aws-security-reference-architecture-examples icon indicating copy to clipboard operation
aws-security-reference-architecture-examples copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

Update Terraform implementation with security best practices

Open nictom-aws opened this issue 5 months ago • 0 comments

Fixes #

Security and Infrastructure Improvements

This PR includes significant security enhancements and infrastructure improvements:

Infrastructure Updates

  • Updated AWS provider to version 5.31.0+ (from 5.1.0)
  • Added explicit Terraform version requirement (>= 1.0.0)
  • Applied consistent tagging strategy across all resources
  • Formatted all Terraform files with terraform fmt
  • Added AmazonQ.md with documentation of changes and recommendations

Security Enhancements

  • Enhanced S3 bucket security:

    • Implemented access logging for audit trails
    • Added lifecycle policies for proper data retention
    • Enforced SSL/TLS for all S3 operations
    • Changed object ownership to BucketOwnerEnforced (disabling ACLs)
    • Enabled bucket key for server-side encryption
    • Added bucket policies to enforce secure access

  • Improved KMS configurations:

    • Implemented key rotation
    • Set proper deletion windows
    • Restricted key policies following least privilege

  • Strengthened Secrets Manager:

    • Added rotation with Lambda functions
    • Set appropriate recovery windows

  • IAM improvements:

    • Implemented least privilege policies throughout
    • Fixed security findings from Checkov and Trivy scans

By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license].

Apache 2.0 License

nictom-aws avatar May 02 '25 15:05 nictom-aws