a50c36df4a88d12f4a9baa50"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.md","path":"examples/ebs-encryption-multi-region/README.md","sha":"6052c04a4f885b2e37658652bd174a59c56273de"},{"name":"main.tf","path":"examples/ebs-encryption-multi-region/main.tf","sha":"6291958eefcadfc4284ff2e6b84b0017c2b9d86c"},{"name":"outputs.tf","path":"examples/ebs-encryption-multi-region/outputs.tf","sha":"49520778a1fc9e5e82777cbb5aa0250e032e1817"},{"name":"providers.tf","path":"examples/ebs-encryption-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/ebs-encryption-multi-region/variables.tf","sha":"7693921b9f8ac0a0211b69b8417ac849c6b0a6b2"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"examples/fail2ban/README.md","sha":"6599f8481a3e7666ffe7924707c89b0701d57689"},{"name":"fail2ban-example.json","path":"examples/fail2ban/fail2ban-example.json","sha":"27869b3c43d34d5e862c101673e7e32842f2cf5d"},{"name":"main.tf","path":"examples/fail2ban/main.tf","sha":"445dc77faa7282b6e83cb990743e53ea212c2d7e"},{"name":"outputs.tf","path":"examples/fail2ban/outputs.tf","sha":"77a6ab8a992cd106de126f24b2950c1efa499229"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/fail2ban/user-data/user-data.sh","sha":"460b230fb025451e06e8cdd73f83bb5bfea21110"}]},{"name":"variables.tf","path":"examples/fail2ban/variables.tf","sha":"65cae65d6dde1f7c3b4fa83f0bd722617444c18d"}]},{"name":"github-actions-iam-role-existing-oidc-provider","children":[{"name":"main.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/main.tf","sha":"e111d2e80649aba1000b06c955c8ccc7b9e6e79a"},{"name":"outputs.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/outputs.tf","sha":"d440f596aefbccbe3b4e76f8262a7201a89688c1"},{"name":"variables.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/variables.tf","sha":"ac6e2249daba4410a22dd09b9a6912a1ef645da0"}]},{"name":"github-actions-iam-role","children":[{"name":"main.tf","path":"examples/github-actions-iam-role/main.tf","sha":"acab78c433504d8d0002cca1c194efbb86f303b6"},{"name":"outputs.tf","path":"examples/github-actions-iam-role/outputs.tf","sha":"d440f596aefbccbe3b4e76f8262a7201a89688c1"},{"name":"variables.tf","path":"examples/github-actions-iam-role/variables.tf","sha":"ac6e2249daba4410a22dd09b9a6912a1ef645da0"}]},{"name":"guardduty","children":[{"name":"README.md","path":"examples/guardduty/README.md","sha":"23c75950a1b8b33286b79bd5e9d853cee02d62ea"},{"name":"main.tf","path":"examples/guardduty/main.tf","sha":"f6b5ebdf79855b9fcb5e14ad681408997d41e67f"},{"name":"outputs.tf","path":"examples/guardduty/outputs.tf","sha":"37cb3c11ae6c6fcbc0dd9bdd5e0c25efa056e82b"},{"name":"providers.tf","path":"examples/guardduty/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/guardduty/variables.tf","sha":"088c6aebe9496507e3a7c2d224ed4936e55c8700"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.md","path":"examples/iam-access-analyzer-multi-region/README.md","sha":"51c398bec469b1d95f4e59e2fb1f287fe621bf20"},{"name":"main.tf","path":"examples/iam-access-analyzer-multi-region/main.tf","sha":"80c4ea9fc63638d47f92a94b808668b0738bda6f"},{"name":"providers.tf","path":"examples/iam-access-analyzer-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/iam-access-analyzer-multi-region/variables.tf","sha":"63a155cedce7a2119429f3e200c4c501c7715489"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"examples/iam-groups/README.md","sha":"7bd21c82fd8f28f7b3155497a0524d86ce17cfdd"},{"name":"main.tf","path":"examples/iam-groups/main.tf","sha":"1296371bcfc2b526f65d28a1484d7755f0590af1"},{"name":"outputs.tf","path":"examples/iam-groups/outputs.tf","sha":"5076c13be431d7844e1ce524bcd40076450c051e"},{"name":"variables.tf","path":"examples/iam-groups/variables.tf","sha":"a7790e3207316f9e6216574fe2e0dd50fb39b767"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"examples/iam-user-password-policy/README.md","sha":"bc62258833767d2e383a130c43d57a11e229af27"},{"name":"main.tf","path":"examples/iam-user-password-policy/main.tf","sha":"3154b54ed5aaa34ceb3617a70fb162a12468ad13"},{"name":"outputs.tf","path":"examples/iam-user-password-policy/outputs.tf","sha":"36e88e92cf2568fb06a8da0453a85bcb4bd199dd"},{"name":"variables.tf","path":"examples/iam-user-password-policy/variables.tf","sha":"7f920bda19b0928773bb37203859a68453a12231"}]},{"name":"iam-users","children":[{"name":"README.md","path":"examples/iam-users/README.md","sha":"f8b65e9756e9f8c8703a854c1363be700b5fe8d9"},{"name":"main.tf","path":"examples/iam-users/main.tf","sha":"f78bc115fccc493045472ac2c2046bff60ea5559"},{"name":"outputs.tf","path":"examples/iam-users/outputs.tf","sha":"dfa5ea6a81c8d28ffbfb0bf34e9ee3871eb80619"},{"name":"variables.tf","path":"examples/iam-users/variables.tf","sha":"52c97ebc727f29aa1c7cbc7e3947967a04dd4e52"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"examples/ip-lockdown/README.md","sha":"3962ba23a76d8f02e5c0ffc8cb71196991628e38"},{"name":"aws-example","children":[{"name":"README.md","path":"examples/ip-lockdown/aws-example/README.md","sha":"da44a1265bdd321d10b4a6e3471a655da91033bb"},{"name":"main.tf","path":"examples/ip-lockdown/aws-example/main.tf","sha":"6c6d4838eb381869ff38d61d19b255d653bd0c9d"},{"name":"outputs.tf","path":"examples/ip-lockdown/aws-example/outputs.tf","sha":"a175a78c9a10f9f2fd9d7c84f9b304aebc1bdb41"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/ip-lockdown/aws-example/user-data/user-data.sh","sha":"c6d308027737a434f4c96bc3eba5bd301897af62"}]},{"name":"variables.tf","path":"examples/ip-lockdown/aws-example/variables.tf","sha":"85be46b79dfe349e32974eccdc9c3206211787ac"}]},{"name":"ip-lockdown-sample.json","path":"examples/ip-lockdown/ip-lockdown-sample.json","sha":"b0cae4cdbc52a57e496b925c8532ca8186949291"},{"name":"local-test","children":[{"name":"README.md","path":"examples/ip-lockdown/local-test/README.md","sha":"3f0e1a6483ce3155bb04dbb9a4fd76ed41486d35"},{"name":"docker-compose.yml","path":"examples/ip-lockdown/local-test/docker-compose.yml","sha":"7c8e3a5d1fd40a95ef99b4bba0911c63ed43b530"}]}]},{"name":"kms-grant-multi-region","children":[{"name":"main.tf","path":"examples/kms-grant-multi-region/main.tf","sha":"a457457ce558e7c71927e973608bdc66cb8bc285"},{"name":"providers.tf","path":"examples/kms-grant-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/kms-grant-multi-region/variables.tf","sha":"5c82ac63c161e1c7e7191dbb709926da4aebb4d5"}]},{"name":"kms-master-key-multi-region","children":[{"name":"main.tf","path":"examples/kms-master-key-multi-region/main.tf","sha":"3483cd9fbac54c347658b632213f99680da468fe"},{"name":"outputs.tf","path":"examples/kms-master-key-multi-region/outputs.tf","sha":"c2685a282b5ce295c2dd80a78841711a40e80dcb"},{"name":"providers.tf","path":"examples/kms-master-key-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/kms-master-key-multi-region/variables.tf","sha":"5199b550d4a05ab5920099a9b791a0394c2c1492"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"examples/kms-master-key/README