AWS Config provides AWS managed rules,
which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.
How do Organization-Level Config Rules Compare to Account-Level Config Rules?
You can apply exactly the same Config Rules at either the organization-level or account-level. By default, this module
applies rules at the organization level, but you can switch to account-level rules by setting create_account_rules
to true.
Here is how organization-level and account-level rules compare:
Organization-Level Rules
Account-Level Rules
Accounts
Applied solely in the root account.
Must be applied separately in every single account. Note that if you're already applying security baselines to every account (e.g., using if you're managing everything as code the account-baseline-root, [account-baseline-security] (/modules/account-baseline-security), and account-baseline-app modules) there isn't much extra overhead to this.
Governance
Users in child accounts can add additional Config Rules but no one in a child account can remove or modify organization-level rules applied in the root account.
Users with sufficient permissions can add, modify, or remove account-level rules in their own account.
Chicken-and-egg problem
The way organization-level Config Rules are managed in Terraform creates a chicken-and-egg problem: the rules will cause an error unless every single child account has a Config Recorder set up, but if you're creating a brand new child account, it can't possibly already have a Config Recorder. This means that creating child accounts becomes a multi-step process where you have to explicitly exclude the new child account from Config Rules when first creating it, then create a Config Recorder in the child account, and then go back to root to re-enable the Config Rules for that account.
Account-level rules do not have the chicken-and-egg problem.
The chicken-and-egg problem leads to a brittle and error-prone deployment process that makes creating new child
accounts much harder, which is why the account-baseline-root module uses account-level
rules instead.
What resources does this module create?
This module creates the following AWS Config Managed Rules:
encrypted-volumes: Checks whether the EBS volumes that are in an attached state are encrypted.
rds-storage-encrypted: Checks whether storage encryption is enabled for your RDS DB instances.
iam-password-policy: Checks whether the account password policy for IAM users meets the specified requirements.
vpc-sg-open-only-to-authorized-ports: Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic.
root-account-mfa-enabled: Checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root credentials.
iam-user-unused-credentials-check: Checks whether your IAM users have passwords or active access keys that have not been used within the specified number of days.
Day-to-day operations
How do I configure the rules?
By default, the module will enable all rules defined in What resources does this module create section,
but you can choose to disable one or more rules using the enable_* input variables and configure the attributes
for certain rules.
Some of the rules have additional attributes. The module has default values for those, but you can adjust the values with
the input parameters defined in variables.tf. The following snippet is an example of adjusting attributes
for password policy and disabling one of the default rules:
In addition to the predefined set of rules, you can add additional rules. The following snippet is an example of configuring
ACM Certificate expriration check with a custom input parameter:
module"organizations_config_rules" {
source = "../../modules/aws-config-rules"# Configure additional managed rules
additional_rules = {
acm-certificate-expiration-check = {
description = "Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.",
identifier = "ACM_CERTIFICATE_EXPIRATION_CHECK",
trigger_type = "PERIODIC"
input_parameters = { "daysToExpiration": "14"},
}
}
}
For a full list of available managed rules and their configuration, see https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
How do I exclude specific accounts?
By default, organization-level config rules trickle down to all Organization accounts. You can, however, optionally
exclude specific accounts using the excluded_accounts input variable (this variable is not used with account-level
config rules). Note that you cannot exclude all accounts in your Organization. If you do that,
the AWS API will error with: AllAccountsExcluded: For this OrganizationConfigResource, all member accounts in this organization are part of an exclusion list. Modify your exclusion list and try again..
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"64a623e99c3a1c42e3b9275b1fde5300a9006c9a"},{"name":"post-upgrade-test-results.sh","path":".circleci/post-upgrade-test-results.sh","sha":"a4867e8fbdc334b7a90259568ee41ea577fbe764"},{"name":"set-upgrade-test-vars.sh","path":".circleci/set-upgrade-test-vars.sh","sha":"04ccab865d51c1169f7ae4648c38a3d98a9889ab"}]},{"name":".editorconfig","path":".editorconfig","sha":"a5eec1063e66c4cb953cba222dd50b4d314ef3e2"},{"name":".github","children":[{"name":"ISSUE_TEMPLATE","children":[{"name":"bug_report.md","path":".github/ISSUE_TEMPLATE/bug_report.md","sha":"d2e87e27c601e423865ed660ec697082470ca60f"},{"name":"feature_request.md","path":".github/ISSUE_TEMPLATE/feature_request.md","sha":"023a33099be2336476930c96e17ff1ba5dc55348"}]},{"name":"pull_request_template.md","path":".github/pull_request_template.md","sha":"6b100e40e323b5b07f40ed30616277c51c9f4b9e"}]},{"name":".gitignore","path":".gitignore","sha":"0494e0bc6b113e3569ca7005a54aec78bc0a611a"},{"name":".patcher","children":[{"name":"patches","children":[{"name":"v0.56.0","children":[{"name":"aws-provider-3.66.0","children":[{"name":"bump_provider.sh","path":".patcher/patches/v0.56.0/aws-provider-3.66.0/bump_provider.sh","sha":"11254794eacb43659723dadaf90c9ccf7e8e4564"},{"name":"create_script_for_terraform_init.sh","path":".patcher/patches/v0.56.0/aws-provider-3.66.0/create_script_for_terraform_init.sh","sha":"ad261a37b80ce056f4c2bd9b04e62e4187de1839"},{"name":"patch.yaml","path":".patcher/patches/v0.56.0/aws-provider-3.66.0/patch.yaml","sha":"b39be600ac6d0b780c1561ececc4bad4c0b3511c"}]}]},{"name":"v0.58.0","children":[{"name":"aws-provider-3.64","children":[{"name":"bump_provider.sh","path":".patcher/patches/v0.58.0/aws-provider-3.64/bump_provider.sh","sha":"07826c7966b45767db49b4f294ed9fda2e59ec10"},{"name":"create_script_for_terraform_init.sh","path":".patcher/patches/v0.58.0/aws-provider-3.64/create_script_for_terraform_init.sh","sha":"2d47d1a18989f08bdd0f06fe9b9c05629e745e89"},{"name":"patch.yaml","path":".patcher/patches/v0.58.0/aws-provider-3.64/patch.yaml","sha":"28f54eed4264f65d8fdb8711637159ee3f4f0220"}]}]},{"name":"v0.63.0","children":[{"name":"aws-provider-4.x","children":[{"name":"bump_provider.sh","path":".patcher/patches/v0.63.0/aws-provider-4.x/bump_provider.sh","sha":"d3daee144dd21814811d998e5ae69796b9956509"},{"name":"create_script_for_terraform_init.sh","path":".patcher/patches/v0.63.0/aws-provider-4.x/create_script_for_terraform_init.sh","sha":"26262b1471d987b63dee577714840e155d97df69"},{"name":"patch.yaml","path":".patcher/patches/v0.63.0/aws-provider-4.x/patch.yaml","sha":"c5301aab2e3e3ef08a5105dcb9429d7f0d66105c"}]}]},{"name":"v0.65.0","children":[{"name":"aws-provider-4.x","children":[{"name":"bump_provider.sh","path":".patcher/patches/v0.65.0/aws-provider-4.x/bump_provider.sh","sha":"7c61315127a8c8471a2688c089e23963161d5d35"},{"name":"create_script_for_terraform_init.sh","path":".patcher/patches/v0.65.0/aws-provider-4.x/create_script_for_terraform_init.sh","sha":"68e359ce7e2e28df8560a34300a938c0fc1d78dd"},{"name":"patch.yaml","path":".patcher/patches/v0.65.0/aws-provider-4.x/patch.yaml","sha":"967cf7dd0ec1e8c046eee8d0e6c8a6f4e9bbf8c2"}]}]}]}]},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"c54725b8fe2e0eb30c15d29380a23f1fb58360fa"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"8cacc352065b723bf2230b4554710b648b13e52e"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"d3ad8c9f56609a3c88a7d27d5fa5d183c76590b0"},{"name":"_ci","children":[{"name":"output-debug-values.sh","path":"_ci/output-debug-values.sh","sha":"39d6d5f080a53f932e3b5ec970b5f268fd00e50a"}]},{"name":"_docs","children":[{"name":"auto-update.png","path":"_docs/auto-update.png","sha":"77bfd1c65de0245ac8b3c67d5b0b64fc440824bf"},{"name":"aws-cloudtrail-architecture.png","path":"_docs/aws-cloudtrail-architecture.png","sha":"a2dd9a08b8ed77744fd5febab3be7bdf633dee79"},{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"acc7dcaf4b46ce3cef1bcc20be0329e12c320e7f"},{"name":"aws-config-architecture.png","path":"_docs/aws-config-architecture.png","sha":"721458048d5e539468c438498863a91fa96e0a85"},{"name":"aws-config-rules-architecture.png","path":"_docs/aws-config-rules-architecture.png","sha":"29fe3f20358b176e385d1bcdc0357bff2c1d5b4a"},{"name":"aws-config-rules.png","path":"_docs/aws-config-rules.png","sha":"ac3f7b35bcac949887e62aee260d9cb70edd3ae8"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"02f4b326aef57372def4f3fafa4f0e4cec07e395"},{"name":"aws-guardduty.png","path":"_docs/aws-guardduty.png","sha":"053b92412fb8e3fb5740acc404b493fe1dd7229b"},{"name":"aws-organizations-architecture.png","path":"_docs/aws-organizations-architecture.png","sha":"bd57412fe85d3fe8d5e358db5e3b7bfef3e786a9"},{"name":"aws-organizations-icon.png","path":"_docs/aws-organizations-icon.png","sha":"b2b3fa04f51a23e5bae1b3389ffedf5e17b3cef2"},{"name":"iam-access-analyzer.png","path":"_docs/iam-access-analyzer.png","sha":"36e38e69454beae66d35b9bf25b3e5ffe1e68a25"},{"name":"kms-icon.png","path":"_docs/kms-icon.png","sha":"cd4f350a9a3fda41089928a7e396ee8924b7a901"},{"name":"multi-account-multi-region-aws-config.png","path":"_docs/multi-account-multi-region-aws-config.png","sha":"a9c813b1799fe71554c20c8fefc703792293bfe4"},{"name":"multiaccount_guardduty.png","path":"_docs/multiaccount_guardduty.png","sha":"c56b50bbb4c2a041366b430cada27b88aa02524b"},{"name":"ssh-grunt-architecture.png","path":"_docs/ssh-grunt-architecture.png","sha":"9ced8c68bcc7957e50aa016cad6c5b043a05b470"},{"name":"terminal-icon.png","path":"_docs/terminal-icon.png","sha":"df09d52d5b1176d7e231bab6c7712c3728e45c1b"}]},{"name":"codegen","children":[{"name":"README.adoc","path":"codegen/README.adoc","sha":"e2b5314b4f15a8f5b6c1b3932e73de6e87d107f0"},{"name":"core-concepts.md","path":"codegen/core-concepts.md","sha":"84b96ff7db44ca1785f27d873fb559677ceead4a"},{"name":"generate-all.sh","path":"codegen/generate-all.sh","sha":"e95f7a1fe3b75636468472cd072e0d0b559f2eb5"},{"name":"generate-aws-config","children":[{"name":".gitignore","path":"codegen/generate-aws-config/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-config/main.go","sha":"61962b08f49ada32239f40be7dede4830517db00"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-config/static/README.adoc","sha":"dc4b0dc89afdd92984fceca74f2c2e087645d019"},{"name":"core-concepts.md","path":"codegen/generate-aws-config/static/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"variables.tf","path":"codegen/generate-aws-config/static/variables.tf","sha":"5d33ad42f818f943993986c0c3bb964eee84f9ba"}]},{"name":"template_data.go","path":"codegen/generate-aws-config/template_data.go","sha":"3e7e5e495a7f126b671f587554f3d4e08278801a"}]},{"name":"generate-aws-guardduty","children":[{"name":".gitignore","path":"codegen/generate-aws-guardduty/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-guardduty/main.go","sha":"c601f31f76e141d5d119f9e623346762572455ed"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-guardduty/static/README.adoc","sha":"692d7135fa34922062bfa772b405afc21b3c6ea7"},{"name":"variables.tf","path":"codegen/generate-aws-guardduty/static/variables.tf","sha":"1487cf2e1ebd7ae87152a0b40ffa9f2c27271557"}]},{"name":"template_data.go","path":"codegen/generate-aws-guardduty/template_data.go","sha":"e9e92e528711c97416b9487a604bb6a4c6211d24"}]},{"name":"generate-ebs-encryption","children":[{"name":".gitignore","path":"codegen/generate-ebs-encryption/.gitignore","sha":"a3f620a6c9c87b381bf6748917bdf9542792f54b"},{"name":"main.go","path":"codegen/generate-ebs-encryption/main.go","sha":"9a6d91248b2368d26b9cfce7517230b6dd4bfc08"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-ebs-encryption/static/README.adoc","sha":"86b31069c9627391411f7b6cceed08e813a7a37e"},{"name":"variables.tf","path":"codegen/generate-ebs-encryption/static/variables.tf","sha":"4bb22b9bb519462a429baea8ffea9d1a3991be26"}]},{"name":"template_data.go","path":"codegen/generate-ebs-encryption/template_data.go","sha":"fd500cf79337ab316d3c0eb466c47ba408f75346"}]},{"name":"generate-multiregion-iam-access-analyzer","children":[{"name":".gitignore","path":"codegen/generate-multiregion-iam-access-analyzer/.gitignore","sha":"045b82ea48805332afcf6edb7a52b41310f0c72c"},{"name":"main.go","path":"codegen/generate-multiregion-iam-access-analyzer/main.go","sha":"881f4fc8e464c4c4337866692dad7ddbe03c1df0"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-iam-access-analyzer/static/README.adoc","sha":"d87068a71e5a6149ba32dcc1ba33070d8b83aeaa"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-iam-access-analyzer/static/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"variables.tf","path":"codegen/generate-multiregion-iam-access-analyzer/static/variables.tf","sha":"6e8d81aac5af0cba584e6d0884e03cfbc23ba07f"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-iam-access-analyzer/template_data.go","sha":"934f6eed2001f1155777dbdf30399d2cad447c6f"}]},{"name":"generate-multiregion-kms-grant","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms-grant/.gitignore","sha":"ce81abc8eeae39683199307d44536f0a8b1b7862"},{"name":"main.go","path":"codegen/generate-multiregion-kms-grant/main.go","sha":"63601132e88e8a47669e4391f91b9638efc39f95"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms-grant/static/README.adoc","sha":"7c33dc779f289c34d0c72ecce7a4a60d99c38098"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-kms-grant/static/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms-grant/static/variables.tf","sha":"505b2d0cb9ecf78f0364e845cab72bf0c28365d5"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms-grant/template_data.go","sha":"290280e7d9d065b6f8d14f2635daf05cff6607fb"}]},{"name":"generate-multiregion-kms","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms/.gitignore","sha":"dd60654458233c0bdb18892c5989f1828889d55b"},{"name":"main.go","path":"codegen/generate-multiregion-kms/main.go","sha":"129659dc4368e96d289a5a3087376dc50355d581"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms/static/README.adoc","sha":"75402e428cc30fee27dc5dd469788cf1d71320eb"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-kms/static/core-concepts.md","sha":"8ba58b9a40c3aad18e2b804f53c6439b549b756d"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms/static/variables.tf","sha":"b1740fb059927c65f7afd76f902ba616a921a138"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms/template_data.go","sha":"4e3e26c551042fd93ffcad5f96f96a13ed3dbf67"}]},{"name":"generator","children":[{"name":"autogen_variables.tf.tpl.go","path":"codegen/generator/autogen_variables.tf.tpl.go","sha":"2817455872b7ca544e003936ac04723ce4573dbb"},{"name":"aws.go","path":"codegen/generator/aws.go","sha":"6deab752db1f91eac4ea704e037f7f1d9fefe55c"},{"name":"cli.go","path":"codegen/generator/cli.go","sha":"c5b811e482648de2d5315f8bbf1c9383b7477155"},{"name":"errors.go","path":"codegen/generator/errors.go","sha":"21fd1f6d4bef60ea9cb39939783696526ddd02e7"},{"name":"generator.go","path":"codegen/generator/generator.go","sha":"be3611002c1f2c1da3923d718adffcfd881df284"},{"name":"main.tf.tpl.go","path":"codegen/generator/main.tf.tpl.go","sha":"5cc7edcf31fc4a7d8e3c023563d82912d44ad6df"},{"name":"outputs.tf.tpl.go","path":"codegen/generator/outputs.tf.tpl.go","sha":"46860a17e8d59f4d063483a479b25bef4b05d10c"}]},{"name":"go.mod","path":"codegen/go.mod","sha":"9ec5716f8e080cd7938bbff38710b5b431976c82"},{"name":"go.sum","path":"codegen/go.sum","sha":"01eaf69233f3d5c601db3d59c4a448d1da80c5b3"},{"name":"logging","children":[{"name":"logging.go","path":"codegen/logging/logging.go","sha":"582d5e1f6cdb5c400978162482292fc2ab79bd1d"}]}]},{"name":"examples","children":[{"name":"auto-update","children":[{"name":"README.md","path":"examples/auto-update/README.md","sha":"d7c630c4585bad7869d55bc6c62fca248eeb521a"},{"name":"auto-update-example.json","path":"examples/auto-update/auto-update-example.json","sha":"9d051a8ff78b641c5082c97e1a12d30d7c89cd97"}]},{"name":"aws-config-multi-region","children":[{"name":"README.md","path":"examples/aws-config-multi-region/README.md","sha":"5d472db5cdc843b494852a062d8c0880f246fcd0"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/aws-config-multi-region/terraform/main.tf","sha":"a9e3492c0d6953da9be139b2303f32ebd60f573f"},{"name":"outputs.tf","path":"examples/aws-config-multi-region/terraform/outputs.tf","sha":"77ee90f69634c965b8ebed79a8d3afd6adca4db4"},{"name":"providers.tf","path":"examples/aws-config-multi-region/terraform/providers.tf","sha":"28ed423dfce31e06a3b81adc2bb0f679bb804ea0"},{"name":"variables.tf","path":"examples/aws-config-multi-region/terraform/variables.tf","sha":"59522bebed5385bfd208715d4933208ae9abcbec"}]},{"name":"terragrunt","children":[{"name":"terragrunt.hcl","path":"examples/aws-config-multi-region/terragrunt/terragrunt.hcl","sha":"178f71cd0cddbcb96a6ba8b3a9d9ef5aa1a15352"}]}]},{"name":"aws-config-rules","children":[{"name":"README.md","path":"examples/aws-config-rules/README.md","sha":"6cd2794e82af1e3c3620d8feaed136af5358207e"},{"name":"main.tf","path":"examples/aws-config-rules/main.tf","sha":"f70a39af913afccea0f4ae4cc1834c2e58416a9a"},{"name":"outputs.tf","path":"examples/aws-config-rules/outputs.tf","sha":"4319400eb4190f58458f2dd9398225869ff08da3"},{"name":"variables.tf","path":"examples/aws-config-rules/variables.tf","sha":"7d39063bdc912f043b060e8390a72fe1b984f2c5"}]},{"name":"aws-config","children":[{"name":"README.md","path":"examples/aws-config/README.md","sha":"5d66d09633de365e154669a090edc37fc70548d1"},{"name":"main.tf","path":"examples/aws-config/main.tf","sha":"83f2a3f136c03e0d6a05fde9901b6de845ccb671"},{"name":"outputs.tf","path":"examples/aws-config/outputs.tf","sha":"ddd32698f39772d663a2d9b8a6276260f5431068"},{"name":"variables.tf","path":"examples/aws-config/variables.tf","sha":"f119464824bd2821f2c6e8917e0670010090bc34"}]},{"name":"aws-organizations","children":[{"name":"README.md","path":"examples/aws-organizations/README.md","sha":"1da3c2fc061fee6ee99564b8b2323ccf69f2c690"},{"name":"main.tf","path":"examples/aws-organizations/main.tf","sha":"2f1aa70e96530de170c9d5375f0bbf6117cb437e"},{"name":"outputs.tf","path":"examples/aws-organizations/outputs.tf","sha":"58e36aac71c1fd04d5552fa840a9b5f149dcc32a"},{"name":"variables.tf","path":"examples/aws-organizations/variables.tf","sha":"59afc28c87bc3c49d11c6faf7e112643f0a95481"}]},{"name":"cloudtrail-custom-key","children":[{"name":"README.md","path":"examples/cloudtrail-custom-key/README.md","sha":"bb376ddaca4b52bef18a5526aa9cb0465