aws-root-account
aws-root-account copied to clipboard
Published
20 hours ago •
ministryofjustice
ministryofjustice
Terraform for the Ministry of Justice AWS root account
AWS Root Account
This repository holds infrastructure as code for the Ministry of Justice AWS Organizations root account, and two supporting accounts: organisation-security, and organisation-logging.
AWS Organizations
All accounts defined here form part of the MOJ's AWS Organization, allowing us to use certain services for organisational audit, governance, security, and cost optimisation.
Services
| Service | Infrastructure as Code | Managed centrally | Method |
|---|---|---|---|
| Alternate contact information | yes | :wavy_dash: partially (SECURITY contact only) |
Trusted access |
| Artifact (security and compliance reports) | no | :white_check_mark: yes | no |
| Audit Manager | no | :x: no | no |
| Backup | no | :x: no | Delegated to teams |
| CloudFormation Stacksets | no | :x: no | no |
| CloudTrail (Organisational trail) | no | :x: no | Delegated to teams |
| CloudWatch Events | no | :x: no | Delegated to teams |
| Compute Optimizer | yes | :white_check_mark: yes | Trusted access |
| Config - Multi-account setup | no | :x: no | Delegated to teams |
| Config - Multi-region, multi-account aggregation | yes | :white_check_mark: yes | Trusted access with a delegated administrator |
| Control Tower | no | :x: no | no |
| Detective | partially | :wavy_dash: partially | Trusted access with a delegated administrator |
| DevOps Guru | no | :x: no | no |
| Directory Service | no | :x: no | no |
| Firewall Manager | yes | :wavy_dash: partially (delegated administrator) | Trusted access with a delegated administrator |
| GuardDuty | yes | :white_check_mark: yes | Trusted access with a delegated administrator |
| Health (Organisational view) | yes | :white_check_mark: yes | Trusted access |
| IAM Access Analyzer (Organisational zone of trust) | yes | :white_check_mark: yes | Trusted access with a delegated administrator |
| IAM | no | :x: no | no |
| Inspector | partially | :white_check_mark: yes | Trusted access with a delegated administrator |
| License Manager | yes | :white_check_mark: yes | Trusted access with a delegated administrator |
| Macie | no | :x: no | no |
| Marketplace (License management) | yes | :x: no | Trusted access |
| Organizations: AI services opt-out policies | yes | :white_check_mark: yes | Inheritance |
| Organizations: Service Control Policies | yes | :white_check_mark: yes | Inheritance |
| Organizations: Tagging policies | yes | :white_check_mark: yes | Inheritance |
| Resource Access Manager (RAM): Organisational sharing | yes | :white_check_mark: yes | Trusted access |
| S3 Storage Lens | yes | :white_check_mark: yes | Trusted access |
| Security Hub | yes | :wavy_dash: partially | Trusted access with a delegated administrator |
| Service Catalog | no | :x: no | no |
| Service Quotas | no | :x: no | no |
| Single Sign-On (SSO) | yes | :white_check_mark: yes | Trusted access |
| Systems Manager | no | :x: no | no |
| Trusted Advisor (Organisational overview) | yes | :white_check_mark: yes | Trusted access |
| VPC IP Address Manager (IPAM) | yes | :white_check_mark: yes | Trusted access with a delegated administrator |
Metadata
80
Stars
18
Forks
Watchers
Owner
ministryofjustice
Metadata
Terraform for the Ministry of Justice AWS root account