{"id":24164530,"url":"https://github.com/cloudon-one/aws-terraform-modules","last_synced_at":"2026-05-31T20:31:59.738Z","repository":{"id":258233837,"uuid":"870078095","full_name":"cloudon-one/aws-terraform-modules","owner":"cloudon-one","description":"List of opinionated AWS terrafirm modules","archived":false,"fork":false,"pushed_at":"2026-04-04T18:09:44.000Z","size":148,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-04T20:58:00.232Z","etag":null,"topics":["aws","terraform-modules"],"latest_commit_sha":null,"homepage":"https://cloudon.work","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudon-one.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":"yaarcloudon","open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2024-10-09T12:04:08.000Z","updated_at":"2025-09-06T08:59:00.000Z","dependencies_parsed_at":"2024-10-18T04:32:19.959Z","dependency_job_id":"8f915937-bc2a-4e36-a858-0f3e3edf3d87","html_url":"https://github.com/cloudon-one/aws-terraform-modules","commit_stats":null,"previous_names":["cloudon-one/aws-terraform-modules"],"tags_count":1,"template":true,"template_full_name":null,"purl":"pkg:github/cloudon-one/aws-terraform-modules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Faws-terraform-modules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Faws-terraform-modules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Faws-terraform-modules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Faws-terraform-modules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudon-one","download_url":"https://codeload.github.com/cloudon-one/aws-terraform-modules/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudon-one%2Faws-terraform-modules/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33748607,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","terraform-modules"],"created_at":"2025-01-12T19:17:37.010Z","updated_at":"2026-05-31T20:31:59.731Z","avatar_url":"https://github.com/cloudon-one.png","language":"HCL","funding_links":["https://patreon.com/yaarcloudon"],"categories":[],"sub_categories":[],"readme":"# AWS Terraform Modules Collection\n\n[![Terraform](https://img.shields.io/badge/Terraform-%3E%3D1.0-blue)](https://www.terraform.io/)\n[![AWS Provider](https://img.shields.io/badge/AWS%20Provider-~%3E5.0-orange)](https://registry.terraform.io/providers/hashicorp/aws/latest)\n[![License](https://img.shields.io/badge/License-MIT-green)](LICENSE)\n\nThis repository contains a comprehensive collection of **production-ready** and **security-hardened** Terraform modules for AWS infrastructure provisioning. Each module is designed to be modular, maintainable, and follows AWS security best practices with **security-by-default** configurations.\n\n## Available Modules\n\n### Networking\n- **aws-terraform-core-vpc**: Core VPC infrastructure setup\n- **aws-terraform-vpc**: Standard VPC configuration\n- **aws-terraform-peering**: VPC peering connections\n- **aws-terraform-tgw**: Transit Gateway configuration\n- **aws-terraform-vpn**: VPN connection setup\n\n### Computing\n- **aws-terraform-ec2**: EC2 instance provisioning (🔒 **Security**: Encryption enabled by default)\n- **aws-terraform-eks**: Elastic Kubernetes Service cluster setup (🔒 **Security**: Private API endpoint by default)\n\n### Storage \u0026 Databases\n- **aws-terraform-s3**: S3 bucket configuration\n- **aws-terraform-dynamodb**: DynamoDB tables\n- **aws-terraform-rds**: Relational Database Service\n- **aws-terraform-rds-aurora**: Amazon Aurora cluster setup\n- **aws-terraform-redis**: ElastiCache Redis configuration\n\n### Security \u0026 Identity\n- **aws-terraform-accounts**: AWS account management\n- **aws-terraform-acm**: AWS Certificate Manager\n- **aws-terraform-cloudtrail**: CloudTrail logging\n- **aws-terraform-iam**: IAM resource management (🆕 Comprehensive documentation)\n  - account: Account-level IAM settings\n  - assumable-role: Cross-account role assumption\n  - groups: IAM group management\n  - policies: Custom IAM policies\n  - roles: IAM roles\n  - service-accounts: Service account configuration\n  - users: IAM user management (🔒 **Security**: Access keys disabled by default)\n- **aws-terraform-scp**: Service Control Policies for AWS Organizations (🆕 Full documentation)\n\n### Application Services\n- **aws-terraform-apigw**: API Gateway setup\n- **aws-terraform-eventbridge**: EventBridge/CloudWatch Events\n- **aws-terraform-sns**: Simple Notification Service\n\n## ✨ Recent Improvements\n\n### 🔐 Security Enhancements\n- **Security-by-default**: All modules now use secure defaults\n- **Encryption**: EC2 instances have encryption enabled by default\n- **Access Control**: EKS clusters use private endpoints by default\n- **IAM Security**: Access key creation disabled by default to prevent credential exposure\n\n### 📚 Documentation\n- **Complete Coverage**: All 20 modules now have comprehensive documentation\n- **Usage Examples**: Detailed examples with security best practices\n- **Security Guidance**: Clear security considerations and