Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → chef-boneyard → Terraform Provisioner Inspec

chef-boneyard / Terraform Provisioner Inspec

Licence: apache-2.0

Terraform InSpec Provisioner Plugin

Programming Languages

31211 projects - #10 most used programming language

Labels

terraform

Projects that are alternatives of or similar to Terraform Provisioner Inspec

Terraform Rancher Ha Example

Terraform files for deploying a Rancher HA cluster in AWS

Stars: ✭ 61 (-11.59%)

Mutual labels: terraform

Terraform Provider Ad

Active Directory provider for HashiCorp Terraform (experimental)

Stars: ✭ 65 (-5.8%)

Mutual labels: terraform

Awsconsolerecorder

Records actions made in the AWS Management Console and outputs the equivalent CLI/SDK commands and CloudFormation/Terraform templates.

Stars: ✭ 1,152 (+1569.57%)

Mutual labels: terraform

Ha Sap Terraform Deployments

Automated SAP/HA Deployments in Public/Private Clouds

Stars: ✭ 61 (-11.59%)

Mutual labels: terraform

Binaryalert

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

Stars: ✭ 1,125 (+1530.43%)

Mutual labels: terraform

Terraform Aws S3 Log Storage

This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail

Stars: ✭ 65 (-5.8%)

Mutual labels: terraform

Terraform Ecs Autoscale Alb

ECS cluster with instance and service autoscaling configured and running behind an ALB with path based routing set up

Stars: ✭ 60 (-13.04%)

Mutual labels: terraform

Terraform Provider Credstash

Terraform provider for secrets stored with credstash

Stars: ✭ 68 (-1.45%)

Mutual labels: terraform

Terraform Security Scan

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

Stars: ✭ 64 (-7.25%)

Mutual labels: terraform

Etok

Execute Terraform on Kubernetes

Stars: ✭ 68 (-1.45%)

Mutual labels: terraform

Deckdeckgo

The web open source editor for presentations

Stars: ✭ 1,117 (+1518.84%)

Mutual labels: terraform

Terraform Modules

Reusable Terraform modules

Stars: ✭ 63 (-8.7%)

Mutual labels: terraform

Roll

AWS Blue/Green deployment using Clojure flavoured devops

Stars: ✭ 66 (-4.35%)

Mutual labels: terraform

Terraform Aws Waf Owasp Top 10 Rules

A Terraform module to create AWF WAF Rules for OWASP Top 10 security risks protection.

Stars: ✭ 62 (-10.14%)

Mutual labels: terraform

Elastic Beanstalk Terraform Setup

🎬 Playbook for setting up & deploying AWS Beanstalk Applications on Docker with 1 command

Stars: ✭ 69 (+0%)

Mutual labels: terraform

Terraform Kubernetes

Terraform module for provisioning AWS resources to run a Kubernetes cluster

Stars: ✭ 61 (-11.59%)

Mutual labels: terraform

Terraform Provider Fastly

Terraform Fastly provider

Stars: ✭ 65 (-5.8%)

Mutual labels: terraform

Terraform Aws Airflow

Terraform module to deploy an Apache Airflow cluster on AWS, backed by RDS PostgreSQL for metadata, S3 for logs and SQS as message broker with CeleryExecutor

Stars: ✭ 69 (+0%)

Mutual labels: terraform

Terraform Provider Aiven

Terraform Aiven provider

Stars: ✭ 68 (-1.45%)

Mutual labels: terraform

Module Security Public

The public documentation for the gruntwork-io/module-security repo, which contains packages for setting up best practices for managing secrets, credentials, and servers

Stars: ✭ 67 (-2.9%)

Mutual labels: terraform

View All Similar Projects ➔

InSpec Terraform Provisioner

The InSpec provisioner executes InSpec during the terraform apply run. It supports verifying:

instances
cloud platforms like azure, aws, digitalocean or gcp

Note: This is an early project and is not working on Windows environments yet. Coming soon.

Installation

One-Liner Install (Linux)

mkdir -p ~/.terraform.d/plugins/
curl -L -s https://api.github.com/repos/inspec/terraform-provisioner-inspec/releases/latest \
  | grep --color=none browser_download_url \
  | grep --color=none Linux_x86_64 \
  | cut -d '"' -f 4 \
  | xargs curl -L | tar zxv -C ~/.terraform.d/plugins/

One-Liner Install (Mac)

mkdir -p ~/.terraform.d/plugins/
curl -L -s https://api.github.com/repos/inspec/terraform-provisioner-inspec/releases/latest \
  | grep --color=none browser_download_url \
  | grep --color=none Darwin_x86_64 \
  | cut -d '"' -f 4 \
  | xargs curl -L | tar zxv -C ~/.terraform.d/plugins/

If you encounter issues during installation, please also have a look at Terraform Plugin Basics

Linux

mkdir -p ~/.terraform.d/plugins/
curl -L https://github.com/inspec/terraform-provisioner-inspec/releases/download/0.1.0/terraform-provisioner-inspec_0.1.0_Linux_x86_64.tar.gz -o terraform-provisioner-inspec.tar.gz
tar -xvzf terraform-provisioner-inspec.tar.gz -C ~/.terraform.d/plugins/

Mac

mkdir -p ~/.terraform.d/plugins/
curl -L https://github.com/inspec/terraform-provisioner-inspec/releases/download/0.1.0/terraform-provisioner-inspec_0.1.0_Darwin_x86_64.tar.gz -o terraform-provisioner-inspec.tar.gz
tar -xvzf terraform-provisioner-inspec.tar.gz -C ~/.terraform.d/plugins/

Build the provisioner plugin

Clone repository to: $GOPATH/src/github.com/inspec/terraform-provisioner-inspec

$ mkdir -p $GOPATH/src/github.com/inspec; cd $GOPATH/src/github.com/inspec
$ git clone [email protected]:inspec/terraform-provisioner-inspec

Enter the provider directory and build the provider

$ cd $GOPATH/src/github.com/inspec/terraform-provisioner-inspec
$ dep ensure
# build on linux
$ make build/linux
# build on macos
$ make build/darwin

Targets

The provisionier can be uses with any instance. E.g for AWS the following runs InSpec and verifies the security with the DevSec baselines.

Instances

resource "aws_instance" "web" {
  connection {
    user = "ubuntu"
  }

  instance_type = "t2.micro"
  ami = "${lookup(var.aws_amis, var.aws_region)}"
  key_name = "chartmann"
  vpc_security_group_ids = ["${aws_security_group.default.id}"]
  subnet_id = "${aws_subnet.default.id}"

  # installs inspec and executes the profiles
  provisioner "inspec" {
    profiles = [
      "supermarket://dev-sec/linux-baseline",
      "supermarket://dev-sec/ssh-baseline",
    ]

    # allow pass if compliance errors happen
    on_failure = "continue"
  }
}

Cloud Platform

InSpec has a wide-support for cloud-platforms. This allows us to verify configuration like security groups. See InSpec AWS, Azure and GCP documentation

resource "null_resource" "inspec_aws" {
  // runs inspec profile against aws services
  provisioner "inspec" {
    profiles = [
      "https://github.com/chris-rock/aws-baseline",
    ]

    target {
      backend      = "aws"
      access_key = "${var.aws_access_key}"
      secret_key = "${var.aws_secret_key}"
      region     = "us-east-1"
    }

    reporter {
      name = "json"
    }

    on_failure = "continue"
  }
}

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 69

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