This module can be used to allow users authenticated via external Security Assertion Markup Language (SAML) identity
providers such as Google, Amazon SSO, Microsoft Active Directory Federation Services (ADFS), Okta, and OneLogin to access
your AWS accounts (saml-access).
This allows you to define each environment (mgmt, stage, prod, etc) in a separate AWS account and to use SAML to assume
different roles in each account.
If you're not familiar with IAM concepts, start with the Background Information section as a
way to familiarize yourself with the terminology.
If you want to allow users of a SAML Identity Provider (IdP) to access your AWS accounts, you will first need to create a SAML Identity Provider within IAM. You will also have to configure your IdP to send the appropriate assertions as described in the
AWS Documentation.
Create IAM roles in each account
If you want to allow users from SAML IdPs to access your AWS accounts, use this module in each AWS account to create IAM roles that specify which services those users may access.
Create permissions to assume the IAM roles in other accounts
Finally, this module will also grant access to users of each SAML provider listed in the various
allow_*_access_from_saml_provider_arns variables to assume the corresponding role.
Resources Created
This module creates the following IAM roles (all optional):
allow-read-only-access-from-saml: Users authenticated by the SAML providers in
var.allow_read_only_access_from_saml_provider_arns will get read-only access to all services in this account.
allow-billing-access-from-saml: Users authenticated by the SAML providers in
var.allow_billing_access_from_saml_provider_arns will get full (read and write) access to the billing details for
this account.
allow-support-access-from-saml: Users authenticated by the SAML providers in
var.allow_support_access_from_saml_provider_arns will get access to AWS support for this account.
allow-logs-access-from-saml: Users authenticated by the SAML providers in
var.allow_logs_access_from_saml_provider_arns will get read access to the logs in CloudTrail, AWS Config, and
CloudWatch for this account. Since CloudTrail logs may be encrypted with a KMS CMK, if var.cloudtrail_kms_key_arn is
set, these users will also get permissions to decrypt using this KMS CMK.
allow-ssh-grunt-access-from-saml: Users authenticated by the SAML providers in
var.allow_ssh_grunt_access_from_saml_provider_arns will get read access to IAM Groups and public SSH keys. This is
useful to allow ssh-grunt running on EC2 Instances in other AWS accounts to validate SSH
connections against IAM users defined in this AWS account.
allow-dev-access-from-saml:Users authenticated by the SAML providers in
var.allow_dev_access_from_saml_provider_arns will get full (read and write) access to the services in this account
specified in var.dev_permitted_services.
allow-full-access-from-saml: Users authenticated by the SAML providers in
var.allow_full_access_from_saml_provider_arns will get full (read and write) access to all services in this account.
allow-iam-admin-access-from-saml: Users authenticated by the SAML providers in
var.allow_iam_admin_access_from_saml_provider_arns will get full IAM (iam:*) access in this account.
allow-auto-deploy-access-from-saml: Users authenticated by the SAML providers in
var.allow_read_only_access_from_saml_provider_arns will get automated deployment access to all services in this
account with the permissions specified in var.auto_deploy_permissions. The main use case is to allow a CI server
(e.g. Jenkins) in another AWS account to do automated deployments in this AWS account.
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"3e898ab1ed0f52cef8ecaea32c1eb6a29b998d85"},{"name":"post-upgrade-test-results.sh","path":".circleci/post-upgrade-test-results.sh","sha":"a4867e8fbdc334b7a90259568ee41ea577fbe764"},{"name":"set-upgrade-test-vars.sh","path":".circleci/set-upgrade-test-vars.sh","sha":"5971bc8e3bd6e61befae4ede3d779ff04cf78229"}]},{"name":".editorconfig","path":".editorconfig","sha":"92ad89fbaccc7ba421a0965c03d8d3c3758e1773"},{"name":".github","children":[{"name":"ISSUE_TEMPLATE","children":[{"name":"bug_report.md","path":".github/ISSUE_TEMPLATE/bug_report.md","sha":"d2e87e27c601e423865ed660ec697082470ca60f"},{"name":"feature_request.md","path":".github/ISSUE_TEMPLATE/feature_request.md","sha":"023a33099be2336476930c96e17ff1ba5dc55348"}]},{"name":"pull_request_template.md","path":".github/pull_request_template.md","sha":"6b100e40e323b5b07f40ed30616277c51c9f4b9e"}]},{"name":".gitignore","path":".gitignore","sha":"da549522b25d3f67d020cb45c00451993d4b2a60"},{"name":".patcher","children":[{"name":"config.yaml","path":".patcher/config.yaml","sha":"67c22634730a5cc273a909f4c50c377e4ac60657"},{"name":"patches","children":[{"name":"aws-provider-3.64","children":[{"name":"bump_provider_aws_3.64.0.sh","path":".patcher/patches/aws-provider-3.64/bump_provider_aws_3.64.0.sh","sha":"3435a91ff90ece19e39f93f64434ab9bf0339c4b"},{"name":"create_script_for_terraform_init_3.64.0.sh","path":".patcher/patches/aws-provider-3.64/create_script_for_terraform_init_3.64.0.sh","sha":"97193ae68990752a331ecfd713358dd43ce355a3"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-3.64/patch.yaml","sha":"478943e4ba736d5693573d263c32ccdbd2b0532e"}]},{"name":"aws-provider-3.66.0","children":[{"name":"bump_provider_aws_3.66.0.sh","path":".patcher/patches/aws-provider-3.66.0/bump_provider_aws_3.66.0.sh","sha":"161b2df36453676071c35a1f06bfd4d6312034e1"},{"name":"create_script_for_terraform_init_3.66.0.sh","path":".patcher/patches/aws-provider-3.66.0/create_script_for_terraform_init_3.66.0.sh","sha":"00fa34828a360e25d941f37964c8f0defa79f073"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-3.66.0/patch.yaml","sha":"95810f40716247eef97236aad8e4d1c34780eae3"}]},{"name":"aws-provider-4.x-3.75.0","children":[{"name":"bump_provider_aws_3.75.0.sh","path":".patcher/patches/aws-provider-4.x-3.75.0/bump_provider_aws_3.75.0.sh","sha":"7a3efe13136cca239fed10ac79a8235db63b46c7"},{"name":"create_script_for_terraform_init_3.75.0.sh","path":".patcher/patches/aws-provider-4.x-3.75.0/create_script_for_terraform_init_3.75.0.sh","sha":"1f3da8348dbaf12e2493e93f037f75620eba7a5b"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-4.x-3.75.0/patch.yaml","sha":"f17a744f5ca9e00807bff797f6bf32f0f70f0bb4"}]},{"name":"aws-provider-4.x-3.75.1","children":[{"name":"bump_provider_aws_3.75.1.sh","path":".patcher/patches/aws-provider-4.x-3.75.1/bump_provider_aws_3.75.1.sh","sha":"539cffdeb53bfcdf3f9dea8e67d60b4d6b434428"},{"name":"create_script_for_terraform_init_3.75.1.sh","path":".patcher/patches/aws-provider-4.x-3.75.1/create_script_for_terraform_init_3.75.1.sh","sha":"097647deb89942ef8200679ae7e2a58760b011f3"},{"name":"patch.yaml","path":".patcher/patches/aws-provider-4.x-3.75.1/patch.yaml","sha":"8ec256c244c4ba040fd40af9037aaf6a635c8b87"}]}]}]},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"ae848f9cbd50c6362cff0e99cf53253f8ef0b424"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"c95270a440bf3806d929de6a1e25dbbbd4422e6d"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"6e1d6c6f741cb0178f9149a9e2102397e60f3ecd"},{"name":"_ci","children":[{"name":"output-debug-values.sh","path":"_ci/output-debug-values.sh","sha":"39d6d5f080a53f932e3b5ec970b5f268fd00e50a"}]},{"name":"_docs","children":[{"name":"auto-update.png","path":"_docs/auto-update.png","sha":"77bfd1c65de0245ac8b3c67d5b0b64fc440824bf"},{"name":"aws-cloudtrail-architecture.png","path":"_docs/aws-cloudtrail-architecture.png","sha":"a2dd9a08b8ed77744fd5febab3be7bdf633dee79"},{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"acc7dcaf4b46ce3cef1bcc20be0329e12c320e7f"},{"name":"aws-config-architecture.png","path":"_docs/aws-config-architecture.png","sha":"721458048d5e539468c438498863a91fa96e0a85"},{"name":"aws-config-rules-architecture.png","path":"_docs/aws-config-rules-architecture.png","sha":"29fe3f20358b176e385d1bcdc0357bff2c1d5b4a"},{"name":"aws-config-rules.png","path":"_docs/aws-config-rules.png","sha":"ac3f7b35bcac949887e62aee260d9cb70edd3ae8"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"02f4b326aef57372def4f3fafa4f0e4cec07e395"},{"name":"aws-guardduty.png","path":"_docs/aws-guardduty.png","sha":"053b92412fb8e3fb5740acc404b493fe1dd7229b"},{"name":"aws-organizations-architecture.png","path":"_docs/aws-organizations-architecture.png","sha":"bd57412fe85d3fe8d5e358db5e3b7bfef3e786a9"},{"name":"aws-organizations-icon.png","path":"_docs/aws-organizations-icon.png","sha":"b2b3fa04f51a23e5bae1b3389ffedf5e17b3cef2"},{"name":"iam-access-analyzer.png","path":"_docs/iam-access-analyzer.png","sha":"36e38e69454beae66d35b9bf25b3e5ffe1e68a25"},{"name":"kms-icon.png","path":"_docs/kms-icon.png","sha":"cd4f350a9a3fda41089928a7e396ee8924b7a901"},{"name":"multi-account-multi-region-aws-config.png","path":"_docs/multi-account-multi-region-aws-config.png","sha":"a9c813b1799fe71554c20c8fefc703792293bfe4"},{"name":"multiaccount_guardduty.png","path":"_docs/multiaccount_guardduty.png","sha":"c56b50bbb4c2a041366b430cada27b88aa02524b"},{"name":"ssh-grunt-architecture.png","path":"_docs/ssh-grunt-architecture.png","sha":"9ced8c68bcc7957e50aa016cad6c5b043a05b470"},{"name":"terminal-icon.png","path":"_docs/terminal-icon.png","sha":"df09d52d5b1176d7e231bab6c7712c3728e45c1b"}]},{"name":"codegen","children":[{"name":"README.adoc","path":"codegen/README.adoc","