.md","sha":"821565d831f2afcf7a2ffeea9a0854fabdaae033"},{"name":"main.tf","path":"examples/kms-master-key/main.tf","sha":"6056269e71058398aba9c7d51791d84e2e862e31"},{"name":"outputs.tf","path":"examples/kms-master-key/outputs.tf","sha":"4d5fd0a19ea917beff0241f169b51417ff9935b9"},{"name":"variables.tf","path":"examples/kms-master-key/variables.tf","sha":"c1de5a7b1c0859710d1253b61baf86c4564560e3"}]},{"name":"ntp","children":[{"name":"README.md","path":"examples/ntp/README.md","sha":"b676e802c1d196f6af204d14d143b80864bccd30"},{"name":"ntp-example.json","path":"examples/ntp/ntp-example.json","sha":"e8a7cf3dcdf7637db8041a486c458f795b3678c0"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"examples/os-hardening/README.md","sha":"1e846b7a8c85f76dab7f2db87b30118ba2598b69"},{"name":"packer-build.sh","path":"examples/os-hardening/packer-build.sh","sha":"2c2b5c007ba9024873bfee11292482113a8a2f40"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/os-hardening/terraform/main.tf","sha":"3153d380d27f69b9f7e2598d6319031d326cd0d5"},{"name":"outputs.tf","path":"examples/os-hardening/terraform/outputs.tf","sha":"60fa5faaa18d1a146332c851f4a068e2f2785c58"},{"name":"packer","children":[{"name":"amazon-linux.json","path":"examples/os-hardening/terraform/packer/amazon-linux.json","sha":"9cb139394ce9f295e6ed47742eab12d4c99c15cf"},{"name":"files","children":[{"name":"etc","children":[{"name":"fstab","path":"examples/os-hardening/terraform/packer/files/etc/fstab","sha":"cbf68cec68a92bc54f514dd0d6906f19cea857e6"}]}]}]},{"name":"variables.tf","path":"examples/os-hardening/terraform/variables.tf","sha":"3166fe1f2f6f281a2b1e8b0c7b20238fed614ac7"}]}]},{"name":"private-s3-bucket-null-ownership","children":[{"name":"README.md","path":"examples/private-s3-bucket-null-ownership/README.md","sha":"537dea0ff4b17fcc8c8a9f17d55a5cae392edf39"},{"name":"main.tf","path":"examples/private-s3-bucket-null-ownership/main.tf","sha":"39cde90b3946dead4926e618231c2a5e9e243862"},{"name":"outputs.tf","path":"examples/private-s3-bucket-null-ownership/outputs.tf","sha":"efddeeb33901e91f4f28a438afb3455f2cca5e18"},{"name":"variables.tf","path":"examples/private-s3-bucket-null-ownership/variables.tf","sha":"ce9cb926cc79a19e527ec6b6b8f918232dad4168"}]},{"name":"private-s3-bucket-with-replication","children":[{"name":"README.md","path":"examples/private-s3-bucket-with-replication/README.md","sha":"8e47c9c013750aab08f8200383a9a468af233816"},{"name":"main.tf","path":"examples/private-s3-bucket-with-replication/main.tf","sha":"1646b9dfa0d6194ab3d10b335e31d734c8f18df5"},{"name":"outputs.tf","path":"examples/private-s3-bucket-with-replication/outputs.tf","sha":"e0ca6c1c51d90124a0f6aa588f2286106766f7e7"},{"name":"variables.tf","path":"examples/private-s3-bucket-with-replication/variables.tf","sha":"4ba072428192f007a6511ee27aadfc49d9da9bb2"}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"examples/private-s3-bucket/README.md","sha":"5214e6225de5e051cb2842fa2eb6e04a92184a10"},{"name":"main.tf","path":"examples/private-s3-bucket/main.tf","sha":"926dd654288f092fefb6ac1b6a4e8092aff34c3d"},{"name":"outputs.tf","path":"examples/private-s3-bucket/outputs.tf","sha":"efddeeb33901e91f4f28a438afb3455f2cca5e18"},{"name":"variables.tf","path":"examples/private-s3-bucket/variables.tf","sha":"ce9cb926cc79a19e527ec6b6b8f918232dad4168"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"examples/saml-iam-roles/README.md","sha":"b4ef2b28d5704aec892ea54cc28a61fbb46378c9"},{"name":"main.tf","path":"examples/saml-iam-roles/main.tf","sha":"e08a534b5d83f212442d394949be3d5304d5dda0"},{"name":"outputs.tf","path":"examples/saml-iam-roles/outputs.tf","sha":"1bd4fec9529cddfd2d3f61bba60f9dfb8b286c70"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"variables.tf","path":"examples/saml-iam-roles/variables.tf","sha":"28705aa859940aa4b8027a19fe0b5b4affba939e"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"README.md","path":"examples/secrets-manager-resource-policies/README.md","sha":"289a83c28bd9142fc7bbb4e603a4b25b4c9c1b98"},{"name":"main.tf","path":"examples/secrets-manager-resource-policies/main.tf","sha":"03943a159f858357c8b02a2a12b3916dddd98151"},{"name":"variables.tf","path":"examples/secrets-manager-resource-policies/variables.tf","sha":"d6f5c45fbc2173475cec7c4e77ac8f5caed4dc27"}]},{"name":"ssh-grunt","children":[{"name":"iam","children":[{"name":"README.md","path":"examples/ssh-grunt/iam/README.md","sha":"b1ae6d51c6f6d3eeb7df2b51dab8d0d238f53132"},{"name":"main.tf","path":"examples/ssh-grunt/iam/main.tf","sha":"4c06b110db63bee079e3387ab7341d208bbd498e"},{"name":"outputs.tf","path":"examples/ssh-grunt/iam/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"variables.tf","path":"examples/ssh-grunt/iam/variables.tf","sha":"a81647a7dff82c3ffaf849bba4883d8a518f9b69"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/ssh-grunt/packer/README.md","sha":"b44b220f168e6e682bbf5f68065b8269a706fca5"},{"name":"build-binary.sh","path":"examples/ssh-grunt/packer/build-binary.sh","sha":"fe84ead78eb3e87e4855272f28c83d681c58ffff"},{"name":"ssh-grunt-iam.json","path":"examples/ssh-grunt/packer/ssh-grunt-iam.json","sha":"e1c5559f7f75676018239c773c7176ab8c9355c1"}]}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"examples/ssm-healthchecks-iam-permissions/README.md","sha":"f1fe555a3aff887a966def0a1d3ccaff3dd826e7"},{"name":"main.tf","path":"examples/ssm-healthchecks-iam-permissions/main.tf","sha":"4c38ac5325ef7be7c5a2d8df3b8c5154fcf7a1c6"},{"name":"outputs.tf","path":"examples/ssm-healthchecks-iam-permissions/outputs.tf","sha":"52688c3a4f1f8349500505fb8949fa0d21c385a3"},{"name":"variables.tf","path":"examples/ssm-healthchecks-iam-permissions/variables.tf","sha":"217574c100974ae601b2a1478e0ac183d351d4a0"}]}]},{"name":"modules","children":[{"name":"_deprecated","children":[{"name":"account-baseline-app","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-app/README.md","sha":"289d35b15becbf5164ee355fecd892edf12c60bc"}]},{"name":"account-baseline-root","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-root/README.md","sha":"0ac4e867ee61387b76475d7eb36bba673a30fd76"}]},{"name":"account-baseline-security","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-security/README.md","sha":"ace992c3b31b9320aa1d559bbde597cc945c4430"}]},{"name":"custom-iam-group","children":[{"name":"README.md","path":"modules/_deprecated/custom-iam-group/README.md","sha":"e7a0ff783eb1052aa77fe50d7eaa6a06d2d82649"}]}]},{"name":"auto-update","children":[{"name":"README.adoc","path":"modules/auto-update/README.adoc","sha":"1e193ac18cb6a1863518b95d621a7802b09c1fab"},{"name":"core-concepts.md","path":"modules/auto-update/core-concepts.md","sha":"636f7283fa9f2e49c69d90360bdabbc13f75e131"},{"name":"install-scripts","children":[{"name":"configure-auto-update","path":"modules/auto-update/install-scripts/configure-auto-update","sha":"e4be89eb671a0e13be461a6ca3a1ec89badba469"},{"name":"dnf-automatic.txt","path