This repo contains modules for configuring a variety of security best practices, including IAM users, IAM groups,
IAM roles, IAM policies, audit logging for your AWS account, secrets management, SSH access, and server hardening.
Create and manage IAM users, IAM groups, IAM roles, and IAM policies as code.
Configure audit logging in your AWS account using AWS Config and AWS CloudTrail.
Enforce server hardening best practices, including auto-update (automatically install critical security updates),
fail2ban (automatically block malicious SSH attempts), ntp (sync the clock on a server), and ip-lockdown (lock
down the EC2 metadata endpoint to specific OS users).
Create and manage master keys in KMS that you can use to securely encrypt and decrypt data.
Manage SSH access using an identity provider (e.g., IAM Groups or ADFS Groups) using ssh-grunt.
Manage EBS encryption defaults so all new EBS volumes are encrypted with your master keys.
If you need help with this repo or anything else related to infrastructure or DevOps, Gruntwork offers Commercial Support via Slack, email, and phone/video. If you’re already a Gruntwork customer, hop on Slack and ask away! If not, subscribe now. If you’re not sure, feel free to email us at support@gruntwork.io.
Contributions to this repo are very welcome and appreciated! If you find a bug or want to add a new feature or even contribute an entirely new module, we are very happy to accept pull requests, provide feedback, and run your changes through our automated test suite.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"c0f919c987c66d346e67e347e34ad0d3823a9c44"}]},{"name":".editorconfig","path":".editorconfig","sha":"a5eec1063e66c4cb953cba222dd50b4d314ef3e2"},{"name":".gitignore","path":".gitignore","sha":"3e440e93f7b263b18b7e4943ba7f83badc682823"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"8d98e6d06e9c4d3f9b680dc9ab6d5ccc7f9d96d3"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"7ab1528db56eca5c136e005f4f08ec9b2c0f3aeb"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"e0a4ca5d946e90e9e069c232f22ed70667432376","toggled":true},{"name":"_ci","children":[{"name":"output-debug-values.sh","path":"_ci/output-debug-values.sh","sha":"39d6d5f080a53f932e3b5ec970b5f268fd00e50a"}]},{"name":"_docs","children":[{"name":"auto-update.png","path":"_docs/auto-update.png","sha":"77bfd1c65de0245ac8b3c67d5b0b64fc440824bf"},{"name":"aws-cloudtrail-architecture.png","path":"_docs/aws-cloudtrail-architecture.png","sha":"a2dd9a08b8ed77744fd5febab3be7bdf633dee79"},{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"acc7dcaf4b46ce3cef1bcc20be0329e12c320e7f"},{"name":"aws-config-architecture.png","path":"_docs/aws-config-architecture.png","sha":"721458048d5e539468c438498863a91fa96e0a85"},{"name":"aws-config-rules-architecture.png","path":"_docs/aws-config-rules-architecture.png","sha":"29fe3f20358b176e385d1bcdc0357bff2c1d5b4a"},{"name":"aws-config-rules.png","path":"_docs/aws-config-rules.png","sha":"ac3f7b35bcac949887e62aee260d9cb70edd3ae8"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"02f4b326aef57372def4f3fafa4f0e4cec07e395"},{"name":"aws-guardduty.png","path":"_docs/aws-guardduty.png","sha":"053b92412fb8e3fb5740acc404b493fe1dd7229b"},{"name":"aws-organizations-architecture.png","path":"_docs/aws-organizations-architecture.png","sha":"bd57412fe85d3fe8d5e358db5e3b7bfef3e786a9"},{"name":"aws-organizations-icon.png","path":"_docs/aws-organizations-icon.png","sha":"b2b3fa04f51a23e5bae1b3389ffedf5e17b3cef2"},{"name":"iam-access-analyzer.png","path":"_docs/iam-access-analyzer.png","sha":"36e38e69454beae66d35b9bf25b3e5ffe1e68a25"},{"name":"kms-icon.png","path":"_docs/kms-icon.png","sha":"cd4f350a9a3fda41089928a7e396ee8924b7a901"},{"name":"multi-account-multi-region-aws-config.png","path":"_docs/multi-account-multi-region-aws-config.png","sha":"a9c813b1799fe71554c20c8fefc703792293bfe4"},{"name":"multiaccount_guardduty.png","path":"_docs/multiaccount_guardduty.png","sha":"c56b50bbb4c2a041366b430cada27b88aa02524b"},{"name":"ssh-grunt-architecture.png","path":"_docs/ssh-grunt-architecture.png","sha":"9ced8c68bcc7957e50aa016cad6c5b043a05b470"},{"name":"terminal-icon.png","path":"_docs/terminal-icon.png","sha":"df09d52d5b1176d7e231bab6c7712c3728e45c1b"}]},{"name":"codegen","children":[{"name":"README.adoc","path":"codegen/README.adoc","sha":"143d07fec60ff6b82003aefd6c2fb39a3e9d6e63"},{"name":"core-concepts.md","path":"codegen/core-concepts.md","sha":"824cb1918965823abd41d4fc34d91815abb42abf"},{"name":"generate-all.sh","path":"codegen/generate-all.sh","sha":"e95f7a1fe3b75636468472cd072e0d0b559f2eb5"},{"name":"generate-aws-config","children":[{"name":".gitignore","path":"codegen/generate-aws-config/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-config/main.go","sha":"bdfaab90b0ac5df350960e50b5c11adfa717e037"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-config/static/README.adoc","sha":"7b2c57aa457d265a0cadfd6ec00fd96f0906d9d7"},{"name":"core-concepts.md","path":"codegen/generate-aws-config/static/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"variables.tf","path":"codegen/generate-aws-config/static/variables.tf","sha":"f19c1305968c444c53b1679f59930e8906542d7d"}]},{"name":"template_data.go","path":"codegen/generate-aws-config/template_data.go","sha":"fd044616e417fdfa273efd30606ca21f9511f6e9"}]},{"name":"generate-aws-guardduty","children":[{"name":".gitignore","path":"codegen/generate-aws-guardduty/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-guardduty/main.go","sha":"203030a6e15b919d6532170d2185abb3a0af4580"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-guardduty/static/README.adoc","sha":"194ca4706ab4f825b6c730c3d46d1a8e060146c6"},{"name":"variables.tf","path":"codegen/generate-aws-guardduty/static/variables.tf","sha":"a603806b6a10a93ebfa94b96e27709422b2c3d09"}]},{"name":"template_data.go","path":"codegen/generate-aws-guardduty/template_data.go","sha":"54eca39c449b9f8c1d0dc7cc4152ea22ca77ea10"}]},{"name":"generate-ebs-encryption","children":[{"name":".gitignore","path":"codegen/generate-ebs-encryption/.gitignore","sha":"a3f620a6c9c87b381bf6748917bdf9542792f54b"},{"name":"main.go","path":"codegen/generate-ebs-encryption/main.go","sha":"ca92940b678fc4568b8e585882972dbeb03b0a9c"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-ebs-encryption/static/README.adoc","sha":"995c656021a1b60bfe7966124c8212dca5ee0209"},{"name":"variables.tf","path":"codegen/generate-ebs-encryption/static/variables.tf","sha":"4bb22b9bb519462a429baea8ffea9d1a3991be26"}]},{"name":"template_data.go","path":"codegen/generate-ebs-encryption/template_data.go","sha":"631e1c8f97124798bd2095f5a2088808f8f409d6"}]},{"name":"generate-multiregion-iam-access-analyzer","children":[{"name":".gitignore","path":"codegen/generate-multiregion-iam-access-analyzer/.gitignore","sha":"045b82ea48805332afcf6edb7a52b41310f0c72c"},{"name":"main.go","path":"codegen/generate-multiregion-iam-access-analyzer/main.go","sha":"d0307987e3844ae79b5ea85f4045ff4b6fad9b77"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-iam-access-analyzer/static/README.adoc","sha":"2e38257bf549f39cbd7d9d7a769f64925807db0a"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-iam-access-analyzer/static/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"variables.tf","path":"codegen/generate-multiregion-iam-access-analyzer/static/variables.tf","sha":"6e8d81aac5af0cba584e6d0884e03cfbc23ba07f"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-iam-access-analyzer/template_data.go","sha":"33f2a70777f14b90ccc9fa528bd2c41b35c7e152"}]},{"name":"generate-multiregion-kms-grant","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms-grant/.gitignore","sha":"ce81abc8eeae39683199307d44536f0a8b1b7862"},{"name":"main.go","path":"codegen/generate-multiregion-kms-grant/main.go","sha":"56a29127aec8a2be9bfae204f82838b320aab593"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms-grant/static/README.adoc","sha":"543e1bf6e0c486ded77fa98b3bbbfc257ce8d4cf"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-kms-grant/static/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms-grant/static/variables.tf","sha":"505b2d0cb9ecf78f0364e845cab72bf0c28365d5"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms-grant/template_data.go","sha":"65d429ea3580deeccf94afbfa31bebc132aa49bc"}]},{"name":"generate-multiregion-kms","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms/.gitignore","sha":"dd60654458233c0bdb18892c5989f1828889d55b"},{"name":"main.go","path":"codegen/generate-multiregion-kms/main.go","sha":"b8ed4487ecca31bc909fb944ce88d2c079f667a4"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms/static/README.adoc","sha":"89497b236814c059ccc546a27880f40e0e77a99e"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms/static/variables.tf","sha":"146f394a213942a53c254efafeea96a0ac958418"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms/template_data.go","sha":"b1c745040422b3bd05b05803bec5a6adbbdf7582"}]},{"name":"generator","children":[{"name":"autogen_variables.tf.tpl.go","path":"codegen/generator/autogen_variables.tf.tpl.go","sha":"be1b2f892ca44533c3f496b8d6b09dec4995edf4"},{"name":"aws.go","path":"codegen/generator/aws.go","sha":"9a5ad6fd89fa287e3055459a5a6ece36680f5fcd"},{"name":"cli.go","path":"codegen/generator/cli.go","sha":"6e92f692f11d26c182c9e987fd566b0b8cb10901"},{"name":"errors.go","path":"codegen/generator/errors.go","sha":"21fd1f6d4bef60ea9cb39939783696526ddd02e7"},{"name":"generator.go","path":"codegen/generator/generator.go","sha":"42a368cea7b2173b8111e65298f4ddb7e63da9aa"},{"name":"main.tf.tpl.go","path":"codegen/generator/main.tf.tpl.go","sha":"a2068dec38e182f87209fdc4e7365b7e7871c449"},{"name":"outputs.tf.tpl.go","path":"codegen/generator/outputs.tf.tpl.go","sha":"d5f5236e76f98825f082c5d2d125b5f4f0376f09"}]},{"name":"go.mod","path":"codegen/go.mod","sha":"d401631d3d5020137efe7e01c020ece55c5c7c7e"},{"name":"go.sum","path":"codegen/go.sum","sha":"4d0818acc88670836f806d291f5fb2060bc8d232"},{"name":"logging","children":[{"name":"logging.go","path":"codegen/logging/logging.go","sha":"d4fb9da710acb21567b4e0581cb7bd7692baca04"}]}]},{"name":"examples","children":[{"name":"auto-update","children":[{"name":"README.md","path":"examples/auto-update/README.md","sha":"d7c630c4585bad7869d55bc6c62fca248eeb521a"},{"name":"auto-update-example.json","path":"examples/auto-update/auto-update-example.json","sha":"e6accb10006eca938f5cbbd2ef440e10ecd4c33b"}]},{"name":"aws-config-multi-region","children":[{"name":"README.md","path":"examples/aws-config-multi-region/README.md","sha":"5d472db5cdc843b494852a062d8c0880f246fcd0"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/aws-config-multi-region/terraform/main.tf","sha":"a43612ca7ad2cf3c5740be3d3157e74bd6141bdb"},{"name":"outputs.tf","path":"examples/aws-config-multi-region/terraform/outputs.tf","sha":"77ee90f69634c965b8ebed79a8d3afd6adca4db4"},{"name":"variables.tf","path":"examples/aws-config-multi-region/terraform/variables.tf","sha":"28ef8a8f6216d3d717f969f7a74855fdaf789bbc"}]},{"name":"terragrunt","children":[{"name":"terragrunt.hcl","path":"examples/aws-config-multi-region/terragrunt/terragrunt.hcl","sha":"86d8ffdc50802b666497da82ebcaa53cccc550b7"}]}]},{"name":"aws-config-rules","children":[{"name":"README.md","path":"examples/aws-config-rules/README.md","sha":"6cd2794e82af1e3c3620d8feaed136af5358207e"},{"name":"main.tf","path":"examples/aws-config-rules/main.tf","sha":"a672bd7f4f1c311b862177ac5821f8ac990061d8"},{"name":"outputs.tf","path":"examples/aws-config-rules/outputs.tf","sha":"4319400eb4190f58458f2dd9398225869ff08da3"},{"name":"variables.tf","path":"examples/aws-config-rules/variables.tf","sha":"c4b8d3456a3cb94b2d9067a5b7effaf8caa0579b"}]},{"name":"aws-config","children":[{"name":"README.md","path":"examples/aws-config/README.md","sha":"5d66d09633de365e154669a090edc37fc70548d1"},{"name":"main.tf","path":"examples/aws-config/main.tf","sha":"bcc94c8b68d2468d2cf031730e3a0dc2699528f3"},{"name":"outputs.tf","path":"examples/aws-config/outputs.tf","sha":"ddd32698f39772d663a2d9b8a6276260f5431068"},{"name":"variables.tf","path":"examples/aws-config/variables.tf","sha":"66f62d7333d5df8b562e6f2dfa4f701b88e4f31b"}]},{"name":"aws-organizations","children":[{"name":"README.md","path":"examples/aws-organizations/README.md","sha":"1da3c2fc061fee6ee99564b8b2323ccf69f2c690"},{"name":"main.tf","path":"examples/aws-organizations/main.tf","sha":"ca1326578d257f4b71e4f426856fca392e06cc6d"},{"name":"outputs.tf","path":"examples/aws-organizations/outputs.tf","sha":"a713386520ca735201acfc9a560eda7fcf2aa51a"},{"name":"variables.tf","path":"examples/aws-organizations/variables.tf","sha":"59afc28c87bc3c49d11c6faf7e112643f0a95481"}]},{"name":"cloudtrail-custom-key","children":[{"name":"README.md","path":"examples/cloudtrail-custom-key/README.md","sha":"bb376ddaca4b52bef18a5526aa9cb0465574ff7e"},{"name":"main.tf","path":"examples/cloudtrail-custom-key/main.tf","sha":"6acb0777f951072052ee369179e3efa751110b26"},{"name":"outputs.tf","path":"examples/cloudtrail-custom-key/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail-custom-key/variables.tf","sha":"2a2dbf3f59b98262ec8875d8620e2caffbb4b4a0"}]},{"name":"cloudtrail","children":[{"name":"README.md","path":"examples/cloudtrail/README.md","sha":"2fbe4b7494d970738d054910d86d0ae31718c8ec"},{"name":"main.tf","path":"examples/cloudtrail/main.tf","sha":"8ee63648cf823e8f7edb0415374c4e6291cede87"},{"name":"outputs.tf","path":"examples/cloudtrail/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail/variables.tf","sha":"15e36b8b547b6e9b2cd3fdfbaa418ed480b28f37"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/README.md","sha":"bac6fd37f7f7009454a66e55e8ff377fff36aefb"},{"name":"main.tf","path":"examples/cross-account-iam-roles/main.tf","sha":"2e61fc504d1f6799a5edf8e9fa2e0db271e020f0"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/outputs.tf","sha":"44af3be56d0a80e4d509fcd62c0e6dd8628072fa"},{"name":"variables.tf","path":"examples/cross-account-iam-roles/variables.tf","sha":"fcb1870396b4af7832cd41b92c78e611f515b7bc"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"examples/custom-iam-entity/README.md","sha":"7e6c2e15f44a4ddc28ef276da4b323d2fd326a3f"},{"name":"main.tf","path":"examples/custom-iam-entity/main.tf","sha":"ed80d0abee248afc3532284f98c5347e9e729ea9"},{"name":"outputs.tf","path":"examples/custom-iam-entity/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"variables.tf","path":"examples/custom-iam-entity/variables.tf","sha":"af392635e9a2d6896c316b45517d707a5380b576"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.md","path":"examples/ebs-encryption-multi-region/README.md","sha":"33f8f3f132f3971949a6e8b2d26cabbeb13414b3"},{"name":"main.tf","path":"examples/ebs-encryption-multi-region/main.tf","sha":"009cd8ccbaa9c872f9967f06bdaf89e11b0df915"},{"name":"outputs.tf","path":"examples/ebs-encryption-multi-region/outputs.tf","sha":"49520778a1fc9e5e82777cbb5aa0250e032e1817"},{"name":"variables.tf","path":"examples/ebs-encryption-multi-region/variables.tf","sha":"0f46580369fed2a02ce0152169a7f4d1f4b24254"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"examples/fail2ban/README.md","sha":"6599f8481a3e7666ffe7924707c89b0701d57689"},{"name":"fail2ban-example.json","path":"examples/fail2ban/fail2ban-example.json","sha":"eb07b75536e92721c8496cb5b05900622d44ba11"},{"name":"main.tf","path":"examples/fail2ban/main.tf","sha":"169e1220a15cd7a2cb4d502f14e0ebe6f1f971f4"},{"name":"outputs.tf","path":"examples/fail2ban/outputs.tf","sha":"77a6ab8a992cd106de126f24b2950c1efa499229"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/fail2ban/user-data/user-data.sh","sha":"460b230fb025451e06e8cdd73f83bb5bfea21110"}]},{"name":"variables.tf","path":"examples/fail2ban/variables.tf","sha":"236006c79b34f4fe3a517dd2ae8b805bfb19b6df"}]},{"name":"guardduty","children":[{"name":"README.md","path":"examples/guardduty/README.md","sha":"23c75950a1b8b33286b79bd5e9d853cee02d62ea"},{"name":"main.tf","path":"examples/guardduty/main.tf","sha":"ff3f291ec6204fc44544c038dd5afe51c341d945"},{"name":"outputs.tf","path":"examples/guardduty/outputs.tf","sha":"24b4eecc8136725bafa182f1c4febdf90da49a92"},{"name":"variables.tf","path":"examples/guardduty/variables.tf","sha":"77f3fbbeef3500c93b55899ad8e92f44420858ee"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.md","path":"examples/iam-access-analyzer-multi-region/README.md","sha":"51c398bec469b1d95f4e59e2fb1f287fe621bf20"},{"name":"main.tf","path":"examples/iam-access-analyzer-multi-region/main.tf","sha":"e220a21a233d67d0a29e861a0edb19b38ccd0a4a"},{"name":"variables.tf","path":"examples/iam-access-analyzer-multi-region/variables.tf","sha":"4f95d4b0726d24d8cc7afd7504c862fb6c4b47a6"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"examples/iam-groups/README.md","sha":"7bd21c82fd8f28f7b3155497a0524d86ce17cfdd"},{"name":"main.tf","path":"examples/iam-groups/main.tf","sha":"925ab0f74d319a977088f69d3135c35aea3078be"},{"name":"outputs.tf","path":"examples/iam-groups/outputs.tf","sha":"5076c13be431d7844e1ce524bcd40076450c051e"},{"name":"variables.tf","path":"examples/iam-groups/variables.tf","sha":"a7790e3207316f9e6216574fe2e0dd50fb39b767"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"examples/iam-