recommendations\n\n### 🔧 Standardization\n- **Version Constraints**: All modules have consistent Terraform and provider versions\n- **Code Quality**: 100% formatted and validated code\n- **Consistent Structure**: Standardized module organization\n\n## Module Structure\nEach module follows a consistent structure:\n```\nmodule-name/\n├── README.md        # 📚 Comprehensive module documentation\n├── main.tf          # 🏗️ Main module logic\n├── variables.tf     # ⚙️ Input variables with secure defaults\n├── outputs.tf       # 📤 Output values for integration\n└── versions.tf      # 🔧 Provider version constraints (✅ All modules)\n```\n\n## 🚀 Quick Start\n\n### Basic Usage\n\nEach module can be used by referencing it in your Terraform configuration:\n\n```hcl\nmodule \"example\" {\n  source = \"git::https://git@github.com/cloudon-one/aws-terraform-modules.git//aws-terraform-\u003cservice\u003e?ref=main\"\n  \n  # Module specific variables\n  # ...\n}\n```\n\n### Security-First Examples\n\n#### Secure EC2 Instance with Encryption\n```hcl\nmodule \"secure_ec2\" {\n  source = \"./aws-terraform-ec2\"\n  \n  instances = [\n    {\n      name                        = \"web-server\"\n      ami                         = \"ami-0abcdef1234567890\"\n      instance_type               = \"t3.medium\"\n      availability_zone           = \"us-west-2a\"\n      subnet_id                   = \"subnet-12345678\"\n      private_ip                  = \"10.0.1.10\"\n      associate_public_ip_address = \"false\"\n      ebs_block_device           = []\n      tags = {\n        Environment = \"production\"\n        Encrypted   = \"true\"\n      }\n    }\n  ]\n  \n  # 🔒 Security: Encryption enabled by default\n  enable_root_block_device_encryption = true\n  enable_ebs_encryption              = true\n  kms_key_id                        = \"alias/my-key\"  # Optional: Use customer-managed key\n}\n```\n\n#### Secure EKS Cluster with Private API\n```hcl\nmodule \"secure_eks\" {\n  source = \"./aws-terraform-eks\"\n  \n  cluster_name    = \"production-cluster\"\n  eks_version     = \"1.27\"\n  iam_role_arn    = \"arn:aws:iam::123456789012:role/eks-cluster-role\"\n  subnet_ids      = [\"subnet-12345678\", \"subnet-87654321\"]\n  \n  # 🔒 Security: Private API endpoint by default\n  cluster_endpoint_public_access  = false  # Default: false\n  cluster_endpoint_private_access = true   # Default: true\n  \n  # Only allow specific CIDRs if public access is needed\n  cluster_endpoint_public_access_cidrs = [\"10.0.0.0/16\"]\n  \n  eks_managed_node_groups = [\n    {\n      name           = \"workers\"\n      instance_types = [\"t3.medium\"]\n      min_size       = 1\n      max_size       = 3\n      desired_size   = 2\n      ami_type       = \"AL2_x86_64\"\n      capacity_type  = \"ON_DEMAND\"\n      access_entries = []\n      tags = {\n        Environment = \"production\"\n      }\n    }\n  ]\n}\n```\n\n#### Secure IAM User (No Access Keys)\n```hcl\nmodule \"secure_iam_user\" {\n  source = \"./aws-terraform-iam/users\"\n  \n  name                          = \"developer\"\n  create_iam_user_login_profile = true\n  create_iam_access_key         = false  # 🔒 Default: false (secure)\n  password_reset_required       = true\n  \n  policy_arns = [\n    \"arn:aws:iam::aws:policy/PowerUserAccess\"\n  ]\n  \n  tags = {\n    Team        = \"development\"\n    Environment = \"dev\"\n  }\n}\n```\n\n## 📋 Requirements\n\n- **Terraform** \u003e= 1.0 (✅ Enforced in all modules)\n- **AWS Provider** ~\u003e 5.0 (✅ Standardized across all modules)\n- Valid AWS credentials configured\n- Appropriate IAM permissions for the resources being created\n\n## 🛡️ Security Best Practices\n\nThis repository implements **security-by-default** principles:\n\n### ✅ What's Secure by Default\n- **EC2 Encryption**: Root and EBS volumes encrypted automatically\n- **EKS Private Access**: API endpoints private by default\n- **IAM Security**: No access keys created by default\n- **Version Pinning**: All provider versions constrained\n- **Input Validation**: Comprehensive variable validation\n\n### 🔧 Security Configuration Options\nEach module provides security configuration options:\n\n```hcl\n# Enable/disable security features as needed\nenable_encryption = true           # Default: true\npublic_access    = false          # Default: false  \naccess_keys      = false          # Default: false\n```\n\n### 🚨 Security Recommendations\n1. **Review Defaults**: Understand the secure defaults before overriding\n2. **Use Private Resources**: Prefer private subnets and endpoints\n3. **Enable Encryption**: Use customer-managed KMS keys when possible\n4. **Limit Access**: Use least privilege principles\n5. **Monitor Changes**: Enable CloudTrail for all AWS accounts\n\n## 📊 Module Status\n\n| Module | Documentation | Version Constraints | Outputs | Security |\n|--------|---------------|-------------------|---------|----------|\n| aws-terraform-accounts | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-acm | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-apigw | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-cloudtrail | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-core-vpc | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-dynamodb | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-ec2 | ✅ | ✅ | ✅ | 🔒 **Enhanced** |\n| aws-terraform-eks | ✅ | ✅ | ✅ | 🔒 **Enhanced** |\n| aws-terraform-eventbridge | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-iam | 🆕 **New** | ✅ | 🆕 **New** | 🔒 **Enhanced** |\n| aws-terraform-peering | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-rds | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-rds-aurora | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-redis | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-s3 | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-scp | 🆕 **New** | ✅ | ✅ | ✅ |\n| aws-terraform-sns | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-tgw | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-vpc | ✅ | ✅ | ✅ | ✅ |\n| aws-terraform-vpn | ✅ | ✅ | ✅ | ✅ |\n\n**Legend:**\n- ✅ Complete\n- 🆕 Recently Added/Updated  \n- 🔒 Security Enhanced\n\n## 🤝 Contributing\n\nWe welcome contributions! Please follow our security-first approach:\n\n### 🔐 Security-First Development\n1. **Security Review**: All changes undergo security review\n2. **Secure Defaults**: New features should be secure by default\n3. **Documentation**: Security implications must be documented\n4. **Testing**: Include security-focused tests\n\n### 📝 Contribution Process\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Make your changes following our patterns:\n   - Add comprehensive documentation\n   - Include security considerations\n   - Add version constraints\n   - Provide usage examples\n4. Run validation: `terraform fmt -recursive . \u0026\u0026 terraform validate`\n5. Commit your changes (`git commit -m 'Add amazing feature'`)\n6. Push to the branch (`git push origin feature/amazing-feature`)\n7. Open a Pull Request\n\n### 🧪 Testing Your Changes\n```bash\n# Format code\nterraform fmt -recursive .\n\n# Validate all modules\nfind . -name \"*.tf\" -path \"./aws-terraform-*\" -exec dirname {} \\; | sort -u | xargs -I {} terraform -chdir={} validate\n\n# Check documentation\n./scripts/check-docs.sh  # If available\n```\n\n## 🆘 Support \u0026 Community\n\n### 📖 Getting Help\n1. **Module Documentation**: Check the specific module's README first\n2. **Security Questions**: Review the Security Best Practices section\n3. **Issues**: Open an issue with detailed information\n4. **Discussions**: Use GitHub Discussions for questions\n\n### 🐛 Reporting Issues\nWhen reporting issues, please include:\n- Module name and version\n- Terraform version\n- AWS Provider version  \n- Security context (if applicable)\n- Minimal reproduction case\n\n### 💡 Feature Requests\nFor new features or enhancements:\n- Explain the use case\n- Consider security implications\n- Provide implementation ideas\n- Follow existing patterns\n\n## 📈 Roadmap\n\n### 🔮 Upcoming Enhancements\n- [ ] **Enhanced Security**: Additional security hardening options\n- [ ] **Compliance**: SOC 2, PCI DSS, and GDPR compliance helpers\n- [ ] **Monitoring**: Integrated observability and alerting\n- [ ] **Automation**: Pre-commit hooks and automated testing\n- [ ] **Examples**: Real-world usage examples and patterns\n\n### 🎯 Goals\n- **100% Security Coverage**: All modules follow security best practices\n- **Complete Documentation**: Comprehensive docs for all modules\n- **Community Driven**: Active community contributions and feedback\n- **Production Ready**: Enterprise-grade reliability and support\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## 🏆 Acknowledgments\n\n- Built with security-first principles\n- Inspired by AWS Well-Architected Framework\n- Community-driven development\n- Continuous security improvements\n\n---\n\n## 📚 Module Documentation Index\n\n| Module | Description | Key Features |\n|--------|-------------|--------------|\n| [aws-terraform-iam](aws-terraform-iam/README.md) | Complete IAM management | 🆕 Comprehensive docs, 🔒 Secure defaults |\n| [aws-terraform-scp](aws-terraform-scp/README.md) | Service Control Policies | 🆕 Full documentation, Policy examples |\n| [aws-terraform-ec2](aws-terraform-ec2/) | EC2 instances | 🔒 Encryption by default |\n| [aws-terraform-eks](aws-terraform-eks/) | EKS clusters | 🔒 Private endpoints by default |\n| [aws-terraform-s3](aws-terraform-s3/README.md) | S3 buckets | Public access blocked |\n| [aws-terraform-vpc](aws-terraform-vpc/README.md) | VPC networking | Flexible subnet configuration |\n| And 14 more... | | Complete documentation |\n\n**💡 Tip**: Each module README contains detailed usage examples, security considerations, and best practices.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudon-one%2Faws-terraform-modules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudon-one%2Faws-terraform-modules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudon-one%2Faws-terraform-modules/lists"}