This module can configure a Linux server to manage SSH access to the server via an Identity Provider (IdP). Two types of
IdP integrations are supported:
AWS Identity and Access Management (IAM): Developers in certain IAM Groups will be
able to SSH to your servers using their IAM user name and the SSH key they uploaded to their IAM user account.
Gruntwork Houston: Developers with certain roles in your supported IdP (e.g.,
ADFS, AWS SSO, or Google) will be able to SSH to your servers using their IdP username and an SSH key
they uploaded to Houston.
Automatically sync user accounts from your identity provider (e.g., IAM, Google, ADFS) to your servers, so each developer can have their own user name (e.g.
"susan", "jim") rather than everyone using a shared user (e.g. "ubuntu", "ec2-user").
Each developer uses their own SSH keys to connect to servers (instead of a single, shared Key Pair).
Quickly use IAM or Houston to rotate old keys and upload a new one
Revoke SSH access to servers from the centralized IdP
If you need help with this repo or anything else related to infrastructure or DevOps, Gruntwork offers Commercial Support via Slack, email, and phone/video. If you’re already a Gruntwork customer, hop on Slack and ask away! If not, subscribe now. If you’re not sure, feel free to email us at support@gruntwork.io.
Contributions to this repo are very welcome and appreciated! If you find a bug or want to add a new feature or even contribute an entirely new module, we are very happy to accept pull requests, provide feedback, and run your changes through our automated test suite.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"30bfaa039bf698a640461a3993ccc21b452ccc5d"}]},{"name":".editorconfig","path":".editorconfig","sha":"a5eec1063e66c4cb953cba222dd50b4d314ef3e2"},{"name":".gitignore","path":".gitignore","sha":"981300184e4c7fd06f5076e1b63240ff17127c4a"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"c82ec90fb502dc05e64f92ece2c49ff0a9c3cf55"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"2fa6943dc66863a9f854a55374ed6b89f1dab998"},{"name":"_ci","children":[{"name":"output-debug-values.sh","path":"_ci/output-debug-values.sh","sha":"0ced78063218d2027a2af91368ccb2da3f9762d5"}]},{"name":"_docs","children":[{"name":"auto-update.png","path":"_docs/auto-update.png","sha":"77bfd1c65de0245ac8b3c67d5b0b64fc440824bf"},{"name":"aws-cloudtrail-architecture.png","path":"_docs/aws-cloudtrail-architecture.png","sha":"a2dd9a08b8ed77744fd5febab3be7bdf633dee79"},{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"acc7dcaf4b46ce3cef1bcc20be0329e12c320e7f"},{"name":"aws-config-architecture.png","path":"_docs/aws-config-architecture.png","sha":"721458048d5e539468c438498863a91fa96e0a85"},{"name":"aws-config-rules-architecture.png","path":"_docs/aws-config-rules-architecture.png","sha":"29fe3f20358b176e385d1bcdc0357bff2c1d5b4a"},{"name":"aws-config-rules.png","path":"_docs/aws-config-rules.png","sha":"ac3f7b35bcac949887e62aee260d9cb70edd3ae8"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"02f4b326aef57372def4f3fafa4f0e4cec07e395"},{"name":"aws-guardduty.png","path":"_docs/aws-guardduty.png","sha":"053b92412fb8e3fb5740acc404b493fe1dd7229b"},{"name":"aws-organizations-architecture.png","path":"_docs/aws-organizations-architecture.png","sha":"bd57412fe85d3fe8d5e358db5e3b7bfef3e786a9"},{"name":"aws-organizations-icon.png","path":"_docs/aws-organizations-icon.png","sha":"b2b3fa04f51a23e5bae1b3389ffedf5e17b3cef2"},{"name":"multiaccount_guardduty.png","path":"_docs/multiaccount_guardduty.png","sha":"c56b50bbb4c2a041366b430cada27b88aa02524b"},{"name":"ssh-grunt-architecture.png","path":"_docs/ssh-grunt-architecture.png","sha":"9ced8c68bcc7957e50aa016cad6c5b043a05b470"},{"name":"terminal-icon.png","path":"_docs/terminal-icon.png","sha":"df09d52d5b1176d7e231bab6c7712c3728e45c1b"}]},{"name":"examples","children":[{"name":"auto-update","children":[{"name":"README.md","path":"examples/auto-update/README.md","sha":"d7c630c4585bad7869d55bc6c62fca248eeb521a"},{"name":"auto-update-example.json","path":"examples/auto-update/auto-update-example.json","sha":"cafac0a781f8c675338226eee4b2413f5a4e88c1"}]},{"name":"aws-config","children":[{"name":"README.md","path":"examples/aws-config/README.md","sha":"becfeb3fe2afee81cad4476fd1300a5f26566e7e"},{"name":"main.tf","path":"examples/aws-config/main.tf","sha":"d07263ccd6a96cfbae8dd25fc40c48a364b06f04"},{"name":"outputs.tf","path":"examples/aws-config/outputs.tf","sha":"ddd32698f39772d663a2d9b8a6276260f5431068"},{"name":"vars.tf","path":"examples/aws-config/vars.tf","sha":"52da0c2fdcbaac128d94e3d7ea9ed58cccc396c7"}]},{"name":"aws-organizations-config-rules","children":[{"name":"README.md","path":"examples/aws-organizations-config-rules/README.md","sha":"ce4f53fc37936aec55b2a7e8f358378032dac0d7"},{"name":"main.tf","path":"examples/aws-organizations-config-rules/main.tf","sha":"1dae398d8ed745e3b103f3803b887e61daf7a600"},{"name":"outputs.tf","path":"examples/aws-organizations-config-rules/outputs.tf","sha":"4319400eb4190f58458f2dd9398225869ff08da3"},{"name":"variables.tf","path":"examples/aws-organizations-config-rules/variables.tf","sha":"c97f8c6bdaf4ab3f9e5f26332fc7ec983e881a53"}]},{"name":"aws-organizations","children":[{"name":"README.md","path":"examples/aws-organizations/README.md","sha":"1da3c2fc061fee6ee99564b8b2323ccf69f2c690"},{"name":"main.tf","path":"examples/aws-organizations/main.tf","sha":"7339da612ebccaa785820b0f1e6fb42d5f72e20a"},{"name":"outputs.tf","path":"examples/aws-organizations/outputs.tf","sha":"88ba8f4012111036775958d7dfad4eec6bf84be6"},{"name":"variables.tf","path":"examples/aws-organizations/variables.tf","sha":"59afc28c87bc3c49d11c6faf7e112643f0a95481"}]},{"name":"cloudtrail","children":[{"name":"README.md","path":"examples/cloudtrail/README.md","sha":"a99ca684008a985ba9246e21d480d5aadd8a63bf"},{"name":"main.tf","path":"examples/cloudtrail/main.tf","sha":"68df53c2b732e5febd5c5c5b06f1ba5330565095"},{"name":"outputs.tf","path":"examples/cloudtrail/outputs.tf","sha":"874c4bb56d8c5841ae5d23a14e8572aab2d4adea"},{"name":"vars.tf","path":"examples/cloudtrail/vars.tf","sha":"d760a1693fc326552b1a00a24eb9deb4fb1a0af3"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/README.md","sha":"e29b220abacd7b0ac30a9b30ae15014936e5fc9c"},{"name":"main.tf","path":"examples/cross-account-iam-roles/main.tf","sha":"6c3469ebb3be0666378962f57fb4c8055a1cb565"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/outputs.tf","sha":"459bd44da733bb20e65e17b4e13505c03bb109b7"},{"name":"vars.tf","path":"examples/cross-account-iam-roles/vars.tf","sha":"6e707ac515c0d83d32f8dccbfcfe22c66968351a"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"examples/custom-iam-entity/README.md","sha":"262e2508f648ec95f6bfd32626fbb2d887cfa988"},{"name":"main.tf","path":"examples/custom-iam-entity/main.tf","sha":"c1b2291bb49e98b1b4ac642920751f54bd59c2a3"},{"name":"outputs.tf","path":"examples/custom-iam-entity/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"vars.tf","path":"examples/custom-iam-entity/vars.tf","sha":"4af8f352ddc35352243f8e1ac0dd3fb50f230e11"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"examples/fail2ban/README.md","sha":"7f6b797884ac148c0e34fd6da0eb8224e2255d8a"},{"name":"fail2ban-example.json","path":"examples/fail2ban/fail2ban-example.json","sha":"dca42add6036b1e18f03aaa3f41c500b8767f31d"}]},{"name":"guardduty","children":[{"name":"README.md","path":"examples/guardduty/README.md","sha":"23c75950a1b8b33286b79bd5e9d853cee02d62ea"},{"name":"main.tf","path":"examples/guardduty/main.tf","sha":"1a78e0f65a6d34ef60aba882d36bc2154d214f28"},{"name":"outputs.tf","path":"examples/guardduty/outputs.tf","sha":"2bd66b0621e1ae1602857aa72583fefd219e0bb4"},{"name":"variables.tf","path":"examples/guardduty/variables.tf","sha":"13f4ba729e04c6882101637b9f8a842e13f33fcf"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"examples/iam-groups/README.md","sha":"019d8b433629eb895603e9b4d507b0bf479c3da5"},{"name":"main.tf","path":"examples/iam-groups/main.tf","sha":"3ef8b57b70f9f7f69a619749ce74430888bacebe"},{"name":"outputs.tf","path":"examples/iam-groups/outputs.tf","sha":"2901c51756a4b5d3ce1b040ff006849997650bb0"},{"name":"vars.tf","path":"examples/iam-groups/vars.tf","sha":"4cb4825d0b09ddb2bf1509fbe2e7506a974bae6a"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"examples/iam-user-password-policy/README.md","sha":"0af47723266b57ee39d55d74127ce0c8d902c466"},{"name":"main.tf","path":"examples/iam-user-password-policy/main.tf","sha":"ae22f0ac3173d5c0f191ec537725ea6230962fc5"},{"name":"vars.tf","path":"examples/iam-user-password-policy/vars.tf","sha":"fcdc47d795f3e20427b615e26ea2d60db7109a78"}]},{"name":"iam-users","children":[{"name":"README.md","path":"examples/iam-users/README.md","sha":"f8b65e9756e9f8c8703a854c1363be700b5fe8d9"},{"name":"main.tf","path":"examples/iam-users/main.tf","sha":"892c01c4392d7befe26bb0c7ff80ac0cbefa6563"},{"name":"outputs.tf","path":"examples/iam-users/outputs.tf","sha":"5c7e14248dcd792771f5956d6acc4cd2562887b5"},{"name":"variables.tf","path":"examples/iam-users/variables.tf","sha":"5c27b34c5b14c9222e196441c29576eed1f9fb31"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"examples/ip-lockdown/README.md","sha":"3962ba23a76d8f02e5c0ffc8cb71196991628e38"},{"name":"aws-example","children":[{"name":"README.md","path":"examples/ip-lockdown/aws-example/README.md","sha":"282005cb1cbc63ff7a642bac388a48d6cc3a2087"},{"name":"main.tf","path":"examples/ip-lockdown/aws-example/main.tf","sha":"948172240196c610e26957ca60640191fdfab0ad"},{"name":"outputs.tf","path":"examples/ip-lockdown/aws-example/outputs.tf","sha":"a175a78c9a10f9f2fd9d7c84f9b304aebc1bdb41"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/ip-lockdown/aws-example/user-data/user-data.sh","sha":"c6d308027737a434f4c96bc3eba5bd301897af62"}]},{"name":"vars.tf","path":"examples/ip-lockdown/aws-example/vars.tf","sha":"0db59e9a6307fa940ddf5258130be1c9504c86a5"}]},{"name":"ip-lockdown-sample.json","path":"examples/ip-lockdown/ip-lockdown-sample.json","sha":"2ccf2fe1a5b90bf4ab760ddd4f7714a8e1d43df6"},{"name":"local-test","children":[{"name":"README.md","path":"examples/ip-lockdown/local-test/README.md","sha":"3f0e1a6483ce3155bb04dbb9a4fd76ed41486d35"},{"name":"docker-compose.yml","path":"examples/ip-lockdown/local-test/docker-compose.yml","sha":"1495f82dca93d86fda60fb9dec7ded13852217fc"}]}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"examples/kms-master-key/README.md","sha":"888367af686e25e12f987a100d9d593bc6ca71cc"},{"name":"main.tf","path":"examples/kms-master-key/main.tf","sha":"4e9b50a413bf0844e99281e8611c43479def780f"},{"name":"outputs.tf","path":"examples/kms-master-key/outputs.tf","sha":"bfeb4638cc0ad7540bf7e5258fdc4b73df4b7dc0"},{"name":"vars.tf","path":"examples/kms-master-key/vars.tf","sha":"f8b3c8eb30cdf87d4d7a8cda04dfc001f9872242"}]},{"name":"ntp","children":[{"name":"README.md","path":"examples/ntp/README.md","sha":"b676e802c1d196f6af204d14d143b80864bccd30"},{"name":"ntp-example.json","path":"examples/ntp/ntp-example.json","sha":"ab322bfd9042a9eaf3a9b2ec3418abd7188bc99a"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"examples/os-hardening/README.md","sha":"2518516d2aea0bc3f8d142f0ee8db181ab491d6e"},{"name":"packer-build.sh","path":"examples/os-hardening/packer-build.sh","sha":"7a35196064d70b06cd349d80b64a82b0affe18f0"},{"name":"packer","children":[{"name":"amazon-linux.json","path":"examples/os-hardening/packer/amazon-linux.json","sha":"e75442792ba2588a02bcc93a90eceade50e5a846"},{"name":"files","children":[{"name":"etc","children":[{"name":"fstab","path":"examples/os-hardening/packer/files/etc/fstab","sha":"cbf68cec68a92bc54f514dd0d6906f19cea857e6"}]}]}]},{"name":"terraform","children":[{"name":"main.tf","path":"examples/os-hardening/terraform/main.tf","sha":"0279c513bb48e2a5c966b19298066c04bf6b02f5"},{"name":"outputs.tf","path":"examples/os-hardening/terraform/outputs.tf","sha":"33083aed25a4ed6e323bf84381b896614814c9d1"},{"name":"vars.tf","path":"examples/os-hardening/terraform/vars.tf","sha":"60e4d2707d2f9edba702c9e8edd48ecfc30ae514"}]}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"examples/saml-iam-roles/README.md","sha":"e316aefb1fbf753baa8625c8063e239c799c52b3"},{"name":"main.tf","path":"examples/saml-iam-roles/main.tf","sha":"d0ed7822a55913c6c93