The Production-grade Design section describes in detail the Terraform resources to use and the approach to take for each recommendation, but we've already done that grunt work! This section documents how to achieve compliance using the Infrastructure as Code modules from Gruntwork.
This walkthrough has the following pre-requisites:
Gruntwork Infrastructure as Code Library
Gruntwork Compliance for CIS AWS Foundations Benchmark
This guide also uses code from the Gruntwork CIS AWS Foundations Benchmark repository, which contains the necessary configurations to achieve compliance.
You must be a Gruntwork Compliance subscriber to access the Gruntwork Infrastructure as Code Library and the CIS AWS Foundations Benchmark modules.
How to configure a production-grade AWS account structure
Review the production-grade AWS account structure guide to familiarize yourself with many of the concepts that this walkthrough depends on.
This guide uses Terraform to define and manage all the infrastructure as code. If you’re not familiar with Terraform, check out A Comprehensive Guide to Terraform, A Crash Course on Terraform, and our Introduction to Gruntwork.
As part of this guide, you will create IAM users, including, optionally, credentials for those IAM users. If you choose to create credentials, those credentials will be encrypted with a PGP key. You could provide the PGP keys manually, but a more manageable option may be to have your team members to sign up for Keybase, create PGP keys for themselves, and then you can provide their Keybase usernames, and the PGP keys will be retrieved automatically.