{"id":22751876,"url":"https://github.com/stackguardian/terraform-stackguardian-modules","last_synced_at":"2026-01-16T12:26:24.290Z","repository":{"id":251740522,"uuid":"838302722","full_name":"StackGuardian/terraform-stackguardian-modules","owner":"StackGuardian","description":"This repository is a collection of the terraform modules from StackGuardian","archived":false,"fork":false,"pushed_at":"2026-01-13T18:15:16.000Z","size":20052,"stargazers_count":0,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-13T18:39:31.869Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/StackGuardian.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-05T11:16:29.000Z","updated_at":"2025-06-24T07:45:03.000Z","dependencies_parsed_at":"2024-09-18T15:53:58.185Z","dependency_job_id":"b1f60b32-94ed-48b7-9a52-b8d6da9a0805","html_url":"https://github.com/StackGuardian/terraform-stackguardian-modules","commit_stats":null,"previous_names":["stackguardian/terraform-stackguardian-modules"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/StackGuardian/terraform-stackguardian-modules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fterraform-stackguardian-modules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fterraform-stackguardian-modules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fterraform-stackguardian-modules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fterraform-stackguardian-modules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/StackGuardian","download_url":"https://codeload.github.com/StackGuardian/terraform-stackguardian-modules/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fterraform-stackguardian-modules/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-11T05:07:45.025Z","updated_at":"2026-01-16T12:26:24.260Z","avatar_url":"https://github.com/StackGuardian.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# StackGuardian Terraform Modules\n\nA comprehensive collection of Terraform modules for onboarding and managing StackGuardian platform resources. This repository provides everything you need to set up team access, cloud connectors, workflow groups, and role-based access control (RBAC) for your StackGuardian organization.\n\n## šŸš€ Overview\n\nStackGuardian is a cloud infrastructure management platform that helps organizations manage their Infrastructure as Code (IaC) deployments across multiple cloud providers. This Terraform module collection automates the setup of:\n\n- **Workflow Groups** - Organize deployments by environment (Dev, Test, Staging, Prod)\n- **Cloud Connectors** - Secure connections to AWS, Azure, and GCP\n- **VCS Connectors** - Integration with GitHub, GitLab, and Bitbucket\n- **Roles \u0026 Permissions** - Custom roles with granular permissions\n- **User/Group Management** - Assign roles to users and groups\n- **OIDC Setup** - Optional OpenID Connect provider configuration\n\n## šŸ“‹ Prerequisites\n\n- [Terraform](https://www.terraform.io/downloads.html) \u003e= 1.0\n- StackGuardian account with API access\n- Cloud provider accounts (AWS/Azure/GCP) if using cloud connectors\n- VCS provider access tokens (GitHub/GitLab/Bitbucket) if using VCS connectors\n\n## šŸ—ļø Module Architecture\n\n```\nterraform-stackguardian-modules/\nā”œā”€ā”€ main.tf # Root module orchestration\nā”œā”€ā”€ variables.tf # Input variables\nā”œā”€ā”€ provider.tf # Provider configurations\nā”œā”€ā”€ terraform.tfvars # Example configuration\nā”œā”€ā”€ stackguardian_workflow_group/ # Workflow group module\nā”œā”€ā”€ stackguardian_connector_cloud/ # Cloud connector module\nā”œā”€ā”€ stackguardian_connector_vcs/ # VCS connector module\nā”œā”€ā”€ stackguardian_role/ # Role management module\nā”œā”€ā”€ stackguardian_role_assignment/ # Role assignment module\nā”œā”€ā”€ aws_oidc/ # AWS OIDC setup module\nā”œā”€ā”€ aws_rbac/ # AWS RBAC setup module\nā”œā”€ā”€ azure_oidc/ # Azure OIDC setup module\nā””ā”€ā”€ gcp_oidc/ # GCP OIDC setup module\n```\n\n## šŸš€ Quick Start\n\n### 1. Clone the Repository\n\n```bash\ngit clone \u003crepository-url\u003e\ncd terraform-stackguardian-modules\n```\n\n### 2. Configure Variables\n\nCopy the example configuration and customize it for your organization:\n\n```bash\ncp terraform.tfvars.example terraform.tfvars\n```\n\nEdit `terraform.tfvars` with your StackGuardian credentials and desired configuration:\n\n```hcl\n# StackGuardian Platform Credentials\napi_key = \"sgu-your-api-key-here\"\norg_name = \"your-org-name\"\n\n# Workflow Groups (environments)\nworkflow_groups = [\"TeamX-Dev\", \"TeamX-Test\", \"TeamX-Staging\", \"TeamX-Prod\"]\n\n# Cloud Connectors\ncloud_connectors = [{\n name = \"aws-connector-1\"\n connector_type = \"AWS_RBAC\"\n role_arn = \"arn:aws:iam::123456789012:role/StackGuardianRole\"\n aws_role_external_id = \"your-org:random-string\"\n}]\n\n# VCS Connectors\nvcs_connectors = {\n vcs_github = {\n kind = \"GITHUB_COM\"\n name = \"github-connector\"\n config = [{\n github_creds = {\n githubCreds = \"username:personal_access_token\"\n github_com_url = \"https://api.github.com\"\n github_http_url = \"https://github.com\"\n }\n }]\n }\n}\n\n# Role Configuration\nrole_name = \"TeamX-Role\"\ntemplate_list = [\"opentofu-aws-vpc\"]\n\n# User Assignment\nuser_or_group = \"user@example.com\"\nentity_type = \"EMAIL\"\n```\n\n### 3. Initialize and Apply\n\n```bash\n# Initialize Terraform\nterraform init\n\n# Plan the deployment\nterraform plan\n\n# Apply the configuration\nterraform apply\n```\n\n## šŸ“š Module Documentation\n\n### Core Modules\n\n#### `stackguardian_workflow_group`\nCreates workflow groups for organizing deployments by environment.\n\n**Inputs:**\n- `workflow_group_name` - Name of the workflow group\n- `api_key` - StackGuardian API key\n- `org_name` - StackGuardian organization name\n\n**Outputs:**\n- `workflow_groups` - Created workflow group name\n\n#### `stackguardian_connector_cloud`\nSets up cloud provider connectors with various authentication methods.\n\n**Supported Connector Types:**\n- `AWS_STATIC` - AWS access key/secret\n- `AWS_RBAC` - AWS role with external ID\n- `AWS_OIDC` - AWS role with OIDC\n- `AZURE_STATIC` - Azure service principal\n- `AZURE_OIDC` - Azure with OIDC\n- `GCP_STATIC` - GCP service account\n\n**Key Inputs:**\n- `cloud_connector_name` - Name of the connector\n- `connector_type` - Type of connector (see above)\n- `role_arn` - AWS role ARN (for AWS connectors)\n- `role_external_id` - External ID for AWS RBAC\n\n#### `stackguardian_connector_vcs`\nIntegrates with version control systems.\n\n**Supported VCS Types:**\n- `GITHUB_COM` - GitHub.com\n- `GITLAB_COM` - GitLab.com\n- `BITBUCKET_ORG` - Bitbucket.org\n\n#### `stackguardian_role`\nCreates custom roles with specific permissions.\n\n**Key Inputs:**\n- `role_name` - Name of the role\n- `cloud_connectors` - List of accessible cloud connectors\n- `vcs_connectors` - List of accessible VCS connectors\n- `workflow_groups` - List of accessible workflow groups\n- `template_list` - List of accessible templates\n\n#### `stackguardian_role_assignment`\nAssigns roles to users or groups.\n\n**Key Inputs:**\n- `user_or_group` - User email or group identifier\n- `entity_type` - Either \"EMAIL\" or \"GROUP\"\n- `role_name` - Role to assign\n\n### Cloud Setup Modules\n\n#### `aws_oidc`\nCreates AWS IAM OIDC provider and role for StackGuardian.\n\n#### `aws_rbac`\nSets up AWS IAM role with external ID for RBAC authentication.\n\n#### `azure_oidc`\nConfigures Azure AD application and service principal for OIDC.