391ee345b32a8912ee3ae"},{"name":"outputs.tf","path":"examples/saml-iam-roles/outputs.tf","sha":"1bd4fec9529cddfd2d3f61bba60f9dfb8b286c70"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"vars.tf","path":"examples/saml-iam-roles/vars.tf","sha":"8673df83c8d53eadd579d9ac9ae536711561c746"}]},{"name":"ssh-grunt","children":[{"name":"houston","children":[{"name":"README.md","path":"examples/ssh-grunt/houston/README.md","sha":"ac5cb5fd6c2b55bf198ec4a9ec744d7070bf1875"},{"name":"main.tf","path":"examples/ssh-grunt/houston/main.tf","sha":"36cb5881d191d10eb656af4f1865e1ff6ab2c6e3"},{"name":"outputs.tf","path":"examples/ssh-grunt/houston/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"vars.tf","path":"examples/ssh-grunt/houston/vars.tf","sha":"34c542e9e1afc5dca29476a6ca40d27050aa02d2"}]},{"name":"iam","children":[{"name":"README.md","path":"examples/ssh-grunt/iam/README.md","sha":"d79ebb115ab2452ff3e3dfe57c893e319ffd05ab"},{"name":"main.tf","path":"examples/ssh-grunt/iam/main.tf","sha":"9287afd098898404fa5937818d65e4beaeeef691"},{"name":"outputs.tf","path":"examples/ssh-grunt/iam/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"vars.tf","path":"examples/ssh-grunt/iam/vars.tf","sha":"093c5c41394e22b8308abc432b610a87b75e7680"}]},{"name":"mock-houston","children":[{"name":"README.md","path":"examples/ssh-grunt/mock-houston/README.md","sha":"94c0ef92814db64b5f3d578a4ba7011fb058fedf"},{"name":"main.tf","path":"examples/ssh-grunt/mock-houston/main.tf","sha":"f2bf9160b336a66634bf0f62fb720e00c851412d"},{"name":"outputs.tf","path":"examples/ssh-grunt/mock-houston/outputs.tf","sha":"a25069b6b919c0fa31fc32c3bcf1d326f7c3d46c"},{"name":"vars.tf","path":"examples/ssh-grunt/mock-houston/vars.tf","sha":"984df0c1fa7e7c78d8755652c321dcd06543d030"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/ssh-grunt/packer/README.md","sha":"40dc203c7287544434c7f668ea58782afd2f2386"},{"name":"build-binary.sh","path":"examples/ssh-grunt/packer/build-binary.sh","sha":"6e96bfaa2b82f54ed3f1c5ffb8bb3ee0f99055e4"},{"name":"ssh-grunt-houston.json","path":"examples/ssh-grunt/packer/ssh-grunt-houston.json","sha":"cd3c4a1c2053c238720b0b4111efc3003db7e6cb"},{"name":"ssh-grunt-iam.json","path":"examples/ssh-grunt/packer/ssh-grunt-iam.json","sha":"ab7237cf73deccb4f94837046be2efa0d6df3ebf"}]}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"examples/ssm-healthchecks-iam-permissions/README.md","sha":"f1fe555a3aff887a966def0a1d3ccaff3dd826e7"},{"name":"main.tf","path":"examples/ssm-healthchecks-iam-permissions/main.tf","sha":"2ff78d1f7cc4a484319a74a62880b26ad679f8b5"},{"name":"outputs.tf","path":"examples/ssm-healthchecks-iam-permissions/outputs.tf","sha":"52688c3a4f1f8349500505fb8949fa0d21c385a3"},{"name":"vars.tf","path":"examples/ssm-healthchecks-iam-permissions/vars.tf","sha":"3fb4df876ccbcd8a3ff3af79efaf3479a74261bf"}]}]},{"name":"modules","children":[{"name":"_deprecated","children":[{"name":"custom-iam-group","children":[{"name":"README.md","path":"modules/_deprecated/custom-iam-group/README.md","sha":"e7a0ff783eb1052aa77fe50d7eaa6a06d2d82649"}]}]},{"name":"auto-update","children":[{"name":"README.adoc","path":"modules/auto-update/README.adoc","sha":"6aefe0ec50a3479dc08366ee6ace6f306eec8e7a"},{"name":"core-concepts.md","path":"modules/auto-update/core-concepts.md","sha":"a292e900ff20e205679c5a8a2b382081f338a41f"},{"name":"install-scripts","children":[{"name":"configure-auto-update","path":"modules/auto-update/install-scripts/configure-auto-update","sha":"bf7cdd18bf7c284056071c5e8b905adf2ac772d0"},{"name":"unattended_upgrades_config.txt","path":"modules/auto-update/install-scripts/unattended_upgrades_config.txt","sha":"abe88fd8a5037ce518bec69a6cac0699cb421d47"},{"name":"yum_cron_config.txt","path":"modules/auto-update/install-scripts/yum_cron_config.txt","sha":"e7ef4273f1b2af0c9c032fadaacd03130ba5ea78"}]},{"name":"install.sh","path":"modules/auto-update/install.sh","sha":"7c19fd0d04b11c358af64149b3169d6b2c5e3b58"}]},{"name":"aws-auth","children":[{"name":"AWS-AUTH-LASTPASS.md","path":"modules/aws-auth/AWS-AUTH-LASTPASS.md","sha":"f989822c9600fdb7dec2b67a929f8e4b49947aa8"},{"name":"README.md","path":"modules/aws-auth/README.md","sha":"334b60630b57378a8327981cc6581244a55c2e24"},{"name":"bin","children":[{"name":"aws-auth","path":"modules/aws-auth/bin/aws-auth","sha":"973c0ad62b2ab51cb18abf57d332869171480eff"}]},{"name":"install.sh","path":"modules/aws-auth/install.sh","sha":"ab9611d92d6822ceed981bdff3766724366037f0"}]},{"name":"aws-config","children":[{"name":"README.adoc","path":"modules/aws-config/README.adoc","sha":"dee8d8a1ccfe87003d2bcea8d9446a9d74dbc64a"},{"name":"core-concepts.md","path":"modules/aws-config/core-concepts.md","sha":"7f917cedb2e054a6e7ac4455a92240ff54f15987"},{"name":"main.tf","path":"modules/aws-config/main.tf","sha":"ef90c58cb569c459ef803156f3c991bd197fb503"},{"name":"outputs.tf","path":"modules/aws-config/outputs.tf","sha":"8c8c3d4c9fd8d408d34cda20b4302abc6401005b"},{"name":"vars.tf","path":"modules/aws-config/vars.tf","sha":"d65687709db3c58685573be6f9bfa4ae6cd05c5b"}]},{"name":"aws-organizations-config-rules","children":[{"name":"README.adoc","path":"modules/aws-organizations-config-rules/README.adoc","sha":"3d9e43acb1ca6db5571b6915a7980a4ae600e8c4"},{"name":"core-concepts.md","path":"modules/aws-organizations-config-rules/core-concepts.md","sha":"28f0d3a3325c97e0417c01671bbfc8a1b577498a"},{"name":"main.tf","path":"modules/aws-organizations-config-rules/main.tf","sha":"c67d58ca43acafce5f464b969980074631573490"},{"name":"outputs.tf","path":"modules/aws-organizations-config-rules/outputs.tf","sha":"9b78cd00ad242a02579147b390c6ad946620e1f0"},{"name":"variables.tf","path":"modules/aws-organizations-config-rules/variables.tf","sha":"1d8616a01e1db2c0672827920afef50d921fde6d"}]},{"name":"aws-organizations","children":[{"name":"README.adoc","path":"modules/aws-organizations/README.adoc","sha":"711b480a00245dc87a73e1c13a18867498eb6f7b"},{"name":"core-concepts.md","path":"modules/aws-organizations/core-concepts.md","sha":"ff397622de5a23581ae9792f4161aa0f1a1e1085"},{"name":"main.tf","path":"modules/aws-organizations/main.tf","sha":"0813956755b64165bddc6a9e883ee36e686079dd"},{"name":"outputs.tf","path":"modules/aws-organizations/outputs.tf","sha":"5d71fce583011b7351615821e6a888eb8f73906a"},{"name":"variables.tf","path":"modules/aws-organizations/variables.tf","sha":"4eac97565d5ab76a5e0c03cde4a9337001125156"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"cb56736b0eff0b10521fc5a42e6fd30e6660f165"},{"name":"core-concepts.md","path":"modules/cloudtrail/core-concepts.md","sha":"beed0fe088229f9c33e58ad62f213964f4571349"},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"7e98e2b4fa6e8142b28ae3ad3e7ddf1d91c6d54c"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"20e598a564e2362f8e199d710699dedded900dfb"},{"name":"vars.tf","path":"modules/cloudtrail/vars.tf","sha":"59c5979a5bd9cfe391ac30e74e05709802a7858d"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"modules/cross-account-iam-roles/README.md","sha":"9185ef34dd25c4da8d907a180495c377fdbcff49"},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"d4b66fff9f7acee9999f6674a86441e09ca9b393"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"73b26ff9804cb98404c81fa07e084042898482cf"},{"name":"vars.tf","path":"modules/cross-account-iam-roles/vars.tf","sha":"9a45fb999b66e057a1f23d2457c130963b7ddbdc"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"modules/custom-iam-entity/README.md","sha":"98ab8129418c43978d46d58896b6e64172995aba"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"3a6866b29cf106c185bf7452595315666ec41398"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"23cc0eb151da4ab2f146c89d9ad53dfc0e5c8c82"},{"name":"vars.tf","path":"modules/custom-iam-entity/vars.tf","sha":"28688569e02fb678fa65637d99bc2d379d48b767"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"modules/fail2ban/README.md","sha":"2301349c1b8775809b7362189a72655ce58b26fb"},{"name":"install-scripts","children":[{"name":"cloudwatch-metric.conf","path":"modules/fail2ban/install-scripts/cloudwatch-metric.conf","sha":"f78f5f55f585a6efe60a51a2c0f41e4a63f99749"},{"name":"configure-fail2ban","path":"modules/fail2ban/install-scripts/configure-fail2ban","sha":"19e281057d9e5ac91e7497441febfe633d231cd1"},{"name":"fail2ban.local","path":"modules/fail2ban/install-scripts/fail2ban.local","sha":"8292c4a18c825bfbf0a8d52cfb2746aa43f76ca4"},{"name":"filters.sshd.amazon.conf","path":"modules/fail2ban/install-scripts/filters.sshd.amazon.conf","sha":"093bb1baf88a1e283a43b7dd7d04c64992abecc6"},{"name":"jail.amazon.local","path":"modules/fail2ban/install-scripts/jail.amazon.local","sha":"a0aef73873e461c46ff63a4a3e5166ad3453c5e3"},{"name":"jail.amazon2.local","path":"modules/fail2ban/install-scripts/jail.amazon2.local","sha":"73993857d9a9424bb991666a58adc080024fe720"},{"name":"jail.ubuntu.local","path":"modules/fail2ban/install-scripts/jail.ubuntu.local","sha":"3ba6255a331696f384c0fcc385cd599687f60199"}]},{"name":"install.sh","path":"modules/fail2ban/install.sh","sha":"8f7b536f08506dabc2f6beb6cd5a50f7282168aa"},{"name":"user-data-scripts","children":[{"name":"configure-fail2ban-cloudwatch.sh","path":"modules/fail2ban/user-data-scripts/configure-fail2ban-cloudwatch.sh","sha":"64b7c27b8aa50302f4f7e35ebd8bbf93064bb777"}]}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"modules/guardduty-multi-region/README.adoc","sha":"b57160a6a71d3f7f5b1e1a7ec070bb47991b50ed"},{"name":"core-concepts.md","path":"modules/guardduty-multi-region/core-concepts.md","sha":"2eab0fd6c0548ba11104b6d778eb224df5622886"},{"name":"generate-main.py","path":"modules/guardduty-multi-region/generate-main.py","sha":"dbae0442bf30a95c97e3dc0c001d547472876d09"},{"name":"main.tf","path":"modules/guardduty-multi-region/main.tf","sha":"cbd2d875a68d852ef9ccb8ccc44ab85a06bba1b5"},{"name":"outputs.tf","path":"modules/guardduty-multi-region/outputs.tf","sha":"fd9b6d8e742af5b74d875ff6c796e289f32ba191"},{"name":"variables.tf","path":"modules/guardduty-multi-region/variables.tf","sha":"952903ce482d54464dd8454107f94d719e29c12c"}]},{"name":"guardduty-single-region","children":[{"name":"README.md","path":"modules/guardduty-single-region/README.md","sha":"abed69e3d0b928f47a80fdac8838f1efe354de4d"},{"name":"main.tf","path":"modules/guardduty-single-region/main.tf","sha":"6768c3c9d874062c45180bd0504948ac4285de4b"},{"name":"outputs.tf","path":"modules/guardduty-single-region/outputs.tf","sha":"0fd6fdc76d8bc1bb4c544028c802248999d309f7"},{"name":"variables.tf","path":"modules/guardduty-single-region/variables.tf","sha":"79d6e08f8992744de45d733a5ca58a97bb3991e2"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"modules/iam-groups/README.md","sha":"072baead8ab54d99d6c9232802c42522a9785c96"},{"name":"_docs","children":[{"name":"iam-user-access-to-billing.png","path":"modules/iam-groups/_docs/iam-user-access-to-billing.png","sha":"063f6cf8dc766b4d44942de89660e8ab9e1f3d63"},{"name":"my-account.png","path":"modules/iam-groups/_docs/my-account.png","sha":"387320200ed756ce4191afef87f0ab76e2c3d89a"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"09854772868b6351d46a29a3fa717804b1460f83"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"59cbe8c8417ce370880236a1596998f26bdf7f07"},{"name":"vars.tf","path":"modules/iam-groups/vars.tf","sha":"bb2c89d70441cf6e19b1df8d929cbbae1726bc6d"}]},{"name":"iam-policies","children":[{"name":"README.md","path":"modules/iam-policies/README.md","sha":"a6b450cb3dc9b7f0809223c37dcc79451ac573d9"},{"name":"main.tf","path":"modules/iam-policies/main.tf","sha":"8648ecc0eae6ced94c1b10197186f760760dbf8b"},{"name":"outputs.tf","path":"modules/iam-policies/outputs.tf","sha":"6e9206ee3029eb480b6ede1bf55e4ef15b0a0673"},{"name":"vars.tf","path":"modules/iam-policies/vars.tf","sha":"6204c2d4b1b7ec860b4cc5d4d206990a91dfdc9c"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"modules/iam-user-password-policy/README.md","sha":"5bea6ba56fc796be5b860549156a3a251735fc2a"},{"name":"main.tf","path":"modules/iam-user-password-policy/main.tf","sha":"9670fa0991057e03a72b72987c02a71e14611724"},{"name":"vars.tf","path":"modules/iam-user-password-policy/vars.tf","sha":"7c08eef88a7b13226cc4e18aa8338db64fdf83f0"}]},{"name":"iam-users","children":[{"name":"README.md","path":"modules/iam-users/README.md","sha":"9da56