user-password-policy/README.md","sha":"bc62258833767d2e383a130c43d57a11e229af27"},{"name":"main.tf","path":"examples/iam-user-password-policy/main.tf","sha":"268578723ebd69610d9bd927524eb872d36edb53"},{"name":"outputs.tf","path":"examples/iam-user-password-policy/outputs.tf","sha":"36e88e92cf2568fb06a8da0453a85bcb4bd199dd"},{"name":"variables.tf","path":"examples/iam-user-password-policy/variables.tf","sha":"7f920bda19b0928773bb37203859a68453a12231"}]},{"name":"iam-users","children":[{"name":"README.md","path":"examples/iam-users/README.md","sha":"f8b65e9756e9f8c8703a854c1363be700b5fe8d9"},{"name":"main.tf","path":"examples/iam-users/main.tf","sha":"4f267fd9d51251d09c99f19813e9af881de3e37b"},{"name":"outputs.tf","path":"examples/iam-users/outputs.tf","sha":"2b305a310e6c78ed5d89ff62303b5c64b956bd12"},{"name":"variables.tf","path":"examples/iam-users/variables.tf","sha":"8348c698c50cd968ad09140378ed2fc20b96efb2"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"examples/ip-lockdown/README.md","sha":"3962ba23a76d8f02e5c0ffc8cb71196991628e38"},{"name":"aws-example","children":[{"name":"README.md","path":"examples/ip-lockdown/aws-example/README.md","sha":"da44a1265bdd321d10b4a6e3471a655da91033bb"},{"name":"main.tf","path":"examples/ip-lockdown/aws-example/main.tf","sha":"672ef520b2768de0f3dced907b79904daa1a9ecd"},{"name":"outputs.tf","path":"examples/ip-lockdown/aws-example/outputs.tf","sha":"a175a78c9a10f9f2fd9d7c84f9b304aebc1bdb41"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/ip-lockdown/aws-example/user-data/user-data.sh","sha":"c6d308027737a434f4c96bc3eba5bd301897af62"}]},{"name":"variables.tf","path":"examples/ip-lockdown/aws-example/variables.tf","sha":"85be46b79dfe349e32974eccdc9c3206211787ac"}]},{"name":"ip-lockdown-sample.json","path":"examples/ip-lockdown/ip-lockdown-sample.json","sha":"d12d2f011a862fe4451d094b4fa0447c8a2d0d3e"},{"name":"local-test","children":[{"name":"README.md","path":"examples/ip-lockdown/local-test/README.md","sha":"3f0e1a6483ce3155bb04dbb9a4fd76ed41486d35"},{"name":"docker-compose.yml","path":"examples/ip-lockdown/local-test/docker-compose.yml","sha":"7c8e3a5d1fd40a95ef99b4bba0911c63ed43b530"}]}]},{"name":"kms-grant-multi-region","children":[{"name":"main.tf","path":"examples/kms-grant-multi-region/main.tf","sha":"d07d6b3d31c9216d91285e38e11fda47724dafd6"},{"name":"variables.tf","path":"examples/kms-grant-multi-region/variables.tf","sha":"43e0dc3512d054801c09cd80e47fb28b13f249a7"}]},{"name":"kms-master-key-multi-region","children":[{"name":"main.tf","path":"examples/kms-master-key-multi-region/main.tf","sha":"606a7da2e61aaaf7a9a784245dde4c3c9f05dfc9"},{"name":"outputs.tf","path":"examples/kms-master-key-multi-region/outputs.tf","sha":"c2685a282b5ce295c2dd80a78841711a40e80dcb"},{"name":"variables.tf","path":"examples/kms-master-key-multi-region/variables.tf","sha":"00812e35b344a3d0a715bb781b606627dda87045"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"examples/kms-master-key/README.md","sha":"821565d831f2afcf7a2ffeea9a0854fabdaae033"},{"name":"main.tf","path":"examples/kms-master-key/main.tf","sha":"c3e4d919008c85aad0dd4965c116d1bc05d14da9"},{"name":"outputs.tf","path":"examples/kms-master-key/outputs.tf","sha":"4d5fd0a19ea917beff0241f169b51417ff9935b9"},{"name":"variables.tf","path":"examples/kms-master-key/variables.tf","sha":"c1de5a7b1c0859710d1253b61baf86c4564560e3"}]},{"name":"ntp","children":[{"name":"README.md","path":"examples/ntp/README.md","sha":"b676e802c1d196f6af204d14d143b80864bccd30"},{"name":"ntp-example.json","path":"examples/ntp/ntp-example.json","sha":"f9483aa1f7e35d1904fe50b6990bd348b58bcfb1"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"examples/os-hardening/README.md","sha":"d311d0932f7e98b236d0dcf3d9c629a7f8b3b107"},{"name":"packer-build.sh","path":"examples/os-hardening/packer-build.sh","sha":"8a0cf99893046f648c04ad62d505746e9c3a5e95"},{"name":"packer","children":[{"name":"amazon-linux.json","path":"examples/os-hardening/packer/amazon-linux.json","sha":"35287d613dd1b136a4a0cbfd658b2b4979ee152b"},{"name":"files","children":[{"name":"etc","children":[{"name":"fstab","path":"examples/os-hardening/packer/files/etc/fstab","sha":"cbf68cec68a92bc54f514dd0d6906f19cea857e6"}]}]}]},{"name":"terraform","children":[{"name":"main.tf","path":"examples/os-hardening/terraform/main.tf","sha":"4939ace3d2c401b9b53a8cb52c46a841c7e2d997"},{"name":"outputs.tf","path":"examples/os-hardening/terraform/outputs.tf","sha":"33083aed25a4ed6e323bf84381b896614814c9d1"},{"name":"variables.tf","path":"examples/os-hardening/terraform/variables.tf","sha":"25d9e4a3ecf236434b71fd2eac179fa27cdb8587"}]}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"examples/private-s3-bucket/README.md","sha":"5214e6225de5e051cb2842fa2eb6e04a92184a10"},{"name":"main.tf","path":"examples/private-s3-bucket/main.tf","sha":"9ace467fd8dbda698affc7bf4eb30edc7f059f9f"},{"name":"outputs.tf","path":"examples/private-s3-bucket/outputs.tf","sha":"efddeeb33901e91f4f28a438afb3455f2cca5e18"},{"name":"variables.tf","path":"examples/private-s3-bucket/variables.tf","sha":"92ff2336e37bd84902a59213bfe370c2f2ae9eac"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"examples/saml-iam-roles/README.md","sha":"b4ef2b28d5704aec892ea54cc28a61fbb46378c9"},{"name":"main.tf","path":"examples/saml-iam-roles/main.tf","sha":"ad4ffe5bc3bc69ab9d4b8b458f397422bc4c44aa"},{"name":"outputs.tf","path":"examples/saml-iam-roles/outputs.tf","sha":"1bd4fec9529cddfd2d3f61bba60f9dfb8b286c70"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"variables.tf","path":"examples/saml-iam-roles/variables.tf","sha":"28705aa859940aa4b8027a19fe0b5b4affba939e"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"README.md","path":"examples/secrets-manager-resource-policies/README.md","sha":"289a83c28bd9142fc7bbb4e603a4b25b4c9c1b98"},{"name":"main.tf","path":"examples/secrets-manager-resource-policies/main.tf","sha":"bc27a3055c7ab7a05648f9501b5b10b64d3d0bea"},{"name":"variables.tf","path":"examples/secrets-manager-resource-policies/variables.tf","sha":"d6f5c45fbc2173475cec7c4e77ac8f5caed4dc27"}]},{"name":"ssh-grunt","children":[{"name":"iam","children":[{"name":"README.md","path":"examples/ssh-grunt/iam/README.md","sha":"b1ae6d51c6f6d3eeb7df2b51dab8d0d238f53132"},{"name":"main.tf","path":"examples/ssh-grunt/iam/main.tf","sha":"10d87b85f78e492f30872a91173b5cb94ce9dcba"},{"name":"outputs.tf","path":"examples/ssh-grunt/iam/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"variables.tf","path":"examples/ssh-grunt/iam/variables.tf","sha":"1ee58afdef7dad43bb3fb221995cc3daf631177b"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/ssh-grunt/packer/README.md","sha":"198bd8cc5b0c8cec13fd17229bfa3fc62f34de53"},{"name":"build-binary.sh","path":"examples/ssh-grunt/packer/build-binary.sh","sha":"fe84ead78eb3e87e4855272f28c83d681c58ffff"},{"name":"ssh-grunt-iam.json","path":"examples/ssh-grunt/packer/ssh-grunt-iam.json","sha":"73bdac20b37017b7e31dbbf89486b1da3c8a4589"}]}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"examples/ssm-healthchecks-iam-permissions/README.md","sha":"f1fe555a3aff887a966def0a1d3ccaff3dd826e7"},{"name":"main.tf","path":"examples/ssm-healthchecks-iam-permissions/main.tf","sha":"828b59bdb57d091556d90c9a8419c1137d541145"},{"name":"outputs.tf","path":"examples/ssm-healthchecks-iam-permissions/outputs.tf","sha":"52688c3a4f1f8349500505fb8949fa0d21c385a3"},{"name":"variables.tf","path":"examples/ssm-healthchecks-iam-permissions/variables.tf","sha":"217574c100974ae601b2a1478e0ac183d351d4a0"}]}]},{"name":"modules","children":[{"name":"_deprecated","children":[{"name":"account-baseline-app","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-app/README.md","sha":"fafca675aea1c5157ec3cc9f464b915d53c2f64d"}]},{"name":"account-baseline-root","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-root/README.md","sha":"7863a798cf9fefea05be05ee5da591fe9f1da926"}]},{"name":"account-baseline-security","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-security/README.md","sha":"47aa4058c7789874787b7c007ce757b87428934f"}]},{"name":"custom-iam-group","children":[{"name":"README.md","path":"modules/_deprecated/custom-iam-group/README.md","sha":"e7a0ff783eb1052aa77fe50d7eaa6a06d2d82649"}]}]},{"name":"auto-update","children":[{"name":"README.adoc","path":"modules/auto-update/README.adoc","sha":"3344544b5219e0dea5285906a9477fe569ab2534"},{"name":"core-concepts.md","path":"modules/auto-update/core-concepts.md","sha":"0e4dd35dc4b7320764f203b5cc91e55ecaa9b0be"},{"name":"install-scripts","children":[{"name":"configure-auto-update","path":"modules/auto-update/install-scripts/