Open-Awesome
CategoriesAlternativesStacksSelf-HostedExplore
Open-Awesome

© 2026 Open-Awesome. Curated for the developer elite.

TermsPrivacyAboutGitHubRSS
  1. Home
  2. Terraform
  3. terraform-aws-secure-baseline

terraform-aws-secure-baseline

MITHCLv2.1.0

A Terraform module to configure AWS accounts with a secure baseline aligned to CIS AWS Foundations and AWS Foundational Security Best Practices.

GitHubGitHub
1.2k stars376 forks0 contributors

What is terraform-aws-secure-baseline?

terraform-aws-secure-baseline is a Terraform module that automatically configures AWS accounts with a secure baseline aligned to CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices. It sets up essential security services like CloudTrail, AWS Config, GuardDuty, and IAM policies to enforce compliance and monitoring across an AWS environment.

Target Audience

Cloud engineers, DevOps teams, and security professionals managing AWS infrastructure who need to enforce security compliance and best practices using infrastructure-as-code.

Value Proposition

It provides a pre-built, opinionated module that reduces the complexity of manually configuring multiple AWS security services, ensures consistency across accounts, and helps meet regulatory and compliance requirements with minimal effort.

Overview

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

Use Cases

Best For

  • Automating CIS AWS Foundations compliance for new AWS accounts
  • Setting up centralized logging and monitoring across multiple AWS regions
  • Enforcing security baselines in AWS Organizations with master and member accounts
  • Quickly enabling AWS security services like GuardDuty, SecurityHub, and IAM Access Analyzer
  • Securing default VPC configurations and network settings
  • Implementing infrastructure-as-code for AWS security and compliance

Not Ideal For

  • Teams with highly customized IAM policies or security configurations that deviate from CIS benchmarks
  • Small-scale or experimental projects where the cost of enabling premium AWS services like GuardDuty and SecurityHub is prohibitive
  • Environments requiring real-time, manual adjustments to security settings without Terraform's state management overhead

Pros & Cons

Pros

Comprehensive Security Coverage

Implements a wide range of AWS security services including CloudTrail, Config, GuardDuty, and IAM policies aligned with CIS and AWS Foundational benchmarks, as listed in the features section.

Modular and Flexible Design

Composed of independent submodules like alarm-baseline and cloudtrail-baseline, allowing selective deployment of components, detailed in the submodules section.

Multi-Account Organization Support

Supports AWS Organizations for centralized logging and security management, with examples for master and member accounts and input variables like account_type.

Infrastructure-as-Code Automation

Provides repeatable, auditable security setups that reduce manual errors, emphasized in the philosophy and usage examples.

Cons

Complex Provider Setup

Requires defining AWS providers for each region individually, which is verbose and error-prone, as shown in the usage example with a long list of provider definitions.

Breaking Version Changes

Frequent upgrades mandate specific Terraform and AWS provider versions, requiring careful migration, noted in the compatibility section with upgrade guides for v1.0 and v0.20.

Hidden Cost Implications

Enables services like CloudTrail Insights and SecurityHub by default without cost warnings, potentially increasing AWS bills significantly for unwary users.

Frequently Asked Questions

Quick Stats

Stars1,196
Forks376
Contributors0
Open Issues15
Last commit2 years ago
CreatedSince 2018

Tags

#cloudtrail#aws-security#devops#security-baseline#security-hardening#terraform-modules#security#terraform#infrastructure-as-code#terraform-module#hardening#security-tools#compliance#cis-benchmark#aws#cloud-security#aws-organizations

Built With

T
Terraform
A
AWS

Included in

Terraform6.3k
Auto-fetched 1 day ago

Related Projects

terraform-aws-eksterraform-aws-eks

Terraform module to create Amazon Elastic Kubernetes (EKS) resources 🇺🇦

Stars4,975
Forks4,400
Last commit7 days ago
terraform-aws-vpcterraform-aws-vpc

Terraform module to create AWS VPC resources 🇺🇦

Stars3,236
Forks4,628
Last commit3 months ago
stackstack

A set of Terraform modules for configuring production infrastructure with AWS

Stars2,091
Forks410
Last commit3 years ago
typhoontyphoon

Minimal and free Kubernetes distribution with Terraform

Stars2,045
Forks324
Last commit7 days ago
Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a projectStar on GitHub