\n\n#### `gcp_oidc`\nSets up GCP workload identity federation for OIDC authentication.\n\n## šŸ”§ Configuration Examples\n\n### Multi-Environment Setup\n\n```hcl\nworkflow_groups = [\n \"frontend-dev\",\n \"frontend-staging\",\n \"frontend-prod\",\n \"backend-dev\",\n \"backend-staging\",\n \"backend-prod\"\n]\n```\n\n### Multiple Cloud Connectors\n\n```hcl\ncloud_connectors = [\n {\n name = \"aws-dev\"\n connector_type = \"AWS_RBAC\"\n role_arn = \"arn:aws:iam::111111111111:role/StackGuardian-Dev\"\n aws_role_external_id = \"myorg:dev-12345\"\n },\n {\n name = \"aws-prod\"\n connector_type = \"AWS_RBAC\"\n role_arn = \"arn:aws:iam::222222222222:role/StackGuardian-Prod\"\n aws_role_external_id = \"myorg:prod-67890\"\n }\n]\n```\n\n### Multiple VCS Connectors\n\n```hcl\nvcs_connectors = {\n vcs_github = {\n kind = \"GITHUB_COM\"\n name = \"github-main\"\n config = [{\n github_creds = {\n githubCreds = \"username:personal_access_token\"\n github_com_url = \"https://api.github.com\"\n github_http_url = \"https://github.com\"\n }\n }]\n },\n vcs_gitlab = {\n kind = \"GITLAB_COM\"\n name = \"gitlab-secondary\"\n config = [{\n gitlab_creds = {\n gitlabCreds = \"username:personal_access_token\"\n gitlabHttpUrl = \"https://gitlab.com\"\n gitlabApiUrl = \"https://gitlab.com/api/v4\"\n }\n }]\n }\n}\n```\n\n## šŸ” Security Best Practices\n\n### API Key Management\n- Store API keys in environment variables or secure secret management systems\n- Never commit API keys to version control\n- Use different API keys for different environments\n\n### Cloud Connector Security\n- Use RBAC or OIDC instead of static credentials when possible\n- Follow principle of least privilege for IAM roles\n- Regularly rotate access keys and external IDs\n- Use separate AWS accounts/Azure subscriptions for different environments\n\n### VCS Integration\n- Use personal access tokens with minimal required scopes\n- Regularly rotate VCS tokens\n- Consider using organization-level tokens for team access\n\n## šŸšØ Troubleshooting\n\n### Common Issues\n\n**Provider Authentication Errors**\n```bash\nError: Invalid API key or organization name\n```\n- Verify your `api_key` and `org_name` in terraform.tfvars\n- Ensure the API key has sufficient permissions\n\n**Cloud Connector Failures**\n```bash\nError: Unable to assume role\n```\n- Check that the role ARN is correct\n- Verify the external ID matches your StackGuardian organization\n- Ensure the role trust policy allows StackGuardian to assume it\n\n**VCS Connector Issues**\n```bash\nError: Invalid VCS credentials\n```\n- Verify your VCS credentials format\n- Check that tokens have required permissions\n- Ensure URLs are correct for your VCS provider\n\n### Debug Mode\nEnable Terraform debug logging:\n```bash\nexport TF_LOG=DEBUG\nterraform apply\n```\n\n## šŸ¤ Contributing\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n\n## šŸ“„ License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## šŸ†˜ Support\n\n- [StackGuardian Documentation](https://docs.stackguardian.io/)\n- [StackGuardian Community](https://community.stackguardian.io/)\n- [Terraform Provider Documentation](https://registry.terraform.io/providers/StackGuardian/stackguardian/latest/docs)\n\n## šŸ·ļø Version Compatibility\n\n| Module Version | StackGuardian Provider | Terraform Version |\n|---------------|----------------------|------------------|\n| 1.x.x | 1.1.0-rc5 | \u003e= 1.0 |\n\n---\n\n**Made with ā¤ļø by the StackGuardian Community**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackguardian%2Fterraform-stackguardian-modules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstackguardian%2Fterraform-stackguardian-modules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackguardian%2Fterraform-stackguardian-modules/lists"}