configure-auto-update","sha":"9557efec90bf62cbcd0360198ec2bf984a8a873b"},{"name":"unattended_upgrades_config.txt","path":"modules/auto-update/install-scripts/unattended_upgrades_config.txt","sha":"abe88fd8a5037ce518bec69a6cac0699cb421d47"},{"name":"yum_cron_config.txt","path":"modules/auto-update/install-scripts/yum_cron_config.txt","sha":"e7ef4273f1b2af0c9c032fadaacd03130ba5ea78"}]},{"name":"install.sh","path":"modules/auto-update/install.sh","sha":"7c19fd0d04b11c358af64149b3169d6b2c5e3b58"}]},{"name":"aws-auth","children":[{"name":"AWS-AUTH-1PASSWORD.md","path":"modules/aws-auth/AWS-AUTH-1PASSWORD.md","sha":"bcfd06153c8ee21f1e3468ce9b1634d5dc7cc68c"},{"name":"AWS-AUTH-LASTPASS.md","path":"modules/aws-auth/AWS-AUTH-LASTPASS.md","sha":"7c370864041284d8ce90749c0bc5dca744c43a5a"},{"name":"README.md","path":"modules/aws-auth/README.md","sha":"c0c0cc6643d546871d18d5bf9ca7948bf9b13407"},{"name":"bin","children":[{"name":"aws-auth","path":"modules/aws-auth/bin/aws-auth","sha":"53ac944b29b7f15d97d312b0fd3745ffbd0a6dd8"}]},{"name":"install.sh","path":"modules/aws-auth/install.sh","sha":"ab9611d92d6822ceed981bdff3766724366037f0"}]},{"name":"aws-config-bucket","children":[{"name":"README.md","path":"modules/aws-config-bucket/README.md","sha":"2988d934e16617289522a4ea711ee07589ce96d7"},{"name":"main.tf","path":"modules/aws-config-bucket/main.tf","sha":"9ff867d408798e42c281dd0f9225758433483000"},{"name":"outputs.tf","path":"modules/aws-config-bucket/outputs.tf","sha":"8ac7ab1c4c5ded586bee63ce460b25cd60eb4a18"},{"name":"variables.tf","path":"modules/aws-config-bucket/variables.tf","sha":"a4a360e78df5c7dc310e7dcd5dba952af109e7c9"}]},{"name":"aws-config-multi-region","children":[{"name":"README.adoc","path":"modules/aws-config-multi-region/README.adoc","sha":"7b2c57aa457d265a0cadfd6ec00fd96f0906d9d7"},{"name":"core-concepts.md","path":"modules/aws-config-multi-region/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"main.tf","path":"modules/aws-config-multi-region/main.tf","sha":"05a7adb95a650da8855c527d3e30ae3763bfe503"},{"name":"outputs.tf","path":"modules/aws-config-multi-region/outputs.tf","sha":"b0b62c8a003fcef88734cb540ad9e75b25721ffa"},{"name":"variables.autogen.tf","path":"modules/aws-config-multi-region/variables.autogen.tf","sha":"d4d9bbf38fbfff79327a1df714fb9a90f281217a"},{"name":"variables.tf","path":"modules/aws-config-multi-region/variables.tf","sha":"f19c1305968c444c53b1679f59930e8906542d7d"}]},{"name":"aws-config-rules","children":[{"name":"README.adoc","path":"modules/aws-config-rules/README.adoc","sha":"9c6eac2548b5cc7ffc13db3a4aaff3186bbf3557"},{"name":"core-concepts.md","path":"modules/aws-config-rules/core-concepts.md","sha":"af111230b6262be339d220c7b2308493781fef49"},{"name":"main.tf","path":"modules/aws-config-rules/main.tf","sha":"43f45353636ee078eb0e7a4540883b582a27d149"},{"name":"outputs.tf","path":"modules/aws-config-rules/outputs.tf","sha":"c297ad118d46f79f286d6577770ab46e59555ccb"},{"name":"variables.tf","path":"modules/aws-config-rules/variables.tf","sha":"e0645e3cfa20c357ae31401a32b7ea2d81d30d5b"}]},{"name":"aws-config","children":[{"name":"README.adoc","path":"modules/aws-config/README.adoc","sha":"8cf4b8ba68a4d4160994d06bec9a16ffe900bfe4"},{"name":"core-concepts.md","path":"modules/aws-config/core-concepts.md","sha":"e5a7b8646bab42398ff7f5224549e528ce8c0d52"},{"name":"main.tf","path":"modules/aws-config/main.tf","sha":"a8e2084171d4481be2db4554f3f3894b9274ba03"},{"name":"outputs.tf","path":"modules/aws-config/outputs.tf","sha":"bcd505e4ac4102bc09750adb36c99398a06eb1a6"},{"name":"variables.tf","path":"modules/aws-config/variables.tf","sha":"f11de236e41647906146b9d8505b7e6295ff3f30"}]},{"name":"aws-organizations","children":[{"name":"README.adoc","path":"modules/aws-organizations/README.adoc","sha":"2e323ec109c6cc533af2a5e291b5b9c819f1109f"},{"name":"core-concepts.md","path":"modules/aws-organizations/core-concepts.md","sha":"8766c8f36eef9e8992bf13a44f6571261c43995d"},{"name":"main.tf","path":"modules/aws-organizations/main.tf","sha":"e8782657d32027bed8abe65615f7523d660bf823"},{"name":"outputs.tf","path":"modules/aws-organizations/outputs.tf","sha":"feed57b33ab7eb9b100712647942f1a8d7245b3d"},{"name":"variables.tf","path":"modules/aws-organizations/variables.tf","sha":"4eac97565d5ab76a5e0c03cde4a9337001125156"}]},{"name":"cloudtrail-bucket","children":[{"name":"README.md","path":"modules/cloudtrail-bucket/README.md","sha":"77bdc9e5689c0c06503867153355bc81d9962498"},{"name":"main.tf","path":"modules/cloudtrail-bucket/main.tf","sha":"b17400da14c4d9ee7d2248d0311145f595feaef7"},{"name":"outputs.tf","path":"modules/cloudtrail-bucket/outputs.tf","sha":"1e560e9b0cc1c8f40e81d5fe8bbbf1c03258fdae"},{"name":"variables.tf","path":"modules/cloudtrail-bucket/variables.tf","sha":"c7d85ff8062e94eba29f2bc390fdb8ffd83dfc3e"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"6de764e65a82d7ccb3658f8c2696e07239cc6179"},{"name":"core-concepts.md","path":"modules/cloudtrail/core-concepts.md","sha":"7e8c8a4631410e36831f5ae2b5644d229d36a4d0"},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"73798b7a133f7e505a1e5bfcefdda946643be03f"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"d161a32bbcd6f824955c273c49ef9e00bcdb57b3"},{"name":"variables.tf","path":"modules/cloudtrail/variables.tf","sha":"86bc67548fefd11024902b26f0f77b17f99ddc1e"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"modules/cross-account-iam-roles/README.md","sha":"47b6fde4186405fd3e4940050f7fc065dc0f9b4f"},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"4a345c362a772f8a49258cfe69ea2f65a497569d"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"4e4697d3c627fc668206d03557f8d58b3f391465"},{"name":"variables.tf","path":"modules/cross-account-iam-roles/variables.tf","sha":"6abcc59946e0d4552ee823ac4cc19e75a7ba6134"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"modules/custom-iam-entity/README.md","sha":"7e0ac019931836a663354723e51d922fc30f08ee"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"7e319c03519bf2bb265b310edeb34efa5cf67584"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"b94249803e78991682b8542d8f39e5a728432b97"},{"name":"variables.tf","path":"modules/custom-iam-entity/variables.tf","sha":"386b059488762ada0098e8beb770a6792fb115e5"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.adoc","path":"modules/ebs-encryption-multi-region/README.adoc","sha":"995c656021a1b60bfe7966124c8212dca5ee0209"},{"name":"main.tf","path":"modules/ebs-encryption-multi-region/main.tf","sha":"35631688d2b53297030b3f8ca0be9441da16b79e"},{"name":"outputs.tf","path":"modules/ebs-encryption-multi-region/outputs.tf","sha":"16baedd2d7e0b29b7c91888bb251956a83d30d7e"},{"name":"variables.autogen.tf","path":"modules/ebs-encryption-multi-region/variables.autogen.tf","sha":"f1b1ebc5eb7b79bc33d01d8b9de86bd43af7bdbd"},{"name":"variables.tf","path":"modules/ebs-encryption-multi-region/variables.tf","sha":"4bb22b9bb519462a429baea8ffea9d1a3991be26"}]},{"name":"ebs-encryption","children":[{"name":"README.md","path":"modules/ebs-encryption/README.md","sha":"f9f23a71b7725648a9fdc9300de92d38014e6f63"},{"name":"main.tf","path":"modules/ebs-encryption/main.tf","sha":"b313892d7e3c4cd5aea95b5b7a026c79cbea6a9e"},{"name":"outputs.tf","path":"modules/ebs-encryption/outputs.tf","sha":"6caa6eba337ae7aa9ad7db82dbd2cf6223f42cb9"},{"name":"variables.tf","path":"modules/ebs-encryption/variables.tf","sha":"d47c23a0c98c7561fcf0d95fa22fc40b34182bf9"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"modules/fail2ban/README.md","sha":"e4cd7c70b170022b2e306289d4e8b949c58dd6ab"},{"name":"install-scripts","children":[{"name":"cloudwatch-metric.conf","path":"modules/fail2ban/install-scripts/cloudwatch-metric.conf","sha":"b2fb301180aeb253f5168a6fedd3e5c44b6938ff"},{"name":"configure-fail2ban","path":"modules/fail2ban/install-scripts/configure-fail2ban","sha":"63463897dedf4e7272d448395271799c0edf9d69"},{"name":"fail2ban.local","path":"modules/fail2ban/install-scripts/fail2ban.local","sha":"ea80bf8058a1f9bb1a80a59031981b2a37445750"},{"name":"filters.sshd.amazon.conf","path":"modules/fail2ban/install-scripts/filters.sshd.amazon.conf","sha":"093bb1baf88a1e283a43b7dd7d04c64992abecc6"},{"name":"jail.amazon.local","path":"modules/fail2ban/install-scripts/jail.amazon.local","sha":"1284b66ca5a007b77a40c27b66662425e7fe8c91"},{"name":"jail.amazon2.local","path":"modules/fail2ban/install-scripts/jail.amazon2.local","sha":"8f0285c493c406aa0db98f40b8bf9aa238f52353"},{"name":"jail.ubuntu.local","path":"modules/fail2ban/install-scripts/jail.ubuntu.local","sha":"b3485d20a2b1fad7949167d30eff2b4caf357d81"}]},{"name":"install.sh","path