sha":"5d223bae31296cbe8acc3f1312b4e21277862452"},{"name":"core-concepts.md","path":"codegen/core-concepts.md","sha":"87f2d3f0b7ce296503b33d236b19cd3178166459"},{"name":"generate-all.sh","path":"codegen/generate-all.sh","sha":"7bf31649bb7976c0d445d6a0df97c6529cc3894e"},{"name":"gruntwork-supported-regions.yml","path":"codegen/gruntwork-supported-regions.yml","sha":"a59f169fb41630dcb001911854b07da6358e01d3"},{"name":"templates","children":[{"name":"aws-config-multi-region","children":[{"name":"README.adoc","path":"codegen/templates/aws-config-multi-region/README.adoc","sha":"dc4b0dc89afdd92984fceca74f2c2e087645d019"},{"name":"boilerplate.yml","path":"codegen/templates/aws-config-multi-region/boilerplate.yml","sha":"eeb47a140b9102f1993394111a516622638e3718"},{"name":"core-concepts.md","path":"codegen/templates/aws-config-multi-region/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"main.tf","path":"codegen/templates/aws-config-multi-region/main.tf","sha":"6fc21a2cdc5adf473565d0ac7150e2f9b156df8e"},{"name":"outputs.tf","path":"codegen/templates/aws-config-multi-region/outputs.tf","sha":"5c464cb4756fc2f471c9f1e675ef6f6dd75eebdd"},{"name":"variables.autogen.tf","path":"codegen/templates/aws-config-multi-region/variables.autogen.tf","sha":"d7b00de83b09c6d2151bf477b19f6a23fddc95f7"},{"name":"variables.tf","path":"codegen/templates/aws-config-multi-region/variables.tf","sha":"2ecbb2fdcb6d8e39b7d8418bc05b3be6cbe8ecd0"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.adoc","path":"codegen/templates/ebs-encryption-multi-region/README.adoc","sha":"86b31069c9627391411f7b6cceed08e813a7a37e"},{"name":"boilerplate.yml","path":"codegen/templates/ebs-encryption-multi-region/boilerplate.yml","sha":"8121303b5bc82fdf681c8b3050f12e0f161354c9"},{"name":"main.tf","path":"codegen/templates/ebs-encryption-multi-region/main.tf","sha":"66824faeab7a68cc1d88f5a543209ed8d236b371"},{"name":"outputs.tf","path":"codegen/templates/ebs-encryption-multi-region/outputs.tf","sha":"45b46d2dd15da64df4ce41e0e2a85e3521aff6cd"},{"name":"variables.autogen.tf","path":"codegen/templates/ebs-encryption-multi-region/variables.autogen.tf","sha":"d7b00de83b09c6d2151bf477b19f6a23fddc95f7"},{"name":"variables.tf","path":"codegen/templates/ebs-encryption-multi-region/variables.tf","sha":"329fa7ae29a5c9fb1ddbeae4708db2aadc172bdf"}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"codegen/templates/guardduty-multi-region/README.adoc","sha":"e2959ada579d8b5cb64df19e3c39aac983e9bc40"},{"name":"boilerplate.yml","path":"codegen/templates/guardduty-multi-region/boilerplate.yml","sha":"66aef0dc5c4e27d31deb7ee3955cfa7b32612f9a"},{"name":"main.tf","path":"codegen/templates/guardduty-multi-region/main.tf","sha":"17585ac1023a4bf56545f4854f2be7fa255acf7e"},{"name":"outputs.tf","path":"codegen/templates/guardduty-multi-region/outputs.tf","sha":"45b46d2dd15da64df4ce41e0e2a85e3521aff6cd"},{"name":"variables.autogen.tf","path":"codegen/templates/guardduty-multi-region/variables.autogen.tf","sha":"d7b00de83b09c6d2151bf477b19f6a23fddc95f7"},{"name":"variables.tf","path":"codegen/templates/guardduty-multi-region/variables.tf","sha":"cf997d029423cb93f3ec54a0915ae1b0a318632d"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.adoc","path":"codegen/templates/iam-access-analyzer-multi-region/README.adoc","sha":"d87068a71e5a6149ba32dcc1ba33070d8b83aeaa"},{"name":"boilerplate.yml","path":"codegen/templates/iam-access-analyzer-multi-region/boilerplate.yml","sha":"b4d276b1b1d97deb873c88c4e9e9bb62358d92ef"},{"name":"core-concepts.md","path":"codegen/templates/iam-access-analyzer-multi-region/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"main.tf","path":"codegen/templates/iam-access-analyzer-multi-region/main.tf","sha":"7994c560d804e01ae49a7904e29d0bdcf3cf116d"},{"name":"outputs.tf","path":"codegen/templates/iam-access-analyzer-multi-region/outputs.tf","sha":"45b46d2dd15da64df4ce41e0e2a85e3521aff6cd"},{"name":"variables.autogen.tf","path":"codegen/templates/iam-access-analyzer-multi-region/variables.autogen.tf","sha":"d7b00de83b09c6d2151bf477b19f6a23fddc95f7"},{"name":"variables.tf","path":"codegen/templates/iam-access-analyzer-multi-region/variables.tf","sha":"2b043d5fd9d3026ef96e40ca8c119eda50d3ab03"}]},{"name":"kms-grant-multi-region","children":[{"name":"README.adoc","path":"codegen/templates/kms-grant-multi-region/README.adoc","sha":"7c33dc779f289c34d0c72ecce7a4a60d99c38098"},{"name":"boilerplate.yml","path":"codegen/templates/kms-grant-multi-region/boilerplate.yml","sha":"c8458947b70db506f83f6f7f7ccdf0a76f12da61"},{"name":"core-concepts.md","path":"codegen/templates/kms-grant-multi-region/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"main.tf","path":"codegen/templates/kms-grant-multi-region/main.tf","sha":"7846bfccc3f653673a5c3f770405db2bcbdbb133"},{"name":"outputs.tf","path":"codegen/templates/kms-grant-multi-region/outputs.tf","sha":"45b46d2dd15da64df4ce41e0e2a85e3521aff6cd"},{"name":"variables.autogen.tf","path":"codegen/templates/kms-grant-multi-region/variables.autogen.tf","sha":"d7b00de83b09c6d2151bf477b19f6a23fddc95f7"},{"name":"variables.tf","path":"codegen/templates/kms-grant-multi-region/variables.tf","sha":"0df484160b3280c8bf5a801c6db6e043b4cdca60"}]},{"name":"kms-master-key-multi-region","children":[{"name":"README.adoc","path":"codegen/templates/kms-master-key-multi-region/README.adoc","sha":"75402e428cc30fee27dc5dd469788cf1d71320eb"},{"name":"boilerplate.yml","path":"codegen/templates/kms-master-key-multi-region/boilerplate.yml","sha":"a3e147b552c37fc5a0203bf086df8367a9a749dc"},{"name":"core-concepts.md","path":"codegen/templates/kms-master-key-multi-region/core-concepts.md","sha":"8ba58b9a40c3aad18e2b804f53c6439b549b756d"},{"name":"main.tf","path":"codegen/templates/kms-master-key-multi-region/main.tf","sha":"543f17cf68dd0bbf86d3eaa67df6a8b16300e5a9"},{"name":"outputs.tf","path":"codegen/templates/kms-master-key-multi-region/outputs.tf","sha":"54cb20178e39fba46ed5fa2cc5ddc0f2e4ea8230"},{"name":"variables.autogen.tf","path":"codegen/templates/kms-master-key-multi-region/variables.autogen.tf","sha":"d7b00de83b09c6d2151bf477b19f6a23fddc95f7"},{"name":"variables.tf","path":"codegen/templates/kms-master-key-multi-region/variables.tf","sha":"f521579e4030ce280e07a2877a8614b6f14a130b"}]},{"name":"layouts","children":[{"name":"main.tf","path":"codegen/templates/layouts/main.tf","sha":"a590fc9100cdaf4f1c891e3629f4b410f9d8c5d5"},{"name":"outputs.tf","path":"codegen/templates/layouts/outputs.tf","sha":"9b13a528cebe55c527d446a3cf4d7cb879ef6710"}]}]}]},{"name":"examples","children":[{"name":"auto-update","children":[{"name":"README.md","path":"examples/auto-update/README.md","sha":"4d90c42c6296a9611c11ca1bc9786ed8e84727b0"},{"name":"auto-update-example.json","path":"examples/auto-update/auto-update-example.json","sha":"1caefb3837ef9e7db6d7798ebf5c60308d370574"}]},{"name":"aws-config-multi-region","children":[{"name":"README.md","path":"examples/aws-config-multi-region/README.md","sha":"5d472db5cdc843b494852a062d8c0880f246fcd0"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/aws-config-multi-region/terraform/main.tf","sha":"2a84cd06ff41c5ff6438a893828cd6b448c314d2"},{"name":"outputs.tf","path":"examples/aws-config-multi-region/terraform/outputs.tf","sha":"77ee90f69634c965b8ebed79a8d3afd6adca4db4"},{"name":"providers.tf","path":"examples/aws-config-multi-region/terraform/providers.tf","sha":"28ed423dfce31e06a3b81adc2bb0f679bb804ea0"},{"name":"variables.tf","path":"examples/aws-config-multi-region/terraform/variables.tf","sha":"59522bebed5385bfd208715d4933208ae9abcbec"}]},{"name":"terragrunt","children":[{"name":"terragrunt.hcl","path":"examples/aws-config-multi-region/terragrunt/terragrunt.hcl","sha":"178f71cd0cddbcb96a6ba8b3a9d9ef5aa1a15352"}]}]},{"name":"aws-config-rules","children":[{"name":"README.md","path":"examples/aws-config-rules/README.md","sha":"6cd2794e82af1e3c3620d8feaed136af5358207e"},{"name":"main.tf","path":"examples/aws-config-rules/main.tf","sha":"d661c81d842e7fcc5ab559dc82cf2a45e566772d"},{"name":"outputs.tf","path":"examples/aws-config-rules/outputs.tf","sha":"4319400eb4190f58458f2dd9398225869ff08da3"},{"name":"variables.tf","path":"examples/aws-config-rules/variables.tf","sha":"7d39063bdc912f043b060e8390a72fe1b984f2c5"}]},{"name":"aws-config","children":[{"name":"README.md","path":"examples/aws-config/README.md","sha":"5d66d09633de365e154669a090edc37fc70548d1"},{"name":"main.tf","path":"examples/aws-config/main.tf","sha":"00a33cb0f2c6b941fb32b07e7f26f3a71fbb1063"},{"name":"outputs.tf","path":"examples/aws-config/outputs.tf","sha":"ddd32698f39772d663a2d9b8a6276260f5431068"},{"name":"variables.tf","path":"examples/aws-config/variables.tf","sha":"f119464824bd2821f2c6e8917e0670010090bc34"}]},{"name":"aws-organizations","children":[{"name":"README.md","path":"examples/aws-organizations/README.md","sha":"1da3c2fc061fee6ee99564b8b2323ccf69f2c690"},{"name":"main.tf","path":"examples/aws-organizations/main.tf","sha":"6e8550569d68880d9fa5eb1ff2c9e8e95a97db72"},{"name":"outputs.tf","path":"examples/aws-organizations/outputs.tf","sha":"58e36aac71c1fd04d5552fa840a9b5f149dcc32a"},{"name":"variables.tf","path":"examples/aws-organizations/variables.tf","sha":"59afc28c87bc3c49d11c6faf7e112643f0a95481"}]},{"name":"cloudtrail-custom-key","children":[{"name":"README.md","path":"examples/cloudtrail-custom-key/README.md","sha":"bb376ddaca4b52bef18a5526aa9cb0465574ff7e"},{"name":"main.tf","path":"examples/cloudtrail-custom-key/main.tf","sha":"4d8659f5463d28160ec3e6ffc1b92234274817d4"},{"name":"outputs.tf","path":"examples/cloudtrail-custom-key/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail-custom-key/variables.tf","sha":"a72f9cabc8968d84ecdd5f2a3cbd5e8e41c064f6"}]},{"name":"cloudtrail","children":[{"name":"README.md","path":"examples/cloudtrail/README.md","sha":"2fbe4b7494d970738d054910d86d0ae31718c8ec"},{"name":"main.tf","path":"examples/cloudtrail/main.tf","sha":"8ad8feda9bbe421ca2d7fa23015bb3bac6b3dcae"},{"name":"outputs.tf","path":"examples/cloudtrail/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail/variables.tf","sha":"cbeb938286bd999d6072ef3093254e8fd435f529"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/README.md","sha":"bac6fd37f7f7009454a66e55e8ff377fff36aefb"},{"name":"main.tf","path":"examples/cross-account-iam-roles/main.tf","sha":"501afff7e5cb2d3f287a240cc982cac6af71f8ba"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/outputs.tf","sha":"44af3be56d0a80e4d509fcd62c0e6dd8628072fa"},{"name":"variables.tf","path":"examples/cross-account-iam-roles/variables.tf","sha":"749900f2e1e1d18ca039847f30676461c14cb7a8"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"examples/custom-iam-entity/README.md","sha":"7e6c2e15f44a4ddc28ef276da4b323d2fd326a3f"},{"name":"main.tf","path":"examples/custom-iam-entity/main.tf","sha":"6a5f13f53d4e1a5c891e1ca4746d78725d55002f"},{"name":"outputs.tf","path":"examples/custom-iam-entity/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"variables.tf","path":"examples/custom-iam-entity/variables.tf","sha":"098b2744c093aac9a50c36df4a88d12f4a9baa50"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.md","path":"examples/ebs-encryption-multi-region/README.md","sha":"6052c04a4f885b2e37658652bd174a59c56273de"},{"name":"main.tf","path":"examples/ebs-encryption-multi-region/main.tf","sha":"6291958eefcadfc4284ff2e6b84b0017c2b9d86c"},{"name":"outputs.tf","path":"examples/ebs-encryption-multi-region/outputs.tf","sha":"49520778a1fc9e5e82777cbb5aa0250e032e1817"},{"name":"providers.tf","path":"examples/ebs-encryption-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/ebs-encryption-multi-region/variables.tf","sha":"7693921b9f8ac0a0211b69b8417ac849c6b0a6b2"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"examples/fail2ban/README.md","sha":"03acda73220186ca167cf0d42ed81a7ded5dcd5b"},{"name":"fail2ban-example.json","path":"examples/fail2ban/fail2ban-example.json","sha":"cde78c7db1b34a14172a07c2b87c7067244fe5c6"},{"name":"main.tf","path":"examples/fail2ban/main.tf","sha":"445dc77faa7282b6e83cb990743e53ea212c2d7e"},{"name":"outputs.tf","path":"examples/fail2ban/outputs.tf","sha":"77a6ab8a992cd106de126f24b2950c1efa499229"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/fail2ban/user-data/user-data.sh","sha":"460b230fb025451e06e8cdd73f83bb5bfea21110"}]},{"name":"variables.tf","path":"examples/fail2ban/variables.tf","sha":"65cae65d6dde1f7c3b4fa83f0bd722617444c18d"}]},{"name":"github-actions-iam-role-existing-oidc-provider","children":[{"name":"main.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/main.tf","sha":"e111d2e80649aba1000b06c955c8ccc7b9e6e79a"},{"name":"outputs.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/outputs.tf","sha":"d440f596aefbccbe3b4e76f8262a7201a89688c1"},{"name":"variables.tf","path":"examples/github-actions-iam-role-existing-oidc-provider/variables.tf","sha":"ac6e2249daba4410a22dd09b9a6912a1ef645da0"}]},{"name":"github-actions-iam-role","children":[{"name":"main.tf","path":"examples/github-actions-iam-role/main.tf","sha":"acab78c433504d8d0002cca1c194efbb86f303b6"},{"name":"outputs.tf","path":"examples/github-actions-iam-role/outputs.tf","sha":"d440f596aefbccbe3b4e76f8262a7201a89688c1"},{"name":"variables.tf","path":"examples/github-actions-iam-role/variables.tf","sha":"ac6e2249daba4410a22dd09b9a6912a1ef645da0"}]},{"name":"guardduty","children":[{"name":"README.md","path":"examples/guardduty/README.md","sha":"23c75950a1b8b33286b79bd5e9d853cee02d62ea"},{"name":"main.tf","path":"examples/guardduty/main.tf","sha":"f6b5ebdf79855b9fcb5e14ad681408997d41e67f"},{"name":"outputs.tf","path":"examples/guardduty/outputs.tf","sha":"37cb3c11ae6c6fcbc0dd9bdd5e0c25efa056e82b"},{"name":"providers.tf","path":"examples/guardduty/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/guardduty/variables.tf","sha":"088c6aebe9496507e3a7c2d224ed4936e55c8700"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.md","path":"examples/iam-access-analyzer-multi-region/README.md","sha":"51c398bec469b1d95f4e59e2fb1f287fe621bf20"},{"name":"main.tf","path":"examples/iam-access-analyzer-multi-region/main.tf","sha":"80c4ea9fc63638d47f92a94b808668b0738bda6f"},{"name":"providers.tf","path":"examples/iam-access-analyzer-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/iam-access-analyzer-multi-region/variables.tf","sha":"63a155cedce7a2119429f3e200c4c501c7715489"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"examples/iam-groups/README.md","sha":"7bd21c82fd8f28f7b3155497a0524d86ce17cfdd"},{"name":"main.tf","path":"examples/iam-groups/main.tf","sha":"1296371bcfc2b526f65d28a1484d7755f0590af1"},{"name":"outputs.tf","path":"examples/iam-groups/outputs.tf","sha":"5076c13be431d7844e1ce524bcd40076450c051e"},{"name":"variables.tf","path":"examples/iam-groups/variables.tf","sha":"a7790e3207316f9e6216574fe2e0dd50fb39b767"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"examples/iam-user-password-policy/README.md","sha":"bc62258833767d2e383a130c43d57a11e229af27"},{"name":"main.tf","path":"examples/iam-user-password-policy/main.tf","sha":"3154b54ed5aaa34ceb3617a70fb162a12468ad13"},{"name":"outputs.tf","path":"examples/iam-user-password-policy/outputs.tf","sha":"36e88e92cf2568fb06a8da0453a85bcb4bd199dd"},{"name":"variables.tf","path":"examples/iam-user-password-policy/variables.tf","sha":"7f920bda19b0928773bb37203859a68453a12231"}]},{"name":"iam-users","children":[{"name":"README.md","path":"examples/iam-users/README.md","sha":"f8b65e9756e9f8c8703a854c1363be700b5fe8d9"},{"name":"main.tf","path":"examples/iam-users/main.tf","sha":"f78bc115fccc493045472ac2c2046bff60ea5559"},{"name":"outputs.tf","path":"examples/iam-users/outputs.tf","sha":"dfa5ea6a81c8d28ffbfb0bf34e9ee3871eb80619"},{"name":"variables.tf","path":"examples/iam-users/variables.tf","sha":"52c97ebc727f29aa1c7cbc7e3947967a04dd4e52"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"examples/ip-lockdown/README.md","sha":"3962ba23a76d8f02e5c0ffc8cb71196991628e38"},{"name":"aws-example","children":[{"name":"README.md","path":"examples/ip-lockdown/aws-example/README.md","sha":"da44a1265bdd321d10b4a6e3471a655da91033bb"},{"name":"main.tf","path":"examples/ip-lockdown/aws-example/main.tf","sha":"6c6d4838eb381869ff38d61d19b255d653bd0c9d"},{"name":"outputs.tf","path":"examples/ip-lockdown/aws-example/outputs.tf","sha":"a175a78c9a10f9f2fd9d7c84f9b304aebc1bdb41"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/ip-lockdown/aws-example/user-data/user-data.sh","sha":"c6d308027737a434f4c96bc3eba5bd301897af62"}]},{"name":"variables.tf","path":"examples/ip-lockdown/aws-example/variables.tf","sha":"85be46b79dfe349e32974eccdc9c3206211787ac"}]},{"name":"ip-lockdown-sample.json","path":"examples/ip-lockdown/ip-lockdown-sample.json","sha":"1c77e66fdec8f6898b5516db6e5fbdaa3309b2ee"},{"name":"local-test","children":[{"name":"README.md","path":"examples/ip-lockdown/local-test/README.md","sha":"3f0e1a6483ce3155bb04dbb9a4fd76ed41486d35"},{"name":"docker-compose.yml","path":"examples/ip-lockdown/local-test/docker-compose.yml","sha":"7c8e3a5d1fd40a95ef99b4bba0911c63ed43b530"}]}]},{"name":"kms-grant-multi-region","children":[{"name":"main.tf","path":"examples/kms-grant-multi-region/main.tf","sha":"a457457ce558e7c71927e973608bdc66cb8bc285"},{"name":"providers.tf","path":"examples/kms-grant-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/kms-grant-multi-region/variables.tf","sha":"5c82ac63c161e1c7e7191dbb709926da4aebb4d5"}]},{"name":"kms-master-key-multi-region","children":[{"name":"main.tf","path":"examples/kms-master-key-multi-region/main.tf","sha":"3483cd9fbac54c347658b632213f99680da468fe"},{"name":"outputs.tf","path":"examples/kms-master-key-multi-region/outputs.tf","sha":"c2685a282b5ce295c2dd80a78841711a40e80dcb"},{"name":"providers.tf","path":"examples/kms-master-key-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/kms-master-key-multi-region/variables.tf","sha":"5199b550d4a05ab5920099a9b791a0394c2c1492"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"examples/kms-master-key/README.md","sha":"821565d831f2afcf7a2ffeea9a0854fabdaae033"},{"name":"main.tf","path":"examples/kms-master-key/main.tf","sha":"6056269e71058398aba9c7d51791d84e2e862e31"},{"name":"outputs.tf","path":"examples/kms-master-key/outputs.tf","sha":"4d5fd0a19ea917beff0241f169b51417ff9935b9"},{"name":"variables.tf","path":"examples/kms-master-key/variables.tf","sha":"c1de5a7b1c0859710d1253b61baf86c4564560e3"}]},{"name":"ntp","children":[{"name":"README.md","path":"examples/ntp/README.md","sha":"b676e802c1d196f6af204d14d143b80864bccd30"},{"name":"ntp-example.json","path":"examples/ntp/ntp-example.json","sha":"b6df0e5e380f5ea1cd507089d9bf997e6113c982"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"examples/os-hardening/README.md","sha":"1e846b7a8c85f76dab7f2db87b30118ba2598b69"},{"name":"packer-build.sh","path":"examples/os-hardening/packer-build.sh","sha":"2c2b5c007ba