This project focused on:
- Preventive cloud governance
- CloudTrail tamper protection
- Region restriction SCPs
- Centralised audit logging
- Terraform-based governance automation
- Real-world AWS Organisations edge cases
Also validated controls through failure simulations and CLI testing instead of only deploying infrastructure.
Full write-up:
🔗 https://fridaysecurity.hashnode.dev/building-a-multi-account-zero-trust-governance-architecture-in-aws-using-terraform-scps-and-cloudtrail
Medium Write-up:
🔗 https://sesanknagamunukutla.medium.com/designing-a-zero-trust-aws-governance-architecture-using-aws-organisations-scps-and-cloudtrail-afbbd470ab34?postPublishedType=repub
Code & Evidence:
🔗 https://github.com/nagasesank/aws-zero-trust-org-lab
Top comments (0)