Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial implementation #5

Draft
wants to merge 14 commits into
base: develop
Choose a base branch
from
Draft

Initial implementation #5

wants to merge 14 commits into from

Conversation

mcdonnnj
Copy link
Member

🗣 Description

This pull request is the initial implementation for the baseline Terraform that should be applied to an account that will host the CyHy scanning infrastructure.

💭 Motivation and context

Initially I wanted to pull the alerts for IAM/SSO user/group creation or modification that is present in COOL accounts. However, upon thinking about all of the artisinal resources that have been created in the account that hosts the CyHy scanning infrastructure I thought it would be worthwhile to create a baseline Terraform configuration in the same vein as what can be found in cisagov/cool-accounts.

🧪 Testing

In progress.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • All new and existing tests pass.

@mcdonnnj
Remove examples/ and update README
0763cf9 
This configuration will be a Terraform root module and so examples and
documentation about using this configuration as a Terraform module are
not needed.
@mcdonnnj
Enable dependabot ignore directives
8317243
@mcdonnnj
Add an appropriate backend configuration
e49be31
@mcdonnnj
Remove the example configuration
62d404f 
It's easier to remove this configuration and build up our new
configuration from a mostly clean slate.
@mcdonnnj
Set up the provider configuration
1d9d050 
Since this is for a single account setup it does not currently need to
leverage multiple provider configurations. Also ensure that variable
declrations have attributes sorted alphabetically.
@mcdonnnj
Add resources for Terraform remote state support
3094c45 
These resources are copied from cisagov/cool-accounts/terraform.
@mcdonnnj
Add policies to allow IAM users to manage themselves
dadf9f5 
These policies are sources from cisagov/cool-accounts/users.
@mcdonnnj
Add resources to support privileged users
4224f9a 
These users are admin-like IAM users that can assume any role in the
account and also have access from the AdministratorAccess and
job-function/Billing AWS managed policies.
@mcdonnnj
Add an SNS topic to email the account email
eae0687
@mcdonnnj
Add alerting if an IAM or SSO user or group is created or modified
8b1f1b0 
These alerts will go to the account email.
@mcdonnnj
Add a password policy for IAM users
27a65b8
@mcdonnnj
Add an S3 bucket for third-party files
b7319a9 
This is based on the configuration in cisagov/cool-accounts/images.
@mcdonnnj
Set up the SSM Session Manager
603ecd4 
This configuration is copied from cisagov/cool-accounts/shared-services.
@mcdonnnj
Update the README
a4a91ad 
Update the README to reflect this project's purpose. The instructions
for bootstrapping are pulled from the cisagov/cool-accounts/terraform
README and were adapted to suite this project.
@mcdonnnj mcdonnnj added the terraform Pull requests that update Terraform code label Feb 28, 2024
@mcdonnnj mcdonnnj self-assigned this Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r Awaiting requested review from dav3r dav3r will be requested when the pull request is marked ready for review dav3r is a code owner

@felddy felddy Awaiting requested review from felddy felddy will be requested when the pull request is marked ready for review felddy is a code owner

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k will be requested when the pull request is marked ready for review jsf9k is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@mcdonnnj mcdonnnj

Labels
terraform Pull requests that update Terraform code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mcdonnnj