574ff7e"},{"name":"main.tf","path":"examples/cloudtrail-custom-key/main.tf","sha":"743174357faa6a56118984f942e3a3d4965e18f8"},{"name":"outputs.tf","path":"examples/cloudtrail-custom-key/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail-custom-key/variables.tf","sha":"a72f9cabc8968d84ecdd5f2a3cbd5e8e41c064f6"}]},{"name":"cloudtrail","children":[{"name":"README.md","path":"examples/cloudtrail/README.md","sha":"2fbe4b7494d970738d054910d86d0ae31718c8ec"},{"name":"main.tf","path":"examples/cloudtrail/main.tf","sha":"6967ee85f1d118188cc8f80cb66aab09f9cac5e5"},{"name":"outputs.tf","path":"examples/cloudtrail/outputs.tf","sha":"b6cd4e77d231018a5beb19cd3a9a4eb3f2017d64"},{"name":"variables.tf","path":"examples/cloudtrail/variables.tf","sha":"cbeb938286bd999d6072ef3093254e8fd435f529"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/README.md","sha":"bac6fd37f7f7009454a66e55e8ff377fff36aefb"},{"name":"main.tf","path":"examples/cross-account-iam-roles/main.tf","sha":"5a77161dc3bd69db7794deaceb9cfc3760bc94c4"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/outputs.tf","sha":"44af3be56d0a80e4d509fcd62c0e6dd8628072fa"},{"name":"variables.tf","path":"examples/cross-account-iam-roles/variables.tf","sha":"749900f2e1e1d18ca039847f30676461c14cb7a8"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"examples/custom-iam-entity/README.md","sha":"7e6c2e15f44a4ddc28ef276da4b323d2fd326a3f"},{"name":"main.tf","path":"examples/custom-iam-entity/main.tf","sha":"2dd0fdb4c2105ca92312001169bfa5cefca0a5fa"},{"name":"outputs.tf","path":"examples/custom-iam-entity/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"variables.tf","path":"examples/custom-iam-entity/variables.tf","sha":"098b2744c093aac9a50c36df4a88d12f4a9baa50"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.md","path":"examples/ebs-encryption-multi-region/README.md","sha":"6052c04a4f885b2e37658652bd174a59c56273de"},{"name":"main.tf","path":"examples/ebs-encryption-multi-region/main.tf","sha":"447c9f3bc983f9a71824f8d8dbd7f0ce5a0e5d9b"},{"name":"outputs.tf","path":"examples/ebs-encryption-multi-region/outputs.tf","sha":"49520778a1fc9e5e82777cbb5aa0250e032e1817"},{"name":"providers.tf","path":"examples/ebs-encryption-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/ebs-encryption-multi-region/variables.tf","sha":"7693921b9f8ac0a0211b69b8417ac849c6b0a6b2"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"examples/fail2ban/README.md","sha":"6599f8481a3e7666ffe7924707c89b0701d57689"},{"name":"fail2ban-example.json","path":"examples/fail2ban/fail2ban-example.json","sha":"dcaaf30c8ab024d533363f32b474fdd6fca54623"},{"name":"main.tf","path":"examples/fail2ban/main.tf","sha":"18d5998ad1b0dfce53a1261617ec686ffc5b791c"},{"name":"outputs.tf","path":"examples/fail2ban/outputs.tf","sha":"77a6ab8a992cd106de126f24b2950c1efa499229"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/fail2ban/user-data/user-data.sh","sha":"460b230fb025451e06e8cdd73f83bb5bfea21110"}]},{"name":"variables.tf","path":"examples/fail2ban/variables.tf","sha":"65cae65d6dde1f7c3b4fa83f0bd722617444c18d"}]},{"name":"github-actions-iam-role","children":[{"name":"main.tf","path":"examples/github-actions-iam-role/main.tf","sha":"6b5f72389bbadc5260b3b4fb4a1b9b9d772c7bfa"},{"name":"outputs.tf","path":"examples/github-actions-iam-role/outputs.tf","sha":"d440f596aefbccbe3b4e76f8262a7201a89688c1"},{"name":"variables.tf","path":"examples/github-actions-iam-role/variables.tf","sha":"550e0459f5df591a403de1ba4b746fdda116bb70"}]},{"name":"guardduty","children":[{"name":"README.md","path":"examples/guardduty/README.md","sha":"23c75950a1b8b33286b79bd5e9d853cee02d62ea"},{"name":"main.tf","path":"examples/guardduty/main.tf","sha":"4b2b8fedf19d112db71aeb8a835c0f8adc2faacc"},{"name":"outputs.tf","path":"examples/guardduty/outputs.tf","sha":"5cdf5798a495a01ce59269dd84fa95c0dc9a548b"},{"name":"providers.tf","path":"examples/guardduty/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/guardduty/variables.tf","sha":"da5f01602e76f2febb2564e919a411d802943ce6"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.md","path":"examples/iam-access-analyzer-multi-region/README.md","sha":"51c398bec469b1d95f4e59e2fb1f287fe621bf20"},{"name":"main.tf","path":"examples/iam-access-analyzer-multi-region/main.tf","sha":"5e2d7952e38b7ae8fa006bedc0729b510fa65400"},{"name":"providers.tf","path":"examples/iam-access-analyzer-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/iam-access-analyzer-multi-region/variables.tf","sha":"63a155cedce7a2119429f3e200c4c501c7715489"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"examples/iam-groups/README.md","sha":"7bd21c82fd8f28f7b3155497a0524d86ce17cfdd"},{"name":"main.tf","path":"examples/iam-groups/main.tf","sha":"09a5e9a6d29589345c6729ed42cee8023500d221"},{"name":"outputs.tf","path":"examples/iam-groups/outputs.tf","sha":"5076c13be431d7844e1ce524bcd40076450c051e"},{"name":"variables.tf","path":"examples/iam-groups/variables.tf","sha":"a7790e3207316f9e6216574fe2e0dd50fb39b767"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"examples/iam-user-password-policy/README.md","sha":"bc62258833767d2e383a130c43d57a11e229af27"},{"name":"main.tf","path":"examples/iam-user-password-policy/main.tf","sha":"6195571cd760e44d41a8984cfd52a3407264d72f"},{"name":"outputs.tf","path":"examples/iam-user-password-policy/outputs.tf","sha":"36e88e92cf2568fb06a8da0453a85bcb4bd199dd"},{"name":"variables.tf","path":"examples/iam-user-password-policy/variables.tf","sha":"7f920bda19b0928773bb37203859a68453a12231"}]},{"name":"iam-users","children":[{"name":"README.md","path":"examples/iam-users/README.md","sha":"f8b65e9756e9f8c8703a854c1363be700b5fe8d9"},{"name":"main.tf","path":"examples/iam-users/main.tf","sha":"c503e48606c9023197dbb2752519f6f411823894"},{"name":"outputs.tf","path":"examples/iam-users/outputs.tf","sha":"dfa5ea6a81c8d28ffbfb0bf34e9ee3871eb80619"},{"name":"variables.tf","path":"examples/iam-users/variables.tf","sha":"52c97ebc727f29aa1c7cbc7e3947967a04dd4e52"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"examples/ip-lockdown/README.md","sha":"3962ba23a76d8f02e5c0ffc8cb71196991628e38"},{"name":"aws-example","children":[{"name":"README.md","path":"examples/ip-lockdown/aws-example/README.md","sha":"da44a1265bdd321d10b4a6e3471a655da91033bb"},{"name":"main.tf","path":"examples/ip-lockdown/aws-example/main.tf","sha":"3ef69d2bc78e295c4d25b989d3489b5b47d2cdfe"},{"name":"outputs.tf","path":"examples/ip-lockdown/aws-example/outputs.tf","sha":"a175a78c9a10f9f2fd9d7c84f9b304aebc1bdb41"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/ip-lockdown/aws-example/user-data/user-data.sh","sha":"c6d308027737a434f4c96bc3eba5bd301897af62"}]},{"name":"variables.tf","path":"examples/ip-lockdown/aws-example/variables.tf","sha":"85be46b79dfe349e32974eccdc9c3206211787ac"}]},{"name":"ip-lockdown-sample.json","path":"examples/ip-lockdown/ip-lockdown-sample.json","sha":"b0cae4cdbc52a57e496b925c8532ca8186949291"},{"name":"local-test","children":[{"name":"README.md","path":"examples/ip-lockdown/local-test/README.md","sha":"3f0e1a6483ce3155bb04dbb9a4fd76ed41486d35"},{"name":"docker-compose.yml","path":"examples/ip-lockdown/local-test/docker-compose.yml","sha":"7c8e3a5d1fd40a95ef99b4bba0911c63ed43b530"}]}]},{"name":"kms-grant-multi-region","children":[{"name":"main.tf","path":"examples/kms-grant-multi-region/main.tf","sha":"9b2670e2bb286a42a53e4adbb53294301bae73c9"},{"name":"providers.tf","path":"examples/kms-grant-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/kms-grant-multi-region/variables.tf","sha":"5c82ac63c161e1c7e7191dbb709926da4aebb4d5"}]},{"name":"kms-master-key-multi-region","children":[{"name":"main.tf","path":"examples/kms-master-key-multi-region/main.tf","sha":"1f0ea82d9e79aee33809623ea3028b1a9f7e76a7"},{"name":"outputs.tf","path":"examples/kms-master-key-multi-region/outputs.tf","sha":"c2685a282b5ce295c2dd80a78841711a40e80dcb"},{"name":"providers.tf","path":"examples/kms-master-key-multi-region/providers.tf","sha":"0e26e7fb2c466ef759ad22c39acfcb800a443b7d"},{"name":"variables.tf","path":"examples/kms-master-key-multi-region/variables.tf","sha":"5199b550d4a05ab5920099a9b791a0394c2c1492"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"examples/kms-master-key/README.md","sha":"821565d831f2afcf7a2ffeea9a0854fabdaae033"},{"name":"main.tf","path":"examples/kms-master-key/main.tf","sha":"b578ec3578adbf7a20780e73083972662ccd3127"},{"name":"outputs.tf","path":"examples/kms-master-key/outputs.tf","sha":"4d5fd0a19ea917beff0241f169b51417ff9935b9"},{"name":"variables.tf","path":"examples/kms-master-key/variables.tf","sha":"c1de5a7b1c0859710d1253b61baf86c4564560e3"}]},{"name":"ntp","children":[{"name":"README.md","path":"examples/ntp/README.md","sha":"b676e802c1d196f6af204d14d143b80864bccd30"},{"name":"ntp-example.json","path":"examples/ntp/ntp-example.json","sha":"efbe9df8d7149b6983fb1b02d8cfdcb37f28b5d4"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"examples/os-hardening/README.md","sha":"1e846b7a8c85f76dab7f2db87b30118ba2598b69"},{"name":"packer-build.sh","path":"examples/os-hardening/packer-build.sh","sha":"2c2b5c007ba9024873bfee11292482113a8a2f40"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/os-hardening/terraform/main.tf","sha":"9edbbb38536dbc6284eedd18ca9ebd56b16772b5"},{"name":"outputs.tf","path":"examples/os-hardening/terraform/outputs.tf","sha":"60fa5faaa18d1a146332c851f4a068e2f2785c58"},{"name":"packer","children":[{"name":"amazon-linux.json","path":"examples/os-hardening/terraform/packer/amazon-linux.json","sha":"9cb139394ce9f295e6ed47742eab12d4c99c15cf"},{"name":"files","children":[{"name":"etc","children":[{"name":"fstab","path":"examples/os-hardening/terraform/packer/files/etc/fstab","sha":"cbf68cec68a92bc54f514dd0d6906f19cea857e6"}]}]}]},{"name":"variables.tf","path":"examples/os-hardening/terraform/variables.tf","sha":"3166fe1f2f6f281a2b1e8b0c7b20238fed614ac7"}]}]},{"name":"private-s3-bucket-with-replication","children":[{"name":"README.md","path":"examples/private-s3-bucket-with-replication/README.md","sha":"8e47c9c013750aab08f8200383a9a468af233816"},{"name":"main.tf","path":"examples/private-s3-bucket-with-replication/main.tf","sha":"450dc89707836cc0326a8790400f807802b0ea58"},{"name":"outputs.tf","path":"examples/private-s3-bucket-with-replication/outputs.tf","sha":"e0ca6c1c51d90124a0f6aa588f2286106766f7e7"},{"name":"variables.tf","path":"examples/private-s3-bucket-with-replication/variables.tf","sha":"4ba072428192f007a6511ee27aadfc49d9da9bb2"}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"examples/private-s3-bucket/README.md","sha":"5214e6225de5e051cb2842fa2eb6e04a92184a10"},{"name":"main.tf","path":"examples/private-s3-bucket/main.tf","sha":"9ded8a8f9aec0551c23e317abe7562867df28cce"},{"name":"outputs.tf","path":"examples/private-s3-bucket/outputs.tf","sha":"efddeeb33901e91f4f28a438afb3455f2cca5e18"},{"name":"variables.tf","path":"examples/private-s3-bucket/variables.tf","sha":"ce9cb926cc79a19e527ec6b6b8f918232dad4168"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"examples/saml-iam-roles/README.md","sha":"b4ef2b28d5704aec892ea54cc28a61fbb46378c9"},{"name":"main.tf","path":"examples/saml-iam-roles/main.tf","sha":"725f640fc72010e545cf04600d3a8d8f45ec2c64"},{"name":"outputs.tf","path":"examples/saml-iam-roles/outputs.tf","sha":"1bd4fec9529cddfd2d3f61bba60f9dfb8b286c70"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"variables.tf","path":"examples/saml-iam-roles/variables.tf","sha":"28705aa859940aa4b8027a19fe0b5b4affba939e"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"README.md","path":"examples/secrets-manager-resource-policies/README.md","sha":"289a83c28bd9142fc7bbb4e603a4b25b4c9c1b98"},{"name":"main.tf","path":"examples/secrets-manager-resource-policies/main.tf","sha":"a74caebb4e80971bd66f94479fd1c883170780e3"},{"name":"variables.tf","path":"examples/secrets-manager-resource-policies/variables.tf","sha":"d6f5c45fbc2173475cec7c4e77ac8f5caed4dc27"}]},{"name":"ssh-grunt","children":[{"name":"iam","children":[{"name":"README.md","path":"examples/ssh-grunt/iam/README.md","sha":"b1ae6d51c6f6d3eeb7df2b51dab8d0d238f53132"},{"name":"main.tf","path":"examples/ssh-grunt/iam/main.tf","sha":"c565dc5967d584f32c1ca070086c57d8d62b9b71"},{"name":"outputs.tf","path":"examples/ssh-grunt/iam/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"variables.tf","path":"examples/ssh-grunt/iam/variables.tf","sha":"a81647a7dff82c3ffaf849bba4883d8a518f9b69"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/ssh-grunt/packer/README.md","sha":"b44b220f168e6e682bbf5f68065b8269a706fca5"},{"name":"build-binary.sh","path":"examples/ssh-grunt/packer/build-binary.sh","sha":"fe84ead78eb3e87e4855272f28c83d681c58ffff"},{"name":"ssh-grunt-iam.json","path":"examples/ssh-grunt/packer/ssh-grunt-iam.json","sha":"7a00aa1fc2867994281c8046ad31da19c5bde78d"}]}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"examples/ssm-healthchecks-iam-permissions/README.md","sha":"f1fe555a3aff887a966def0a1d3ccaff3dd826e7"},{"name":"main.tf","path":"examples/ssm-healthchecks-iam-permissions/main.tf","sha":"269701289f3e73e77fc98c035c714ef8eb1e352b"},{"name":"outputs.tf","path":"examples/ssm-healthchecks-iam-permissions/outputs.tf","sha":"52688c3a4f1f8349500505fb8949fa0d21c385a3"},{"name":"variables.tf","path":"examples/ssm-healthchecks-iam-permissions/variables.tf","sha":"217574c100974ae601b2a1478e0ac183d351d4a0"}]}]},{"name":"modules","children":[{"name":"_deprecated","children":[{"name":"account-baseline-app","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-app/README.md","sha":"289d35b15becbf5164ee355fecd892edf12c60bc"}]},{"name":"account-baseline-root","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-root/README.md","sha":"0ac4e867ee61387b76475d7eb36bba673a30fd76"}]},{"name":"account-baseline-security","children":[{"name":"README.md","path":"modules/_deprecated/account-baseline-security/README.md","sha":"ace992c3b31b9320aa1d559bbde597cc945c4430"}]},{"name":"custom-iam-group","children":[{"name":"README.md","path":"modules/_deprecated/custom-iam-group/README.md","sha":"e7a0ff783eb1052aa77fe50d7eaa6a06d2d82649"}]}]},{"name":"auto-update","children":[{"name":"README.adoc","path":"modules/auto-update/README.adoc","sha":"1e193ac18cb6a1863518b95d621a7802b09c1fab"},{"name":"core-concepts.md","path":"modules/auto-update/core-concepts.md","sha":"0e4dd35dc4b7320764f203b5cc91e55ecaa9b0be"},{"name":"install-scripts","children":[{"name":"configure-auto-update","path":"modules/auto-update/install-scripts/configure-auto-update","sha":"9557efec90bf62cbcd0360198ec2bf984a8a873b"},{"name":"unattended_upgrades_config.txt","path":"modules/auto-update/install-scripts/unattended_upgrades_config.txt","sha":"abe88fd8a5037ce518bec69a6cac0699cb421d47"},{"name":"yum_cron_config.txt","path":"modules/auto-update/install-scripts/yum_cron_config.txt","sha":"e7ef4273f1b2af0c9c032fadaacd03130ba5ea78"}]},{"name":"install.sh","path":"modules/auto-update/install.sh","sha":"7c19fd0d04b11c358af64149b3169d6b2c5e3b58"}]},{"name":"aws-auth","children":[{"name":"AWS-AUTH-1PASSWORD.md","path":"modules/aws-auth/AWS-AUTH-1PASSWORD.md","sha":"d7a63db66ddf11b485a2850069d52edf6bea37eb"},{"name":"AWS-AUTH-LASTPASS.md","path":"modules/aws-auth/AWS-AUTH-LASTPASS.md","sha":"d9b65d95892c1e2275894eb2ca3dd8f334a3a8b8"},{"name":"README.md","path":"modules/aws-auth/README.md","sha":"10f5164db2016bda84383b598e0262a188a39599"},{"name":"bin","children":[{"name":"aws-auth","path":"modules/aws-auth/bin/aws-auth","sha":"85039ffd1720f9b93a34e8998852bdd3b9502bcc"}]},{"name":"install.sh","path":"modules/aws-auth/install.sh","sha":"ab9611d92d6822ceed981bdff3766724366037f0"}]},{"name":"aws-config-bucket","children":[{"name":"README.md","path":"modules/aws-config-bucket/README.md","sha":"2988d934e16617289522a4ea711ee07589ce96d7"},{"name":"main.tf","path":"modules/aws-config-bucket/main.tf","sha":"3add7ba40dc74f31bfdaa0ffe7859bdeed7f3bcb"},{"name":"outputs.tf","path":"modules/aws-config-bucket/outputs.tf","sha":"8ac7ab1c4c5ded586bee63ce460b25cd60eb4a18"},{"name":"variables.tf","path":"modules/aws-config-bucket/variables.tf","sha":"ba6b30c18ca75ab991f42abb845ef89af8e9cb6e"}]},{"name":"aws-config-multi-region","children":[{"name":"README.adoc","path":"modules/aws-config-multi-region/README.adoc","sha":"dc4b0dc89afdd92984fceca74f2c2e087645d019"},{"name":"core-concepts.md","path":"modules/aws-config-multi-region/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"main.tf","path":"modules/aws-config-multi-region/main.tf","sha":"d7ac1d3264074d426ae6685031b5b7611b449e48"},{"name":"outputs.tf","path":"modules/aws-config-multi-region/outputs.tf","sha":"e076d643a4e3e28452332f7cc20ae6667b6cb6ac"},{"name":"variables.autogen.tf","path":"modules/aws-config-multi-region/variables.autogen.tf","sha":"3ea138065b8386950e13b049c9532d185c145f76"},{"name":"variables.tf","path":"modules/aws-config-multi-region/variables.tf","sha":"5d33ad42f818f943993986c0c3bb964eee84f9ba"}]},{"name":"aws-config-rules","children":[{"name":"README.adoc","path":"modules/aws-config-rules/README.adoc","sha":"2b550ac006ee6189aef5221748d03339bcf9806e"},{"name":"core-concepts.md","path":"modules/aws-config-rules/core-concepts.md","sha":"af111230b6262be339d220c7b2308493781fef49","toggled":true},{"name":"main.tf","path":"modules/aws-config-rules/main.tf","sha":"b5b25b8a6e7bc7a70c5e87d3a6e2ef223171e60d"},{"name":"outputs.tf","path":"modules/aws-config-rules/outputs.tf","sha":"c297ad118d46f79f286d6577770ab46e59555ccb"},{"name":"variables.tf","path":"modules/aws-config-rules/variables.tf","sha":"e0645e3cfa20c357ae31401a32b7ea2d81d30d5b"}],"toggled":true},{"name":"aws-config","children":[{"name":"README.adoc","path":"modules/aws-config/README.adoc","sha":"191a82102e5fc9778d777052fc9efd616ddeb9db"},{"name":"core-concepts.md","path":"modules/aws-config/core-concepts.md","sha":"e5a7b8646bab42398ff7f5224549e528ce8c0d52"},{"name":"main.tf","path":"modules/aws-config/main.tf","sha":"2ef8fad8fd327c5494fa016439e3bd173249f2ca"},{"name":"outputs.tf","path":"modules/aws-config/outputs.tf","sha":"bcd505e4ac4102bc09750adb36c99398a06eb1a6"},{"name":"variables.tf","path":"modules/aws-config/variables.tf","sha":"d7a45f6dda0ca5edb7550a280fda29b5d6d97a39"}]},{"name":"aws-organizations","children":[{"name":"README.adoc","path":"modules/aws-organizations/README.adoc","sha":"52cda8fa0eaa15b00e5f389ba9dfb73a1f3c9d56"},{"name":"core-concepts.md","path":"modules/aws-organizations/core-concepts.md","sha":"8766c8f36eef9e8992bf13a44f6571261c43995d"},{"name":"main.tf","path":"modules/aws-organizations/main.tf","sha":"f4bff4da26d9be496b792a85b9587081a6eb3794"},{"name":"outputs.tf","path":"modules/aws-organizations/outputs.tf","sha":"feed57b33ab7eb9b100712647942f1a8d7245b3d"},{"name":"variables.tf","path":"modules/aws-organizations/variables.tf","sha":"cf9e1673e458c5c7644b1e94e128eddb6feca0d3"}]},{"name":"cloudtrail-bucket","children":[{"name":"README.md","path":"modules/cloudtrail-bucket/README.md","sha":"acc86c32958e8f6d90944e714a7731a82f404c82"},{"name":"main.tf","path":"modules/cloudtrail-bucket/main.tf","sha":"359b223a8cf8634ab049247d735616c870ecfc9a"},{"name":"outputs.tf","path":"modules/cloudtrail-bucket/outputs.tf","sha":"1e560e9b0cc1c8f40e81d5fe8bbbf1c03258fdae"},{"name":"variables.tf","path":"modules/cloudtrail-bucket/variables.tf","sha":"f19a90d0974a3babe235277112e6fcf63164d575"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"b3090f9aa7b062f2028af50c3da17a3293ef3cd2"},{"name":"core-concepts.md","path":"modules/cloudtrail/core-concepts.md","sha":"debe79403a177aaf1de5396c85213652dbc85481"},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"ed48d43da81d70c3ed123aaf42b397dce97a4641"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"d161a32bbcd6f824955c273c49ef9e00bcdb57b3"},{"name":"variables.tf","path":"modules/cloudtrail/variables.tf","sha":"db83b06f385c23aee940c5ed2217bc0b2502f15d"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"modules/cross-account-iam-roles/README.md","sha":"3627935a8b6b81efd1bec7cb936de086c2e4b300"},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"4ebec6cc604e3fea5e092d58a0cc104cda869d94"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"e8e61a415e0ef8c02281d531485688d2e2fd51e9"},{"name":"variables.tf","path":"modules/cross-account-iam-roles/variables.tf","sha":"61652a91bbd09909cf06eb485e029532e8f82c66"}]},{"name":"custom-iam-entity","children":[{"name":"CHANGELOG.md","path":"modules/custom-iam-entity/CHANGELOG.md","sha":"8d18bfbce660ba51189a2f4f06207038d4aa6f74"},{"name":"README.md","path":"modules/custom-iam-entity/README.md","sha":"a4dedbd0cbaad6561eaf42774054c4c640cbb478"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"71605479a558f3fd62b0e58bff1ebda19b1d7cf6"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"b94249803e78991682b8542d8f39e5a728432b97"},{"name":"variables.tf","path":"modules/custom-iam-entity/variables.tf","sha":"a9dc17f7ccdf58c57aaee13764304504c6cd4055"}]},{"name":"ebs-encryption-multi-region","children":[{"name":"README.adoc","path":"modules/ebs-encryption-multi-region/README.adoc","sha":"86b31069c9627391411f7b6cceed08e813a7a37e"},{"name":"main.tf","path":"modules/ebs-encryption-multi-region/main.tf","sha":"8f74a90b006638b657187845e84becc63546cfee"},{"name":"outputs.tf","path":"modules/ebs-encryption-multi-region/outputs.tf","sha":"0263a12a0cf37116db77ec5ac43667a76bac0706"},{"name":"variables.autogen.tf","path":"modules/ebs-encryption-multi-region/variables.autogen.tf","sha":"e016bd3d20f933e3b802d5facfd9665055f5140b"},{"name":"variables.tf","path":"modules/ebs-encryption-multi-region/variables.tf","sha":"4bb22b9bb519462a429baea8ffea9d1a3991be26"}]},{"name":"ebs-encryption","children":[{"name":"README.md","path":"modules/ebs-encryption/README.md","sha":"f9f23a71b7725648a9fdc9300de92d38014e6f63"},{"name":"main.tf","path":"modules/ebs-encryption/main.tf","sha":"b2ace130274d8f88ca442288cbfc4386eabc9ce0"},{"name":"outputs.tf","path":"modules/ebs-encryption/outputs.tf","sha":"6caa6eba337ae7aa9ad7db82dbd2cf6223f42cb9"},{"name":"variables.tf","path":"modules/ebs-encryption/variables.tf","sha":"d47c23a0c98c7561fcf0d95fa22fc40b34182bf9"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"modules/fail2ban/README.md","sha":"e4cd7c70b170022b2e306289d4e8b949c58dd6ab"},{"name":"install-scripts","children":[{"name":"cloudwatch-metric.conf","path":"modules/fail2ban/install-scripts/cloudwatch-metric.conf","sha":"b2fb301180aeb253f5168a6fedd3e5c44b6938ff"},{"name":"configure-fail2ban","path":"modules/fail2ban/install-scripts/configure-fail2ban","sha":"013f563aaae09316e59eb1682e53738a66aa48d4"},{"name":"fail2ban.local","path":"modules/fail2ban/install-scripts/fail2ban.local","sha":"ea80bf8058a1f9bb1a80a59031981b2a37445750"},{"name":"filters.sshd.amazon.conf","path":"modules/fail2ban/install-scripts/filters.sshd.amazon.conf","sha":"093bb1baf88a1e283a43b7dd7d04c64992abecc6"},{"name":"jail.amazon.local","path":"modules/fail2ban/install-scripts/jail.amazon.local","sha":"1284b66ca5a007b77a40c27b66662425e7fe8c91"},{"name":"jail.amazon2.local","path":"modules/fail2ban/install-scripts/jail.amazon2.local","sha":"8f0285c493c406aa0db98f40b8bf9aa238f52353"},{"name":"jail.ubuntu.local","path":"modules/fail2ban/install-scripts/jail.ubuntu.local","sha":"b3485d20a2b1fad7949167d30eff2b4caf357d81"}]},{"name":"install.sh","path":"modules/fail2ban/install.sh","sha":"8f7b536f08506dabc2f6beb6cd5a50f7282168aa"},{"name":"user-data-scripts","children":[{"name":"configure-fail2ban-cloudwatch.sh","path":"modules/fail2ban/user-data-scripts/configure-fail2ban-cloudwatch.sh","sha":"5c112c70c078b769f3ae31e71334499d0e5be64a"}]}]},{"name":"github-actions-iam-role","children":[{"name":"README.md","path":"modules/github-actions-iam-role/README.md","sha":"295142b48d9430e2579c234a2f385405fcb079de"},{"name":"main.tf","path":"modules/github-actions-iam-role/main.tf","sha":"39e82c59b82965054bd95cce7383732f0f1b7f45"},{"name":"outputs.tf","path":"modules/github-actions-iam-role/outputs.tf","sha":"250c983710c438ae022187a43f73f1f9fec00b61"},{"name":"variables.tf","path":"modules/github-actions-iam-role/variables.tf","sha":"98260465fbb8e2188739b4114c997079763adc3a"}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"modules/guardduty-multi-region/README.adoc","sha":"692d7135fa34922062bfa772b405afc21b3c6ea7"},{"name":"main.tf","path":"modules/guardduty-multi-region/main.tf","sha":"a18ffe91e1f17be889c313156f6da3248b2e118b"},{"name":"outputs.tf","path":"modules/guardduty-multi-region/outputs.tf","sha":"0c2d2b518a4a61c71785a136187708e76d5b6bf8"},{"name":"variables.autogen.tf","path":"modules/guardduty-multi-region/variables.autogen.tf","sha":"05bf9410cb4878450e9e67b90b202437a7458a04"},{"name":"variables.tf","path":"modules/guardduty-multi-region/variables.tf","sha":"1487cf2e1ebd7ae87152a0b40ffa9f2c27271557"}]},{"name":"guardduty","children":[{"name":"README.adoc","path":"modules/guardduty/README.adoc","sha":"940d62d35069bdda503cac175a01bd1743f53494"},{"name":"core-concepts.md","path":"modules/guardduty/core-concepts.md","sha":"df82af9ce24cd9d73e4ca09688bf35a66d38c91a"},{"name":"main.tf","path":"modules/guardduty/main.tf","sha":"1a2bf29491c9f2576e811ed7a7d27fc09faf19b9"},{"name":"outputs.tf","path":"modules/guardduty/outputs.tf","sha":"0fd6fdc76d8bc1bb4c544028c802248999d309f7"},{"name":"variables.tf","path":"modules/guardduty/variables.tf","sha":"953e1812c1c6c110beb1d7c5d38093d9f82a27bb"}]},{"name":"iam-access-analyzer-multi-region","children":[{"name":"README.adoc","path":"modules/iam-access-analyzer-multi-region/README.adoc","sha":"d87068a71e5a6149ba32dcc1ba33070d8b83aeaa"},{"name":"core-concepts.md","path":"modules/iam-access-analyzer-multi-region/core-concepts.md","sha":"6bbaac3d7e62744e3fe3f511cd4ae78b212d08a8"},{"name":"main.tf","path":"modules/iam-access-analyzer-multi-region/main.tf","sha":"6e5bd96f790c2c79852e70d2adc4ee20449cc7ae"},{"name":"outputs.tf","path":"modules/iam-access-analyzer-multi-region/outputs.tf","sha":"0a4379e38beae72541e7e975f297584db7e98b04"},{"name":"variables.autogen.tf","path":"modules/iam-access-analyzer-multi-region/variables.autogen.tf","sha":"5fe91b51970b05ebc2fdbf4542a806e8c3f792f4"},{"name":"variables.tf","path":"modules/iam-access-analyzer-multi-region/variables.tf","sha":"6e8d81aac5af0cba584e6d0884e03cfbc23ba07f"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"modules/iam-groups/README.md","sha":"07820342d38caf90b08a1ff0df904298ed132c8f"},{"name":"_docs","children":[{"name":"iam-user-access-to-billing.png","path":"modules/iam-groups/_docs/iam-user-access-to-billing.png","sha":"063f6cf8dc766b4d44942de89660e8ab9e1f3d63"},{"name":"my-account.png","path":"modules/iam-groups/_docs/my-account.png","sha":"387320200ed756ce4191afef87f0ab76e2c3d89a"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"8edf7da9faa75c2346ff19d03eccd8312ca276da"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"818827357183cb06f399732996c17f98cb3c0527"},{"name":"variables.tf","path":"modules/iam-groups/variables.tf","sha":"ec81e26ef6927ebb867b543acbcceaa9d618be7c"}]},{"name":"iam-policies","children":[{"name":"README.md","path":"modules/iam-policies/README.md","sha":"51835e5cd588f45a050c140c990cc8f04ff7a647"},{"name":"main.tf","path":"modules/iam-policies/main.tf","sha":"5fc5a8ae541a360c559b34113448d08f5af3f8ef"},{"name":"outputs.tf","path":"modules/iam-policies/outputs.tf","sha":"cf0adeec7cd62eb097ed0568facde92f9882b0cf"},{"name":"variables.tf","path":"modules/iam-policies/variables.tf","sha":"6d50aa3e0d8289848c7eee0739a130dfd8e97aee"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"modules/iam-user-password-policy/README.md","sha":"5bea6ba56fc796be5b860549156a3a251735fc2a"},{"name":"main.tf","path":"modules/iam-user-password-policy/main.tf","sha":"a5c4546bbfdc4d7e989ccf50ccf958c88bb96345"},{"name":"outputs.tf","path":"modules/iam-user-password-policy/outputs.tf","sha":"825547bd9d41fed1cc1b3506c17f81c48b1bfd1a"},{"name":"variables.tf","path":"modules/iam-user-password-policy/variables.tf","sha":"568582c249e3cfd7899ea23b8b58e43328c9d100"}]},{"name":"iam-users","children":[{"name":"README.md","path":"modules/iam-users/README.md","sha":"ea820bd205fdb8ca28bb0e2eccc29700b99a2b94"},{"name":"main.tf","path":"modules/iam-users/main.tf","sha":"9849c627aad5a685f9da52a39d6ddc383ca981da"},{"name":"outputs.tf","path":"modules/iam-users/outputs.tf","sha":"b319eacce6916f4904b15d8ff5ea5be09afc29e2"},{"name":"variables.tf","path":"modules/iam-users/variables.tf","sha":"892e7b2aaa5179e83a5e3126dbf2551fd421b133"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"modules/ip-lockdown/README.md","sha":"7ec92da38b5b06af9e61ab164bb6b4b0470ed92a"},{"name":"install.sh","path":"modules/ip-lockdown/install.sh","sha":"ce61af763bee9ad29754220ae24521f22c3a956f"},{"name":"ip-lockdown","path":"modules/ip-lockdown/ip-lockdown","sha