9024873bfee11292482113a8a2f40"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/os-hardening/terraform/main.tf","sha":"3153d380d27f69b9f7e2598d6319031d326cd0d5"},{"name":"outputs.tf","path":"examples/os-hardening/terraform/outputs.tf","sha":"60fa5faaa18d1a146332c851f4a068e2f2785c58"},{"name":"packer","children":[{"name":"amazon-linux.json","path":"examples/os-hardening/terraform/packer/amazon-linux.json","sha":"9cb139394ce9f295e6ed47742eab12d4c99c15cf"},{"name":"files","children":[{"name":"etc","children":[{"name":"fstab","path":"examples/os-hardening/terraform/packer/files/etc/fstab","sha":"cbf68cec68a92bc54f514dd0d6906f19cea857e6"}]}]}]},{"name":"variables.tf","path":"examples/os-hardening/terraform/variables.tf","sha":"3166fe1f2f6f281a2b1e8b0c7b20238fed614ac7"}]}]},{"name":"private-s3-bucket-null-ownership","children":[{"name":"README.md","path":"examples/private-s3-bucket-null-ownership/README.md","sha":"537dea0ff4b17fcc8c8a9f17d55a5cae392edf39"},{"name":"main.tf","path":"examples/private-s3-bucket-null-ownership/main.tf","sha":"39cde90b3946dead4926e618231c2a5e9e243862"},{"name":"outputs.tf","path":"examples/private-s3-bucket-null-ownership/outputs.tf","sha":"efddeeb33901e91f4f28a438afb3455f2cca5e18"},{"name":"variables.tf","path":"examples/private-s3-bucket-null-ownership/variables.tf","sha":"ce9cb926cc79a19e527ec6b6b8f918232dad4168"}]},{"name":"private-s3-bucket-with-replication","children":[{"name":"README.md","path":"examples/private-s3-bucket-with-replication/README.md","sha":"8e47c9c013750aab08f8200383a9a468af233816"},{"name":"main.tf","path":"examples/private-s3-bucket-with-replication/main.tf","sha":"1646b9dfa0d6194ab3d10b335e31d734c8f18df5"},{"name":"outputs.tf","path":"examples/private-s3-bucket-with-replication/outputs.tf","sha":"e0ca6c1c51d90124a0f6aa588f2286106766f7e7"},{"name":"variables.tf","path":"examples/private-s3-bucket-with-replication/variables.tf","sha":"4ba072428192f007a6511ee27aadfc49d9da9bb2"}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"examples/private-s3-bucket/README.md","sha":"5214e6225de5e051cb2842fa2eb6e04a92184a10"},{"name":"main.tf","path":"examples/private-s3-bucket/main.tf","sha":"926dd654288f092fefb6ac1b6a4e8092aff34c3d"},{"name":"outputs.tf","path":"examples/private-s3-bucket/outputs.tf","sha":"efddeeb33901e91f4f28a438afb3455f2cca5e18"},{"name":"variables.tf","path":"examples/private-s3-bucket/variables.tf","sha":"ce9cb926cc79a19e527ec6b6b8f918232dad4168"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"examples/saml-iam-roles/README.md","sha":"b4ef2b28d5704aec892ea54cc28a61fbb46378c9"},{"name":"main.tf","path":"examples/saml-iam-roles/main.tf","sha":"e08a534b5d83f212442d394949be3d5304d5dda0"},{"name":"outputs.tf","path":"examples/saml-iam-roles/outputs.tf","sha":"1bd4fec9529cddfd2d3f61bba60f9dfb8b286c70"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"variables.tf","path":"examples/saml-iam-roles/variables.tf","sha":"28705aa859940aa4b8027a19fe0b5b4affba939e"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"README.md","path":"examples/secrets-manager-resource-policies/README.md","sha":"289a83c28bd9142fc7bbb4e603a4b25b4c9c1b98"},{"name":"main.tf","path":"examples/secrets-manager-resource-policies/main.tf","sha":"03943a159f858357c8b02a2a12b3916dddd98151"},{"name":"variables.tf","path":"examples/secrets-manager-resource-policies/variables.tf","sha":"d6f5c45fbc2173475cec7c4e77ac8f5caed4dc27"}]},{"name":"ssh-grunt","children":[{"name":"iam","children":[{"name":"README.md","path":"examples/ssh-grunt/iam/README.md","sha":"b1ae6d51c6f6d3eeb7df2b51dab8d0d238f53132"},{"name":"main.tf","path":"examples/ssh-grunt/iam/main.tf","sha":"4c06b110db63bee079e3387ab7341d208bbd498e"},{"name":"outputs.tf","path":"examples/ssh-grunt/iam/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"variables.tf","path":"examples/ssh-grunt/iam/variables.tf","sha":"a81647a7dff82c3ffaf849bba4883d8a518f9b69"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/ssh-grunt/packer/README.md","sha":"b44b220f168e6e682bbf5f68065b8269a706fca5"},{"name":"build-binary.sh","path":"examples/ssh-grunt/packer/build-binary.sh","sha":"fe84ead78eb3e87e4855272f28c83d681c58ffff"},{"name":"ssh-grunt-iam.json","path":"examples/ssh-grunt/packer/ssh-grunt-iam.json","sha":"8813cb0ca6c6b09b0ccf792187c1dbd87c00c323"}]}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"examples/ssm-healthchecks-iam-permissions/README.md","sha":"f1fe555a3aff887a966def0a1d3ccaff3dd826e7"},{"name":"main.tf","path":"examples/ssm-healthchecks-iam-permissions/main.tf","sha":"4c38ac5325ef7be7c5a2d8df3b8c5154fcf7a1c6"},{"name":"outputs.tf","path":"examples/ssm-healthchecks-iam-permissions/outputs.tf","sha":"52688c3a4f1f8349500505fb8949fa0d21c385a3"},{"name":"variables.tf","path":"examples/ssm-healthchecks-iam-permissions/variables.tf","sha":"217574c100974ae601b2a1478e0ac183d351d4a0"}]}]},{"name":"modules","children":[{"name":"_deprecated","children":[{"name":"account-baseline-app","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-app/README.md","sha":"289d35b15becbf5164ee355fecd892edf12c60bc"}]},{"name":"account-baseline-root","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-root/README.md","sha":"0ac4e867ee61387b76475d7eb36bba673a30fd76"}]},{"name":"account-baseline-security","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-security/README.md","sha":"ace992c3b31b9320aa1d559bbde597cc945c4430"}]},{"name":"custom-iam-group","children":[{"name":"README.md","path":"modules/_deprecated/custom-iam-group/README.md","sha":"e7a0ff783eb1052aa77fe50d7eaa6a06d2d82649"}]}]},{"name":"auto-update","children":[{"name":"README.adoc","path":"modules/auto-update/README.adoc","sha":"e10d50c2f9527e839e87d5e23a318546b69d7db7"},{"name":"core-concepts.md","path":"modules/auto-update/core-concepts.md","sha":"a2bc6d09b1391f016239fc27ed1a1bf2ea3be26e"},{"name":"install-scripts","children":[{"name":"configure-auto-update","path":"modules/auto-update/install-scripts/configure-auto-update","sha":"9fa5c8fd6e5d0fd3f381c5397c2534d6d473f7c2"},{"name":"dnf-automatic.txt","path":"modules/auto-update/install-scripts/dnf-automatic.txt","sha":"a196902703beea8f5020ebae8fc667bc2eeecf5c"},{"name":"unattended_upgrades_config.txt","path":"modules/auto-update/install-scripts/unattended_upgrades_config.txt","sha":"abe88fd8a5037ce518bec69a6cac0699cb421d47"},{"name":"yum_cron_config.txt","path":"modules/auto-update/install-scripts/yum_cron_config.txt","sha":"e7ef4273f1b2af0c9c032fadaacd03130ba5ea78"}]},{"name":"install.sh","path":"modules/auto-update/install.sh","sha":"7c19fd0d04b11c358af64149b3169d6b2c5e3b58"}]},{"name":"aws-auth","children":[{"name":"AWS-AUTH-1PASSWORD.md","path":"modules/aws-auth/AWS-AUTH-1PASSWORD.md","sha":"d7a63db66ddf11b485a2850069d52edf6bea37eb"},{"name":"AWS-AUTH-LASTPASS.md","path":"modules/aws-auth/AWS-AUTH-LASTPASS.md","sha":"d9b65d95892c1e2275894eb2ca3dd8f334a3a8b8"},{"name":"README.md","path":"modules/aws-auth/README.md","sha":"10f5164db2016bda84383b598e0262a188a39599"},{"name":"bin","children":[{"name":"aws-auth","path":"modules/aws-auth/bin/aws-auth","sha":"85039ffd1720f9b93a34e8998852bdd3b9502bcc"}]},{"name":"install.sh","path":"modules/aws-auth/install.sh","sha":"ab9611d92d6822ceed981bdff3766724366037f0"}]},{"name":"aws-config-bucket","children":[{"name":"README.md","path":"modules/aws-config-bucket/README.md","sha":"2988d934e16617289522a4ea711ee07589ce96d7"},{"name":"main.tf","path":"modules/aws-config-bucket/main.tf","sha":"c8ca2220391bfab6d6c4f1a4501b6d6d39bb1a38"},{"name":"outputs.tf","path":"modules/aws-config-bucket/outputs.tf","sha":"8ac7ab1c4c5ded586bee63ce460b25cd60eb4a18"},{"name":"variables.tf","path":"modules/aws-config-bucket/variables.tf","sha":"ba6b30c18ca75ab991f42abb845ef89af8e9cb6e"}]},{"name":"aws-config-multi-region","children":[{"name":"README.adoc","path":"modules/aws-config-multi-region/README.adoc","sha":"dc4b0dc89afdd92984fceca74f2c2e087645d019"},{"name":"core-concepts.md","path":"modules/aws-config-multi-region/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"main.tf","path":"modules/aws-config-multi-region/main.tf","sha":"b88edd39510f18698fe68d9f4c5dd15e65c5937c"},{"name":"outputs.tf","path":"modules/aws-config-multi-region/outputs.tf","sha":"5f1397a177c913d9b118f3f2abd7a3fecee7975f"},{"name":"variables.autogen.tf","path":"modules/aws-config-multi-region/variables.autogen.tf","sha":"39e210f7c4787fe349a1c9c999ca8307ee9d6692"},{"name":"variables.tf","path":"modules/aws-config-multi-region/variables.tf","sha":"6e931073bd4b499d0954471f2258fae64a7bd869"}]},{"name":"aws-config-rules","children":[{"name":"README.adoc","path":"modules/aws-config-rules/README.adoc","sha":"2b550ac006ee6189aef5221748d03339bcf9806e"},{"name":"core-concepts.md","path":"modules/aws-config-rules/core-concepts.md","sha":"af111230b6262be339d220c7b2308493781fef49"},{"name":"main.tf","path":"modules/aws-config-rules/main.tf","sha":"4ca86c3be590d39cc0c79fd72d60efd0aba94eb4"},{"name":"outputs.tf","path":"modules/aws-config-rules/outputs.tf","sha":"c297ad118d46f79f286d6577770ab46e59555ccb"},{"name":"variables.tf","path":"modules/aws-config-rules/variables.tf","sha":"e0645e3cfa20c357ae31401a32b7ea2d81d30d5b"}]},{"name":"aws-config","children":[{"name":"README.adoc","path":"modules/aws-config/README.adoc","sha":"191a82102e5fc9778d777052fc9efd616ddeb9db"},{"name":"core-concepts.md","path":"modules/aws-config/core-concepts.md","sha":"e5a7b8646bab42398ff7f5224549e528ce8c0d52"},{"name":"main.tf","path":"modules/aws-config/main.tf","sha":"85dbd0eb02a80d7681645680d13e90b4ac18f124"},{"name":"outputs.tf","path":"modules/aws-config/outputs.tf","sha":"bcd505e4ac4102bc09750adb36c99398a06eb1a6"},{"name":"variables.tf","path":"modules/aws-config/variables.tf","sha":"fe2b1accb4deba20e55c7fc3abc2811dbeb6488c"}]},{"name":"aws-organizations","children":[{"name":"README.adoc","path":"modules/aws-organizations/README.adoc","sha":"52cda8fa0eaa15b00e5f389ba9dfb73a1f3c9d56"},{"name":"core-concepts.md","path":"modules/aws-organizations/core-concepts.md","sha":"8766c8f36eef9e8992bf13a44f6571261c43995d"},{"name":"main.tf","path":"modules/aws-organizations/main.tf","sha":"7d4851f605760cc8806fbee5cf24af9299c4ee78"},{"name":"outputs.tf","path":"modules/aws-organizations/outputs.tf","sha":"feed57b33ab7eb9b100712647942f1a8d7245b3d"},{"name":"variables.tf","path":"modules/aws-organizations/variables.tf","sha":"cf9e1673e458c5c7644b1e94e128eddb6feca0d3"}]},{"name":"cloudtrail-bucket","children":[{"name":"README.md","path":"modules/cloudtrail-bucket/README.md","sha":"acc86c32958e8f6d90944e714a7731a82f404c82"},{"name":"main.tf","path":"modules/cloudtrail-bucket/main.tf","sha":"4e60d8c2292cd3e3df31c2a66d227f5db83ee45c"},{"name":"outputs.tf","path":"modules/cloudtrail-bucket/outputs.tf","sha":"1e560e9b0cc1c8f40e81d5fe8bbbf1c03258fdae"},{"name":"variables.tf","path":"modules/cloudtrail-bucket/variables.tf","sha":"f19a90d0974a3babe235277112e6fcf63164d575"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"b3090f9aa7b062f2028af50c3da17a3293ef3cd2"},{"name":"core-concepts.md","path":"modules/cloudtrail/core-concepts.md","sha":"debe79403a177aaf1de5396c85213652dbc85481"},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"1439232cef630b5cb4973d67a1a0b99a35088c08"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"d161a32bbcd6f824955c273c49ef9e00bcdb57b3"},{"name":"variables.tf","path":"modules/cloudtrail/variables.tf","sha":"db83b06f385c23aee940c5ed2217bc0b2502f15d"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"modules/cross-account-iam-roles/README.md","sha":"3627935a8b6b81efd1bec7cb936de086c2e4b300"},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"22d5531b3bc04b9ba76f6e6248333b939932ff4b"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"e8e61a415e0ef8c02281d531485688d2e2fd51e9"},{"name":"variables.tf","path":"modules/cross-account-iam-roles/variables.tf","sha":"61652a91bbd09909cf06eb485e029532e8f82c66"}]},{"name":"custom-iam-entity","children":[{"name":"CHANGELOG.md","path":"modules/custom-iam-entity/CHANGELOG.md","sha":"038c90120fa1fba1d961966baa5939c6c7cd7776"},{"name":"README.md","path":"modules/custom-iam-entity/README.md","sha":"a4dedbd0cbaad6561eaf42774054c4c640cbb478"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"52b30cd79f1c2681e74208d0ffac44a0c65f5a65"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"b94249803e78991682b8542d8f39e5a728432b97"},{"name":"variables.tf","path":"modules/custom-iam-entity/variables.tf","sha":"a9dc17f7ccdf58c57aaee13764304504c6cd4055"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.adoc","path":"modules/ebs-encryption-multi-region/README.adoc","sha":"86b31069c9627391411f7b6cceed08e813a7a37e"},{"name":"main.tf","path":"modules/ebs-encryption-multi-region/main.tf","sha":"2172203a29d7419a0a29e92b895d41c952bfb670"},{"name":"outputs.tf","path":"modules/ebs-encryption-multi-region/outputs.tf","sha":"cd5d9a988120677154989e8cf446c1f26181e9a0"},{"name":"variables.autogen.tf","path":"modules/ebs-encryption-multi-region/variables.autogen.tf","sha":"39e210f7c4787fe349a1c9c999ca8307ee9d6692"},{"name":"variables.tf","path":"modules/ebs-encryption-multi-region/variables.tf","sha":"b9ed838b5bb1dd74f6224758407668c643aaad25"}]},{"name":"ebs-encryption","children":[{"name":"README.md","path":"modules/ebs-encryption/README.md","sha":"f9f23a71b7725648a9fdc9300de92d38014e6f63"},{"name":"main.tf","path":"modules/ebs-encryption/main.tf","sha":"958efee5cd8023fd72ed57fe879ceb610c9598b4"},{"name":"outputs.tf","path":"modules/ebs-encryption/outputs.tf","sha":"6caa6eba337ae7aa9ad7db82dbd2cf6223f42cb9"},{"name":"variables.tf","path":"modules/ebs-encryption/variables.tf","sha":"d47c23a0c98c7561fcf0d95fa22fc40b34182bf9"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"modules/fail2ban/README.md","sha":"c152b2174bec3f5848f856859cdb23bf7043eea7"},{"name":"install-scripts","children":[{"name":"cloudwatch-metric.conf","path":"modules/fail2ban/install-scripts/cloudwatch-metric.conf","sha":"b2fb301180aeb253f5168a6fedd3e5c44b6938ff"},{"name":"configure-fail2ban","path":"modules/fail2ban/install-scripts/configure-fail2ban","sha":"1bcb3d9dc8574eb8df4f059bd9ee67a41e39ba4f"},{"name":"fail2ban.local","path":"modules/fail2ban/install-scripts/fail2ban.local","sha":"ea80bf8058a1f9bb1a80a59031981b2a37445750"},{"name":"jail.amazon2.local","path":"modules/fail2ban/install-scripts/jail.amazon2.local","sha":"8f0285c493c406aa0db98f40b8bf9aa238f52353"},{"name":"jail.ubuntu.local","path":"modules/fail2ban/install-scripts/jail.ubuntu.local","sha":"b3485d20a2b1fad7949167d30eff2b4caf357d81"}]},{"name":"install.sh","path":"modules/fail2ban/install.sh","sha":"8f7b536f08506dabc2f6beb6cd5a50f7282168aa"},{"name":"user-data-scripts","children":[{"name":"configure-fail2ban-cloudwatch.sh","path":"modules/fail2ban/user-data-scripts/configure-fail2ban-cloudwatch.sh","sha":"2ac95205b68098af4aefc91a47806ad588e6bf66"}]}]},{"name":"github-actions-iam-role","children":[{"name":"README.md","path":"modules/github-actions-iam-role/README.md","sha":"9b0faf481a0fda0230c37dc10acfbf2f00ccdca0"},{"name":"main.tf","path":"modules/github-actions-iam-role/main.tf","sha":"3eda62774b03e5d36e5c67d49f4db883ad13790a"},{"name":"outputs.tf","path":"modules/github-actions-iam-role/outputs.tf","sha":"145ba3cb4b8ec3ea26aa4f6557bc9159c9f38cc1"},{"name":"variables.tf","path":"modules/github-actions-iam-role/variables.tf","sha":"fac510010d58be06a878d9d080375732a7d3d310"}]},{"name":"github-actions-openid-connect-provider","children":[{"name":"README.md","path":"modules/github-actions-openid-connect-provider/README.md","sha":"ef27d7f828b2a6ad698c83478055006906fb297c"},{"name":"main.tf","path":"modules/github-actions-openid-connect-provider/main.tf","sha":"266a351106935cde474f3d8e301bd7c0c7636f46"},{"name":"outputs.tf","path":"modules/github-actions-openid-connect-provider/outputs.tf","sha":"7e9e6b8c3f2d6c23cd949c90f35acec41d31c422"},{"name":"variables.tf","path":"modules/github-actions-openid-connect-provider/variables.tf","sha":"640d67de0d2b55c21f060854e9b8ffcc406e0516"}]},{"name":"guardduty-bucket","children":[{"name":"README.md","path":"modules/guardduty-bucket/README.md","sha":"d9bc2eae83a3e78dc836ff25d6a6c913e3b86db8"},{"name":"main.tf","path":"modules/guardduty-bucket/main.tf","sha":"70c5c3cc317fa97c6171075c3481c0ac174a4fd2"},{"name":"outputs.tf","path":"modules/guardduty-bucket/outputs.tf","sha":"8ca4b9b652a538d5b9da3222db796f2a88942577"},{"name":"variables.tf","path":"modules/guardduty-bucket/variables.tf","sha":"7fca332cc94ae083904d266a451eab5cc6fd3260"}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"modules/guardduty-multi-region/README.adoc","sha":"e2959ada579d8b5cb64df19e3c39aac983e9bc40"},{"name":"main.tf","path":"modules/guardduty-multi-region/main.tf","sha":"b8e3f59abbaea2a64776ebcf3263e8a7c2a7554f"},{"name":"outputs.tf","path":"modules/guardduty-multi-region/outputs.tf","sha":"4c4204ccb3ee34d35fb31ca7687ce35e3083eefe"},{"name":"variables.autogen.tf","path":"modules/guardduty-multi-region/variables.autogen.tf","sha":"39e210f7c4787fe349a1c9c999ca8307ee9d6692"},{"name":"variables.tf","path":"modules/guardduty-multi-region/variables.tf","sha":"4b51ba6a77f8e2d52044db2c4c5e114dcf79b51a"}]},{"name":"guardduty","children":[{"name":"README.adoc","path":"modules/guardduty/README.adoc","sha":"811f7a819c64b185c8fd5b16532efd16dbdcc844"},{"name":"core-concepts.md","path":"modules/guardduty/core-concepts.md","sha":"d100d7d962cca6f5ac69e4c7f5dee939caa484d9"},{"name":"main.tf","path":"modules/guardduty/main.tf","sha":"c5e2f1f302771f62284c963b330a77a9aacaefa3"},{"name":"outputs.tf","path":"modules/guardduty/outputs.tf","sha":"19eb85f6fec78bdfd3e7adc4f193172110b129c8"},{"name":"variables.tf","path":"modules/guardduty/variables.tf","sha":"7e8b31ec8316a436a27e200a3a76eed8ed74c082"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.adoc","path":"modules/iam-access-analyzer-multi-region/README.adoc","sha":"d87068a71e5a6149ba32dcc1ba33070d8b83aeaa"},{"name":"core-concepts.md","path":"modules/iam-access-analyzer-multi-region/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"main.tf","path":"modules/iam-access-analyzer-multi-region/main.tf","sha":"659998f42fdf897b7c01a88da61055a1afd39e0b"},{"name":"outputs.tf","path":"modules/iam-access-analyzer-multi-region/outputs.tf","sha":"a0b2cadf08cfe1bf931b9e5d13efebc54bbb8efc"},{"name":"variables.autogen.tf","path":"modules/iam-access-analyzer-multi-region/variables.autogen.tf","sha":"39e210f7c4787fe349a1c9c999ca8307ee9d6692"},{"name":"variables.tf","path":"modules/iam-access-analyzer-multi-region/variables.tf","sha":"d566bc0f9302bf405fd1ee6dc6e7418deac74042"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"modules/iam-groups/README.md","sha":"07820342d38caf90b08a1ff0df904298ed132c8f"},{"name":"_docs","children":[{"name":"iam-user-access-to-billing.png","path":"modules/iam-groups/_docs/iam-user-access-to-billing.png","sha":"063f6cf8dc766b4d