":"modules/auto-update/install-scripts/dnf-automatic.txt","sha":"a196902703beea8f5020ebae8fc667bc2eeecf5c"},{"name":"unattended_upgrades_config.txt","path":"modules/auto-update/install-scripts/unattended_upgrades_config.txt","sha":"abe88fd8a5037ce518bec69a6cac0699cb421d47"},{"name":"yum_cron_config.txt","path":"modules/auto-update/install-scripts/yum_cron_config.txt","sha":"e7ef4273f1b2af0c9c032fadaacd03130ba5ea78"}]},{"name":"install.sh","path":"modules/auto-update/install.sh","sha":"7c19fd0d04b11c358af64149b3169d6b2c5e3b58"}]},{"name":"aws-auth","children":[{"name":"AWS-AUTH-1PASSWORD.md","path":"modules/aws-auth/AWS-AUTH-1PASSWORD.md","sha":"d7a63db66ddf11b485a2850069d52edf6bea37eb"},{"name":"AWS-AUTH-LASTPASS.md","path":"modules/aws-auth/AWS-AUTH-LASTPASS.md","sha":"d9b65d95892c1e2275894eb2ca3dd8f334a3a8b8"},{"name":"README.md","path":"modules/aws-auth/README.md","sha":"10f5164db2016bda84383b598e0262a188a39599"},{"name":"bin","children":[{"name":"aws-auth","path":"modules/aws-auth/bin/aws-auth","sha":"85039ffd1720f9b93a34e8998852bdd3b9502bcc"}]},{"name":"install.sh","path":"modules/aws-auth/install.sh","sha":"ab9611d92d6822ceed981bdff3766724366037f0"}]},{"name":"aws-config-bucket","children":[{"name":"README.md","path":"modules/aws-config-bucket/README.md","sha":"2988d934e16617289522a4ea711ee07589ce96d7"},{"name":"main.tf","path":"modules/aws-config-bucket/main.tf","sha":"c8ca2220391bfab6d6c4f1a4501b6d6d39bb1a38"},{"name":"outputs.tf","path":"modules/aws-config-bucket/outputs.tf","sha":"8ac7ab1c4c5ded586bee63ce460b25cd60eb4a18"},{"name":"variables.tf","path":"modules/aws-config-bucket/variables.tf","sha":"ba6b30c18ca75ab991f42abb845ef89af8e9cb6e"}]},{"name":"aws-config-multi-region","children":[{"name":"README.adoc","path":"modules/aws-config-multi-region/README.adoc","sha":"dc4b0dc89afdd92984fceca74f2c2e087645d019"},{"name":"core-concepts.md","path":"modules/aws-config-multi-region/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"main.tf","path":"modules/aws-config-multi-region/main.tf","sha":"ae07fd9a32796db21e04230faa77d12e36828664"},{"name":"outputs.tf","path":"modules/aws-config-multi-region/outputs.tf","sha":"e076d643a4e3e28452332f7cc20ae6667b6cb6ac"},{"name":"variables.autogen.tf","path":"modules/aws-config-multi-region/variables.autogen.tf","sha":"3ea138065b8386950e13b049c9532d185c145f76"},{"name":"variables.tf","path":"modules/aws-config-multi-region/variables.tf","sha":"5d33ad42f818f943993986c0c3bb964eee84f9ba"}]},{"name":"aws-config-rules","children":[{"name":"README.adoc","path":"modules/aws-config-rules/README.adoc","sha":"2b550ac006ee6189aef5221748d03339bcf9806e"},{"name":"core-concepts.md","path":"modules/aws-config-rules/core-concepts.md","sha":"af111230b6262be339d220c7b2308493781fef49"},{"name":"main.tf","path":"modules/aws-config-rules/main.tf","sha":"4ca86c3be590d39cc0c79fd72d60efd0aba94eb4"},{"name":"outputs.tf","path":"modules/aws-config-rules/outputs.tf","sha":"c297ad118d46f79f286d6577770ab46e59555ccb"},{"name":"variables.tf","path":"modules/aws-config-rules/variables.tf","sha":"e0645e3cfa20c357ae31401a32b7ea2d81d30d5b"}]},{"name":"aws-config","children":[{"name":"README.adoc","path":"modules/aws-config/README.adoc","sha":"191a82102e5fc9778d777052fc9efd616ddeb9db"},{"name":"core-concepts.md","path":"modules/aws-config/core-concepts.md","sha":"e5a7b8646bab42398ff7f5224549e528ce8c0d52"},{"name":"main.tf","path":"modules/aws-config/main.tf","sha":"8b73507b99a6865a2ec9249777ddc9b71868fab4"},{"name":"outputs.tf","path":"modules/aws-config/outputs.tf","sha":"bcd505e4ac4102bc09750adb36c99398a06eb1a6"},{"name":"variables.tf","path":"modules/aws-config/variables.tf","sha":"d7a45f6dda0ca5edb7550a280fda29b5d6d97a39"}]},{"name":"aws-organizations","children":[{"name":"README.adoc","path":"modules/aws-organizations/README.adoc","sha":"52cda8fa0eaa15b00e5f389ba9dfb73a1f3c9d56"},{"name":"core-concepts.md","path":"modules/aws-organizations/core-concepts.md","sha":"8766c8f36eef9e8992bf13a44f6571261c43995d"},{"name":"main.tf","path":"modules/aws-organizations/main.tf","sha":"7d4851f605760cc8806fbee5cf24af9299c4ee78"},{"name":"outputs.tf","path":"modules/aws-organizations/outputs.tf","sha":"feed57b33ab7eb9b100712647942f1a8d7245b3d"},{"name":"variables.tf","path":"modules/aws-organizations/variables.tf","sha":"cf9e1673e458c5c7644b1e94e128eddb6feca0d3"}]},{"name":"cloudtrail-bucket","children":[{"name":"README.md","path":"modules/cloudtrail-bucket/README.md","sha":"acc86c32958e8f6d90944e714a7731a82f404c82"},{"name":"main.tf","path":"modules/cloudtrail-bucket/main.tf","sha":"4e60d8c2292cd3e3df31c2a66d227f5db83ee45c"},{"name":"outputs.tf","path":"modules/cloudtrail-bucket/outputs.tf","sha":"1e560e9b0cc1c8f40e81d5fe8bbbf1c03258fdae"},{"name":"variables.tf","path":"modules/cloudtrail-bucket/variables.tf","sha":"f19a90d0974a3babe235277112e6fcf63164d575"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"b3090f9aa7b062f2028af50c3da17a3293ef3cd2"},{"name":"core-concepts.md","path":"modules/cloudtrail/core-concepts.md","sha":"debe79403a177aaf1de5396c85213652dbc85481"},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"1439232cef630b5cb4973d67a1a0b99a35088c08"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"d161a32bbcd6f824955c273c49ef9e00bcdb57b3"},{"name":"variables.tf","path":"modules/cloudtrail/variables.tf","sha":"db83b06f385c23aee940c5ed2217bc0b2502f15d"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"modules/cross-account-iam-roles/README.md","sha":"3627935a8b6b81efd1bec7cb936de086c2e4b300"},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"22d5531b3bc04b9ba76f6e6248333b939932ff4b"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"e8e61a415e0ef8c02281d531485688d2e2fd51e9"},{"name":"variables.tf","path":"modules/cross-account-iam-roles/variables.tf","sha":"61652a91bbd09909cf06eb485e029532e8f82c66"}]},{"name":"custom-iam-entity","children":[{"name":"CHANGELOG.md","path":"modules/custom-iam-entity/CHANGELOG.md","sha":"038c90120fa1fba1d961966baa5939c6c7cd7776"},{"name":"README.md","path":"modules/custom-iam-entity/README.md","sha":"a4dedbd0cbaad6561eaf42774054c4c640cbb478"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"52b30cd79f1c2681e74208d0ffac44a0c65f5a65"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"b94249803e78991682b8542d8f39e5a728432b97"},{"name":"variables.tf","path":"modules/custom-iam-entity/variables.tf","sha":"a9dc17f7ccdf58c57aaee13764304504c6cd4055"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.adoc","path":"modules/ebs-encryption-multi-region/README.adoc","sha":"86b31069c9627391411f7b6cceed08e813a7a37e"},{"name":"main.tf","path":"modules/ebs-encryption-multi-region/main.tf","sha":"73537c9461cdf7deb056899c9dcfe283409260f5"},{"name":"outputs.tf","path":"modules/ebs-encryption-multi-region/outputs.tf","sha":"0263a12a0cf37116db77ec5ac43667a76bac0706"},{"name":"variables.autogen.tf","path":"modules/ebs-encryption-multi-region/variables.autogen.tf","sha":"e016bd3d20f933e3b802d5facfd9665055f5140b"},{"name":"variables.tf","path":"modules/ebs-encryption-multi-region/variables.tf","sha":"4bb22b9bb519462a429baea8ffea9d1a3991be26"}]},{"name":"ebs-encryption","children":[{"name":"README.md","path":"modules/ebs-encryption/README.md","sha":"f9f23a71b7725648a9fdc9300de92d38014e6f63"},{"name":"main.tf","path":"modules/ebs-encryption/main.tf","sha":"958efee5cd8023fd72ed57fe879ceb610c9598b4"},{"name":"outputs.tf","path":"modules/ebs-encryption/outputs.tf","sha":"6caa6eba337ae7aa9ad7db82dbd2cf6223f42cb9"},{"name":"variables.tf","path":"modules/ebs-encryption/variables.tf","sha":"d47c23a0c98c7561fcf0d95fa22fc40b34182bf9"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"modules/fail2ban/README.md","sha":"d3423a1bc6a2ba26f2ff203b1af9ac7bc0d0fdb6"},{"name":"install-scripts","children":[{"name":"cloudwatch-metric.conf","path":"modules/fail2ban/install-scripts/cloudwatch-metric.conf","sha":"b2fb301180aeb253f5168a6fedd3e5c44b6938ff"},{"name":"configure-fail2ban","path":"modules/fail2ban/install-scripts/configure-fail2ban","sha":"45377c7878b00e5d1b62c1abb4ba42a14ba312ce"},{"name":"fail2ban.local","path":"modules/fail2ban/install-scripts/fail2ban.local","sha":"ea80bf8058a1f9bb1a80a59031981b2a37445750"},{"name":"filters.sshd.amazon.conf","path":"modules/fail2ban/install-scripts/filters.sshd.amazon.conf","sha":"093bb1baf88a1e283a43b7dd7d04c64992abecc6"},{"name":"jail.amazon.local","path":"modules/fail2ban/install-scripts/jail.amazon.local","sha":"1284b66ca5a007b77a40c27b66662425e7fe8c91"},{"name":"jail.amazon2.local","path":"modules/fail2ban/install-scripts/jail.amazon2.local","sha":"8f0285c493c406aa0db98f40b8bf9aa238f52353"},{"name":"jail.ubuntu.local","path":"modules/fail2ban/install-scripts/jail.ubuntu.local","sha":"b3485d20a2b1fad7949167d30eff2b4caf357d81"}]},{"name":"install.sh","path":"modules/fail2ban/install.sh","sha":"8f7b536f08506dabc2f6beb6cd5a50f7282168aa"},{"name":"user-data-scripts","children":[{"name":"configure-fail2ban-cloudwatch.sh","path":"modules/fail2ban/user-data-scripts/configure-fail2ban-cloudwatch.sh","sha":"c11016c29c86476704b99db953afd6c9f1520cb4"}]}]},{"name":"github-actions-iam-role","children":[{"name":"README.md","path":"modules/github-actions-iam-role/README.md","sha":"295142b48d9430e2579c234a2f385405fcb079de"},{"name":"main.tf","path":"modules/github-actions-iam-role/main.tf","sha":"7e7f5ac5125f23a56016ebf7a12f258e55a8c5d8"},{"name":"outputs.tf","path":"modules/github-actions-iam-role/outputs.tf","sha":"145ba3cb4b8ec3ea26aa4f6557bc9159c9f38cc1"},{"name":"variables.tf","path":"modules/github-actions-iam-role/variables.tf","sha":"fac510010d58be06a878d9d080375732a7d3d310"}]},{"name":"github-actions-openid-connect-provider","children":[{"name":"README.md","path":"modules/github-actions-openid-connect-provider/README.md","sha":"3d2bbcd7c42ac2efb956eb25079ac2563625a70f"},{"name":"main.tf","path":"modules/github-actions-openid-connect-provider/main.tf","sha":"7d7e63f8f862590161116b27cf0c886c40ec2585"},{"name":"outputs.tf","path":"modules/github-actions-openid-connect-provider/outputs.tf","sha":"7e9e6b8c3f2d6c23cd949c90f35acec41d31c422"},{"name":"variables.tf","path":"modules/github-actions-openid-connect-provider/variables.tf","sha":"4c6ec0a863cae667b550194a3753831f25e76093"}]},{"name":"guardduty-bucket","children":[{"name":"README.md","path":"modules/guardduty-bucket/README.md","sha":"d9bc2eae83a3e78dc836ff25d6a6c913e3b86db8"},{"name":"main.tf","path":"modules/guardduty-bucket/main.tf","sha":"70c5c3cc317fa97c6171075c3481c0ac174a4fd2"},{"name":"outputs.tf","path":"modules/guardduty-bucket/outputs.tf","sha":"8ca4b9b652a538d5b9da3222db796f2a88942577"},{"name":"variables.tf","path":"modules/guardduty-bucket/variables.tf","sha":"7fca332cc94ae083904d266a451eab5cc6fd3260"}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"modules/guardduty-multi-region/README.adoc","sha":"e2959ada579d8b5cb64df19e3c39aac983e9bc40"},{"name":"main.tf","path":"modules/guardduty-multi-region/main.tf","sha":"297abe88696944802e0f2a6e86e5426ad9bf2e5a"},{"name":"outputs.tf","path":"modules/guardduty-multi-region/outputs.tf","sha":"b3b7ac1b4344c4ac0aae0111c2ec84d8aecf655c"},{"name":"variables.autogen.tf","path":"modules/guardduty-multi-region/variables.autogen.tf","sha":"05bf9410cb4878450e9e67b90b202437a7458a04"},{"name":"variables.tf","path":"modules/guardduty-multi-region/variables.tf","sha":"5e2a75522e60e48888a1da78ac544a38882b9022"}]},{"name":"guardduty","children":[{"name":"README.adoc","path":"modules/guardduty/README.adoc","sha":"811f7a819c64b185c8fd5b16532efd16dbdcc844"},{"name":"core-concepts.md","path":"modules/guardduty/core-concepts.md","sha":"d100d7d962cca6f5ac69e4c7f5dee939caa484d9"},{"name":"main.tf","path":"modules/guardduty/main.tf","sha":"c5e2f1f302771f62284c963b330a77a9aacaefa3"},{"name":"outputs.tf","path":"modules/guardduty/outputs.tf","sha":"19eb85f6fec78bdfd3e7adc4f193172110b129c8"},{"name":"variables.tf","path":"modules/guardduty/variables.tf","sha":"7e8b31ec8316a436a27e200a3a76eed8ed74c082"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.adoc","path":"modules/iam-access-analyzer-multi-region/README.adoc","sha":"d87068a71e5a6149ba32dcc1ba33070d8b83aeaa"},{"name":"core-concepts.md","path":"modules/iam-access-analyzer-multi-region/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"main.tf","path":"modules/iam-access-analyzer-multi-region/main.tf","sha":"609e489f544abd552db625d24f6d21dd0f439cae"},{"name":"outputs.tf","path":"modules/iam-access-analyzer-multi-region/outputs.tf","sha":"0a4379e38beae72541e7e975f297584db7e98b04"},{"name":"variables.autogen.tf","path":"modules/iam-access-analyzer-multi-region/variables.autogen.tf","sha":"5fe91b51970b05ebc2fdbf4542a806e8c3f792f4"},{"name":"variables.tf","path":"modules/iam-access-analyzer-multi-region/variables.tf","sha":"6e8d81aac5af0cba584e6d0884e03cfbc23ba07f"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"modules/iam-groups/README.md","sha":"07820342d38caf90b08a1ff0df904298ed132c8f"},{"name":"_docs","children":[{"name":"iam-user-access-to-billing.png","path":"modules/iam-groups/_docs/iam-user-access-to-billing.png","sha":"063f6cf8dc766b4d44942de89660e8ab9e1f3d63"},{"name":"my-account.png","path":"modules/iam-groups/_docs/my-account.png","sha":"387320200ed756ce4191afef87f0ab76e2c3d89a"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"e679d2e3081d445c5f9b90f52016278bc32e44be"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"818827357183cb06f399732996c17f98cb3c0527"},{"name":"variables.tf","path":"modules/iam-groups/variables.tf","sha":"ec81e26ef6927ebb867b543acbcceaa9d618be7c"}]},{"name":"iam-policies","children":[{"name":"README.md","path":"modules/iam-policies/README.md","sha":"51835e5cd588f45a050c140c990cc8f04ff7a647"},{"name":"main.tf","path":"modules/iam-policies/main.tf","sha":"92415128130e68ad47aac5973c95d3f38f7049a0"},{"name":"outputs.tf","path":"modules/iam