":"93a0e1f5876e7de5778c595e8801d64986cb118b"}]},{"name":"kms-cmk-replica","children":[{"name":"README.md","path":"modules/kms-cmk-replica/README.md","sha":"9e9827df4990a6967edbcab6f35214ba229d7b18"},{"name":"main.tf","path":"modules/kms-cmk-replica/main.tf","sha":"5e54d52c68e26bdd34ec662ae8e9079640997ddc"},{"name":"outputs.tf","path":"modules/kms-cmk-replica/outputs.tf","sha":"28066251cbac14ae30a24d83f4ab38a550ce08ba"},{"name":"variables.tf","path":"modules/kms-cmk-replica/variables.tf","sha":"3de5459e12a3fc271230c8be243dbdbb9c6ded47"}]},{"name":"kms-grant-multi-region","children":[{"name":"README.adoc","path":"modules/kms-grant-multi-region/README.adoc","sha":"7c33dc779f289c34d0c72ecce7a4a60d99c38098"},{"name":"core-concepts.md","path":"modules/kms-grant-multi-region/core-concepts.md","sha":"3eb1725fa927a84cc2a0341335d150bf5c6e70f5"},{"name":"main.tf","path":"modules/kms-grant-multi-region/main.tf","sha":"0738f7e7eb923d17ec0d06f4a084b391266328f0"},{"name":"outputs.tf","path":"modules/kms-grant-multi-region/outputs.tf","sha":"b9d84078afacb154536292bddba4afbd6c9158c2"},{"name":"variables.autogen.tf","path":"modules/kms-grant-multi-region/variables.autogen.tf","sha":"185d6c42c1ab4843292b2c911e057303ae971739"},{"name":"variables.tf","path":"modules/kms-grant-multi-region/variables.tf","sha":"505b2d0cb9ecf78f0364e845cab72bf0c28365d5"}]},{"name":"kms-master-key-multi-region","children":[{"name":"README.adoc","path":"modules/kms-master-key-multi-region/README.adoc","sha":"75402e428cc30fee27dc5dd469788cf1d71320eb"},{"name":"core-concepts.md","path":"modules/kms-master-key-multi-region/core-concepts.md","sha":"8ba58b9a40c3aad18e2b804f53c6439b549b756d"},{"name":"main.tf","path":"modules/kms-master-key-multi-region/main.tf","sha":"f985176537beed7d9ce1f5672f081dd796f4286d"},{"name":"outputs.tf","path":"modules/kms-master-key-multi-region/outputs.tf","sha":"a47481aa5718ff67a44b86192edf897c160e06ed"},{"name":"variables.autogen.tf","path":"modules/kms-master-key-multi-region/variables.autogen.tf","sha":"fd024d55097a7eee5fbb6ffc65b376fbdfe57c89"},{"name":"variables.tf","path":"modules/kms-master-key-multi-region/variables.tf","sha":"b1740fb059927c65f7afd76f902ba616a921a138"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"modules/kms-master-key/README.md","sha":"1b43a005494f12b05551adb020a31726f28e10d3"},{"name":"main.tf","path":"modules/kms-master-key/main.tf","sha":"02fd3d518aec1e50aecd7686754c76b8efdd5e86"},{"name":"outputs.tf","path":"modules/kms-master-key/outputs.tf","sha":"4d0dbba81e8186243d96a8325a5f643d87543451"},{"name":"variables.tf","path":"modules/kms-master-key/variables.tf","sha":"ec5e19663b361ef9f58448b5b8ae1911073c0881"}]},{"name":"ntp","children":[{"name":"README.md","path":"modules/ntp/README.md","sha":"616dec4cceb83cd76898863034d920ce276b5ff4"},{"name":"install.sh","path":"modules/ntp/install.sh","sha":"8ccf8e07fb25ecad451a3cff264f08774fad7c38"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"modules/os-hardening/README.md","sha":"3e864b0e9208eb6809adf41968c51e02fc233ee1"},{"name":"_docs","children":[{"name":"Helpful Email.md","path":"modules/os-hardening/_docs/Helpful Email.md","sha":"246a0b80b29f5ff3d2b2f4c5c170fc927e2d9dd7"}]},{"name":"ami-builder","children":[{"name":"files","children":[{"name":"user-data.sh.template","path":"modules/os-hardening/ami-builder/files/user-data.sh.template","sha":"4a3c87a19e1a4caa20b9b425b2a02101566d1166"}]},{"name":"main.tf","path":"modules/os-hardening/ami-builder/main.tf","sha":"210a173cb935493f032048581cdaf860b3d6a512"},{"name":"outputs.tf","path":"modules/os-hardening/ami-builder/outputs.tf","sha":"8ce2ee598124ca50dd530a33aa60f5d1452a4a2b"},{"name":"variables.tf","path":"modules/os-hardening/ami-builder/variables.tf","sha":"d760f34eeae322790865c1cb30dfe20d0225328f"}]},{"name":"partition-scripts","children":[{"name":"README.md","path":"modules/os-hardening/partition-scripts/README.md","sha":"b55df29c7a3d6dc3ecbbbfe4ab4b8749f053f00b"},{"name":"bin","children":[{"name":"cleanup-volume","path":"modules/os-hardening/partition-scripts/bin/cleanup-volume","sha":"c7cbf3ecebd915235238557d27a1ce25e6fc10fa"},{"name":"partition-volume","path":"modules/os-hardening/partition-scripts/bin/partition-volume","sha":"f4f8566a1ef6aa4ff0c0268bd28721488aa6dfc4"}]},{"name":"install.sh","path":"modules/os-hardening/partition-scripts/install.sh","sha":"606776c068260836e8612a681ff4e3edc8abdb41"}]}]},{"name":"private-s3-bucket","children":[{"name":"README.md","path":"modules/private-s3-bucket/README.md","sha":"cd44b2d3e4627ff00fffd217bd3ec36341a72a36"},{"name":"main.tf","path":"modules/private-s3-bucket/main.tf","sha":"528b1544233a64fa6a9aa902c37b36c4d808ba95"},{"name":"mfa-delete-script","children":[{"name":"mfa-delete.sh","path":"modules/private-s3-bucket/mfa-delete-script/mfa-delete.sh","sha":"7dbcc65412467a036756562024cfc84ad128b215"}]},{"name":"outputs.tf","path":"modules/private-s3-bucket/outputs.tf","sha":"7cc62490168e4abb2ce816d74ba9b1a8153cf3b0"},{"name":"variables.tf","path":"modules/private-s3-bucket/variables.tf","sha":"38f7b68b55878b0c2d55da808ae1f4af3434697e"}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"modules/saml-iam-roles/README.md","sha":"5ebc8c20f781a0f0b5654decdcf9bd607fee65b3"},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"e9e43297457fc0f201cbd9f879190b24f7b01268"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"c579901907b216c55e4c815d28f0a22171a960e6"},{"name":"variables.tf","path":"modules/saml-iam-roles/variables.tf","sha":"1f3f26ade9fd75d8e66ba12649f45d075b5e0f2b"}]},{"name":"secrets-manager-resource-policies","children":[{"name":"CHANGELOG.md","path":"modules/secrets-manager-resource-policies/CHANGELOG.md","sha":"087c0595a83e6c4247eda0100f789b8d522bf0c0"},{"name":"README.md","path":"modules/secrets-manager-resource-policies/README.md","sha":"b894ce3171c28ae91acbfe6bdcec35615c599bbb"},{"name":"main.tf","path":"modules/secrets-manager-resource-policies/main.tf","sha":"e063dbabd7d8fec039fd30fef048ba6bcb53a98a"},{"name":"outputs.tf","path":"modules/secrets-manager-resource-policies/outputs.tf","sha":"8b237f325d54b84ac2453e8945f61cdf0d24b41b"},{"name":"variables.tf","path":"modules/secrets-manager-resource-policies/variables.tf","sha":"2b45ef099c805c1265e5dc611c138de4a40141eb"}]},{"name":"ssh-grunt-selinux-policy","children":[{"name":"README.md","path":"modules/ssh-grunt-selinux-policy/README.md","sha":"53f02f57185efebc35d6ebfe156ce73d02a5f112"},{"name":"install.sh","path":"modules/ssh-grunt-selinux-policy/install.sh","sha":"3de871d61a9990e7f2c130f23afaf00daeb6bbef"},{"name":"ssh-grunt.pp","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.pp","sha":"7c7050f812cd0e3cb34e37b88c35fb09f369be7d"},{"name":"ssh-grunt.te","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.te","sha":"3317a71feaa633662a00b1dc05b1176cb85c9793"}]},{"name":"ssh-grunt","children":[{"name":".dockerignore","path":"modules/ssh-grunt/.dockerignore","sha":"a725465aee245635a2bd129af54858ed32c84cb8"},{"name":"Dockerfile","path":"modules/ssh-grunt/Dockerfile","sha":"5624c59e8eed05c95ed74f884a0d020508daf21c"},{"name":"README.adoc","path":"modules/ssh-grunt/README.adoc","sha":"c6bb05207d3884b1e70620408d69175027a7f989"},{"name":"_ci","children":[{"name":"build-and-test.sh","path":"modules/ssh-grunt/_ci/build-and-test.sh","sha":"903993de2d7bcde19d472fa5e510ee862d4b10c3"},{"name":"test.sh","path":"modules/ssh-grunt/_ci/test.sh","sha":"235603944316e81f1da1cc0248b80beecf99cb27"}]},{"name":"_docs","children":[{"name":"houston-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/houston-upload-ssh-key.png","sha":"e32519497262f9796a4ea46c53953923975cbd7d"},{"name":"iam-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/iam-upload-ssh-key.png","sha":"8bb1e793185eb0b4822023552899874394342f21"}]},{"name":"core-concepts.md","path":"modules/ssh-grunt/core-concepts.md","sha":"8c7b359b4fbfd52aa18124efe06f1304edbf2db2"},{"name":"docker-compose.yml","path":"modules/ssh-grunt/docker-compose.yml","sha":"74a2c67f6b9dc838ff3bd9c9c5aa68c813db1f0d"},{"name":"go.mod","path":"modules/ssh-grunt/go.mod","sha":"f6ba5277ec94912ac06a4c0de25ec57c5273a2bc"},{"name":"go.sum","path":"modules/ssh-grunt/go.sum","sha":"3fb7ee290aabdc716f9e233293037bd9fcc32d12"},{"name":"scripts","children":[{"name":"build-linux-binary.sh","path":"modules/ssh-grunt/scripts/build-linux-binary.sh","sha":"2d91cbed3db40f419e6a440ce2735b9d3f2d048b"},{"name":"run.sh","path":"modules/ssh-grunt/scripts/run.sh","sha":"050027e034cd03e53625986eb0f331c043492cf6"}]},{"name":"src","children":[{"name":"cli.go","path":"modules/ssh-grunt/src/cli.go","sha":"bd452b3cd360a5ea07d85c386608b8bfaea8dad7"},{"name":"cli_test.go","path":"modules/ssh-grunt/src/cli_test.go","sha":"4495feee5155a9e1c5dfd973f0a449b8d3764756"},{"name":"collections.go","path":"modules/ssh-grunt/src/collections.go","sha":"aa9b67f00f57088f9bf4e129dcc53003524dd0a7"},{"name":"cron.go","path":"modules/ssh-grunt/src/cron.go","sha":"5087bbffd95b625423d8c9a5a37a12ec8d6b07d7"},{"name":"cron_test.go","path":"modules/ssh-grunt/src/cron_test.go","sha":"dfe543ba69b21fbd24ad026b4c208d4308a743f2"},{"name":"ec2_instance_connect.go","path":"modules/ssh-grunt/src/ec2_instance_connect.go","sha":"99c31ddd2ee34d18dd9e676ec22eef5eebc3187f"},{"name":"errors.go","path":"modules/ssh-grunt/src/errors.go","sha":"1175435b45a980a5ff23dd4bdc880b4d63b24d79"},{"name":"file.go","path":"modules/ssh-grunt/src/file.go","sha":"eb991fd15ac2c3660313e6d4c5669b36ccc9cc21"},{"name":"groups.go","path":"modules/ssh-grunt/src/groups.go","sha":"3e4ecb0ef9ca916e5482e1999b59ceddc4aec077"},{"name":"groups_test.go","path