":"modules/fail2ban/install.sh","sha":"8f7b536f08506dabc2f6beb6cd5a50f7282168aa"},{"name":"user-data-scripts","children":[{"name":"configure-fail2ban-cloudwatch.sh","path":"modules/fail2ban/user-data-scripts/configure-fail2ban-cloudwatch.sh","sha":"5c112c70c078b769f3ae31e71334499d0e5be64a"}]}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"modules/guardduty-multi-region/README.adoc","sha":"194ca4706ab4f825b6c730c3d46d1a8e060146c6"},{"name":"main.tf","path":"modules/guardduty-multi-region/main.tf","sha":"6fe3088f5829000a4e94541a6b895dd4f256e3db"},{"name":"outputs.tf","path":"modules/guardduty-multi-region/outputs.tf","sha":"17ed87f6be722742d29aee0ef8e35a641a2ea54e"},{"name":"variables.autogen.tf","path":"modules/guardduty-multi-region/variables.autogen.tf","sha":"a51a22f516dc05b86490be7e4f43fa44e6c9d176"},{"name":"variables.tf","path":"modules/guardduty-multi-region/variables.tf","sha":"a603806b6a10a93ebfa94b96e27709422b2c3d09"}]},{"name":"guardduty","children":[{"name":"README.adoc","path":"modules/guardduty/README.adoc","sha":"e02af362f50b96fd074bcd96a67e716762ba211e"},{"name":"core-concepts.md","path":"modules/guardduty/core-concepts.md","sha":"2eab0fd6c0548ba11104b6d778eb224df5622886"},{"name":"main.tf","path":"modules/guardduty/main.tf","sha":"594ca03f0733ffe1a77f942e6b4e0f20b51f853f"},{"name":"outputs.tf","path":"modules/guardduty/outputs.tf","sha":"0fd6fdc76d8bc1bb4c544028c802248999d309f7"},{"name":"variables.tf","path":"modules/guardduty/variables.tf","sha":"2deeb1952d1acbb8e8b2973b1f5c98443e534906"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.adoc","path":"modules/iam-access-analyzer-multi-region/README.adoc","sha":"2e38257bf549f39cbd7d9d7a769f64925807db0a"},{"name":"core-concepts.md","path":"modules/iam-access-analyzer-multi-region/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"main.tf","path":"modules/iam-access-analyzer-multi-region/main.tf","sha":"cb05145d49b4f74e919134d54f5f6933616d8677"},{"name":"outputs.tf","path":"modules/iam-access-analyzer-multi-region/outputs.tf","sha":"0a4379e38beae72541e7e975f297584db7e98b04"},{"name":"variables.autogen.tf","path":"modules/iam-access-analyzer-multi-region/variables.autogen.tf","sha":"cb220574a9417ba15df4a67116f96211671c3777"},{"name":"variables.tf","path":"modules/iam-access-analyzer-multi-region/variables.tf","sha":"6e8d81aac5af0cba584e6d0884e03cfbc23ba07f"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"modules/iam-groups/README.md","sha":"07820342d38caf90b08a1ff0df904298ed132c8f"},{"name":"_docs","children":[{"name":"iam-user-access-to-billing.png","path":"modules/iam-groups/_docs/iam-user-access-to-billing.png","sha":"063f6cf8dc766b4d44942de89660e8ab9e1f3d63"},{"name":"my-account.png","path":"modules/iam-groups/_docs/my-account.png","sha":"387320200ed756ce4191afef87f0ab76e2c3d89a"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"68dfc086fdbcb776b29880bd0750f14e22bebaa7"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"0fc97269b51e6c51647aa5420198d1d11c5afa37"},{"name":"variables.tf","path":"modules/iam-groups/variables.tf","sha":"b44cce3a58cf651cfa37ead33156b3b794021a40"}]},{"name":"iam-policies","children":[{"name":"README.md","path":"modules/iam-policies/README.md","sha":"0297e14a7dfdf5727d9be5ab4f47dcf67357b247"},{"name":"main.tf","path":"modules/iam-policies/main.tf","sha":"955f1ed1f18537765bdf3f67fe8dbc93df43ee4a"},{"name":"outputs.tf","path":"modules/iam-policies/outputs.tf","sha":"19511cfc28b22103cb164c6df8b5b530e7e3e172"},{"name":"variables.tf","path":"modules/iam-policies/variables.tf","sha":"8801af9087c945960705d082a2325200f78dfceb"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"modules/iam-user-password-policy/README.md","sha":"5bea6ba56fc796be5b860549156a3a251735fc2a"},{"name":"main.tf","path":"modules/iam-user-password-policy/main.tf","sha":"741a932235f8713e9d66e56b54341a2bbb67d5db"},{"name":"outputs.tf","path":"modules/iam-user-password-policy/outputs.tf","sha":"825547bd9d41fed1cc1b3506c17f81c48b1bfd1a"},{"name":"variables.tf","path":"modules/iam-user-password-policy/variables.tf","sha":"568582c249e3cfd7899ea23b8b58e43328c9d100"}]},{"name":"iam-users","children":[{"name":"README.md","path":"modules/iam-users/README.md","sha":"eacb8c8dd745d047f3844e0b63573af66b8c1083"},{"name":"main.tf","path":"modules/iam-users/main.tf","sha":"c1a09c72306781c23d640dcd7ada6350b78ad190"},{"name":"outputs.tf","path":"modules/iam-users/outputs.tf","sha":"4d053caccca2412befcf956c94e908b2d5c89054"},{"name":"variables.tf","path":"modules/iam-users/variables.tf","sha":"7c95581250a95725f73e0ec771fcf323568114a8"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"modules/ip-lockdown/README.md","sha":"7ec92da38b5b06af9e61ab164bb6b4b0470ed92a"},{"name":"install.sh","path":"modules/ip-lockdown/install.sh","sha":"ce61af763bee9ad29754220ae24521f22c3a956f"},{"name":"ip-lockdown","path":"modules/ip-lockdown/ip-lockdown","sha":"93a0e1f5876e7de5778c595e8801d64986cb118b"}]},{"name":"kms-grant-multi-region","children":[{"name":"README.adoc","path":"modules/kms-grant-multi-region/README.adoc","sha":"543e1bf6e0c486ded77fa98b3bbbfc257ce8d4cf"},{"name":"core-concepts.md","path":"modules/kms-grant-multi-region/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"main.tf","path":"modules/kms-grant-multi-region/main.tf","sha":"3b2a597a19072b2320c9c3a3e2a2bcf9f8051cb4"},{"name":"outputs.tf","path":"modules/kms-grant-multi-region/outputs.tf","sha":"b9d84078afacb154536292bddba4afbd6c9158c2"},{"name":"variables.autogen.tf","path":"modules/kms-grant-multi-region/variables.autogen.tf","sha":"6d3efcb811c0d3d6f5e3f935688d5b82c8a7ecb5"},{"name":"variables.tf","path":"modules/kms-grant-multi-region/variables.tf","sha":"505b2d0cb9ecf78f0364e845cab72bf0c28365d5"}]},{"name":"kms-master-key-multi-region","children":[{"name":"README.adoc","path":"modules/kms-master-key-multi-region/README.adoc","sha":"89497b236814c059ccc546a27880f40e0e77a99e"},{"name":"main.tf","path":"modules/kms-master-key-multi-region/main.tf","sha":"ef8dec3c4c327f6fe8b2e667a20f7a3a2d3e0259"},{"name":"outputs.tf","path":"modules/kms-master-key-multi-region/outputs.tf","sha":"932a3ac2a94e4950267c55c115f1118328345bf3"},{"name":"variables.autogen.tf","path":"modules/kms-master-key-multi-region/variables.autogen.tf","sha":"e579eb86070be28f70ce2d7cc71b7509441f042b"},{"name":"variables.tf","path":"modules/kms-master-key-multi-region/variables.tf","sha":"146f394a213942a53c254efafeea96a0ac958418"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"modules/kms-master-key/README.md","sha":"1b43a005494f12b05551adb020a31726f28e10d3"},{"name":"main.tf","path":"modules/kms-master-key/main.tf","sha":"59c2cef1468683c3c5a670e2da515673fece13ff"},{"name":"outputs.tf","path":"modules/kms-master-key/outputs.tf","sha":"4d0dbba81e8186243d96a8325a5f643d87543451"},{"name":"variables.tf","path":"modules/kms-master-key/variables.tf","sha":"4b4f49c17034d827f23175cbb712ff757ae7c34f"}]},{"name":"ntp","children":[{"name":"README.md","path":"modules/ntp/README.md","sha":"31112a11cff027ba074d454f5a23c5ce3e839c11"},{"name":"install.sh","path":"modules/ntp/install.sh","sha":"a8b042233bc89629c31b82a9433c013b709b8d82"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"modules/os-hardening/README.md","sha":"3e864b0e9208eb6809adf41968c51e02fc233ee1"},{"name":"_docs","children":[{"name":"Helpful Email.md","path":"modules/os-hardening/_docs/Helpful