f1341cc4b4dc67038391ea8f52198bb3b21"},{"name":"main.tf","path":"modules/iam-users/main.tf","sha":"4d9e3efab76e509a9715fc276833254b9500169a"},{"name":"outputs.tf","path":"modules/iam-users/outputs.tf","sha":"67020f9214a30c4fddd150c67209a231d4aec00e"},{"name":"variables.tf","path":"modules/iam-users/variables.tf","sha":"3e49197e1f1b4251f5fff088974cb6e40c3677b0"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"modules/ip-lockdown/README.md","sha":"af806e396600aed64922eac8a3c7ab29a90f858d"},{"name":"install.sh","path":"modules/ip-lockdown/install.sh","sha":"ce61af763bee9ad29754220ae24521f22c3a956f"},{"name":"ip-lockdown","path":"modules/ip-lockdown/ip-lockdown","sha":"93a0e1f5876e7de5778c595e8801d64986cb118b"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"modules/kms-master-key/README.md","sha":"8dfd4d4425c1c69f529e3965629738506a3dd2c1"},{"name":"main.tf","path":"modules/kms-master-key/main.tf","sha":"056fe2d8ed385f12ebfef79c0addc9e97e8b07c8"},{"name":"outputs.tf","path":"modules/kms-master-key/outputs.tf","sha":"b9bd1c5fa06b56d0bd78f7dab15c9f3233443bed"},{"name":"vars.tf","path":"modules/kms-master-key/vars.tf","sha":"47b6750ee300f7ab06bbad17212a859e66d4bf4a"}]},{"name":"ntp","children":[{"name":"README.md","path":"modules/ntp/README.md","sha":"c81ae3adf4d5af364729c5537414de1ada470af5"},{"name":"install.sh","path":"modules/ntp/install.sh","sha":"d31aa46b7f60f621a45166726559c8025efc1aa0"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"modules/os-hardening/README.md","sha":"3e864b0e9208eb6809adf41968c51e02fc233ee1"},{"name":"_docs","children":[{"name":"Helpful Email.md","path":"modules/os-hardening/_docs/Helpful Email.md","sha":"246a0b80b29f5ff3d2b2f4c5c170fc927e2d9dd7"}]},{"name":"ami-builder","children":[{"name":"files","children":[{"name":"user-data.sh.template","path":"modules/os-hardening/ami-builder/files/user-data.sh.template","sha":"4a3c87a19e1a4caa20b9b425b2a02101566d1166"}]},{"name":"main.tf","path":"modules/os-hardening/ami-builder/main.tf","sha":"3b23018276920ce33dab358eab79ef39e269fd98"},{"name":"outputs.tf","path":"modules/os-hardening/ami-builder/outputs.tf","sha":"8ce2ee598124ca50dd530a33aa60f5d1452a4a2b"},{"name":"vars.tf","path":"modules/os-hardening/ami-builder/vars.tf","sha":"c5927cfcebf6781b8b920d8fd7872f2992bb1501"}]},{"name":"partition-scripts","children":[{"name":"README.md","path":"modules/os-hardening/partition-scripts/README.md","sha":"a2986f1ab8f7470d2ba71d5270e5217d64cb10a3"},{"name":"bin","children":[{"name":"cleanup-volume","path":"modules/os-hardening/partition-scripts/bin/cleanup-volume","sha":"c7cbf3ecebd915235238557d27a1ce25e6fc10fa"},{"name":"partition-volume","path":"modules/os-hardening/partition-scripts/bin/partition-volume","sha":"f4f8566a1ef6aa4ff0c0268bd28721488aa6dfc4"}]},{"name":"install.sh","path":"modules/os-hardening/partition-scripts/install.sh","sha":"606776c068260836e8612a681ff4e3edc8abdb41"}]}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"modules/saml-iam-roles/README.md","sha":"fed1904b6d61d7d3fdee2931cfeb0cb79ec54523"},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"e4d97af0e2b812427faaf4e860b593eb9a113d30"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"b2778906a16b2b513808aaea58c06cc3c9fc8c42"},{"name":"vars.tf","path":"modules/saml-iam-roles/vars.tf","sha":"981970525d6fd88bbaad9e72745f390795102333"}]},{"name":"ssh-grunt-selinux-policy","children":[{"name":"README.md","path":"modules/ssh-grunt-selinux-policy/README.md","sha":"8a934c81da696e32c365183b6a707594da99ba79"},{"name":"install.sh","path":"modules/ssh-grunt-selinux-policy/install.sh","sha":"3de871d61a9990e7f2c130f23afaf00daeb6bbef"},{"name":"ssh-grunt.pp","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.pp","sha":"7c7050f812cd0e3cb34e37b88c35fb09f369be7d"},{"name":"ssh-grunt.te","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.te","sha":"3317a71feaa633662a00b1dc05b1176cb85c9793"}]},{"name":"ssh-grunt","children":[{"name":".dockerignore","path":"modules/ssh-grunt/.dockerignore","sha":"a725465aee245635a2bd129af54858ed32c84cb8"},{"name":"Dockerfile","path":"modules/ssh-grunt/Dockerfile","sha":"6a6f21b4742f67f58be809a54ff48f2f6937ae14"},{"name":"Gopkg.lock","path":"modules/ssh-grunt/Gopkg.lock","sha":"f96af3ce514c0a60f18f7fb2b9620e1890e1e764"},{"name":"Gopkg.toml","path":"modules/ssh-grunt/Gopkg.toml","sha":"529ca4ea4ef756052c92315e07b2fbdb92720237"},{"name":"README.adoc","path":"modules/ssh-grunt/README.adoc","sha":"89e1ff7db5620809af182703c45f87601e59a766","toggled":true},{"name":"_ci","children":[{"name":"build-and-test.sh","path":"modules/ssh-grunt/_ci/build-and-test.sh","sha":"903993de2d7bcde19d472fa5e510ee862d4b10c3"},{"name":"test.sh","path":"modules/ssh-grunt/_ci/test.sh","sha":"235603944316e81f1da1cc0248b80beecf99cb27"}]},{"name":"_docs","children":[{"name":"houston-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/houston-upload-ssh-key.png","sha":"e32519497262f9796a4ea46c53953923975cbd7d"},{"name":"iam-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/iam-upload-ssh-key.png","sha":"8bb1e793185eb0b4822023552899874394342f21"}]},{"name":"core-concepts.md","path":"modules/ssh-grunt/core-concepts.md","sha":"34a386f0b38bbefa147a2890ab80bc2960a7ff9e"},{"name":"docker-compose.yml","path":"modules/ssh-grunt/docker-compose.yml","sha":"0609cfaadf18bb9eb8ff13459cf9f0f10928765e"},{"name":"scripts","children":[{"name":"build-linux-binary.sh","path":"modules/ssh-grunt/scripts/build-linux-binary.sh","sha":"fc74dd9990e9f4526ae2e7cd13e338d4fd0f11c4"},{"name":"run.sh","path":"modules/ssh-grunt/scripts/run.sh","sha":"050027e034cd03e53625986eb0f331c043492cf6"}]},{"name":"src","children":[{"name":"cli.go","path":"modules/ssh-grunt/src/cli.go","sha":"f72f670dcf0ae2e0bcb8ed02e91c706a5e8c3be0"},{"name":"cli_test.go","path":"modules/ssh-grunt/src/cli_test.go","sha":"a65fc7945a800263b6ad153cc0c4354551814f0c"},{"name":"collections.go","path":"modules/ssh-grunt/src/collections.go","sha":"abb602cb1a1df835caf2cfd66dfc058aed75e3ee"},{"name":"cron.go","path":"modules/ssh-grunt/src/cron.go","sha":"ba1ada9e91762b66206025cfc281bea8f35498b0"},{"name":"cron_test.go","path":"modules/ssh-grunt/src/cron_test.go