-policies/outputs.tf","sha":"cf0adeec7cd62eb097ed0568facde92f9882b0cf"},{"name":"variables.tf","path":"modules/iam-policies/variables.tf","sha":"6d50aa3e0d8289848c7eee0739a130dfd8e97aee"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"modules/iam-user-password-policy/README.md","sha":"5bea6ba56fc796be5b860549156a3a251735fc2a"},{"name":"main.tf","path":"modules/iam-user-password-policy/main.tf","sha":"6538ef827aac62dd3f1797868b15e0e1d20cf0b3"},{"name":"outputs.tf","path":"modules/iam-user-password-policy/outputs.tf","sha":"825547bd9d41fed1cc1b3506c17f81c48b1bfd1a"},{"name":"variables.tf","path":"modules/iam-user-password-policy/variables.tf","sha":"568582c249e3cfd7899ea23b8b58e43328c9d100"}]},{"name":"iam-users","children":[{"name":"README.md","path":"modules/iam-users/README.md","sha":"ea820bd205fdb8ca28bb0e2eccc29700b99a2b94"},{"name":"main.tf","path":"modules/iam-users/main.tf","sha":"ca5c120c64b190a3b368b5dbab0470450c095eb0"},{"name":"outputs.tf","path":"modules/iam-users/outputs.tf","sha":"b319eacce6916f4904b15d8ff5ea5be09afc29e2"},{"name":"variables.tf","path":"modules/iam-users/variables.tf","sha":"892e7b2aaa5179e83a5e3126dbf2551fd421b133"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"modules/ip-lockdown/README.md","sha":"7ec92da38b5b06af9e61ab164bb6b4b0470ed92a"},{"name":"install.sh","path":"modules/ip-lockdown/install.sh","sha":"ce61af763bee9ad29754220ae24521f22c3a956f"},{"name":"ip-lockdown","path":"modules/ip-lockdown/ip-lockdown","sha":"93a0e1f5876e7de5778c595e8801d64986cb118b"}]},{"name":"kms-cmk-replica","children":[{"name":"README.md","path":"modules/kms-cmk-replica/README.md","sha":"9e9827df4990a6967edbcab6f35214ba229d7b18"},{"name":"main.tf","path":"modules/kms-cmk-replica/main.tf","sha":"d35ce6364916b857d06429388e3f266e1f6ca565"},{"name":"outputs.tf","path":"modules/kms-cmk-replica/outputs.tf","sha":"28066251cbac14ae30a24d83f4ab38a550ce08ba"},{"name":"variables.tf","path":"modules/kms-cmk-replica/variables.tf","sha":"3de5459e12a3fc271230c8be243dbdbb9c6ded47"}]},{"name":"kms-grant-multi-region","children":[{"name":"README.adoc","path":"modules/kms-grant-multi-region/README.adoc","sha":"7c33dc779f289c34d0c72ecce7a4a60d99c38098"},{"name":"core-concepts.md","path":"modules/kms-grant-multi-region/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"main.tf","path":"modules/kms-grant-multi-region/main.tf","sha":"d890a452833eebd6b20e70de71e6785c6be3c031"},{"name":"outputs.tf","path":"modules/kms-grant-multi-region/outputs.tf","sha":"b9d84078afacb154536292bddba4afbd6c9158c2"},{"name":"variables.autogen.tf","path":"modules/kms-grant-multi-region/variables.autogen.tf","sha":"185d6c42c1ab4843292b2c911e057303ae971739"},{"name":"variables.tf","path":"modules/kms-grant-multi-region/variables.tf","sha":"505b2d0cb9ecf78f0364e845cab72bf0c28365d5"}]},{"name":"kms-master-key-multi-region","children":[{"name":"README.adoc","path":"modules/kms-master-key-multi-region/README.adoc","sha":"75402e428cc30fee27dc5dd469788cf1d71320eb"},{"name":"core-concepts.md","path":"modules/kms-master-key-multi-region/core-concepts.md","sha":"8ba58b9a40c3aad18e2b804f53c6439b549b756d"},{"name":"main.tf","path":"modules/kms-master-key-multi-region/main.tf","sha":"37274fa5affb26855f54e67282fae57be1cf726d"},{"name":"outputs.tf","path":"modules/kms-master-key-multi-region/outputs.tf","sha":"a47481aa5718ff67a44b86192edf897c160e06ed"},{"name":"variables.autogen.tf","path":"modules/kms-master-key-multi-region/variables.autogen.tf","sha":"fd024d55097a7eee5fbb6ffc65b376fbdfe57c89"},{"name":"variables.tf","path":"modules/kms-master-key-multi-region/variables.tf","sha":"b1740fb059927c65f7afd76f902ba616a921a138"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"modules/kms-master-key/README.md","sha":"1b43a005494f12b05551adb020a31726f28e10d3","toggled":true},{"name":"main.tf","path":"modules/kms-master-key/main.tf","sha":"1884b84238bdb19452c5e46f6c5d487e14e1b90d"},{"name":"outputs.tf","path":"modules/kms-master-key/outputs.tf","sha":"4d0dbba81e8186243d96a8325a5f643d87543451"},{"name":"variables.tf","path":"modules/kms-master-key/variables.tf","sha":"5129ef297d0647ea6608f1e4c6c08bf75759c4c2"}],"toggled":true},{"name":"ntp","children":[{"name":"README.md","path":"modules/ntp/README.md","sha":"616dec4cceb83cd76898863034d920ce276b5ff4"},{"name":"install.sh","path":"modules/ntp/install.sh","sha":"8ccf8e07fb25ecad451a3cff264f08774fad7c38"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"modules/os-hardening/README.md","sha":"3e864b0e9208eb6809adf41968c51e02fc233ee1"},{"name":"_docs","children":[{"name":"Helpful Email.md","path":"modules/os-hardening/_docs/Helpful Email.md","sha":"246a0b80b29f5ff3d2b2f4c5c170fc927e2d9dd7"}]},{"name":"ami-builder","children":[{"name":"files","children":[{"name":"user-data.sh.template","path":"modules/os-hardening/ami-builder/files/user-data.sh.template","sha":"4a3c87a19e1a4caa20b9b425b2a02101566d1166"}]},{"name":"main.tf","path":"modules/os-hardening/ami-builder/main.tf","sha":"b32960948fbd768eec5b77e04ebb88f6acda5db2"},{"name":"outputs.tf","path":"modules/os-hardening/ami-builder/outputs.tf","sha":"8ce2ee598124ca50dd530a33aa60f5d1452a4a2b"},{"name":"variables.tf","path":"modules/os-hardening/ami-builder/variables.tf","sha":"d760f34eeae322790865c1cb30dfe20d0225328f"}]},{"name":"partition-scripts","children":[{"name":"README.md","path":"modules/os-hardening/partition-scripts/README.md","sha":"b55df29c7a3d6dc3ecbbbfe4ab4b8749f053f00b"},{"name":"bin","children":[{"name":"cleanup-volume","path":"modules/os-hardening/partition-scripts/bin/cleanup-volume","sha":"c7cbf3ecebd915235238557d27a1ce25e6fc10fa"},{"name":"partition-volume","path":"modules/os-hardening/partition-scripts/bin/partition-volume","sha":"f4f8566a1ef6aa4ff0c0268bd28721488aa6dfc4"}]},{"name":"install.sh","path":"modules/os-hardening/partition-scripts/install.sh","sha":"606776c068260836e8612a681ff4e3edc8abdb41"}]}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"modules/private-s3-bucket/README.md","sha":"cd44b2d3e4627ff00fffd217bd3ec36341a72a36"},{"name":"main.tf","path":"modules/private-s3-bucket/main.tf","sha":"6e8e5cb9e95e024a070cb62287373d73a28402cd"},{"name":"mfa-delete-script","children":[{"name":"mfa-delete.sh","path":"modules/private-s3-bucket/mfa-delete-script/mfa-delete.sh","sha":"7dbcc65412467a036756562024cfc84ad128b215"}]},{"name":"outputs.tf","path":"modules/private-s3-bucket/outputs.tf","sha":"7cc62490168e4abb2ce816d74ba9b1a8153cf3b0"},{"name":"variables.tf","path":"modules/private-s3-bucket/variables.tf","sha":"38f7b68b55878b0c2d55da808ae1f4af3434697e"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"modules/saml-iam-roles/README.md","sha":"5ebc8c20f781a0f0b5654decdcf9bd607fee65b3"},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"e263b4625002ef20fefd35193fb0536fbe648b84"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"c579901907b216c55e4c815d28f0a22171a960e6"},{"name":"variables.tf","path":"modules/saml-iam-roles/variables.tf","sha":"1f3f26ade9fd75d8e66ba12649f45d075b5e0f2b"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"CHANGELOG.md","path":"modules/secrets-manager-resource-policies/CHANGELOG.md","sha":"88ead5d4b698fcefce8a9075ab52e6a560387abf"},{"name":"README.md","path":"modules/secrets-manager-resource-policies/README.md","sha":"b894ce3171c28ae91acbfe6bdcec35615c599bbb"},{"name":"main.tf","path":"modules/secrets-manager-resource-policies/main.tf","sha":"551c1c1041cd2119d9e502617cf38ecdb61bfd8f"},{"name":"outputs.tf","path":"modules/secrets-manager-resource-policies/outputs.tf","sha":"8b237f325d54b84ac2453e8945f61cdf0d24b41b"},{"name":"variables.tf","path":"modules/secrets-manager-resource-policies/variables.tf","sha":"2b45ef099c805c1265e5dc611c138de4a40141eb"}]},{"name":"ssh-grunt-selinux-policy","children":[{"name":"README.md","path":"modules/ssh-grunt-selinux-policy/README.md","sha":"53f02f57185efebc35d6ebfe156ce73d02a5f112"},{"name":"install.sh","path":"modules/ssh-grunt-selinux-policy/install.sh","sha":"3de871d61a9990e7f2c130f23afaf00daeb6bbef"},{"name":"ssh-grunt.pp","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.pp","sha":"7c7050f812cd0e3cb34e37b88c35fb09f369be7d"},{"name":"ssh-grunt.te","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.te","sha":"3317a71feaa633662a00b1dc05b1176cb85c9793"}]},{"name":"ssh-grunt","children":[{"name":".dockerignore","path":"modules/ssh-grunt/.dockerignore","sha":"a725465aee245635a2bd129af54858ed32c84cb8"},{"name":"Dockerfile","path":"modules/ssh-grunt/Dockerfile","sha":"148b2df16c77e8b8aa0ba95447c9e018607e3ac3"},{"name":"README.adoc","path":"modules/ssh-grunt/README.adoc","sha":"c6bb05207d3884b1e70620408d69175027a7f989"},{"name":"_ci","children":[{"name":"build-and-test.sh","path":"modules/ssh-grunt/_ci/build-and-test.sh","sha":"903993de2d7bcde19d472fa5e510ee862d4b10c3"},{"name":"test.sh","path":"modules/ssh-grunt/_ci/test.sh","sha":"235603944316e81f1da1cc0248b80beecf99cb27"}]},{"name":"_docs","children":[{"name":"houston-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/houston-upload-ssh-key.png","sha":"e32519497262f9796a4ea46c53953923975cbd7d"},{"name":"iam-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/iam-upload-ssh-key.png","sha":"8bb1e793185eb0b4822023552899874394342f21"}]},{"name":"core-concepts.md","path":"modules/ssh-grunt/core-concepts.md","sha":"8c7b359b4fbfd52aa18124efe06f1304edbf2db2"},{"name":"docker-compose.yml","path":"modules/ssh-grunt/docker-compose.yml","sha":"74a2c67f6b9dc838ff3bd9c9c5aa68c813db1f0d"},{"name":"go.mod","path":"modules/ssh-grunt/go.mod","sha":"b9ca5510e2b5adc798c35f2882d4c45e407d96da"},{"name":"go.sum","path":"modules/ssh-grunt/go.sum","sha":"3fb7ee290aabdc716f9e233293037bd9fcc32d12"},{"name":"scripts","children":[{"name":"build-linux-binary.sh","path":"modules/ssh-grunt/scripts/build-linux-binary.sh","sha":"2d91cbed3db40f419e6a440ce2735b9d3f2d048b"},{"name":"run.sh","path":"modules/ssh-grunt/scripts/run.sh","sha":"050027e034cd03e53625986eb0f331c043492cf6"}]},{"name":"src","children":[{"name":"cli.go","path":"modules/ssh-grunt/src/cli.go","sha":"bd452b3cd360a5ea07d85c386608b8bfaea8dad7"},{"name":"cli_test.go","path":"modules/ssh-grunt/src/cli_test.go","sha":"4495feee5155a9e1c5dfd973f0a449b8d3764756"},{"name":"collections.go","path":"modules/ssh-grunt/src/collections.go","sha":"aa9b67f00f57088f9bf4e129dcc53003524dd0a7"},{"name":"cron.go","path":"modules/ssh-grunt/src/cron.go","sha":"5087bbffd95b625423d8c9a5a37a12ec8d6b07d7"},{"name":"cron_test.go","path":"modules/ssh-grunt/src/cron_test.go","sha":"dfe543ba69b21fbd24ad026b4c208d4308a743f2"},{"name":"ec2_instance_connect.go","path":"modules/ssh-grunt/src/ec2_instance_connect.go","sha":"99c31ddd2ee34d18dd9e676ec22eef5eebc3187f"},{"name":"errors.go","path":"modules/ssh-grunt/src/errors.go","sha":"1175435b45a980a5ff23dd4bdc880b4d63b24d79"},{"name":"file.go","path":"modules/ssh-grunt/src/file.go","sha":"eb991fd15ac2c3660313e6d4c5669b36ccc9cc21"},{"name":"groups.go","path":"modules/ssh-grunt/src/groups.go","sha":"3e4ecb0ef9ca916e5482e1999b59ceddc4aec077"},{"name":"groups_test.go","path":"modules/ssh-grunt/src/groups_test.go","sha":"b060ded1c37d1b636b7dc59d5071049e640d00e7"},{"name":"iam.go","path":"modules/ssh-grunt/src/iam.go","sha":"dafbc8fbb732d2d6212cade786eb13d7215b9862"},{"name":"iam_test.go","path":"modules/ssh-grunt/src/iam_test.go","sha":"0382c08562fc329876267cf944195f3d8c8738be"},{"name":"logger.go","path":"modules/ssh-grunt/src/logger.go","sha":"93095ba8216709b3178fcc44a76421a765f4e302"},{"name":"main.go","path":"modules/ssh-grunt/src/main.go","sha":"a89d9402d32d371dc9b945ab9c72996808d17b85"},{"name":"shell.go","path":"modules/ssh-grunt/src/shell.go","sha":"7f49eeee4119efde0bd58d7c78fd4ef785dc5f6c"},{"name":"ssh.go","path":"modules/ssh-grunt/src/ssh.go","sha":"17784a1b62fcfc4df6b766bc65f89d53738b9ef2"},{"name":"ssh_test.go","path":"modules/ssh-grunt/src/ssh_test.go","sha":"00dea3ef7d6b6462bc19bcee0207cf24c2dc67b4"},{"name":"string.go","path":"modules/ssh-grunt/src/string.go","sha":"fc61ca9625f9d654c2b3576ff932db1b90ae9dfe"},{"name":"string_test.go","path":"modules/ssh-grunt/src/string_test.go","sha":"752aaaa776d25ff8a3e694588edb3e7c0ce4eb27"},{"name":"sync.go","path":"modules/ssh-grunt/src/sync.go","sha":"6c3d569f1cfa03b87a4292abf2b198d59fb8b17a"},{"name":"sync_test.go","path":"modules/ssh-grunt/src/sync_test.go","sha":"09dd89b492cc7373c49b8b2fc16b17914065340f"},{"name":"url.go","path":"modules/ssh-grunt/src/url.go","sha":"0af5ddc5f3e27af95d6f6ddd41acf0c229962f7f"},{"name":"url_test.go","path":"modules/ssh-grunt/src/url_test.go","sha":"95e062eaaca09900949e0352fffc7b6f9a3524cc"},{"name":"users.go","path":"modules/ssh-grunt/src/users.go","sha":"6c3a8a22006a91656fcc5fd31d684271cdf129e3"},{"name":"users_test.go","path":"modules/ssh-grunt/src/users_test.go","sha":"e695204896bae7436e20a6615a484ae4cc6cf2f7"}]}]},{"name":"ssh-iam","children":[{"name":"README.md","path":"modules/ssh-iam/README.md","sha":"4aa06d6a729e53384b6d2a43c06ee38807092f32"}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"modules/ssm-healthchecks-iam-permissions/README.md","sha":"0a97288d14b005662ae642819eeadb2aaff24534"},{"name":"main.tf","path":"modules/ssm-healthchecks-iam-permissions/main.tf","sha":"0efcc5d8a61683331410fef8340684a0b5e5e1c8"},{"name":"variables.tf","path":"modules/ssm-healthchecks-iam-permissions/variables.tf","sha":"36778c58999e05f20468d118f22e8c9d754b1a4d"}]},{"name":"tls-cert-private","children":[{"name":"Dockerfile","path":"modules/tls-cert-private/Dockerfile","sha":"bc6b1c28764936758a47ceedccf790b56200d6cf"},{"name":"README.md","path":"modules/tls-cert-private/README.md","sha":"c6996ec25d7d9b1ab4f79d8164a14e86e1ac844f"},{"name":"docker-compose.yml","path":"modules/tls-cert-private/docker-compose.yml","sha":"f872026e8d51ceaab2e1c11cc9cf9c35ba81f29c"},{"name":"files","children":[{"name":"openssl.cnf","path":"modules/tls-cert-private/files