44942de89660e8ab9e1f3d63"},{"name":"my-account.png","path":"modules/iam-groups/_docs/my-account.png","sha":"387320200ed756ce4191afef87f0ab76e2c3d89a"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"e679d2e3081d445c5f9b90f52016278bc32e44be"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"818827357183cb06f399732996c17f98cb3c0527"},{"name":"variables.tf","path":"modules/iam-groups/variables.tf","sha":"ec81e26ef6927ebb867b543acbcceaa9d618be7c"}]},{"name":"iam-policies","children":[{"name":"README.md","path":"modules/iam-policies/README.md","sha":"51835e5cd588f45a050c140c990cc8f04ff7a647"},{"name":"main.tf","path":"modules/iam-policies/main.tf","sha":"92415128130e68ad47aac5973c95d3f38f7049a0"},{"name":"outputs.tf","path":"modules/iam-policies/outputs.tf","sha":"cf0adeec7cd62eb097ed0568facde92f9882b0cf"},{"name":"variables.tf","path":"modules/iam-policies/variables.tf","sha":"6d50aa3e0d8289848c7eee0739a130dfd8e97aee"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"modules/iam-user-password-policy/README.md","sha":"5bea6ba56fc796be5b860549156a3a251735fc2a"},{"name":"main.tf","path":"modules/iam-user-password-policy/main.tf","sha":"6538ef827aac62dd3f1797868b15e0e1d20cf0b3"},{"name":"outputs.tf","path":"modules/iam-user-password-policy/outputs.tf","sha":"825547bd9d41fed1cc1b3506c17f81c48b1bfd1a"},{"name":"variables.tf","path":"modules/iam-user-password-policy/variables.tf","sha":"568582c249e3cfd7899ea23b8b58e43328c9d100"}]},{"name":"iam-users","children":[{"name":"README.md","path":"modules/iam-users/README.md","sha":"ea820bd205fdb8ca28bb0e2eccc29700b99a2b94"},{"name":"main.tf","path":"modules/iam-users/main.tf","sha":"ca5c120c64b190a3b368b5dbab0470450c095eb0"},{"name":"outputs.tf","path":"modules/iam-users/outputs.tf","sha":"b319eacce6916f4904b15d8ff5ea5be09afc29e2"},{"name":"variables.tf","path":"modules/iam-users/variables.tf","sha":"892e7b2aaa5179e83a5e3126dbf2551fd421b133"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"modules/ip-lockdown/README.md","sha":"7ec92da38b5b06af9e61ab164bb6b4b0470ed92a"},{"name":"install.sh","path":"modules/ip-lockdown/install.sh","sha":"ce61af763bee9ad29754220ae24521f22c3a956f"},{"name":"ip-lockdown","path":"modules/ip-lockdown/ip-lockdown","sha":"93a0e1f5876e7de5778c595e8801d64986cb118b"}]},{"name":"kms-cmk-replica","children":[{"name":"README.md","path":"modules/kms-cmk-replica/README.md","sha":"9e9827df4990a6967edbcab6f35214ba229d7b18"},{"name":"main.tf","path":"modules/kms-cmk-replica/main.tf","sha":"d35ce6364916b857d06429388e3f266e1f6ca565"},{"name":"outputs.tf","path":"modules/kms-cmk-replica/outputs.tf","sha":"28066251cbac14ae30a24d83f4ab38a550ce08ba"},{"name":"variables.tf","path":"modules/kms-cmk-replica/variables.tf","sha":"3de5459e12a3fc271230c8be243dbdbb9c6ded47"}]},{"name":"kms-grant-multi-region","children":[{"name":"README.adoc","path":"modules/kms-grant-multi-region/README.adoc","sha":"7c33dc779f289c34d0c72ecce7a4a60d99c38098"},{"name":"core-concepts.md","path":"modules/kms-grant-multi-region/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"main.tf","path":"modules/kms-grant-multi-region/main.tf","sha":"eabb919a94274f2a6d5dcd1a46c02bf05ae19e77"},{"name":"outputs.tf","path":"modules/kms-grant-multi-region/outputs.tf","sha":"a0b2cadf08cfe1bf931b9e5d13efebc54bbb8efc"},{"name":"variables.autogen.tf","path":"modules/kms-grant-multi-region/variables.autogen.tf","sha":"39e210f7c4787fe349a1c9c999ca8307ee9d6692"},{"name":"variables.tf","path":"modules/kms-grant-multi-region/variables.tf","sha":"2677f731e66d345c3f23940f0e18e9c6976234f6"}]},{"name":"kms-master-key-multi-region","children":[{"name":"README.adoc","path":"modules/kms-master-key-multi-region/README.adoc","sha":"75402e428cc30fee27dc5dd469788cf1d71320eb"},{"name":"core-concepts.md","path":"modules/kms-master-key-multi-region/core-concepts.md","sha":"8ba58b9a40c3aad18e2b804f53c6439b549b756d"},{"name":"main.tf","path":"modules/kms-master-key-multi-region/main.tf","sha":"7c8c4c99b9144ad95a84416edab74cf0a885a470"},{"name":"outputs.tf","path":"modules/kms-master-key-multi-region/outputs.tf","sha":"cfb9bfc277df5565a0259a1bea31425158ea8ded"},{"name":"variables.autogen.tf","path":"modules/kms-master-key-multi-region/variables.autogen.tf","sha":"39e210f7c4787fe349a1c9c999ca8307ee9d6692"},{"name":"variables.tf","path":"modules/kms-master-key-multi-region/variables.tf","sha":"790a213990624db1875df53bec90a553f973d14b"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"modules/kms-master-key/README.md","sha":"1b43a005494f12b05551adb020a31726f28e10d3"},{"name":"main.tf","path":"modules/kms-master-key/main.tf","sha":"1884b84238bdb19452c5e46f6c5d487e14e1b90d"},{"name":"outputs.tf","path":"modules/kms-master-key/outputs.tf","sha":"4d0dbba81e8186243d96a8325a5f643d87543451"},{"name":"variables.tf","path":"modules/kms-master-key/variables.tf","sha":"5129ef297d0647ea6608f1e4c6c08bf75759c4c2"}]},{"name":"ntp","children":[{"name":"README.md","path":"modules/ntp/README.md","sha":"b57d6ec916f9af9bcfbbb8371d0479938f093fce"},{"name":"install.sh","path":"modules/ntp/install.sh","sha":"327f9d9d4c6a5b9acd4a7e259653fd96f3659e95"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"modules/os-hardening/README.md","sha":"3e864b0e9208eb6809adf41968c51e02fc233ee1"},{"name":"_docs","children":[{"name":"Helpful Email.md","path":"modules/os-hardening/_docs/Helpful Email.md","sha":"246a0b80b29f5ff3d2b2f4c5c170fc927e2d9dd7"}]},{"name":"ami-builder","children":[{"name":"files","children":[{"name":"user-data.sh.template","path":"modules/os-hardening/ami-builder/files/user-data.sh.template","sha":"4a3c87a19e1a4caa20b9b425b2a02101566d1166"}]},{"name":"main.tf","path":"modules/os-hardening/ami-builder/main.tf","sha":"b32960948fbd768eec5b77e04ebb88f6acda5db2"},{"name":"outputs.tf","path":"modules/os-hardening/ami-builder/outputs.tf","sha":"8ce2ee598124ca50dd530a33aa60f5d1452a4a2b"},{"name":"variables.tf","path":"modules/os-hardening/ami-builder/variables.tf","sha":"d760f34eeae322790865c1cb30dfe20d0225328f"}]},{"name":"partition-scripts","children":[{"name":"README.md","path":"modules/os-hardening/partition-scripts/README.md","sha":"b55df29c7a3d6dc3ecbbbfe4ab4b8749f053f00b"},{"name":"bin","children":[{"name":"cleanup-volume","path":"modules/os-hardening/partition-scripts/bin/cleanup-volume","sha":"c7cbf3ecebd915235238557d27a1ce25e6fc10fa"},{"name":"partition-volume","path":"modules/os-hardening/partition-scripts/bin/partition-volume","sha":"f4f8566a1ef6aa4ff0c0268bd28721488aa6dfc4"}]},{"name":"install.sh","path":"modules/os-hardening/partition-scripts/install.sh","sha":"606776c068260836e8612a681ff4e3edc8abdb41"}]}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"modules/private-s3-bucket/README.md","sha":"cd44b2d3e4627ff00fffd217bd3ec36341a72a36"},{"name":"main.tf","path":"modules/private-s3-bucket/main.tf","sha":"6e8e5cb9e95e024a070cb62287373d73a28402cd"},{"name":"mfa-delete-script","children":[{"name":"mfa-delete.sh","path":"modules/private-s3-bucket/mfa-delete-script/mfa-delete.sh","sha":"7dbcc65412467a036756562024cfc84ad128b215"}]},{"name":"outputs.tf","path":"modules/private-s3-bucket/outputs.tf","sha":"7cc62490168e4abb2ce816d74ba9b1a8153cf3b0"},{"name":"variables.tf","path":"modules/private-s3-bucket/variables.tf","sha":"38f7b68b55878b0c2d55da808ae1f4af3434697e"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"modules/saml-iam-roles/README.md","sha":"5ebc8c20f781a0f0b5654decdcf9bd607fee65b3","toggled":true},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"e263b4625002ef20fefd35193fb0536fbe648b84"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"c579901907b216c55e4c815d28f0a22171a960e6"},{"name":"variables.tf","path":"modules/saml-iam-roles/variables.tf","sha":"1f3f26ade9fd75d8e66ba12649f45d075b5e0f2b"}],"toggled":true},{"name":"secrets-manager-resource-policies","children":[{"name":"CHANGELOG.md","path":"modules/secrets-manager-resource-policies/CHANGELOG.md","sha":"88ead5d4b698fcefce8a9075ab52e6a560387abf"},{"name":"README.md","path":"modules/secrets-manager-resource-policies/README.md","sha":"b894ce3171c28ae91acbfe6bdcec35615c599bbb"},{"name":"main.tf","path":"modules/secrets-manager-resource-policies/main.tf","sha":"551c1c1041cd2119d9e502617cf38ecdb61bfd8f"},{"name":"outputs.tf","path":"modules/secrets-manager-resource-policies/outputs.tf","sha":"8b237f325d54b84ac2453e8945f61cdf0d24b41b"},{"name":"variables.tf","path":"modules/secrets-manager-resource-policies/variables.tf","sha":"2b45ef099c805c1265e5dc611c138de4a40141eb"}]},{"name":"ssh-grunt-selinux-policy","children":[{"name":"README.md","path":"modules/ssh-grunt-selinux-policy/README.md","sha":"53f02f57185efebc35d6ebfe156ce73d02a5f112"},{"name":"install.sh","path":"modules/ssh-grunt-selinux-policy/install.sh","sha":"3de871d61a9990e7f2c130f23afaf00daeb6bbef"},{"name":"ssh-grunt.pp","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.pp","sha":"7c7050f812cd0e3cb34e37b88c35fb09f369be7d"},{"name":"ssh-grunt.te","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.te","sha":"3317a71feaa633662a00b1dc05b1176cb85c9793"}]},{"name":"ssh-grunt","children":[{"name":".dockerignore","path":"modules/ssh-grunt/.dockerignore","sha":"a725465aee245635a2bd129af54858ed32c84cb8"},{"name":"Dockerfile","path":"modules/ssh-grunt/Dockerfile","sha":"148b2df16c77e8b8aa0ba95447c9e018607e3ac3"},{"name":"README.adoc","path":"modules/ssh-grunt/README.adoc","sha":"e865644a2da9abfae7a3f9e2042eee37ea629f20"},{"name":"_ci","children":