","sha":"0300a91bf9e0b536a2061a2f85c69542f86966a6"},{"name":"errors.go","path":"modules/ssh-grunt/src/errors.go","sha":"0e6361f5d7773d32f7fc9ff48a6d54bafd33508e"},{"name":"file.go","path":"modules/ssh-grunt/src/file.go","sha":"edf84f18ffa9c25038e02c5eb74213a413ee5ad3"},{"name":"groups.go","path":"modules/ssh-grunt/src/groups.go","sha":"fba9e95114aa7aa723913e855b424b76952d5c7b"},{"name":"groups_test.go","path":"modules/ssh-grunt/src/groups_test.go","sha":"c0b0bef6dc58bc640e689c0eab284fe3767359b5"},{"name":"houston.go","path":"modules/ssh-grunt/src/houston.go","sha":"2ba5973deb8a5431946ed0fc401bdc06028d91d7"},{"name":"houston_test.go","path":"modules/ssh-grunt/src/houston_test.go","sha":"088b51302fe48341ba83ac05107910cd5269e50f"},{"name":"iam.go","path":"modules/ssh-grunt/src/iam.go","sha":"dafbc8fbb732d2d6212cade786eb13d7215b9862"},{"name":"iam_test.go","path":"modules/ssh-grunt/src/iam_test.go","sha":"4f69cd90234d025c4368421ca7ce3f7818a52165"},{"name":"logger.go","path":"modules/ssh-grunt/src/logger.go","sha":"e62f5712a083ee1006911a23ee71e03ebd3622cf"},{"name":"main.go","path":"modules/ssh-grunt/src/main.go","sha":"89fe7e90c47dc8b2527e1c8addebca5e55ccfb35"},{"name":"shell.go","path":"modules/ssh-grunt/src/shell.go","sha":"070b861e82973d6cb7b09b91f99ad3055035bb1c"},{"name":"ssh.go","path":"modules/ssh-grunt/src/ssh.go","sha":"7eddcb4fa3fb3cf51ffa6221bc6552a7d57cfa98"},{"name":"ssh_test.go","path":"modules/ssh-grunt/src/ssh_test.go","sha":"f095f9d6d3618ac50c2ef8e65d6be4a2bff26283"},{"name":"string.go","path":"modules/ssh-grunt/src/string.go","sha":"fc61ca9625f9d654c2b3576ff932db1b90ae9dfe"},{"name":"string_test.go","path":"modules/ssh-grunt/src/string_test.go","sha":"a51e495942cd4364b1b2a511fa68fc4b1dde1237"},{"name":"sync.go","path":"modules/ssh-grunt/src/sync.go","sha":"b5d5bdbc0c1b52fa0008190eb3f97bc99109c3dd"},{"name":"sync_test.go","path":"modules/ssh-grunt/src/sync_test.go","sha":"f0a46bd471c56bde16cb822f8281e975c8aec848"},{"name":"url.go","path":"modules/ssh-grunt/src/url.go","sha":"12ff56939763979f94a8cb6dc35c9775ce0d3474"},{"name":"url_test.go","path":"modules/ssh-grunt/src/url_test.go","sha":"fe77a4563549dc6e0148452c1b03f19b6c0d9dcc"},{"name":"users.go","path":"modules/ssh-grunt/src/users.go","sha":"a40c2d3f26f69a93dac83da731a2407d1b89a083"},{"name":"users_test.go","path":"modules/ssh-grunt/src/users_test.go","sha":"3473766223be802090c695568e696149442ce112"}]}],"toggled":true},{"name":"ssh-iam","children":[{"name":"README.md","path":"modules/ssh-iam/README.md","sha":"4aa06d6a729e53384b6d2a43c06ee38807092f32"}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"modules/ssm-healthchecks-iam-permissions/README.md","sha":"005260025ae51ed9e13f1b6c6f9d737a02d5db68"},{"name":"main.tf","path":"modules/ssm-healthchecks-iam-permissions/main.tf","sha":"6b6b91fa59bc86de7521264ff34217cc88ae3842"},{"name":"vars.tf","path":"modules/ssm-healthchecks-iam-permissions/vars.tf","sha":"731aa1c2f275f723272114ef0357a8c3a246b47e"}]},{"name":"tls-cert-private","children":[{"name":"Dockerfile","path":"modules/tls-cert-private/Dockerfile","sha":"028aa72d434cf4bf28dff92d293e35a85b19fcf0"},{"name":"README.md","path":"modules/tls-cert-private/README.md","sha":"c6996ec25d7d9b1ab4f79d8164a14e86e1ac844f"},{"name":"docker-compose.yml","path":"modules/tls-cert-private/docker-compose.yml","sha":"f872026e8d51ceaab2e1c11cc9cf9c35ba81f29c"},{"name":"files","children":[{"name":"openssl.cnf","path":"modules/tls-cert-private/files/openssl.cnf","sha":"2542542c80ab180c47d3e0a27dbded65bed572de"}]},{"name":"scripts","children":[{"name":"generate-ca-keypair.sh","path":"modules/tls-cert-private/scripts/generate-ca-keypair.sh","sha":"395ee97c0e499c660efac5c5cf1f79dfcdbb69f8"},{"name":"generate-tls-keypair.sh","path":"modules/tls-cert-private/scripts/generate-tls-keypair.sh","sha":"f1c3577437fd589087704a9c003de416cb87d232"},{"name":"main.sh","path":"modules/tls-cert-private/scripts/main.sh","sha":"dc7af965ffb783bbef449010818e69294fa2ef75"}]}]}],"toggled":true},{"name":"test","children":[{"name":"Gopkg.lock","path":"test/Gopkg.lock","sha":"551944ad10e882e62590a33f90f60e480be80d4a"},{"name":"Gopkg.toml","path":"test/Gopkg.toml","sha":"b1dfa116f26fb4b7d7fe6a524e1b5bb074f67365"},{"name":"README.md","path":"test/README.md","sha":"62b43a1b4268805a0a1fdcecd51f4068b07d37b1"},{"name":"auto_update_test.go","path":"test/auto_update_test.go","sha":"1d2a5906849c2ae62c65c0c5ce42a9ba20201f82"},{"name":"aws_config_test.go","path":"test/aws_config_test.go","sha":"df32a8831f033d011743adbc70a679a287f8d899"},{"name":"aws_organizations_config_rules_test.go","path":"test/aws_organizations_config_rules_test.go","sha":"873b1ea607fe800910a02aa5b5d72e1709e3d724"},{"name":"aws_organizations_test.go","path":"test/aws_organizations_test.go","sha":"2eead85751ec47bd1008b795621fa5cff4a2a262"},{"name":"cloudtrail_test.go","path":"test/cloudtrail_test.go","sha":"bfd0e35b8f08e14a55026de1e72a97e6e7f15342"},{"name":"cross_account_iam_roles_test.go","path":"test/cross_account_iam_roles_test.go","sha":"b7dd54b59acb03cb0c5a7581e15de61f4b901c36"},{"name":"custom_iam_entity_test.go","path":"test/custom_iam_entity_test.go","sha":"390cace437fd609e2ad5d81c77d7ffacb0d7555e"},{"name":"fail2ban_test.go","path":"test/fail2ban_test.go","sha":"ac5c2f060a8aefc96d6ddd60630b6c8826182dfc"},{"name":"guardduty_test.go","path":"test/guardduty_test.go","sha":"73372ee85a4f78efd307d9a6d08fd09f41d781ed"},{"name":"iam_groups_test.go","path":"test/iam_groups_test.go","sha":"21d66e7dcdf43cb7725be7ed4c7c8c7eb34dab79"},{"name":"iam_ssm_test.go","path":"test/iam_ssm_test.go","sha":"48e1870a8882f4ad88bd5fb7fb018b33baee82a6"},{"name":"iam_user_password_policy_test.go","path":"test/iam_user_password_policy_test.go","sha":"1fb35eea4e93bd26aad51804094dda325a4893b0"},{"name":"iam_users_test.go","path":"test/iam_users_test.go","sha":"e4934196d3df5d2a506b92fcae3f65b6309eebb8"},{"name":"ip-lockdown-test-scripts","children":[{"name":"allow-several-users.sh","path":"test/ip-lockdown-test-scripts/allow-several-users.sh","sha":"2f75dbe0880ed0907b43db58b6ac030a0d0e9bd4"},{"name":"common.sh","path":"test/ip-lockdown-test-scripts/common.sh","sha":"cdfe11aca76