/openssl.cnf","sha":"2542542c80ab180c47d3e0a27dbded65bed572de"}]},{"name":"scripts","children":[{"name":"generate-ca-keypair.sh","path":"modules/tls-cert-private/scripts/generate-ca-keypair.sh","sha":"395ee97c0e499c660efac5c5cf1f79dfcdbb69f8"},{"name":"generate-tls-keypair.sh","path":"modules/tls-cert-private/scripts/generate-tls-keypair.sh","sha":"f1c3577437fd589087704a9c003de416cb87d232"},{"name":"main.sh","path":"modules/tls-cert-private/scripts/main.sh","sha":"dc7af965ffb783bbef449010818e69294fa2ef75"}]}]}],"toggled":true},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"b44e2152ea21d65a8c51bb58321e18ec7527c22e"},{"name":"common","children":[{"name":"test_helpers.go","path":"test/common/test_helpers.go","sha":"4100e743f0187d84b1462bd76b0d0e5617677477"}]},{"name":"go.mod","path":"test/go.mod","sha":"804924c25b55e7570f5b63183481152ed8cefa67"},{"name":"go.sum","path":"test/go.sum","sha":"c4b0268a4c315171fb5177af372bd8628d03c675"},{"name":"landingzone","children":[{"name":"aws_config_rules_test.go","path":"test/landingzone/aws_config_rules_test.go","sha":"e198464d094ef43a2ff5dc85da38c6cfc3d92fa8"},{"name":"aws_organizations_test.go","path":"test/landingzone/aws_organizations_test.go","sha":"7f4e93e798860d91f590c22cfa2efde0bf4777ac"},{"name":"ebs_encryption_multi_region_test.go","path":"test/landingzone/ebs_encryption_multi_region_test.go","sha":"61eef11a8e10c2426ff700734be90547633d6377"},{"name":"iam_access_analyzer_multiregion_test.go","path":"test/landingzone/iam_access_analyzer_multiregion_test.go","sha":"b8611e739f78e51098223e5100203a9da444955a"},{"name":"kms_grant_multiregion_test.go","path":"test/landingzone/kms_grant_multiregion_test.go","sha":"22028ac3dc9edd21fb568ab2c196d4b224bd011d"},{"name":"kms_master_key_multiregion_test.go","path":"test/landingzone/kms_master_key_multiregion_test.go","sha":"d227a93abe43ebccdc325dbc841d2c8783708bf2"},{"name":"test_helpers.go","path":"test/landingzone/test_helpers.go","sha":"e7f5184b2a759a5f4d830e09cf6f8d3ed86190c5"}]},{"name":"landingzone_b","children":[{"name":"aws_config_test.go","path":"test/landingzone_b/aws_config_test.go","sha":"622a46b0733a9018e87642187aa19a10f473b48a"},{"name":"guardduty_test.go","path":"test/landingzone_b/guardduty_test.go","sha":"d856ec5b0629a02878a21be24d4df288afd9af06"},{"name":"test_helpers.go","path":"test/landingzone_b/test_helpers.go","sha":"7cedab829a1ac86c7d78351b31e5e4b0ec2099c4"}]},{"name":"security","children":[{"name":"auto_update_test.go","path":"test/security/auto_update_test.go","sha":"b0bf3c446844977c5eeec5f43b49de7c6788f47a"},{"name":"cloudtrail_test.go","path":"test/security/cloudtrail_test.go","sha":"e62951f5668848f2c113a1858e73134b62480a42"},{"name":"cross_account_iam_roles_test.go","path":"test/security/cross_account_iam_roles_test.go","sha":"1e1a2a7a3731a89c5beb658ad6f09663e2070ada"},{"name":"custom_iam_entity_test.go","path":"test/security/custom_iam_entity_test.go","sha":"f0c38f5b0d671fd740e8530b28c94e5fe5219d26"},{"name":"fail2ban_test.go","path":"test/security/fail2ban_test.go","sha":"f7c0abbd85c9cb79f3c3e15fe9abb8fb87906cb6"},{"name":"github_actions_iam_role_test.go","path":"test/security/github_actions_iam_role_test.go","sha":"6a886fdef2992b75e2743d2733db21409fa3a890"},{"name":"iam_groups_test.go","path":"test/security/iam_groups_test.go","sha":"ab4f7c03a0490a769e79782cb008d8ffbc9ffa29"},{"name":"iam_ssm_test.go","path":"test/security/iam_ssm_test.go","sha":"28a81aab9873bb6bd02d2f37bdc3ef9c7f27b3c5"},{"name":"iam_user_password_policy_test.go","path":"test/security/iam_user_password_policy_test.go","sha":"5a44f18c469c936fa51b4e9d7911404e1ab76a0f"},{"name":"iam_users_test.go","path":"test/security/iam_users_test.go","sha":"1cd395b72942f05e03959978a72a782d0dd530bd"},{"name":"ip-lockdown-test-scripts","children":[{"name":"allow-several-users.sh","path":"test/security/ip-lockdown-test-scripts/allow-several-users.sh","sha":"2f75dbe0880ed0907b43db58b6ac030a0d0e9bd4"},{"name":"common.sh","path":"test/security/ip-lockdown-test-scripts/common.sh","sha":"cdfe11aca76607a4feaf254a394f32273b738c5c"},{"name":"index.html","path":"test/security/ip-lockdown-test-scripts/index.html","sha":"557db03de997c86a4a028e1ebd3a1ceb225be238"},{"name":"restrict-all-users.sh","path":"test/security/ip-lockdown-test-scripts/restrict-all-users.sh","sha":"a37c1ffc90f2532e7cc3f9f5a859b75c98661dc6"},{"name":"restrict-one-user.sh","path":"test/security/ip-lockdown-test-scripts/restrict-one-user.sh","sha":"4214e1c15102f4568d1e995aa82add46ee430237"},{"name":"sanity-check.sh","path":"test/security/ip-lockdown-test-scripts/sanity-check.sh","sha":"542ed72f4f0952ace67c9cbf2e5ac07e81e6870c"}]},{"name":"ip_lockdown_test.go","path":"test/security/ip_lockdown_test.go","sha":"b10a13dd3b741b5488985cc2722053dac5383589"},{"name":"kms_master_key_test.go","path":"test/security/kms_master_key_test.go","sha":"751dfa23eaa391b567f023c6d1a12a4400a55c28"},{"name":"ntp_test.go","path":"test/security/ntp_test.go","sha":"372edab033e653c151b1c2e3b10d9bc13229515c"},{"name":"os_hardening_test.go","path":"test/security/os_hardening_test.go","sha":"ced303f74cd6908bbd8837cc99f317293707ab30"},{"name":"private_s3_bucket_test.go","path":"test/security/private_s3_bucket_test.go","sha":"9d4b7ab8e35cf1cb49103a4a5528262730600fdf"},{"name":"saml_iam_roles_test.go","path":"test/security/saml_iam_roles_test.go","sha":"efbe2f3e6e9b0da73d1fb58fccc5f5fc1427a61f"},{"name":"secrets_manager_resource_policies_test.go","path":"test/security/secrets_manager_resource_policies_test.go","sha":"07f69b66238517d1f8af61eb9751248372997b70"},{"name":"ssh_grunt_iam_test.go","path":"test/security/ssh_grunt_iam_test.go","sha":"bd1cb7edcd651620fa2187f468b1436ef9f20d6e"},{"name":"test_helpers.go","path":"test/security/test_helpers.go","sha":"d22ca9baa4ec97f41816ce54fc47240562755809"},{"name":"test_helpers_aws_auth.go","path":"test/security/test_helpers_aws_auth.go","sha":"461efcc040ff5024b9fa0762ffcde92081fac163"},{"name":"tls_cert_private_test.go","path":"test/security/tls_cert_private_test.go","sha":"70b2c873f20876497b4a1a0a030871e037dca995"}]},{"name":"upgrades","children":[{"name":"upgrade_test.go","path":"test/upgrades/upgrade_test.go","sha":"f7256916cf2aa7c857e47a865f996760d842fe46"}]},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"53877e64494aad3d4063e01c8009eee731e667c3"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"kms-master-key-module\">KMS Master Key Module</h1><div class=\"preview__body--border\"></div><p>This Terraform Module creates a new <a href=\"http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys\" class=\"preview__body--description--blue\" target=\"_blank\">Customer Master\nKey (CMK)</a> in <a href=\"https://aws.amazon.com/kms/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon's Key Management\nService (KMS)</a> as well as a <a href=\"http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key_permissions\" class=\"preview__body--description--blue\" target=\"_blank\">Key\nPolicy</a> that controls who has\naccess to the CMK.