":"modules/ssh-grunt/src/groups_test.go","sha":"b060ded1c37d1b636b7dc59d5071049e640d00e7"},{"name":"iam.go","path":"modules/ssh-grunt/src/iam.go","sha":"dafbc8fbb732d2d6212cade786eb13d7215b9862"},{"name":"iam_test.go","path":"modules/ssh-grunt/src/iam_test.go","sha":"0382c08562fc329876267cf944195f3d8c8738be"},{"name":"logger.go","path":"modules/ssh-grunt/src/logger.go","sha":"93095ba8216709b3178fcc44a76421a765f4e302"},{"name":"main.go","path":"modules/ssh-grunt/src/main.go","sha":"a89d9402d32d371dc9b945ab9c72996808d17b85"},{"name":"shell.go","path":"modules/ssh-grunt/src/shell.go","sha":"7f49eeee4119efde0bd58d7c78fd4ef785dc5f6c"},{"name":"ssh.go","path":"modules/ssh-grunt/src/ssh.go","sha":"17784a1b62fcfc4df6b766bc65f89d53738b9ef2"},{"name":"ssh_test.go","path":"modules/ssh-grunt/src/ssh_test.go","sha":"00dea3ef7d6b6462bc19bcee0207cf24c2dc67b4"},{"name":"string.go","path":"modules/ssh-grunt/src/string.go","sha":"fc61ca9625f9d654c2b3576ff932db1b90ae9dfe"},{"name":"string_test.go","path":"modules/ssh-grunt/src/string_test.go","sha":"752aaaa776d25ff8a3e694588edb3e7c0ce4eb27"},{"name":"sync.go","path":"modules/ssh-grunt/src/sync.go","sha":"6c3d569f1cfa03b87a4292abf2b198d59fb8b17a"},{"name":"sync_test.go","path":"modules/ssh-grunt/src/sync_test.go","sha":"09dd89b492cc7373c49b8b2fc16b17914065340f"},{"name":"url.go","path":"modules/ssh-grunt/src/url.go","sha":"0af5ddc5f3e27af95d6f6ddd41acf0c229962f7f"},{"name":"url_test.go","path":"modules/ssh-grunt/src/url_test.go","sha":"95e062eaaca09900949e0352fffc7b6f9a3524cc"},{"name":"users.go","path":"modules/ssh-grunt/src/users.go","sha":"6c3a8a22006a91656fcc5fd31d684271cdf129e3"},{"name":"users_test.go","path":"modules/ssh-grunt/src/users_test.go","sha":"e695204896bae7436e20a6615a484ae4cc6cf2f7"}]}]},{"name":"ssh-iam","children":[{"name":"README.md","path":"modules/ssh-iam/README.md","sha":"4aa06d6a729e53384b6d2a43c06ee38807092f32"}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"modules/ssm-healthchecks-iam-permissions/README.md","sha":"0a97288d14b005662ae642819eeadb2aaff24534"},{"name":"main.tf","path":"modules/ssm-healthchecks-iam-permissions/main.tf","sha":"664b884793145b1c9f68c1da7a58650ed21dcdb3"},{"name":"variables.tf","path":"modules/ssm-healthchecks-iam-permissions/variables.tf","sha":"36778c58999e05f20468d118f22e8c9d754b1a4d"}]},{"name":"tls-cert-private","children":[{"name":"Dockerfile","path":"modules/tls-cert-private/Dockerfile","sha":"bc6b1c28764936758a47ceedccf790b56200d6cf"},{"name":"README.md","path":"modules/tls-cert-private/README.md","sha":"c6996ec25d7d9b1ab4f79d8164a14e86e1ac844f"},{"name":"docker-compose.yml","path":"modules/tls-cert-private/docker-compose.yml","sha":"f872026e8d51ceaab2e1c11cc9cf9c35ba81f29c"},{"name":"files","children":[{"name":"openssl.cnf","path":"modules/tls-cert-private/files/openssl.cnf","sha":"2542542c80ab180c47d3e0a27dbded65bed572de"}]},{"name":"scripts","children":[{"name":"generate-ca-keypair.sh","path":"modules/tls-cert-private/scripts/generate-ca-keypair.sh","sha":"395ee97c0e499c660efac5c5cf1f79dfcdbb69f8"},{"name":"generate-tls-keypair.sh","path":"modules/tls-cert-private/scripts/generate-tls-keypair.sh","sha":"f1c3577437fd589087704a9c003de416cb87d232"},{"name":"main.sh","path":"modules/tls-cert-private/scripts/main.sh","sha":"dc7af965ffb783bbef449010818e69294fa2ef75"}]}]}],"toggled":true},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"b44e2152ea21d65a8c51bb58321e18ec7527c22e"},{"name":"common","children":[{"name":"test_helpers.go","path":"test/common/test_helpers.go","sha":"aa7ea914a7ee084653fe6c7cbf0149d67db9a20b"}]},{"name":"go.mod","path":"test/go.mod","sha":"997d1624878c65b93b96b856458e7f5c3a7648c7"},{"name":"go.sum","path":"test/go.sum","sha":"9d1b3c898ae1c311f398d6ba069fbebbdc843d01"},{"name":"landingzone","children":[{"name":"aws_config_rules_test.go","path":"test/landingzone/aws_config_rules_test.go","sha":"e198464d094ef43a2ff5dc85da38c6cfc3d92fa8"},{"name":"aws_organizations_test.go","path":"test/landingzone/aws_organizations_test.go","sha":"7f4e93e798860d91f590c22cfa2efde0bf4777ac"},{"name":"ebs_encryption_multi_region_test.go","path":"test/landingzone/ebs_encryption_multi_region_test.go","sha":"4874dd5d974ada36aac6b2a2e462007fd9347ec5"},{"name":"iam_access_analyzer_multiregion_test.go","path":"test/landingzone/iam_access_analyzer_multiregion_test.go","sha":"bc8233bf962282e84b1a3bcf1fc88a0267531e7a"},{"name":"kms_grant_multiregion_test.go","path":"test/landingzone/kms_grant_multiregion_test.go","sha":"dacdaaef67b5b2b849d6c1bc54bccb3f89e1f008"},{"name":"kms_master_key_multiregion_test.go","path":"test/landingzone/kms_master_key_multiregion_test.go","sha":"387a7d882b2ef8a0516f0a6e418209d0fe248e30"},{"name":"test_helpers.go","path":"test/landingzone/test_helpers.go","sha":"36d75ca20f1d1040a91d85c71b2133b92acfab3f"}]},{"name":"landingzone_b","children":[{"name":"aws_config_test.go","path":"test/landingzone_b/aws_config_test.go","sha":"622a46b0733a9018e87642187aa19a10f473b48a"},{"name":"guardduty_test.go","path":"test/landingzone_b/guardduty_test.go","sha":"9de4f1e84d2fccffe4563741fc451d884e6f5146"},{"name":"test_helpers.go","path":"test/landingzone_b/test_helpers.go","sha":"4902f2be91a6c86ce0c8c008b61978c59e1d10c5"}]},{"name":"security","children":[{"name":"auto_update_test.go","path":"test/security/auto_update_test.go","sha":"b0bf3c446844977c5eeec5f43b49de7c6788f47a"},{"name":"cloudtrail_test.go","path":"test/security/cloudtrail_test.go","sha":"e62951f5668848f2c113a1858e73134b62480a42"},{"name":"cross_account_iam_roles_test.go","path":"test/security/cross_account_iam_roles_test.go","sha":"a94c189410e274f96acc0e29d7b9405ceec6bcba"},{"name":"custom_iam_entity_test.go","path":"test/security/custom_iam_entity_test.go","sha":"f0c38f5b0d671fd740e8530b28c94e5fe5219d26"},{"name":"fail2ban_test.go","path":"test/security/fail2ban_test.go","sha":"f7c0abbd85c9cb79f3c3e15fe9abb8fb87906cb6"},{"name":"github_actions_iam_role_test.go","path":"test/security/github_actions_iam_role_test.go","sha":"a9cd953165bb27889ceadbae553aa116ca8cfd08"},{"name":"iam_groups_test.go","path":"test/security/iam_groups_test.go","sha":"ab4f7c03a0490a769e79782cb008d8ffbc9ffa29"},{"name":"iam_ssm_test.go","path":"test/security/iam_ssm_test.go","sha":"28a81aab9873bb6bd02d2f37bdc3ef9c7f27b3c5"},{"name":"iam_user_password_policy_test.go","path":"test/security/iam_user_password_policy_test.go","sha":"5a44f18c469c936fa51b4e9d7911404e1ab76a0f"},{"name":"iam_users_test.go","path":"test/security/iam_users_test.go","sha":"1cd395b72942f05e03959978a72a782d0dd530bd"},{"name":"ip-lockdown-test-scripts","children":[{"name":"allow-several-users.sh","path":"test/security/ip-lockdown-test-scripts/allow-several-users.sh","sha":"2f75dbe0880ed0907b43db58b6ac030a0d0e9bd4"},{"name":"common.sh","path":"test/security/ip-lockdown-test-scripts/common.sh","sha":"cdfe11aca76607a4feaf254a394f32273b738c5c"},{"name":"index.html","path":"test/security/ip-lockdown-test-scripts/index.html","sha":"557db03de997c86a4a028e1ebd3a1ceb225be238"},{"name":"restrict-all-users.sh","path":"test/security/ip-lockdown-test-scripts/restrict-all-users.sh","sha":"a37c1ffc90f2532e7cc3f9f5a859b75c98661dc6"},{"name":"restrict-one-user.sh","path":"test/security/ip-lockdown-test-scripts/restrict-one-user.sh","sha":"4214e1c15102f4568d1e995aa82add46ee430237"},{"name":"sanity-check.sh","path":"test/security/ip-lockdown-test-scripts/sanity-check.sh","sha":"542ed72f4f0952ace67c9cbf2e5ac07e81e6870c"}]},{"name":"ip_lockdown_test.go","path":"test/security/ip_lockdown_test.go","sha":"b10a13dd3b741b5488985cc2722053dac5383589"},{"name":"kms_master_key_test.go","path":"test/security/kms_master_key_test.go","sha":"751dfa23eaa391b567f023c6d1a12a4400a55c28"},{"name":"ntp_test.go","path":"test/security/ntp_test.go","sha":"372edab033e653c151b1c2e3b10d9bc13229515c"},{"name":"os_hardening_test.go","path":"test/security/os_hardening_test.go","sha":"ced303f74cd6908bbd8837cc99f317293707ab30"},{"name":"private_s3_bucket_test.go","path":"test/security/private_s3_bucket_test.go","sha":"677eabc59ad7faa3dd04d0fa7ecb78c1967cded8"},{"name":"saml_iam_roles_test.go","path":"test/security/saml_iam_roles_test.go","sha":"efbe2f3e6e9b0da73d1fb58fccc5f5fc1427a61f"},{"name":"secrets_manager_resource_policies_test.go","path":"test/security/secrets_manager_resource_policies_test.go","sha":"07f69b66238517d1f8af61eb9751248372997b70"},{"name":"ssh_grunt_iam_test.go","path":"test/security/ssh_grunt_iam_test.go","sha":"bd1cb7edcd651620fa2187f468b1436ef9f20d6e"},{"name":"test_helpers.go","path":"test/security/test_helpers.go","sha":"e85e81af0d5954a267341ddd8677beffa84770b1"},{"name":"test_helpers_aws_auth.go","path":"test/security/test_helpers_aws_auth.go","sha":"461efcc040ff5024b9fa0762ffcde92081fac163"},{"name":"tls_cert_private_test.go","path":"test/security/tls_cert_private_test.go","sha":"70b2c873f20876497b4a1a0a030871e037dca995"}]},{"name":"upgrades","children":[{"name":"upgrade_test.go","path":"test/upgrades/upgrade_test.go","sha":"f2dc2c8f7dbb0befddc90bee2f602ecb657ecbac"}]},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"53877e64494aad3d4063e01c8009eee731e667c3"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"aws-organizations-config-rules-core-concepts\">AWS Organizations Config Rules Core Concepts</h1><div class=\"preview__body--border\"></div><h2 class=\"preview__body--subtitle\" id=\"background\">Background</h2>\n<h3 class=\"preview__body--subtitle\" id=\"what-are-managed-config-rules\">What are Managed Config Rules?