607a4feaf254a394f32273b738c5c"},{"name":"index.html","path":"test/ip-lockdown-test-scripts/index.html","sha":"557db03de997c86a4a028e1ebd3a1ceb225be238"},{"name":"restrict-all-users.sh","path":"test/ip-lockdown-test-scripts/restrict-all-users.sh","sha":"a37c1ffc90f2532e7cc3f9f5a859b75c98661dc6"},{"name":"restrict-one-user.sh","path":"test/ip-lockdown-test-scripts/restrict-one-user.sh","sha":"4214e1c15102f4568d1e995aa82add46ee430237"},{"name":"sanity-check.sh","path":"test/ip-lockdown-test-scripts/sanity-check.sh","sha":"542ed72f4f0952ace67c9cbf2e5ac07e81e6870c"}]},{"name":"ip_lockdown_test.go","path":"test/ip_lockdown_test.go","sha":"8a523ee4446d8f114647bbe76102cf3b755e30d4"},{"name":"kms_master_key_test.go","path":"test/kms_master_key_test.go","sha":"f372cb4e061299de80e2d9b1594d3cd7aa5cf88b"},{"name":"ntp_test.go","path":"test/ntp_test.go","sha":"e4ec90a5d39ed012b87a32d5b0b27b299cd746e8"},{"name":"os_hardening_test.go","path":"test/os_hardening_test.go","sha":"d7b1de96445a8474e323bcde272c909379d11a10"},{"name":"saml_iam_roles_test.go","path":"test/saml_iam_roles_test.go","sha":"78ec14c02892e1cb3d7b5e36756bca532ae27dd2"},{"name":"ssh_grunt_houston_test.go","path":"test/ssh_grunt_houston_test.go","sha":"b8b4d0786e13432f86745acc8e4ae468561c17a7"},{"name":"ssh_grunt_iam_test.go","path":"test/ssh_grunt_iam_test.go","sha":"30c2bf25c90aef2a0f22cf5ed789af9e45e6c86e"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"018ca09c9888db5325fefb9774bad0b5f14670a0"},{"name":"test_helpers_aws_auth.go","path":"test/test_helpers_aws_auth.go","sha":"5be2449c8274695a1f27c235f4c70cbb2416b591"},{"name":"tls_cert_private_test.go","path":"test/tls_cert_private_test.go","sha":"5696a2f5113288b1d4da4327c2a44137ad662ecd"}]}]},"detailsContent":"<div id=\"preamble\">\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p><span class=\"image\"><a class=\"image\" href=\"https://gruntwork.io/?ref=repo_aws_eks\" target=\"_blank\"><img src=\"https://img.shields.io/badge/maintained%20by-gruntwork.io-%235849a6.svg\" alt=\"maintained%20by gruntwork.io %235849a6\" class=\"preview__body--diagram\"></a></span></p>\n</div>\n<div class=\"paragraph\">\n<p>This module can configure a Linux server to manage SSH access to the server via an Identity Provider (IdP). Two types of\nIdP integrations are supported:</p>\n</div>\n<div class=\"olist arabic\">\n<ol class=\"arabic\">\n<li>\n<p>AWS <a href=\"https://aws.amazon.com/iam/\" target=\"_blank\">Identity and Access Management (IAM)</a>: Developers in certain IAM Groups will be\nable to SSH to your servers using their IAM user name and the SSH key they uploaded to their IAM user account.</p>\n</li>\n<li>\n<p><a href=\"https://gruntwork.io/houston\" target=\"_blank\">Gruntwork Houston</a>: Developers with certain roles in your supported IdP (e.g.,\nADFS, AWS SSO, or Google) will be able to SSH to your servers using their IdP username and an SSH key\nthey uploaded to Houston.</p>\n</li>\n</ol>\n</div>\n<div class=\"imageblock\">\n<div class=\"content\">\n<img src=\"/repos/images/v0.34.2/module-security/_docs/ssh-grunt-architecture.png?raw=true\" alt=\"ssh-grunt architecture\" class=\"preview__body--diagram\">\n</div>\n</div>\n<div id=\"toc\" class=\"toc\">\n<div id=\"toctitle\" class=\"title\"></div>\n<ul class=\"sectlevel1\">\n<li><a href=\"#_features\">Features</a></li>\n<li><a href=\"#_learn\">Learn</a>\n<ul class=\"sectlevel2\">\n<li><a href=\"#_core_concepts\">Core concepts</a></li>\n<li><a href=\"#_repo_organization\">Repo organization</a></li>\n</ul>\n</li>\n<li><a href=\"#_deploy\">Deploy</a>\n<ul class=\"sectlevel2\">\n<li><a href=\"#_non_production_deployment_quick_start_for_learning\">Non-production deployment (quick start for learning)</a></li>\n<li><a href=\"#_production_deployment\">Production deployment</a></li>\n</ul>\n</li>\n<li><a href=\"#_manage\">Manage</a>\n<ul class=\"sectlevel2\">\n<li><a href=\"#_day_to_day_operations\">Day-to-day operations</a></li>\n</ul>\n</li>\n<li><a href=\"#_support\">Support</a></li>\n<li><a href=\"#_contributions\">Contributions</a></li>\n<li><a href=\"#_license\">License</a></li>\n</ul>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_features\"><a class=\"anchor\" href=\"#_features\"></a><a class=\"link\" href=\"#_features\">Features</a></h2>\n<div class=\"sectionbody\">\n<div class=\"ulist\">\n<ul>\n<li>\n<p>Automatically sync user accounts from your identity provider (e.g., IAM, Google, ADFS) to your servers, so each developer can have their own user name (e.g.\n\"susan\", \"jim\") rather than everyone using a shared user (e.g. \"ubuntu\", \"ec2-user\").</p>\n</li>\n<li>\n<p>Each developer uses their own SSH keys to connect to servers (instead of a single, shared Key Pair).</p>\n</li>\n<li>\n<p>Quickly use IAM or Houston to rotate old keys and upload a new one</p>\n</li>\n<li>\n<p>Revoke SSH access to servers from the centralized IdP</p>\n</li>\n</ul>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_learn\"><a class=\"anchor\" href=\"#_learn\"></a><a class=\"link\" href=\"#_learn\">Learn</a></h2>\n<div class=\"sectionbody\">\n<div class=\"admonitionblock note\">\n<table>\n<tr>\n<td class=\"icon\">\n<div class=\"title\">Note</div>\n</td>\n<td class=\"content\">\nThis repo is a part of <a href=\"https://gruntwork.io/infrastructure-as-code-library/\" target=\"_blank\">the Gruntwork Infrastructure as Code\nLibrary</a>, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Infrastructure as Code Library before, make sure to read <a href=\"https://gruntwork.io/guides/foundations/how-to-use-gruntwork-infrastructure-as-code-library/\" target=\"_blank\">How to use the Gruntwork Infrastructure as Code Library</a>!\n</td>\n</tr>\n</table>\n</div>\n<div class=\"sect2\">\n<h3 id=\"_core_concepts\"><a class=\"anchor\" href=\"#_core_concepts\"></a><a class=\"link\" href=\"#_core_concepts\">Core concepts</a></h3>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers\">How to install ssh-grunt on your servers</a></p>\n</li>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/modules/ssh-grunt/core-concepts.md#how-it-works\">How SSH Grunt works</a></p>\n</li>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/README.adoc#core-concepts\">Core Security Concepts</a></p>\n</li>\n</ul>\n</div>\n</div>\n<div class=\"sect2\">\n<h3 id=\"_repo_organization\"><a class=\"anchor\" href=\"#_repo_organization\"></a><a class=\"link\" href=\"#_repo_organization\">Repo organization</a></h3>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/modules\">modules</a>: the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.