devops-stack
terraform-aws-secure-baseline
Our great sponsors
devops-stack | terraform-aws-secure-baseline | |
---|---|---|
4 | 1 | |
142 | 1,115 | |
1.4% | - | |
8.9 | 0.0 | |
3 days ago | 26 days ago | |
HCL | HCL | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
devops-stack
-
Cloud-Native Geospatial Outreach Event 2022
In addition, our DevOps experts work tirelessly to automate and ease the provisioning and management of cloud servers and services. In this context we released a very interesting infrastructure as code management system, making your geospatial data infrastructure cloud agnostic and called the DevOps Stack.
-
Towards a Modular DevOps Stack
module "cluster" { source = "git::https://github.com/camptocamp/devops-stack.git//modules/eks/aws?ref=v1.0.0" cluster_name = var.cluster_name base_domain = "demo.camptocamp.com" vpc_id = module.vpc.vpc_id cluster_endpoint_public_access_cidrs = flatten([ formatlist("%s/32", module.vpc.nat_public_ips), "0.0.0.0/0", ]) worker_groups = [ { instance_type = "m5a.large" asg_desired_capacity = 2 asg_max_size = 3 root_volume_type = "gp2" }, ] } provider "argocd" { server_addr = "127.0.0.1:8080" auth_token = module.cluster.argocd_auth_token insecure = true plain_text = true port_forward = true port_forward_with_namespace = module.cluster.argocd_namespace kubernetes { host = module.cluster.kubernetes_host cluster_ca_certificate = module.cluster.kubernetes_cluster_ca_certificate token = module.cluster.kubernetes_token } } module "ingress" { source = "git::https://github.com/camptocamp/devops-stack-module-traefik.git//modules/eks" cluster_name = var.cluster_name argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain } module "oidc" { source = "git::https://github.com/camptocamp/devops-stack-module-oidc-aws-cognito.git//modules" cluster_name = var.cluster_name argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain cognito_user_pool_id = aws_cognito_user_pool.pool.id cognito_user_pool_domain = aws_cognito_user_pool_domain.pool_domain.domain } module "monitoring" { source = "git::https://github.com/camptocamp/devops-stack-module-kube-prometheus-stack.git//modules" cluster_name = var.cluster_name oidc = module.oidc.oidc argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain cluster_issuer = "letsencrypt-prod" metrics_archives = {} depends_on = [ module.oidc ] } module "loki-stack" { source = "git::https://github.com/camptocamp/devops-stack-module-loki-stack.git//modules/eks" cluster_name = var.cluster_name argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain cluster_oidc_issuer_url = module.cluster.cluster_oidc_issuer_url depends_on = [ module.monitoring ] } module "cert-manager" { source = "git::https://github.com/camptocamp/devops-stack-module-cert-manager.git//modules/eks" cluster_name = var.cluster_name argocd_namespace = module.cluster.argocd_namespace base_domain = module.cluster.base_domain cluster_oidc_issuer_url = module.cluster.cluster_oidc_issuer_url depends_on = [ module.monitoring ] } module "argocd" { source = "git::https://github.com/camptocamp/devops-stack-module-argocd.git//modules" cluster_name = var.cluster_name oidc = module.oidc.oidc argocd = { namespace = module.cluster.argocd_namespace server_secrhttps://kubernetes.slack.com/archives/C01SQ1TMBSTetkey = module.cluster.argocd_server_secretkey accounts_pipeline_tokens = module.cluster.argocd_accounts_pipeline_tokens server_admin_password = module.cluster.argocd_server_admin_password domain = module.cluster.argocd_domain } base_domain = module.cluster.base_domain cluster_issuer = "letsencrypt-prod" depends_on = [ module.cert-manager, module.monitoring ] }
-
How to allow dynamic Terraform Provider Configuration
# Install Kubernetes & Argo CD using a local module # (from https://devops-stack.io) module "cluster" { source = "git::https://github.com/camptocamp/devops-stack.git//modules/k3s/docker?ref=master" cluster_name = "default" node_count = 1 } # /!\ Setup the Argo CD provider dynamically # based on the cluster module's output provider "argocd" { server_addr = module.cluster.argocd_server auth_token = module.cluster.argocd_auth_token insecure = true grpc_web = true } # Deploy an Argo CD resource using the provider resource "argocd_project" "demo_app" { metadata { name = "demo-app" namespace = "argocd" } spec { description = "Demo application project" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } orphaned_resources { warn = true } } depends_on = [ module.cluster ] }
terraform-aws-secure-baseline
-
Curated GitHub repository on how organisations around the world use AWS
I found this -https://github.com/nozaq/terraform-aws-secure-baseline
What are some alternatives?
terraform-kubestack - Kubestack is a framework for Kubernetes platform engineering teams to define the entire cloud native stack in one Terraform code base and continuously evolve the platform safely through GitOps.
CIS-Ubuntu-20.04-Ansible - Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
terraform-provider-argocd - Terraform provider for ArgoCD
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
gaia - Gaia is a Terraform 🌍 UI for your modules, and self-service infrastructure 👨💻
terraform-aws-elasticache-redis - Terraform module to provision an ElastiCache Redis Cluster
devops-stack-module-kube-prometheus-stack - A DevOps Stack module to deploy and configure the kube-prometheus-stack
steampipe-mod-aws-compliance - Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
bedrock - Automation for Production Kubernetes Clusters with a GitOps Workflow
terragrunt-infrastructure-modules-example - A repo used to show examples file/folder structures you can use with Terragrunt and Terraform
terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.