le-tf-infra-aws
le-tf-infra-aws copied to clipboard
binbashar
Terraform code for Leverage Reference Architecture for AWS, designed under optimal configs for the most popular modern web and mobile applications needs.
## What? * Upgrade AWS Config Module version for all accounts * Enable AWS Config in management account * Remove unsupported attribute (check_instances_in_vpc) * Add policy to DevOps permissionSet to...
## What? * Added step to verify sender email on cost report ## Why? * If identity was not verified SES will raise an error
## What? - Delegate AWS Config Administrator to Security Account using Terraform resources instead of null_resource ## Why? * Now the resource is supported by Terraform ## References * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_delegated_administrator...
# What? In the [documentation](https://leverage.binbash.com.ar/first-steps/post-deployment/), regarding the MFA creation we have these lines: ``` Proceed to enable a virtual MFA device for your user, and generate programmatic keys for it....
### What? • Keep Updated all Terraform config on every layer. • Keep all versions update changes registered in one place. ### How? • Check and Update versions of Terraform...
## What? * Add AWS Security Hub configuration layer ## Why? * Keep the Leverage Reference Architecture up to date
## Describe the Feature According to [this article](https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1), just knowing the name of a bucket, regardless of the bucket being private or public, issuing an unauthorized PUT request will charge...
## Describe the Feature Update our [secret management conventions](https://binbash.atlassian.net/wiki/spaces/BDPS/pages/2425978910/Secrets+Management+Conventions) and make them available to the public, either via Leverage docs or via in-repo docs. ## Expected Behavior - ## Use...
## Describe the Feature Currently the ECR approach is centralized on the Shared account. That should be changed to a per-environment (account) approach. That way every account would be in...
## Describe the Feature Based on the added AWS Cloudwatch Synthetics Canaries layer (in this [PR](https://github.com/binbashar/le-tf-infra-aws/pull/552) ), which has only alerts triggered by a red situation (endpoints check failing), add...