**Production-ready security foundations for AWS: IAM hardening, encryption-at-rest enforcement, network segmentation, centralized logging, and CIS benchmark compliance -- all codified in Terraform and
Browse the actual product documentation and code examples included in this toolkit.
Key features of Cloud Security Baseline
• **AWS Account** (or AWS Organizations for multi-account setup) • **Terraform** >= 1.5.0 • **Python** >= 3.10 (stdlib only -- no pip packages needed) • **AWS CLI** v2 configured with admin credentials • **Permissions**: IAM, KMS, VPC, CloudTrail, Config, GuardDuty, SecurityHub admin access • **`iam_baseline.tf`** -- Password policy, permission boundaries, admin/audit roles, MFA enforcement, IP restrictions, service-linked roles. Maps to CIS Section 1.
**AWS Account** (or AWS Organizations for multi-account setup)
**Terraform** >= 1.5.0
**Python** >= 3.10 (stdlib only -- no pip packages needed)
**AWS CLI** v2 configured with admin credentials
**Permissions**: IAM, KMS, VPC, CloudTrail, Config, GuardDuty, SecurityHub admin access
**`iam_baseline.tf`** -- Password policy, permission boundaries, admin/audit roles, MFA enforcement, IP restrictions, service-linked roles. Maps to CIS Section 1.
Configure Cloud Security Baseline parameters to see how the product works.
# Clone/unzip this product into your infrastructure repo cp -r terraform/ /path/to/your/infra/security-baseline/ # Review and customize variables cd /path/to/your/infra/security-baseline/ cp ../examples/compliance_config.yaml ./config.yaml # optional: review config # Initialize and plan terraform