devops-stack
terraform-aws-secure-baseline
Our great sponsors
| devops-stack | terraform-aws-secure-baseline | |
|---|---|---|
| 4 | 1 | |
| 95 | 877 | |
| - | - | |
| 9.1 | 8.4 | |
| about 22 hours ago | 11 days ago | |
| HCL | HCL | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
devops-stack
-
Cloud-Native Geospatial Outreach Event 2022
In addition, our DevOps experts work tirelessly to automate and ease the provisioning and management of cloud servers and services. In this context we released a very interesting infrastructure as code management system, making your geospatial data infrastructure cloud agnostic and called the DevOps Stack.
-
Towards a Modular DevOps Stack
module "cluster" { source = "git::https://github.com/camptocamp/devops-stack.git//modules/eks/aws?ref=v1.0.0" cluster_name = var.cluster_name base_domain = "demo.camptocamp.com" vpc_id = module.vpc.vpc_id cluster_endpoint_public_access_cidrs = flatten([ formatlist("%s/32", module.vpc.nat_public_ips), "0.0.0.0/0", ]) worker_groups = [ { instance_type = "m5a.large" asg_desired_capacity = 2 asg_max_size = 3 root_volume_type = "gp2" }, ] } provider "argocd" { server_addr = "127.0.0.1:8080" auth_token = module.cluster.argocd_auth_token insecure = true plain_text = true port_forward = true port_forward_with_namespace = module.cluster.argocd_namespace kubernetes { host = module.cluster.kubernetes_host cluster_ca_certificate = module.cluster.kubernetes_cluster_ca_certificate token = module.cluster.kubernetes_token } } module "ingress" { source = "git::https://github.com/camptocamp/devops-stack-module-traefik.git//modules/eks" cluster_name = var.cluster_name argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain } module "oidc" { source = "git::https://github.com/camptocamp/devops-stack-module-oidc-aws-cognito.git//modules" cluster_name = var.cluster_name argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain cognito_user_pool_id = aws_cognito_user_pool.pool.id cognito_user_pool_domain = aws_cognito_user_pool_domain.pool_domain.domain } module "monitoring" { source = "git::https://github.com/camptocamp/devops-stack-module-kube-prometheus-stack.git//modules" cluster_name = var.cluster_name oidc = module.oidc.oidc argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain cluster_issuer = "letsencrypt-prod" metrics_archives = {} depends_on = [ module.oidc ] } module "loki-stack" { source = "git::https://github.com/camptocamp/devops-stack-module-loki-stack.git//modules/eks" cluster_name = var.cluster_name argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain cluster_oidc_issuer_url = module.cluster.cluster_oidc_issuer_url depends_on = [ module.monitoring ] } module "cert-manager" { source = "git::https://github.com/camptocamp/devops-stack-module-cert-manager.git//modules/eks" cluster_name = var.cluster_name argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain cluster_oidc_issuer_url = module.cluster.cluster_oidc_issuer_url depends_on = [ module.monitoring ] } module "argocd" { source = "git::https://github.com/camptocamp/devops-stack-module-argocd.git//modules" cluster_name = var.cluster_name oidc = module.oidc.oidc argocd = { namespace = module.cluster.argocd_namespace server_secrhttps://kubernetes.slack.com/archives/C01SQ1TMBSTetkey = module.cluster.argocd_server_secretkey accounts_pipeline_tokens = module.cluster.argocd_accounts_pipeline_tokens server_admin_password = module.cluster.argocd_server_admin_password domain = module.cluster.argocd_domain } base_domain = module.cluster.base_domain cluster_issuer = "letsencrypt-prod" depends_on = [ module.cert-manager, module.monitoring ] }
The DevOps Stack was born!
-
How to allow dynamic Terraform Provider Configuration
# Install Kubernetes & Argo CD using a local module # (from https://devops-stack.io) module "cluster" { source = "git::https://github.com/camptocamp/devops-stack.git//modules/k3s/docker?ref=master" cluster_name = "default" node_count = 1 } # /!\ Setup the Argo CD provider dynamically # based on the cluster module's output provider "argocd" { server_addr = module.cluster.argocd_server auth_token = module.cluster.argocd_auth_token insecure = true grpc_web = true } # Deploy an Argo CD resource using the provider resource "argocd_project" "demo_app" { metadata { name = "demo-app" namespace = "argocd" } spec { description = "Demo application project" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } orphaned_resources { warn = true } } depends_on = [ module.cluster ] }
terraform-aws-secure-baseline
-
Curated GitHub repository on how organisations around the world use AWS
I found this -https://github.com/nozaq/terraform-aws-secure-baseline
What are some alternatives?
CIS-Ubuntu-20.04-Ansible - Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
steampipe-mod-aws-compliance - Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Steampipe.
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
terraform-provider-argocd - Terraform provider for ArgoCD
terragrunt-infrastructure-modules-example - A repo used to show examples file/folder structures you can use with Terragrunt and Terraform
terraform-kubestack - Terraform GitOps Framework β Everything you need to build reliable automation for AKS, EKS and GKE Kubernetes clusters in one free and open-source framework.
gaia - Gaia is a Terraform π UI for your modules, and self-service infrastructure π¨βπ»
terraform-aws-rds-aurora - Terraform module which creates RDS Aurora resources on AWS πΊπ¦
terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
terraform-github-action-cache-example - An implementation for caching Terraform providers within a GitHub Actions Workflow run to improve execution times.
terraform-aws-datadog-metric-stream - Boilerplate Terraform configuration for AWS infrastructure to support CloudWatch Metric Streams for delivery of metrics into Datadog.