Email.md","sha":"246a0b80b29f5ff3d2b2f4c5c170fc927e2d9dd7"}]},{"name":"ami-builder","children":[{"name":"files","children":[{"name":"user-data.sh.template","path":"modules/os-hardening/ami-builder/files/user-data.sh.template","sha":"4a3c87a19e1a4caa20b9b425b2a02101566d1166"}]},{"name":"main.tf","path":"modules/os-hardening/ami-builder/main.tf","sha":"d2d9a03d2e67c23dae5e67c937f2a3b00be75059"},{"name":"outputs.tf","path":"modules/os-hardening/ami-builder/outputs.tf","sha":"8ce2ee598124ca50dd530a33aa60f5d1452a4a2b"},{"name":"variables.tf","path":"modules/os-hardening/ami-builder/variables.tf","sha":"d760f34eeae322790865c1cb30dfe20d0225328f"}]},{"name":"partition-scripts","children":[{"name":"README.md","path":"modules/os-hardening/partition-scripts/README.md","sha":"b55df29c7a3d6dc3ecbbbfe4ab4b8749f053f00b"},{"name":"bin","children":[{"name":"cleanup-volume","path":"modules/os-hardening/partition-scripts/bin/cleanup-volume","sha":"c7cbf3ecebd915235238557d27a1ce25e6fc10fa"},{"name":"partition-volume","path":"modules/os-hardening/partition-scripts/bin/partition-volume","sha":"f4f8566a1ef6aa4ff0c0268bd28721488aa6dfc4"}]},{"name":"install.sh","path":"modules/os-hardening/partition-scripts/install.sh","sha":"606776c068260836e8612a681ff4e3edc8abdb41"}]}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"modules/private-s3-bucket/README.md","sha":"36f7267d282623839f794ddebbe861ef74f56e13"},{"name":"main.tf","path":"modules/private-s3-bucket/main.tf","sha":"4c28c273c9d6b70706628d0f7d182f26c6e6d419"},{"name":"outputs.tf","path":"modules/private-s3-bucket/outputs.tf","sha":"f2ab2237674b888d45bbede9f9b6f0dafe7471ea"},{"name":"variables.tf","path":"modules/private-s3-bucket/variables.tf","sha":"4fd838facbbd03c660a0bb82ad3e74507fce9654"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"modules/saml-iam-roles/README.md","sha":"5ebc8c20f781a0f0b5654decdcf9bd607fee65b3"},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"7ed4040506eb0ee95b411790e5a9ee06224606c8"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"c579901907b216c55e4c815d28f0a22171a960e6"},{"name":"variables.tf","path":"modules/saml-iam-roles/variables.tf","sha":"1f3f26ade9fd75d8e66ba12649f45d075b5e0f2b"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"README.md","path":"modules/secrets-manager-resource-policies/README.md","sha":"b894ce3171c28ae91acbfe6bdcec35615c599bbb"},{"name":"main.tf","path":"modules/secrets-manager-resource-policies/main.tf","sha":"5c3218843b7708070dbfd4b79640729f0aa3cf36"},{"name":"outputs.tf","path":"modules/secrets-manager-resource-policies/outputs.tf","sha":"8b237f325d54b84ac2453e8945f61cdf0d24b41b"},{"name":"variables.tf","path":"modules/secrets-manager-resource-policies/variables.tf","sha":"2b45ef099c805c1265e5dc611c138de4a40141eb"}]},{"name":"ssh-grunt-selinux-policy","children":[{"name":"README.md","path":"modules/ssh-grunt-selinux-policy/README.md","sha":"53f02f57185efebc35d6ebfe156ce73d02a5f112"},{"name":"install.sh","path":"modules/ssh-grunt-selinux-policy/install.sh","sha":"3de871d61a9990e7f2c130f23afaf00daeb6bbef"},{"name":"ssh-grunt.pp","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.pp","sha":"7c7050f812cd0e3cb34e37b88c35fb09f369be7d"},{"name":"ssh-grunt.te","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.te","sha":"3317a71feaa633662a00b1dc05b1176cb85c9793"}]},{"name":"ssh-grunt","children":[{"name":".dockerignore","path":"modules/ssh-grunt/.dockerignore","sha":"a725465aee245635a2bd129af54858ed32c84cb8"},{"name":"Dockerfile","path":"modules/ssh-grunt/Dockerfile","sha":"95acbc9a8a04bf1e5dcf7ef92578bbbdc3574b9d"},{"name":"README.adoc","path":"modules/ssh-grunt/README.adoc","sha":"e63d38d35d3e84783818f799a158e343ac7cb97a"},{"name":"_ci","children":[{"name":"build-and-test.sh","path":"modules/ssh-grunt/_ci/build-and-test.sh","sha":"903993de2d7bcde19d472fa5e510ee862d4b10c3"},{"name":"test.sh","path":"modules/ssh-grunt/_ci/test.sh","sha":"235603944316e81f1da1cc0248b80beecf99cb27"}]},{"name":"_docs","children":[{"name":"houston-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/houston-upload-ssh-key.png","sha":"e32519497262f9796a4ea46c53953923975cbd7d"},{"name":"iam-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/iam-upload-ssh-key.png","sha":"8bb1e793185eb0b4822023552899874394342f21"}]},{"name":"core-concepts.md","path":"modules/ssh-grunt/core-concepts.md","sha":"8c7b359b4fbfd52aa18124efe06f1304edbf2db2"},{"name":"docker-compose.yml","path":"modules/ssh-grunt/docker-compose.yml","sha":"74a2c67f6b9dc838ff3bd9c9c5aa68c813db1f0d"},{"name":"go.mod","path":"modules/ssh-grunt/go.mod","sha":"269b088eee99537b10fcd44d9f129da65cb34a8a"},{"name":"go.sum","path":"modules/ssh-grunt/go.sum","sha":"9c21e75d8e59393633a732fe8b646daedf4ac139"},{"name":"scripts","children":[{"name":"build-linux-binary.sh","path":"modules/ssh-grunt/scripts/build-linux-binary.sh","sha":"2d91cbed3db40f419e6a440ce2735b9d3f2d048b"},{"name":"run.sh","path":"modules/ssh-grunt/scripts/run.sh","sha":"050027e034cd03e53625986eb0f331c043492cf6"}]},{"name":"src","children":[{"name":"cli.go","path":"modules/ssh-grunt/src/cli.go","sha":"d12bfb946f3c5268afbc9ac012134e831b2a3ec7"},{"name":"cli_test.go","path":"modules/ssh-grunt/src/cli_test.go","sha":"9bac2a34c06455e1b7fe913afe61e54b2ae754b2"},{"name":"collections.go","path":"modules/ssh-grunt/src/collections.go","sha":"aa9b67f00f57088f9bf4e129dcc53003524dd0a7"},{"name":"cron.go","path":"modules/ssh-grunt/src/cron.go","sha":"4ceb8efd0cdf51b5170bb152b6824fc54f8d429c"},{"name":"cron_test.go","path":"modules/ssh-grunt/src/cron_test.go","sha":"4b87577a1cc2b8dbff08457d60bbc96546149174"},{"name":"ec2_instance_connect.go","path":"modules/ssh-grunt/src/ec2_instance_connect.go","sha":"99c31ddd2ee34d18dd9e676ec22eef5eebc3187f"},{"name":"errors.go","path":"modules/ssh-grunt/src/errors.go","sha":"03c89804638ecc45fdcd0a0aeaed9ea5f605940b"},{"name":"file.go","path":"modules/ssh-grunt/src/file.go","sha":"eb991fd15ac2c3660313e6d4c5669b36ccc9cc21"},{"name":"groups.go","path":"modules/ssh-grunt/src/groups.go","sha":"49e569a80abb6306ab0f7fd79c810d2e2ad8ab3a"},{"name":"groups_test.go","path":"modules/ssh-grunt/src/groups_test.go","sha":"7e54ba9b640b07605ae959de086fc6998861e311"},{"name":"houston.go","path":"modules/ssh-grunt/src/houston.go","sha":"e9db062f2cb815b49e4df754427ae286e4d163d4"},{"name":"houston_test.go","path":"modules/ssh-grunt/src/houston_test.go","sha":"82a9b2d2d41e09b6949897ed989a483fc7e0a650"},{"name":"iam.go","path":"modules/ssh-grunt/src/iam.go","sha":"dafbc8fbb732d2d6212cade786eb13d7215b9862"},{"name":"iam_test.go","path":"modules/ssh-grunt/src/iam_test.go","sha":"9c11adba27799e318ea9c1abb843ffbb0520c880"},{"name":"logger.go","path":"modules/ssh-grunt/src/logger.go","sha":"93095ba8216709b3178fcc44a76421a765f4e302"},{"name":"main.go","path":"modules/ssh-grunt/src/main.go","sha":"a89d9402d32d371dc9b945ab9c72996808d17b85"},{"name":"shell.go","path":"modules/ssh-grunt/src/shell.go","sha":"7f49eeee4119efde0bd58d7c78fd4ef785dc5f6c"},{"name":"ssh.go","path":"modules/ssh-grunt/src/ssh.go","sha":"8e6b62d6c33279aaf5af6cabacd0afc4d186ca97"},{"name":"ssh_test.go","path":"modules/ssh-grunt/src/ssh_test.go","sha":"7500d8fd85ef74758501f6952be45cb523e29cd1"},{"name":"string.go","path":"modules/ssh-grunt/src/string.go","sha":"fc61ca9625f9d654c2b3576ff932db1b90ae9dfe"},{"name":"string_test.go","path":"modules/ssh-grunt/src/string_test.go","sha":"78bf08d239079c9c985d40da1cc9bcdcb4c0bc5d"},{"name":"sync.go","path":"modules/ssh-grunt/src/sync.go","sha":"7c2f9ff292b484a7ca1ab14e1bbd558cd24553f2"},{"name":"sync_test.go","path":"modules/ssh-grunt/src/sync_test.go","sha":"2ddb07aedec67d1698af022e4e1391ea60636f9e"},{"name":"url.go","path":"modules/ssh-grunt/src/url.go","sha":"0af5ddc5f3e27af95d6f6ddd41acf0c229962f7f"},{"name":"url_test.go","path":"modules/ssh-grunt/src/url_test.go","sha":"606974cac1eee3f309a951c1d9e11ed389088836"},{"name":"users.go","path":"modules/ssh-grunt/src/users.go","sha":"6c3a8a22006a91656fcc5fd31d684271cdf129e3"},{"name":"users_test.go","path":"modules/ssh-grunt/src/users_test.go","sha":"fdd9f7f99466c223b9abdd4951147c8febc0b3fb"}]}]},{"name":"ssh-iam","children":[{"name":"README.md","path":"modules/ssh-iam/README.md","sha":"4aa06d6a729e53384b6d2a43c06ee38807092f32"}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"modules/ssm-healthchecks-iam-permissions/README.md","sha":"0a97288d14b005662ae642819eeadb2aaff24534"},{"name":"main.tf","path":"modules/ssm-healthchecks-iam-permissions/main.tf","sha":"4d69825ecba3bddb724329abb44fc90a8ce582ef"},{"name":"variables.tf","path":"modules/ssm-healthchecks-iam-permissions/variables.tf","sha":"36778c58999e05f20468d118f22e8c9d754b1a4d"}]},{"name":"tls-cert-private","children":[{"name":"Dockerfile","path":"modules/tls-cert-private/Dockerfile","sha":"bc6b1c28764936758a47ceedccf790b56200d6cf"},{"name":"README.md","path":"modules/tls-cert-private/README.md","sha":"c6996ec25d7d9b1ab4f79d8164a14e86e1ac844f"},{"name":"docker-compose.yml","path":"modules/tls-cert-private/docker-compose.yml","sha":"f872026e8d51ceaab2e1c11cc9cf9c35ba81f29c"},{"name":"files","children":[{"name":"openssl.cnf","path":"modules/tls-cert-private/files/openssl.cnf","sha":"2542542c80ab180c47d3e0a27dbded65bed572de"}]},{"name":"scripts","children":[{"name":"generate-ca-keypair.sh","path":"modules/tls-cert-private/scripts/generate-ca-keypair.sh","sha":"395ee97c0e499c660efac5c5cf1f79dfcdbb69f8"},{"name":"generate-tls-keypair.sh","path":"modules/tls-cert-private/scripts/generate-tls-keypair.sh","sha":"f1c3577437fd589087704a9c003de416cb87d232"},{"name":"main.sh","path":"modules/tls-cert-private/scripts/main.sh","sha":"dc7af965ffb783bbef449010818e69294fa2ef75"}]}]}]},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"b44e2152ea21d65a8c51bb58321e18ec7527c22e"},{"name":"common","children":[{"name":"test_helpers.go","path":"test/common/test_helpers.go","