[{"name":"build-and-test.sh","path":"modules/ssh-grunt/_ci/build-and-test.sh","sha":"903993de2d7bcde19d472fa5e510ee862d4b10c3"},{"name":"test.sh","path":"modules/ssh-grunt/_ci/test.sh","sha":"235603944316e81f1da1cc0248b80beecf99cb27"}]},{"name":"_docs","children":[{"name":"houston-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/houston-upload-ssh-key.png","sha":"e32519497262f9796a4ea46c53953923975cbd7d"},{"name":"iam-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/iam-upload-ssh-key.png","sha":"8bb1e793185eb0b4822023552899874394342f21"}]},{"name":"core-concepts.md","path":"modules/ssh-grunt/core-concepts.md","sha":"530b8611453a6149432e205676c3f8d4c8aa7693"},{"name":"docker-compose.yml","path":"modules/ssh-grunt/docker-compose.yml","sha":"74a2c67f6b9dc838ff3bd9c9c5aa68c813db1f0d"},{"name":"go.mod","path":"modules/ssh-grunt/go.mod","sha":"b9ca5510e2b5adc798c35f2882d4c45e407d96da"},{"name":"go.sum","path":"modules/ssh-grunt/go.sum","sha":"3fb7ee290aabdc716f9e233293037bd9fcc32d12"},{"name":"scripts","children":[{"name":"build-linux-binary.sh","path":"modules/ssh-grunt/scripts/build-linux-binary.sh","sha":"2d91cbed3db40f419e6a440ce2735b9d3f2d048b"},{"name":"run.sh","path":"modules/ssh-grunt/scripts/run.sh","sha":"050027e034cd03e53625986eb0f331c043492cf6"}]},{"name":"src","children":[{"name":"cli.go","path":"modules/ssh-grunt/src/cli.go","sha":"bd452b3cd360a5ea07d85c386608b8bfaea8dad7"},{"name":"cli_test.go","path":"modules/ssh-grunt/src/cli_test.go","sha":"4495feee5155a9e1c5dfd973f0a449b8d3764756"},{"name":"collections.go","path":"modules/ssh-grunt/src/collections.go","sha":"aa9b67f00f57088f9bf4e129dcc53003524dd0a7"},{"name":"cron.go","path":"modules/ssh-grunt/src/cron.go","sha":"5087bbffd95b625423d8c9a5a37a12ec8d6b07d7"},{"name":"cron_test.go","path":"modules/ssh-grunt/src/cron_test.go","sha":"dfe543ba69b21fbd24ad026b4c208d4308a743f2"},{"name":"ec2_instance_connect.go","path":"modules/ssh-grunt/src/ec2_instance_connect.go","sha":"99c31ddd2ee34d18dd9e676ec22eef5eebc3187f"},{"name":"errors.go","path":"modules/ssh-grunt/src/errors.go","sha":"1175435b45a980a5ff23dd4bdc880b4d63b24d79"},{"name":"file.go","path":"modules/ssh-grunt/src/file.go","sha":"eb991fd15ac2c3660313e6d4c5669b36ccc9cc21"},{"name":"groups.go","path":"modules/ssh-grunt/src/groups.go","sha":"3e4ecb0ef9ca916e5482e1999b59ceddc4aec077"},{"name":"groups_test.go","path":"modules/ssh-grunt/src/groups_test.go","sha":"b060ded1c37d1b636b7dc59d5071049e640d00e7"},{"name":"iam.go","path":"modules/ssh-grunt/src/iam.go","sha":"dafbc8fbb732d2d6212cade786eb13d7215b9862"},{"name":"iam_test.go","path":"modules/ssh-grunt/src/iam_test.go","sha":"0382c08562fc329876267cf944195f3d8c8738be"},{"name":"logger.go","path":"modules/ssh-grunt/src/logger.go","sha":"93095ba8216709b3178fcc44a76421a765f4e302"},{"name":"main.go","path":"modules/ssh-grunt/src/main.go","sha":"a89d9402d32d371dc9b945ab9c72996808d17b85"},{"name":"shell.go","path":"modules/ssh-grunt/src/shell.go","sha":"7f49eeee4119efde0bd58d7c78fd4ef785dc5f6c"},{"name":"ssh.go","path":"modules/ssh-grunt/src/ssh.go","sha":"17784a1b62fcfc4df6b766bc65f89d53738b9ef2"},{"name":"ssh_test.go","path":"modules/ssh-grunt/src/ssh_test.go","sha":"00dea3ef7d6b6462bc19bcee0207cf24c2dc67b4"},{"name":"string.go","path":"modules/ssh-grunt/src/string.go","sha":"fc61ca9625f9d654c2b3576ff932db1b90ae9dfe"},{"name":"string_test.go","path":"modules/ssh-grunt/src/string_test.go","sha":"752aaaa776d25ff8a3e694588edb3e7c0ce4eb27"},{"name":"sync.go","path":"modules/ssh-grunt/src/sync.go","sha":"6c3d569f1cfa03b87a4292abf2b198d59fb8b17a"},{"name":"sync_test.go","path":"modules/ssh-grunt/src/sync_test.go","sha":"09dd89b492cc7373c49b8b2fc16b17914065340f"},{"name":"url.go","path":"modules/ssh-grunt/src/url.go","sha":"0af5ddc5f3e27af95d6f6ddd41acf0c229962f7f"},{"name":"url_test.go","path":"modules/ssh-grunt/src/url_test.go","sha":"95e062eaaca09900949e0352fffc7b6f9a3524cc"},{"name":"users.go","path":"modules/ssh-grunt/src/users.go","sha":"6c3a8a22006a91656fcc5fd31d684271cdf129e3"},{"name":"users_test.go","path":"modules/ssh-grunt/src/users_test.go","sha":"e695204896bae7436e20a6615a484ae4cc6cf2f7"}]}]},{"name":"ssh-iam","children":[{"name":"README.md","path":"modules/ssh-iam/README.md","sha":"4aa06d6a729e53384b6d2a43c06ee38807092f32"}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"modules/ssm-healthchecks-iam-permissions/README.md","sha":"e14721b0a74873d2f3c22aa8f7fd75238c4e5bf6"},{"name":"main.tf","path":"modules/ssm-healthchecks-iam-permissions/main.tf","sha":"0efcc5d8a61683331410fef8340684a0b5e5e1c8"},{"name":"variables.tf","path":"modules/ssm-healthchecks-iam-permissions/variables.tf","sha":"36778c58999e05f20468d118f22e8c9d754b1a4d"}]},{"name":"tls-cert-private","children":[{"name":"Dockerfile","path":"modules/tls-cert-private/Dockerfile","sha":"bc6b1c28764936758a47ceedccf790b56200d6cf"},{"name":"README.md","path":"modules/tls-cert-private/README.md","sha":"c6996ec25d7d9b1ab4f79d8164a14e86e1ac844f"},{"name":"docker-compose.yml","path":"modules/tls-cert-private/docker-compose.yml","sha":"f872026e8d51ceaab2e1c11cc9cf9c35ba81f29c"},{"name":"files","children":[{"name":"openssl.cnf","path":"modules/tls-cert-private/files/openssl.cnf","sha":"2542542c80ab180c47d3e0a27dbded65bed572de"}]},{"name":"scripts","children":[{"name":"generate-ca-keypair.sh","path":"modules/tls-cert-private/scripts/generate-ca-keypair.sh","sha":"395ee97c0e499c660efac5c5cf1f79dfcdbb69f8"},{"name":"generate-tls-keypair.sh","path":"modules/tls-cert-private/scripts/generate-tls-keypair.sh","sha":"f1c3577437fd589087704a9c003de416cb87d232"},{"name":"main.sh","path":"modules/tls-cert-private/scripts/main.sh","sha":"dc7af965ffb783bbef449010818e69294fa2ef75"}]}]}],"toggled":true},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"b44e2152ea21d65a8c51bb58321e18ec7527c22e"},{"name":"common","children":[{"name":"errors.go","path":"test/common/errors.go","sha":"1fafbb9fd6aaa6b53deca6f2d2dff9bdbbb7e759"},{"name":"test_helpers.go","path":"test/common/test_helpers.go","sha":"67e2147ea840eb4b448a7f6353f16fc5b75f281e"}]},{"name":"fail2ban","children":[{"name":"fail2ban_test.go","path":"test/fail2ban/fail2ban_test.go","sha":"82a74f826069c2bd3e0a58c3c13d04d1b22eb01c"}]},{"name":"go.mod","path":"test/go.mod","sha":"df53ece95b85d0bd06e38e9905589867136f2489"},{"name":"go.sum","path":"test/go.sum","sha":"14e50cf2a16ad49de12315b45a7b65a9fd4dec65"},{"name":"landingzone","children":[{"name":"aws_config_rules_test.go","path":"test/landingzone/aws_config_rules_test.go","sha":"e198464d094ef43a2ff5dc85da38c6cfc3d92fa8"},{"name":"aws_organizations_test.go","path":"test/landingzone/aws_organizations_test.go","sha":"7f4e93e798860d91f590c22cfa2efde0bf4777ac"},{"name":"ebs_encryption_multi_region_test.go","path":"test/landingzone/ebs_encryption_multi_region_test.go","sha":"1fb62b79d6b4a7054aea00d860e9faa31eddc175"},{"name":"iam_access_analyzer_multiregion_test.go","path":"test/landingzone/iam_access_analyzer_multiregion_test.go","sha":"e7d6315c3345070932a1da76bad1a301bd4c31f0"},{"name":"kms_grant_multiregion_test.go","path":"test/landingzone/kms_grant_multiregion_test.go","sha":"1ce81b86a5d18ee90190ae02bdde7aea93894b22"},{"name":"kms_master_key_multiregion_test.go","path":"test/landingzone/kms_master_key_multiregion_test.go","sha":"0d63446b96064e1c7ce43721b1929d426d37eb04"},{"name":"test_helpers.go","path":"test/landingzone/test_helpers.go","sha":"e7f5184b2a759a5f4d830e09cf6f8d3ed86190c5"}]},{"name":"landingzone_b","children":[{"name":"aws_config_test.go","path":"test/landingzone_b/aws_config_test.go","sha":"7bbb3cc3302f7c0b9c503658888c795b0bc50442"},{"name":"guardduty_test.go","path":"test/landingzone_b/guardduty_test.go","sha":"a8369f915b2814da6d7e1ca384691eefebcecf54"},{"name":"test_helpers.go","path":"test/landingzone_b/test_helpers.go","sha":"7cedab829a1ac86c7d78351b31e5e4b0ec2099c4"}]},{"name":"security","children":[{"name":"auto_update_test.go","path":"test/security/auto_update_test.go","sha":"b0bf3c446844977c5eeec5f43b49de7c6788f47a"},{"name":"cloudtrail_test.go","path":"test/security/cloudtrail_test.go","sha":"e62951f5668848f2c113a1858e73134b62480a42"},{"name":"cross_account_iam_roles_test.go","path":"test/security/cross_account_iam_roles_test.go","sha":"1e1a2a7a3731a89c5beb658ad6f09663e2070ada"},{"name":"custom_iam_entity_test.go","path":"test/security/custom_iam_entity_test.go","sha":"f0c38f5b0d671fd740e8530b28c94e5fe5219d26"},{"name":"github_actions_iam_role_test.go","path":"test/security/github_actions_iam_role_test.go","sha":"6a886fdef2992b75e2743d2733db21409fa3a890"},{"name":"iam_groups_test.go","path":"test/security/iam_groups_test.go","sha":"ab4f7c03a0490a769e79782cb008d8ffbc9ffa29"},{"name":"iam_ssm_test.go","path":"test/security/iam_ssm_test.go","sha":"28a81aab9873bb6bd02d2f37bdc3ef9c7f27b3c5"},{"name":"iam_user_password_policy_test.go","path":"test/security/iam_user_password_policy_test.go","sha":"5a44f18c469c936fa51b4e9d7911404e1ab76a0f"},{"name":"iam_users_test.go","path":"test/security/iam_users_test.go","sha":"1cd395b72942f05e03959978a72a782d0dd530bd"},{"name":"ip-lockdown-test-scripts","children":[{"name":"allow-several-users.sh","path":"test/security/ip-lockdown-test-scripts/allow-several-users.sh","sha":"2f75dbe0880ed0907b43db58b6ac030a0d0e9bd4"},{"name":"common.sh","path":"test/security/ip-lockdown-test-scripts/common.sh","sha":"cdfe11aca76607a4feaf254a394f32273b738c5c"},{"name":"index.html","path":"test/security/ip-lockdown-test-scripts/index.html","sha":"557db03de997c86a4a028e1ebd3a1ceb225be238"},{"name":"restrict-all-users.sh","path":"test/security/ip-lockdown-test-scripts/restrict-all-users.sh","sha":"a37c1ffc90f2532e7cc3f9f5a859b75c98661dc6"},{"name":"restrict-one-user.sh","path":"test/security/ip-lockdown-test-scripts/restrict-one-user.sh","sha":"4214e1c15102f4568d1e995aa82add46ee430237"},{"name":"sanity-check.sh","path":"test/security/ip-lockdown-test-scripts/sanity-check.sh","sha":"542ed72f4f0952ace67c9cbf2e5ac07e81e6870c"}]},{"name":"ip_lockdown_test.go","path":"test/security/ip_lockdown_test.go","sha":"713314d11e0884022337c49c61f031dcb36da832"},{"name":"kms_master_key_test.go","path":"test/security/kms_master_key_test.go","sha":"751dfa23eaa391b567f023c6d1a12a4400a55c28"},{"name":"ntp_test.go","path":"test/security/ntp_test.go","sha":"372edab033e653c151b1c2e3b10d9bc13229515c"},{"name":"os_hardening_test.go","path":"test/security/os_hardening_test.go","sha":"939f6beb4b867c3d5ee6612fd1fb5faa020e0abe"},{"name":"private_s3_bucket_test.go","path":"test/security/private_s3_bucket_test.go","sha":"9d4b7ab8e35cf1cb49103a4a5528262730600fdf"},{"name":"saml_iam_roles_test.go","path":"test/security/saml_iam_roles_test.go","sha":"efbe2f3e6e9b0da73d1fb58fccc5f5fc1427a61f"},{"name":"secrets_manager_resource_policies_test.go","path":"test/security/secrets_manager_resource_policies_test.go","sha":"07f69b66238517d1f8af61eb9751248372997b70"},{"name":"test_helpers.go","path":"test/security/test_helpers.go","sha":"d2bf2ae4ac107bc83b457a8030cebc395d63eefc"},{"name":"test_helpers_aws_auth.go","path":"test/security/test_helpers_aws_auth.go","sha":"461efcc040ff5024b9fa0762ffcde92081fac163"},{"name":"tls_cert_private_test.go","path":"test/security/tls_cert_private_test.go","sha":"70b2c873f20876497b4a1a0a030871e037dca995"}]},{"name":"ssh_grunt","children":[{"name":"ssh_grunt_iam_test.go","path":"test/ssh_grunt/ssh_grunt_iam_test.go","sha":"da6a7c8ef01dbd4208c0bc4781756b73ea512d33"},{"name":"test_helpers.go","path":"test/ssh_grunt/test_helpers.go","sha":"af9096a38c3f8f88c76c158c5ff0fbe6c6e601d9"}]},{"name":"upgrades","children":[{"name":"upgrade_test.go","path":"test/upgrades/upgrade_test.go","sha":"f7256916cf2aa7c857e47a865f996760d842fe46"}]},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"1e37f6b3cb409775ef148466b218c4147c5f84ce"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"a-best-practices-set-of-iam-roles-for-saml-access\">A best-practices set of IAM roles for SAML access</h1><div class=\"preview__body--border\"></div><p>This module can be used to allow users authenticated via external Security Assertion Markup Language (SAML) identity\nproviders such as Google, Amazon SSO, Microsoft Active Directory Federation Services (ADFS), Okta, and OneLogin to access\nyour AWS accounts (<a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html\" class=\"preview__body--description--blue\" target=\"_blank\">saml-access</a>).\nThis allows you to define each environment (mgmt, stage, prod, etc) in a separate AWS account and to use SAML to assume\ndifferent roles in each account.</p>\n<p>If you're not familiar with IAM concepts, start with the <a href=\"#background-information\" class=\"preview__body--description--blue\">Background Information</a> section as a\nway to familiarize yourself with the terminology.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-use-this-module\">How do you use this module?</h2>\n<p>To set up SAML access to AWS, you need to:</p>\n<ol>\n<li><a href=\"#create-identity-provider\" class=\"preview__body--description--blue\">Create an Identity Provider in each account</a></li>\n<li><a href=\"#create-iam-roles\" class=\"preview__body--description--blue\">Create IAM roles in each of your accounts</a></li>\n<li><a href=\"#create-permissions-to-assume-the-iam-roles-in-other-accounts\" class=\"preview__body--description--blue\">Create permissions to assume the IAM roles in other accounts</a></li>\n</ol>\n<p>This module takes care of <a href=\"#create-iam-roles\" class=\"preview__body--description--blue\">creating IAM roles</a> and <a href=\"#create-permissions-to-assume-the-iam-roles-in-other-accounts\" class=\"preview__body--description--blue\">creating the appropriate permissions</a>. Check out the <a href=\"/repos/v0.46.2/module-security/examples/saml-iam-roles\" class=\"preview__body--description--blue\">saml-iam-roles\nexample</a> for a working sample code of how to use this module.</p>\n<h3 class=\"preview__body--subtitle\" id=\"create-identity-provider-in-iam\">Create Identity Provider in IAM</h3>\n<p>If you want to allow users of a SAML Identity Provider (IdP) to access your AWS accounts, you will first need to create a SAML Identity Provider within IAM. You will also have to configure your IdP to send the appropriate assertions as described in the\n<a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html\" class=\"preview__body--description--blue\" target=\"_blank\">AWS Documentation</a>.</p>\n<h3 class=\"preview__body--subtitle\" id=\"create-iam-roles-in-each-account\">Create IAM roles in each account</h3>\n<p>If you want to allow users from SAML IdPs to access your AWS accounts, use this module in each AWS account to create IAM roles that specify which services those users may access.</p>\n<h3 class=\"preview__body--subtitle\" id=\"create-permissions-to-assume-the-iam-roles-in-other-accounts\">Create permissions to assume the IAM roles in other accounts</h3>\n<p>Finally, this module will also grant access to users of each SAML provider listed in the various\n<code>allow_*_access_from_saml_provider_arns</code> variables to assume the corresponding role.</p>\n<h2 class=\"preview__body--subtitle\" id=\"resources-created\">Resources Created</h2>\n<p>This module creates the following IAM roles (all optional):</p>\n<ul>\n<li>\n<p><strong>allow-read-only-access-from-saml</strong>: Users authenticated by the SAML providers in\n<code>var.allow_read_only_access_from_saml_provider_arns</code> will get read-only access to all services in this account.</p>\n</li>\n<li>\n<p><strong>allow-billing-access-from-saml</strong>: Users authenticated by the SAML providers in\n<code>var.allow_billing_access_from_saml_provider_arns</code> will get full (read and write) access to the billing details for\nthis account.</p>\n</li>\n<li>\n<p><strong>allow-support-access-from-saml</strong>: Users authenticated by the SAML providers in\n<code>var.allow_support_access_from_saml_provider_arns</code> will get access to AWS support for this account.</p>\n</li>\n<li>\n<p><strong>allow-logs-access-from-saml</strong>: Users authenticated by the SAML providers in\n<code>var.allow_logs_access_from_saml_provider_arns</code> will get read access to the logs in CloudTrail, AWS Config, and\nCloudWatch for this account. Since CloudTrail logs may be encrypted with a KMS CMK, if <code>var.cloudtrail_kms_key_arn</code> is\nset, these users will also get permissions to decrypt using this KMS CMK.</p>\n</li>\n<li>\n<p><strong>allow-ssh-grunt-access-from-saml</strong>: Users authenticated by the SAML providers in\n<code>var.allow_ssh_grunt_access_from_saml_provider_arns</code> will get read access to IAM Groups and public SSH keys. This is\nuseful to allow <a href=\"/repos/v0.46.2/module-security/modules/ssh-grunt\" class=\"preview__body--description--blue\">ssh-grunt</a> running on EC2 Instances in other AWS accounts to validate SSH\nconnections against IAM users defined in this AWS account.</p>\n</li>\n<li>\n<p><strong>allow-dev-access-from-saml</strong>:Users authenticated by the SAML providers in\n<code>var.allow_dev_access_from_saml_provider_arns</code> will get full (read and write) access to the services in this account\nspecified in <code>var.dev_permitted_services</code>.</p>\n</li>\n<li>\n<p><strong>allow-full-access-from-saml</strong>: Users authenticated by the SAML providers in\n<code>var.allow_full_access_from_saml_provider_arns</code> will get full (read and write) access to all services in this account.</p>\n</li>\n<li>\n<p><strong>allow-iam-admin-access-from-saml</strong>: Users authenticated by the SAML providers in\n<code>var.allow_iam_admin_access_from_saml_provider_arns</code> will get full IAM (<code>iam:*</code>) access in this account.</p>\n</li>\n<li>\n<p><strong>allow-auto-deploy-access-from-saml</strong>: Users authenticated by the SAML providers in\n<code>var.allow_read_only_access_from_saml_provider_arns</code> will get automated deployment access to all services in this\naccount with the permissions specified in <code>var.auto_deploy_permissions</code>. The main use case is to allow a CI server\n(e.g. Jenkins) in another AWS account to do automated deployments in this AWS account.</p>\n</li>\n</ul>\n","repoName":"module-security","repoRef":"v0.73.2","serviceDescriptor":{"serviceName":"ssh-grunt","serviceRepoName":"module-security","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/ssh-grunt","cloudProviders":["aws"],"description":"Manage SSH access to EC2 Instances using groups in AWS IAM or your Identity Provider (e.g., ADFS, Google, Okta, etc).","imageUrl":"grunt.png","licenseType":"subscriber","technologies":["Terraform","Go"],"compliance":[],"tags":[""]},"serviceCategoryName":"SSH access","fileName":"README.md","filePath":"/modules/saml-iam-roles/README.md","title":"Repo Browser: ssh-grunt","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}
.circleci
main.tf
