Giter VIP home page Giter VIP logo

tf-aws-mta-sts's Introduction

Project

Deploys an end-to-end MTA-STS with TLS-RPT configuration. With a domains variable, as a map of customer domain-names, all hosted on AWS. Giving controls for enabling/disabling specific components, and building entirely with terraform.

Contributions

Version: 1.0.1 Creation Date: 2023-01-02 Last Updated: 2024-01-08 Author: Simon Jackson / sjackson0109 Contact: [email protected]

Configurations:

Clone the example.tfvars file, into your own clientname.auto.tfvars file. Ensure the domains variable contains a MAP of the domains that customer needs to use, and then populate all the variable values as you see fit. Note: If the DNS domain-name is NOT hosted on AWS Route53, each of DNS records would need to be created manually in the given provider portal.

Terraform state (example):

The following resources exist in the state file after apply:

  • data.aws_iam_policy_document.oai_access["mytestdomain.com"]
  • data.aws_route53_zone.domain["mytestdomain.com"]
  • aws_acm_certificate.mta_sts["mytestdomain.com"]
  • aws_acm_certificate_validation.mta_sts_acme_challange["mytestdomain.com"]
  • aws_cloudfront_distribution.fqdn["mytestdomain.com"]
  • aws_cloudfront_origin_access_identity.mta_sts_oai["mytestdomain.com"]
  • aws_route53_record.mta_sts_acme_challange["mytestdomain.com"]
  • aws_route53_record.mta_sts_cloud_front_cname["mytestdomain.com"]
  • aws_route53_record.mta_sts_policy["mytestdomain.com"]
  • aws_route53_record.mta_sts_reporting["mytestdomain.com"]
  • aws_s3_bucket.mta_sts["mytestdomain.com"]
  • aws_s3_bucket_lifecycle_configuration.mta_sts["mytestdomain.com"]
  • aws_s3_bucket_acl.mta_sts["mytestdomain.com"]
  • aws_s3_bucket_ownership_controls.mta_sts["mytestdomain.com"]
  • aws_s3_bucket_policy.oai_access["mytestdomain.com"]
  • aws_s3_object.mta-sts-policy["mytestdomain.com"]
  • aws_s3_object.mta_sts_folder["mytestdomain.com"]

Protection

It might be worth signing up with https://report-uri.com/ to gain access to a very clean user-interface to analyise website security. Affiliated with the same site is another server-security-validation website https://securityheaders.com - super useful! and finally, i've signed up to a trail on the following website, also really useful: https://www.hardenize.com https://www.hardenize.com/report

Standards

The following RFC standards were heavily looked at in order to confirm the end to end setup:

tf-aws-mta-sts's People

Contributors

sjackson0109 avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.