</h3>\n<p>AWS Config provides <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html\" class=\"preview__body--description--blue\" target=\"_blank\">AWS managed rules</a>,\nwhich are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.</p>\n<h3 class=\"preview__body--subtitle\" id=\"how-do-organization-level-config-rules-compare-to-account-level-config-rules\">How do Organization-Level Config Rules Compare to Account-Level Config Rules?</h3>\n<p>You can apply exactly the same Config Rules at either the organization-level or account-level. By default, this module\napplies rules at the organization level, but you can switch to account-level rules by setting <code>create_account_rules</code>\nto <code>true</code>.</p>\n<p>Here is how organization-level and account-level rules compare:</p>\n<table>\n<thead>\n<tr>\n<th></th>\n<th>Organization-Level Rules</th>\n<th>Account-Level Rules</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Accounts</td>\n<td>Applied solely in the root account.</td>\n<td>Must be applied separately in every single account. Note that if you're already applying security baselines to every account (e.g., using if you're managing everything as code the <a href=\"/repos/v0.63.1/module-security/modules/account-baseline-root\" class=\"preview__body--description--blue\">account-baseline-root</a>, [account-baseline-security] (/modules/account-baseline-security), and <a href=\"/repos/v0.63.1/module-security/modules/account-baseline-app\" class=\"preview__body--description--blue\">account-baseline-app</a> modules) there isn't much extra overhead to this.</td>\n</tr>\n<tr>\n<td>Governance</td>\n<td>Users in child accounts can add additional Config Rules but no one in a child account can remove or modify organization-level rules applied in the root account.</td>\n<td>Users with sufficient permissions can add, modify, or remove account-level rules in their own account.</td>\n</tr>\n<tr>\n<td>Chicken-and-egg problem</td>\n<td>The way organization-level Config Rules are managed in Terraform creates a chicken-and-egg problem: the rules will cause an error unless every single child account has a Config Recorder set up, but if you're creating a brand new child account, it can't possibly already have a Config Recorder. This means that creating child accounts becomes a multi-step process where you have to explicitly exclude the new child account from Config Rules when first creating it, then create a Config Recorder in the child account, and then go back to root to re-enable the Config Rules for that account.</td>\n<td>Account-level rules do not have the chicken-and-egg problem.</td>\n</tr>\n</tbody>\n</table>\n<p>The chicken-and-egg problem leads to a brittle and error-prone deployment process that makes creating new child\naccounts much harder, which is why the <a href=\"/repos/v0.63.1/module-security/modules/account-baseline-root\" class=\"preview__body--description--blue\">account-baseline-root module</a> uses account-level\nrules instead.</p>\n<h2 class=\"preview__body--subtitle\" id=\"what-resources-does-this-module-create\">What resources does this module create?</h2>\n<p>This module creates the following AWS Config Managed Rules:</p>\n<ul>\n<li><strong><a href=\"https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html\" class=\"preview__body--description--blue\" target=\"_blank\">encrypted-volumes</a>:</strong> Checks whether the EBS volumes that are in an attached state are encrypted.</li>\n<li><strong><a href=\"https://docs.aws.amazon.com/config/latest/developerguide/rds-storage-encrypted.html\" class=\"preview__body--description--blue\" target=\"_blank\">rds-storage-encrypted</a>:</strong> Checks whether storage encryption is enabled for your RDS DB instances.</li>\n<li><strong><a href=\"https://docs.aws.amazon.com/config/latest/developerguide/iam-password-policy.html\" class=\"preview__body--description--blue\" target=\"_blank\">iam-password-policy</a>:</strong> Checks whether the account password policy for IAM users meets the specified requirements.</li>\n<li><strong><a href=\"https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html\" class=\"preview__body--description--blue\" target=\"_blank\">s3-bucket-public-read-prohibited</a>:</strong> Checks that your Amazon S3 buckets do not allow public read access.</li>\n<li><strong><a href=\"https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-write-prohibited.html\" class=\"preview__body--description--blue\" target=\"_blank\">s3-bucket-public-write-prohibited</a>:</strong> Checks that your Amazon S3 buckets do not allow public write access.</li>\n<li><strong><a href=\"https://docs.aws.amazon.com/config/latest/developerguide/vpc-sg-open-only-to-authorized-ports.html\" class=\"preview__body--description--blue\" target=\"_blank\">vpc-sg-open-only-to-authorized-ports</a>:</strong> Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic.</li>\n<li><strong><a href=\"https://docs.aws.amazon.com/config/latest/developerguide/root-account-mfa-enabled.html\" class=\"preview__body--description--blue\" target=\"_blank\">root-account-mfa-enabled</a>:</strong> Checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root credentials.</li>\n<li><strong><a href=\"https://docs.aws.amazon.com/config/latest/developerguide/iam-user-unused-credentials-check.html\" class=\"preview__body--description--blue\" target=\"_blank\">iam-user-unused-credentials-check</a>:</strong> Checks whether your IAM users have passwords or active access keys that have not been used within the specified number of days.</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"day-to-day-operations\">Day-to-day operations</h2>\n<h3 class=\"preview__body--subtitle\" id=\"how-do-i-configure-the-rules\">How do I configure the rules?</h3>\n<p>By default, the module will enable all rules defined in <a href=\"#what-resources-does-this-module-create\" class=\"preview__body--description--blue\">What resources does this module create</a> section,\nbut you can choose to disable one or more rules using the <code>enable_*</code> input variables and configure the attributes\nfor certain rules.</p>\n<p>Some of the rules have additional attributes. The module has default values for those, but you can adjust the values with\nthe input parameters defined in <a href=\"/repos/v0.63.1/module-security/modules/aws-config-rules/variables.tf\" class=\"preview__body--description--blue\">variables.tf</a>. The following snippet is an example of adjusting attributes\nfor password policy and disabling one of the default rules:</p>\n<pre>module <span class=\"hljs-string\">\"organizations_config_rules\"</span> {\n source = <span class=\"hljs-string\">\"../../modules/aws-config-rules\"</span>\n\n # Custom password<span class=\"hljs-built_in\"> policy </span>configuration \n iam_password_policy_minimum_password_length = 20\n iam_password_policy_require_symbols = <span class=\"hljs-literal\">false</span>\n\n # Turn off insecure security<span class=\"hljs-built_in\"> group </span>rule \n enable_insecure_sg_rules = <span class=\"hljs-literal\">false</span>\n}\n</pre>\n<h3 class=\"preview__body--subtitle\" id=\"how-do-i-add-additional-rules\">How do I add additional rules?</h3>\n<p>In addition to the predefined set of rules, you can add additional rules. The following snippet is an example of configuring\nACM Certificate expriration check with a custom input parameter:</p>\n<pre><span class=\"hljs-keyword\">module</span> <span class=\"hljs-string\">\"organizations_config_rules\"</span> {\n source = <span class=\"hljs-string\">\"../../modules/aws-config-rules\"</span>\n\n <span class=\"hljs-comment\"># Configure additional managed rules </span>\n additional_rules = {\n acm-certificate-expiration-check = {\n description = <span class=\"hljs-string\">\"Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.\"</span>,\n identifier = <span class=\"hljs-string\">\"ACM_CERTIFICATE_EXPIRATION_CHECK\"</span>,\n trigger_type = <span class=\"hljs-string\">\"PERIODIC\"</span>\n input_parameters = { <span class=\"hljs-string\">\"daysToExpiration\"</span>: <span class=\"hljs-string\">\"14\"</span>},\n }\n }\n}\n</pre>\n<p>For a full list of available managed rules and their configuration, see https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html</p>\n<h3 class=\"preview__body--subtitle\" id=\"how-do-i-exclude-specific-accounts\">How do I exclude specific accounts?</h3>\n<p>By default, organization-level config rules trickle down to all Organization accounts. You can, however, optionally\nexclude specific accounts using the <code>excluded_accounts</code> input variable (this variable is not used with account-level\nconfig rules). Note that you cannot exclude all accounts in your Organization. If you do that,\nthe AWS API will error with: <code>AllAccountsExcluded: For this OrganizationConfigResource, all member accounts in this organization are part of an exclusion list. Modify your exclusion list and try again.</code>.</p>\n","repoName":"module-security","repoRef":"v0.68.4","serviceDescriptor":{"serviceName":"AWS Config","serviceRepoName":"module-security","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/aws-config","cloudProviders":["aws"],"description":"Run AWS Config to assess, audit, and evaluate the configurations of your AWS resources, ensuring they meet your compliance requirements.","imageUrl":"grunt.png","licenseType":"subscriber","technologies":["Terraform","Go"],"compliance":[],"tags":[""]},"serviceCategoryName":"Landing Zone","fileName":"core-concepts.md","filePath":"/modules/aws-config-rules/core-concepts.md","title":"Repo Browser: AWS Config","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}