Browse the Repo
Browse the Repo
Manage SSH access to EC2 Instances using groups in AWS IAM or your Identity Provider (e.g., ADFS, Google, Okta, etc).
This repo contains modules for configuring a variety of security best practices, including IAM users, IAM groups, IAM roles, IAM policies, audit logging for your AWS account, secrets management, SSH access, and server hardening.
Create and manage IAM users, IAM groups, IAM roles, and IAM policies as code.
Configure audit logging in your AWS account using AWS Config and AWS CloudTrail.
Enforce server hardening best practices, including
auto-update (automatically install critical security updates),
fail2ban (automatically block malicious SSH attempts),
ntp (sync the clock on a server), and
down the EC2 metadata endpoint to specific OS users).
Create and manage master keys in KMS that you can use to securely encrypt and decrypt data.
Manage SSH access using an identity provider (e.g., IAM Groups or ADFS Groups) using
Manage EBS encryption defaults so all new EBS volumes are encrypted with your master keys.
|This repo is a part of the Gruntwork Infrastructure as Code Library, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Infrastructure as Code Library before, make sure to read How to use the Gruntwork Infrastructure as Code Library!|
If you just want to try this repo out for experimenting and learning, check out the following resources:
examples folder: The
examples folder contains sample code optimized for learning, experimenting,
and testing (but not production usage).
If you want to deploy this repo in production, check out the following resources:
security modules in the Acme example Reference Architecture: Production-ready sample code from the Acme Reference Architecture examples.
Packer template with server-hardening in the Acme example Reference Architecture: Production-ready sample code from the Acme Reference Architecture examples.
If you need help with this repo or anything else related to infrastructure or DevOps, Gruntwork offers Commercial Support via Slack, email, and phone/video. If you’re already a Gruntwork customer, hop on Slack and ask away! If not, subscribe now. If you’re not sure, feel free to email us at email@example.com.
Contributions to this repo are very welcome and appreciated! If you find a bug or want to add a new feature or even contribute an entirely new module, we are very happy to accept pull requests, provide feedback, and run your changes through our automated test suite.
Please see Contributing to the Gruntwork Infrastructure as Code Library for instructions.
We're here to talk about our services, answer any questions, give advice, or just to chat.