Free Resource for Platform Engineers
Secure AWS from Day Zero.
A codified, opinionated, and production-ready AWS security baseline. Built with Terraform, tightly aligned to the CIS Foundations Benchmark v1.5, and designed for multi-account AWS Organizations.
What's inside the Playbook?
Zero-Trust Account Boundaries7-account best-practice architecture with strict Service Control Policies (SCPs) preventing public S3 buckets and Root user usage.
Least Privilege IdentitiesIAM boundaries, CI/CD GitHub OIDC roles, and enforced MFA via AWS Identity Center.
Automated Detective ControlsGuardDuty, Security Hub, multi-region CloudTrail, and Config Rules with SSM Auto-Remediation active from deployment.
KMS ENCRYPTION
VPC FLOW LOGS
CIS v1.5 MAPPED
Get the Terraform Playbook
Join our DevSecOps newsletter and grab the complete 35-page PDF playbook and Terraform source code references.
We respect your privacy. Unsubscribe at any time.