sha":"d42b5149d99dd3fce84a7cef158a8cea44be3c99"}]},{"name":"go.mod","path":"test/go.mod","sha":"b9046484d7a7586be36d742290351fd24c75df62"},{"name":"go.sum","path":"test/go.sum","sha":"c10ce99d6dfbf70f3e7fc156181041d76d7ae9ce"},{"name":"landingzone","children":[{"name":"aws_config_rules_test.go","path":"test/landingzone/aws_config_rules_test.go","sha":"e198464d094ef43a2ff5dc85da38c6cfc3d92fa8"},{"name":"aws_config_test.go","path":"test/landingzone/aws_config_test.go","sha":"0b3f31ceb711a79cd630e81d8a253a5788553373"},{"name":"aws_organizations_test.go","path":"test/landingzone/aws_organizations_test.go","sha":"7f4e93e798860d91f590c22cfa2efde0bf4777ac"},{"name":"ebs_encryption_multi_region_test.go","path":"test/landingzone/ebs_encryption_multi_region_test.go","sha":"bced0cba7d00be89ccd799201dca947dcf33f28b"},{"name":"guardduty_test.go","path":"test/landingzone/guardduty_test.go","sha":"cad11bae4b10cbc6d9b809aa5153884b89922769"},{"name":"iam_access_analyzer_multiregion_test.go","path":"test/landingzone/iam_access_analyzer_multiregion_test.go","sha":"43d5d9c1007b869f7deabc7e263c7007e9b22341"},{"name":"kms_grant_multiregion_test.go","path":"test/landingzone/kms_grant_multiregion_test.go","sha":"3d8bf50a5e77110ce069e27c57bb0d4e9c755bd3"},{"name":"kms_master_key_multiregion_test.go","path":"test/landingzone/kms_master_key_multiregion_test.go","sha":"5387a9cb1af681bfaa6ac4eabfada58172b101b7"},{"name":"test_helpers.go","path":"test/landingzone/test_helpers.go","sha":"aae47078a9627d3a45ebddd3cf492ff4c0f0c279"}]},{"name":"security","children":[{"name":"auto_update_test.go","path":"test/security/auto_update_test.go","sha":"f89f9e5358c4cb20bfe01feb1f42fea09f3467d2"},{"name":"cloudtrail_test.go","path":"test/security/cloudtrail_test.go","sha":"c894313ffe0560d08c56ac676ee8b342a16cd997"},{"name":"cross_account_iam_roles_test.go","path":"test/security/cross_account_iam_roles_test.go","sha":"e946e6343433bc2a27f6e8d4d4ed700fe61bd20a"},{"name":"custom_iam_entity_test.go","path":"test/security/custom_iam_entity_test.go","sha":"cbafc87bfa61d1f65a3643e63df8bf268f8edd6b"},{"name":"fail2ban_test.go","path":"test/security/fail2ban_test.go","sha":"f6425c375c96455e39c85d0df8b830beff839791"},{"name":"iam_groups_test.go","path":"test/security/iam_groups_test.go","sha":"377e2a97e273c07e836170fc04c5e7eab8ee1da1"},{"name":"iam_ssm_test.go","path":"test/security/iam_ssm_test.go","sha":"28a81aab9873bb6bd02d2f37bdc3ef9c7f27b3c5"},{"name":"iam_user_password_policy_test.go","path":"test/security/iam_user_password_policy_test.go","sha":"5a44f18c469c936fa51b4e9d7911404e1ab76a0f"},{"name":"iam_users_test.go","path":"test/security/iam_users_test.go","sha":"db99ebedf9295006af7560b4327e73eb2897f09d"},{"name":"ip-lockdown-test-scripts","children":[{"name":"allow-several-users.sh","path":"test/security/ip-lockdown-test-scripts/allow-several-users.sh","sha":"2f75dbe0880ed0907b43db58b6ac030a0d0e9bd4"},{"name":"common.sh","path":"test/security/ip-lockdown-test-scripts/common.sh","sha":"cdfe11aca76607a4feaf254a394f32273b738c5c"},{"name":"index.html","path":"test/security/ip-lockdown-test-scripts/index.html","sha":"557db03de997c86a4a028e1ebd3a1ceb225be238"},{"name":"restrict-all-users.sh","path":"test/security/ip-lockdown-test-scripts/restrict-all-users.sh","sha":"a37c1ffc90f2532e7cc3f9f5a859b75c98661dc6"},{"name":"restrict-one-user.sh","path":"test/security/ip-lockdown-test-scripts/restrict-one-user.sh","sha":"4214e1c15102f4568d1e995aa82add46ee430237"},{"name":"sanity-check.sh","path":"test/security/ip-lockdown-test-scripts/sanity-check.sh","sha":"542ed72f4f0952ace67c9cbf2e5ac07e81e6870c"}]},{"name":"ip_lockdown_test.go","path":"test/security/ip_lockdown_test.go","sha":"7c560698928bacec9590ecc770c71daf969643a7"},{"name":"kms_master_key_test.go","path":"test/security/kms_master_key_test.go","sha":"751dfa23eaa391b567f023c6d1a12a4400a55c28"},{"name":"ntp_test.go","path":"test/security/ntp_test.go","sha":"6421bb1ff63c8668a87cfa907086117075bee59d"},{"name":"os_hardening_test.go","path":"test/security/os_hardening_test.go","sha":"ced303f74cd6908bbd8837cc99f317293707ab30"},{"name":"private_s3_bucket_test.go","path":"test/security/private_s3_bucket_test.go","sha":"e651e78d37b1227e207a518142acb93c8c0e8486"},{"name":"saml_iam_roles_test.go","path":"test/security/saml_iam_roles_test.go","sha":"efbe2f3e6e9b0da73d1fb58fccc5f5fc1427a61f"},{"name":"secrets_manager_resource_policies_test.go","path":"test/security/secrets_manager_resource_policies_test.go","sha":"07f69b66238517d1f8af61eb9751248372997b70"},{"name":"ssh_grunt_iam_test.go","path":"test/security/ssh_grunt_iam_test.go","sha":"3b0a2bb181d7de5c74cfec7746bc0982980db211"},{"name":"test_helpers.go","path":"test/security/test_helpers.go","sha":"c6a971f85a92baeca717a69ce7593126dfa8e86b"},{"name":"test_helpers_aws_auth.go","path":"test/security/test_helpers_aws_auth.go","sha":"de42c70f5e1b875f994b433cf94f1ff6bacc7de7"},{"name":"tls_cert_private_test.go","path":"test/security/tls_cert_private_test.go","sha":"70b2c873f20876497b4a1a0a030871e037dca995"}]}]}]},"detailsContent":"<div id=\"preamble\">\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p><span class=\"image\"><a class=\"image\" href=\"https://gruntwork.io/?ref=repo_aws_security\" target=\"_blank\"><img src=\"https://img.shields.io/badge/maintained%20by-gruntwork.io-%235849a6.svg\" alt=\"maintained%20by gruntwork.io %235849a6\" class=\"preview__body--diagram\"></a></span>\n<span class=\"image\"><img src=\"https://img.shields.io/badge/tf-%3E%3D0.15.0-blue.svg\" alt=\"Terraform version\" class=\"preview__body--diagram\"></span></p>\n</div>\n<div class=\"paragraph\">\n<p>This repo contains modules for configuring a variety of security best practices, including IAM users, IAM groups,\nIAM roles, IAM policies, audit logging for your AWS account, secrets management, SSH access, and server hardening.</p>\n</div>\n<div id=\"toc\" class=\"toc\">\n<div id=\"toctitle\" class=\"title\"></div>\n<ul class=\"sectlevel1\">\n<li><a href=\"#_features\">Features</a></li>\n<li><a href=\"#_learn\">Learn</a>\n<ul class=\"sectlevel2\">\n<li><a href=\"#_core_concepts\">Core concepts</a></li>\n<li><a href=\"#_repo_organization\">Repo organization</a></li>\n</ul>\n</li>\n<li><a href=\"#_deploy\">Deploy</a>\n<ul class=\"sectlevel2\">\n<li><a href=\"#_non_production_deployment_quick_start_for_learning\">Non-production deployment (quick start for learning)</a></li>\n<li><a href=\"#_production_deployment\">Production deployment</a></li>\n</ul>\n</li>\n<li><a href=\"#_manage\">Manage</a></li>\n<li><a href=\"#_support\">Support</a></li>\n<li><a href=\"#_contributions\">Contributions</a></li>\n<li><a href=\"#_license\">License</a></li>\n</ul>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_features\"><a class=\"anchor\" href=\"#_features\"></a><a class=\"link\" href=\"#_features\">Features</a></h2>\n<div class=\"sectionbody\">\n<div class=\"ulist\">\n<ul>\n<li>\n<p>Create and manage IAM users, IAM groups, IAM roles, and IAM policies as code.</p>\n</li>\n<li>\n<p>Configure audit logging in your AWS account using AWS Config and AWS CloudTrail.</p>\n</li>\n<li>\n<p>Enforce server hardening best practices, including <code>auto-update</code> (automatically install critical security updates),\n<code>fail2ban</code> (automatically block malicious SSH attempts), <code>ntp</code> (sync the clock on a server), and <code>ip-lockdown</code> (lock\ndown the EC2 metadata endpoint to specific OS users).</p>\n</li>\n<li>\n<p>Create and manage master keys in KMS that you can use to securely encrypt and decrypt data.</p>\n</li>\n<li>\n<p>Manage SSH access using an identity provider (e.g., IAM Groups or ADFS Groups) using <code>ssh-grunt</code>.</p>\n</li>\n<li>\n<p>Manage EBS encryption defaults so all new EBS volumes are encrypted with your master keys.</p>\n</li>\n</ul>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_learn\"><a class=\"anchor\" href=\"#_learn\"></a><a class=\"link\" href=\"#_learn\">Learn</a></h2>\n<div class=\"sectionbody\">\n<div class=\"admonitionblock note\">\n<table>\n<tr>\n<td class=\"icon\">\n<div class=\"title\">Note</div>\n</td>\n<td class=\"content\">\nThis repo is a part of <a href=\"https://gruntwork.io/infrastructure-as-code-library/\" target=\"_blank\">the Gruntwork Infrastructure as Code\nLibrary</a>, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the\nInfrastructure as Code Library before, make sure to read\n<a href=\"https://gruntwork.io/guides/foundations/how-to-use-gruntwork-infrastructure-as-code-library/\" target=\"_blank\">How to use the Gruntwork Infrastructure as Code Library</a>!