</p>\n</li>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/examples\">examples</a>: This folder contains working examples of how to use the submodules.</p>\n</li>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/test\">test</a>: Automated tests for the modules and examples.</p>\n</li>\n</ul>\n</div>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_deploy\"><a class=\"anchor\" href=\"#_deploy\"></a><a class=\"link\" href=\"#_deploy\">Deploy</a></h2>\n<div class=\"sectionbody\">\n<div class=\"sect2\">\n<h3 id=\"_non_production_deployment_quick_start_for_learning\"><a class=\"anchor\" href=\"#_non_production_deployment_quick_start_for_learning\"></a><a class=\"link\" href=\"#_non_production_deployment_quick_start_for_learning\">Non-production deployment (quick start for learning)</a></h3>\n<div class=\"paragraph\">\n<p>If you just want to try this repo out for experimenting and learning, check out the following resources:</p>\n</div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/examples/ssh-grunt\">ssh-grunt examples</a>: The <code>examples/ssh-grunt</code> folder contains sample code optimized for\nlearning, experimenting, and testing (but not production usage).</p>\n</li>\n</ul>\n</div>\n</div>\n<div class=\"sect2\">\n<h3 id=\"_production_deployment\"><a class=\"anchor\" href=\"#_production_deployment\"></a><a class=\"link\" href=\"#_production_deployment\">Production deployment</a></h3>\n<div class=\"paragraph\">\n<p>If you want to deploy this repo in production, check out the following resources:</p>\n</div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"/repos/infrastructure-modules-multi-account-acme/services/eks-cluster/packer/eks-node.json\">Packer template in the Acme example Reference Architecture</a>: Production-ready sample code from the Acme Reference Architecture examples.</p>\n</li>\n<li>\n<p><a href=\"/repos/infrastructure-modules-multi-account-acme/security/iam-groups\">IAM\ngroups in the Acme example Reference Architecture</a>: Production-ready sample code for IAM groups that can be used for\nmanaging SSH grunt access from the Acme Reference Architecture examples.</p>\n</li>\n<li>\n<p><a href=\"/repos/infrastructure-modules-multi-account-acme/security/iam-cross-account\">IAM\ncross account roles in the Acme example Reference Architecture</a>: Production-ready sample code for IAM roles that can\nbe used for managing SSH grunt access from the Acme Reference Architecture examples.</p>\n</li>\n</ul>\n</div>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_manage\"><a class=\"anchor\" href=\"#_manage\"></a><a class=\"link\" href=\"#_manage\">Manage</a></h2>\n<div class=\"sectionbody\">\n<div class=\"sect2\">\n<h3 id=\"_day_to_day_operations\"><a class=\"anchor\" href=\"#_day_to_day_operations\"></a><a class=\"link\" href=\"#_day_to_day_operations\">Day-to-day operations</a></h3>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys\">How to manage SSH keys</a></p>\n</li>\n<li>\n<p><a href=\"/repos/v0.34.2/module-security/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions\">IAM permissions required for ssh-grunt to work</a></p>\n</li>\n</ul>\n</div>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_support\"><a class=\"anchor\" href=\"#_support\"></a><a class=\"link\" href=\"#_support\">Support</a></h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>If you need help with this repo or anything else related to infrastructure or DevOps, Gruntwork offers <a href=\"https://gruntwork.io/support/\" target=\"_blank\">Commercial Support</a> via Slack, email, and phone/video. If you’re already a Gruntwork customer, hop on Slack and ask away! If not, <a href=\"https://www.gruntwork.io/pricing/\" target=\"_blank\">subscribe now</a>. If you’re not sure, feel free to email us at <a href=\"mailto:support@gruntwork.io\" target=\"_blank\">support@gruntwork.io</a>.</p>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_contributions\"><a class=\"anchor\" href=\"#_contributions\"></a><a class=\"link\" href=\"#_contributions\">Contributions</a></h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Contributions to this repo are very welcome and appreciated! If you find a bug or want to add a new feature or even contribute an entirely new module, we are very happy to accept pull requests, provide feedback, and run your changes through our automated test suite.</p>\n</div>\n<div class=\"paragraph\">\n<p>Please see <a href=\"https://gruntwork.io/guides/foundations/how-to-use-gruntwork-infrastructure-as-code-library/#contributing-to-the-gruntwork-infrastructure-as-code-library\" target=\"_blank\">Contributing to the Gruntwork Infrastructure as Code Library</a> for instructions.</p>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_license\"><a class=\"anchor\" href=\"#_license\"></a><a class=\"link\" href=\"#_license\">License</a></h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Please see <a href=\"/repos/v0.34.2/module-security/LICENSE.txt\">LICENSE.txt</a> for details on how the code in this repo is licensed.</p>\n</div>\n</div>\n</div>","repoName":"module-security","repoRef":"v0.22.2","serviceDescriptor":{"serviceName":"ssh-grunt","serviceRepoName":"module-security","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/ssh-grunt","cloudProviders":["aws"],"description":"Manage SSH access to EC2 Instances using groups in AWS IAM or your Identity Provider (e.g., ADFS, Google, Okta, etc).","imageUrl":"grunt.png","licenseType":"subscriber","technologies":["Terraform","Go"],"compliance":[],"tags":[""]},"serviceCategoryName":"SSH access","fileName":"README.adoc","filePath":"/modules/ssh-grunt","title":"Repo Browser: ssh-grunt","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}