</p>\n<p>A CMK is a key managed by AWS that you never see (and can therefore never compromise). You use use a CMK via the AWS API\nto encrypt and decrypt small amounts of data and to generate <a href=\"http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys\" class=\"preview__body--description--blue\" target=\"_blank\">Data Keys</a>\nthat can be used to encrypt and decrypt larger amounts of data.</p>\n<p>Using the AWS API with KMS can be clumsy. For a more streamlined experience, try <a href=\"/repos/gruntkms\" class=\"preview__body--description--blue\">gruntkms</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-use-this-module\">How do you use this module?</h2>\n<ul>\n<li>See the <a href=\"/repos/v0.65.8/module-security/README.adoc\" class=\"preview__body--description--blue\">root README</a> for instructions on using Terraform modules.</li>\n<li>See the <a href=\"/repos/v0.65.8/module-security/examples/kms-master-key\" class=\"preview__body--description--blue\">kms-master-key example</a> for an example.</li>\n<li>See <a href=\"/repos/v0.65.8/module-security/modules/kms-master-key/variables.tf\" class=\"preview__body--description--blue\">variables.tf</a> for all the variables you can set on this module.</li>\n</ul>\n<p><strong>Note</strong>: This module creates a Master Key in KMS. Each Master Key costs $1/month, even if you delete it immediately\nafter. So please be aware that using this module will cost you money!</p>\n<h3 class=\"preview__body--subtitle\" id=\"cmk-administrators-vs-cmk-users\">CMK Administrators vs. CMK Users</h3>\n<p>This CMK Key Policy declares three levels of access to the CMK:</p>\n<ol>\n<li>\n<p><strong>Key Administrators:</strong> Administrators can <em>manage</em> the CMK, including updating the Key Policy, revoking the CMK, and\ngetting additional info about the CMK. Administrators get no permissions to actually use the CMK, for example, with\nencrypt or decrypt operations.</p>\n</li>\n<li>\n<p><strong>Key Users:</strong> Users can <em>use</em> the CMK for encrypt and decrypt operations but cannot manage it.</p>\n</li>\n<li>\n<p><strong>External Key Users:</strong> Users from external AWS accounts can <em>use</em> the CMK for encrypt and decrypt operations but cannot manage it.</p>\n</li>\n</ol>\n<p>You must have at least one IAM ARN for <strong>Key Administrators</strong> and <strong>Key Users</strong> user types. <strong>External Key Users</strong> are optional. Note that this ARN can be an IAM User, IAM Group, or IAM Role.</p>\n<h2 class=\"preview__body--subtitle\" id=\"background\">Background</h2>\n<h3 class=\"preview__body--subtitle\" id=\"what-is-kms\">What is KMS?</h3>\n<p><a href=\"https://aws.amazon.com/kms/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon's Key Management Service (KMS)</a> is a managed service that makes it easy for you to\ncreate and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect\nthe security of your keys.</p>\n<h3 class=\"preview__body--subtitle\" id=\"what-is-a-customer-master-key\">What is a Customer Master Key?</h3>\n<p>A Customer Master Key (CMK) is a secret key that KMS stores and manages for you. You can use the CMK to encrypt small\namounts of data using the AWS APIs or a tool like <a href=\"/repos/gruntkms\" class=\"preview__body--description--blue\">gruntkms</a>. It is a "master"\nkey in the sense that you can also use a CMK to generate a "Data Key" that you can use in your own encryption algorithms\nto encrypt and decrypt large amounts of data.</p>\n<p>When you use a Data Key, you typically store it, encrypted via the CMK, in version control or co-located with your data\nitself, and decrypt it via the AWS API or gruntkms whenever you need to use it to decrypt or encrypt data.</p>\n<p>Amazon never grants you access to the CMK itself, only to operations that use the key.</p>\n<h3 class=\"preview__body--subtitle\" id=\"managing-a-keys-permissions-with-the-key-policy-vs-iam-policies\">Managing a Key's Permissions with the Key Policy vs. IAM Policies</h3>\n<p>When you want to grant a permission on most AWS resources, you attach an <a href=\"http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html\" class=\"preview__body--description--blue\" target=\"_blank\">IAM Policy</a>\nto an IAM User, IAM Group, or IAM Role. This works well for most resources, but when it comes to CMK's, it means that any\nadmin-level IAM User has full access to all CMK's.</p>\n<p>But maybe this isn't what you want. For example, suppose your DevOps team has admin-level access to your AWS account, but\nthey still shouldn't have access to a <code>prod</code> CMK used to encrypt production data. Fortunately, AWS gives us a solution\nfor such situations: the CMK Key Policy.</p>\n<p>By default, only the permissions granted in a CMK Key Policy are honored. For example, the CMK Key Policy might\ngrant IAM User <code>jane.doe</code> the <code>kms:encrypt</code> and <code>kms:decrypt</code> permissions. But if <code>john.doe</code> has an IAM Policy that grants\nhim those same permissions on the CMK, that IAM Policy will actually have no effect.</p>\n<p>If you do want to honor IAM Policies for a particular CMK, you can include a setting in the CMK Key Policy that\ngrants this permission to IAM. In this case, <code>jane.doe</code> will retain her rights granted from the CMK Key Policy, but now\n<code>john.doe</code> will have access, too.</p>\n<p>In general, we recommend using only the CMK Key Policy if possible. This has the benefit of explicitly declaring who has\naccess to the CMK, versus allowing any possible number of IAM Policy configurations to determine access. But the biggest\ndownside is that it's now possible to lock yourself out of the CMK, so if you're not confident about your ability to\nmanage the CMK, you may wish to use IAM policies. In addition, IAM is a central place for managing all permissions, whereas\nusing just the CMK Key Policy means you now need to update the Key Policy any time the perissions change, which may be\nmore onerous.</p>\n<h2 class=\"preview__body--subtitle\" id=\"todo\">TODO</h2>\n<ul>\n<li>Explicitly test that granting another AWS resource such as an S3 Bucket privileges on the KMS Key works as expected\nfor key users.</li>\n</ul>\n","repoName":"module-security","repoRef":"v0.71.5","serviceDescriptor":{"serviceName":"KMS","serviceRepoName":"module-security","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/kms-master-key","cloudProviders":["aws"],"description":"Encrypt and decrypt secrets using Amazon's Key Management Service (KMS).","imageUrl":"kms.png","licenseType":"subscriber","technologies":["Terraform"],"compliance":[],"tags":[""]},"serviceCategoryName":"Secrets management","fileName":"README.md","filePath":"/modules/kms-master-key","title":"Repo Browser: KMS","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}