\n</td>\n</tr>\n</table>\n</div>\n<div class=\"sect2\">\n<h3 id=\"_core_concepts\"><a class=\"anchor\" href=\"#_core_concepts\"></a><a class=\"link\" href=\"#_core_concepts\">Core concepts</a></h3>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"https://docs.google.com/document/d/1EgbaK7z322hk0Nc-7oZeaemkNYTScQJx1byNqrMcSqI/edit?usp=sharing\" target=\"_blank\">Gruntwork Security Best Practices</a></p>\n</li>\n<li>\n<p><a href=\"http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/\" target=\"_blank\">My First 10 Minutes On a Server - Primer for Securing\nUbuntu</a></p>\n</li>\n<li>\n<p><a href=\"https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers\" target=\"_blank\">7 Security Measures to Protect Your\nServers</a></p>\n</li>\n<li>\n<p>The <a href=\"https://www.owasp.org/index.php/Main_Page\" target=\"_blank\">Open Web Application Security Project(OWASP)</a>, especially their handy\ncheat sheets on <a href=\"https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet\" target=\"_blank\">Password Storage</a>,\n<a href=\"https://www.owasp.org/index.php/Session_Management_Cheat_Sheet\" target=\"_blank\">Session Management</a>,\n<a href=\"https://www.owasp.org/index.php/SQL_Injection\" target=\"_blank\">SQL Injection</a>, and\n <a href=\"https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet\" target=\"_blank\">cross-site-scripting</a>.</p>\n</li>\n<li>\n<p><a href=\"https://fusionauth.io/resources/guide-to-user-data-security\" target=\"_blank\">Guide to User Data Security</a></p>\n</li>\n<li>\n<p><a href=\"http://stackoverflow.com/questions/2794016/what-should-every-programmer-know-about-security\" target=\"_blank\">What should every programmer know about\nsecurity?</a></p>\n</li>\n</ul>\n</div>\n</div>\n<div class=\"sect2\">\n<h3 id=\"_repo_organization\"><a class=\"anchor\" href=\"#_repo_organization\"></a><a class=\"link\" href=\"#_repo_organization\">Repo organization</a></h3>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"/repos/v0.48.3/module-security/modules\">modules</a>: the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.</p>\n</li>\n<li>\n<p><a href=\"/repos/v0.48.3/module-security/examples\">examples</a>: This folder contains working examples of how to use the submodules.</p>\n</li>\n<li>\n<p><a href=\"/repos/v0.48.3/module-security/test\">test</a>: Automated tests for the modules and examples.</p>\n</li>\n</ul>\n</div>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_deploy\"><a class=\"anchor\" href=\"#_deploy\"></a><a class=\"link\" href=\"#_deploy\">Deploy</a></h2>\n<div class=\"sectionbody\">\n<div class=\"sect2\">\n<h3 id=\"_non_production_deployment_quick_start_for_learning\"><a class=\"anchor\" href=\"#_non_production_deployment_quick_start_for_learning\"></a><a class=\"link\" href=\"#_non_production_deployment_quick_start_for_learning\">Non-production deployment (quick start for learning)</a></h3>\n<div class=\"paragraph\">\n<p>If you just want to try this repo out for experimenting and learning, check out the following resources:</p>\n</div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"/repos/v0.48.3/module-security/examples\">examples folder</a>: The <code>examples</code> folder contains sample code optimized for learning, experimenting,\nand testing (but not production usage).</p>\n</li>\n</ul>\n</div>\n</div>\n<div class=\"sect2\">\n<h3 id=\"_production_deployment\"><a class=\"anchor\" href=\"#_production_deployment\"></a><a class=\"link\" href=\"#_production_deployment\">Production deployment</a></h3>\n<div class=\"paragraph\">\n<p>If you want to deploy this repo in production, check out the following resources:</p>\n</div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"/repos/infrastructure-modules-multi-account-acme/security\">security modules in the Acme example Reference Architecture</a>: Production-ready sample code from the Acme Reference Architecture examples.</p>\n</li>\n<li>\n<p><a href=\"/repos/infrastructure-modules-multi-account-acme/services/eks-cluster/packer/eks-node.json\">Packer template with server-hardening in the Acme example Reference Architecture</a>: Production-ready sample code from the Acme Reference Architecture examples.</p>\n</li>\n</ul>\n</div>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_manage\"><a class=\"anchor\" href=\"#_manage\"></a><a class=\"link\" href=\"#_manage\">Manage</a></h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Check out the individual modules in the <a href=\"/repos/v0.48.3/module-security/modules\">modules folder</a> for documentation.</p>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_support\"><a class=\"anchor\" href=\"#_support\"></a><a class=\"link\" href=\"#_support\">Support</a></h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>If you need help with this repo or anything else related to infrastructure or DevOps, Gruntwork offers <a href=\"https://gruntwork.io/support/\" target=\"_blank\">Commercial Support</a> via Slack, email, and phone/video. If you’re already a Gruntwork customer, hop on Slack and ask away! If not, <a href=\"https://www.gruntwork.io/pricing/\" target=\"_blank\">subscribe now</a>. If you’re not sure, feel free to email us at <a href=\"mailto:support@gruntwork.io\" target=\"_blank\">support@gruntwork.io</a>.</p>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_contributions\"><a class=\"anchor\" href=\"#_contributions\"></a><a class=\"link\" href=\"#_contributions\">Contributions</a></h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Contributions to this repo are very welcome and appreciated! If you find a bug or want to add a new feature or even contribute an entirely new module, we are very happy to accept pull requests, provide feedback, and run your changes through our automated test suite.</p>\n</div>\n<div class=\"paragraph\">\n<p>Please see <a href=\"https://gruntwork.io/guides/foundations/how-to-use-gruntwork-infrastructure-as-code-library/#contributing-to-the-gruntwork-infrastructure-as-code-library\" target=\"_blank\">Contributing to the Gruntwork Infrastructure as Code Library</a> for instructions.</p>\n</div>\n<div class=\"paragraph\">\n<p>For specific guidance on how to create a new module as part of this repository, please read through and consider the guide questions below.</p>\n</div>\n<div class=\"paragraph\">\n<p>Adding a new module to this repo is a task that requires deep understanding of the module you’re about to create.</p>\n</div>\n<div class=\"paragraph\">\n<p>A few important questions that will need deeper understaning and planning prior to adding a new module are:</p>\n</div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><strong>What’s the purpose of the new module? Does it belong to another existing one already?</strong></p>\n<div class=\"ulist\">\n<ul>\n<li>\n<p>For example, if it’s a very simple AWS resource being created without extra complexity, it might make sense\nto bundle it with another existing module.</p>\n</li>\n</ul>\n</div>\n</li>\n<li>\n<p><strong>Is the new module required to be enabled and deployed in all AWS regions?</strong></p>\n<div class=\"ulist\">\n<ul>\n<li>\n<p>This is usually the case with regional services such as IAM Access Analyzer and KMS grants;</p>\n</li>\n<li>\n<p>But might not be the same if the service was global such as S3 and IAM users.</p>\n</li>\n</ul>\n</div>\n</li>\n<li>\n<p><strong>What is the migration steps for the new module?</strong></p>\n<div class=\"ulist\">\n<ul>\n<li>\n<p>Are Gruntwork’s customers required to do anything, and if so, what and how urgently?</p>\n</li>\n</ul>\n</div>\n</li>\n</ul>\n</div>\n</div>\n</div>\n<div class=\"sect1\">\n<h2 id=\"_license\"><a class=\"anchor\" href=\"#_license\"></a><a class=\"link\" href=\"#_license\">License</a></h2>\n<div class=\"sectionbody\">\n<div class=\"paragraph\">\n<p>Please see <a href=\"/repos/v0.48.3/module-security/LICENSE.txt\">LICENSE.txt</a> for details on how the code in this repo is licensed.</p>\n</div>\n</div>\n</div>","repoName":"module-security","repoRef":"v0.49.2","serviceDescriptor":{"serviceName":"ssh-grunt","serviceRepoName":"module-security","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/ssh-grunt","cloudProviders":["aws"],"description":"Manage SSH access to EC2 Instances using groups in AWS IAM or your Identity Provider (e.g., ADFS, Google, Okta, etc).","imageUrl":"grunt.png","licenseType":"subscriber","technologies":["Terraform","Go"],"compliance":[],"tags":[""]},"serviceCategoryName":"SSH access","fileName":"README.adoc","filePath":"","title":"Repo Browser: ssh-grunt","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}