- Attach TF plan policy
- AWS Government of Canada password policy
- Empty log group alarm
- ECS
- GuardDuty
- GuardDuty member
- Github Open ID Connect
- Lambda
- Lambda response
- Notify Slack
- RDS
- Resolver DNS
- S3
- S3 log bucket
- S3 scan object
- Sentinel Alert Rule
- Sentinel forwarder
- User login alarm
- VPC
This repo is a collection of modules made by folks at CDS. It is a collection of policies, best practices, and repeated patterns. You do not have to use these modules but it is recommended by the SREs at CDS that you do. If you have a reason for not using one of these modules we'd love to here about it so we can modify them to fit your need.
- This code is currently in use in several products
- This code is tested by Terratest
- This code embeds security features
- This code is fully documented
- This code follows what CDS SREs consider best practices
- The more people that use it the better it is.
- The code is opinionated and so removes the need for discussion on certain topics.
- There are only so many ways to put together infrastructure so it's probably going to end up looking pretty close to this anyways. You might as well not reinvent the wheel here.
Official instructions for Terraform module usage
To reference modules in this repo use the following source
setting:
source = "github.com/cds-snc/terraform-modules//>>Module Namae>>?ref=<<version>>
for instance the user_login_alarm module resource v0.0.1 would look like the following:
module "console_login_alarms" {
source = "github.com/cds-snc/terraform-modules//user_login_alarm?ref=v0.0.1
account_names = ["account1", "account2"]
log_group_name = "cloudtrailLogGroup"
alarm_actions_failures = ["alarm_arn"]
alarm_actions_success = ["alarm_arn"]
}
Documentation is automatically generated using the framework (terraform-docs)[https://terraform-docs.io/].
At a bare minimum you need to add a header to the main.tf file https://terraform-docs.io/user-guide/how-to/#module-header. You also need to document your variables. Optionally you can document your outputs if they aren't descriptive enough.
A github action will detect changes and update documentation in the PR.
When creating a module it's recommended you use a scaffold to create the minimum required files for a module.
You run the scaffold like so:
make scaffold
The script will prompt you for a scaffold name.
Please Note: output.tf
is optional if you have no outputs, locals.tf
is also optional if you don't have any taggable resources.