Initial structure for create s3 buckets with secure best practices

.gitignore

@@ -0,0 +1,117 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# All .env files
+*.env
+
+# Dist directory
+dist/
+
+# Docs
+docs/
+
+# swagger
+.swagger/
+
+# terraform
+.terraform/
+terraform.tfstate
+
+# coverage
+/coverage
+
+# DS_store
+.DS_Store
+
+# keep test env files
+!*.test.env
+
+# Procfile
+.procfile
+
+# Audit File
+yarn_audit.json
+
+# Jetbrains config
+.idea/
+yarn-error.log
+
+# Docker Audit
+snyk_docker.json

Makefile

@@ -0,0 +1,5 @@
+.PHONY: init
+
+init:
+ cd aws_stack && terraform init -var="aws_profile=$(AWS_PROFILE)" -lock=false
+

README.md

@@ -0,0 +1,13 @@
+# Supermassive Infra bootstrap
+
+Repository bootstrap to perform infra with security best practices and more.
+
+## Features
+- IAM Groups
+- IAM Password policy
+
+## TODO
+
+- Backend Terraform automation
+- AWS Config
+and more...

index.ts

@@ -0,0 +1,73 @@
+import * as aws from 'aws-sdk';
+import { prompt } from 'enquirer';
+
+const s3 = new aws.S3();
+const user: string = 'deploy';
+
+export class BackendTF {
+
+ constructor() {
+
+ }
+
+ private async createS3Bucket(bucketName: string, region: string) {
+ const params = {
+ Bucket: bucketName,
+ ACL: 'private',
+ CreateBucketConfiguration: {
+ LocationConstraint: region
+ },
+ };
+ await s3.createBucket(params).promise();
+
+ const publicAccess = {
+ Bucket: bucketName,
+ PublicAccessBlockConfiguration: {
+ BlockPublicAcls: true,
+ BlockPublicPolicy: true,
+ IgnorePublicAcls: true,
+ RestrictPublicBuckets: true,
+ },
+ };
+ await s3.putPublicAccessBlock(publicAccess).promise();
+
+ const bucketEncryption = {
+ Bucket: bucketName,
+ ServerSideEncryptionConfiguration: {
+ Rules: [
+ {
+ ApplyServerSideEncryptionByDefault: {
+ SSEAlgorithm: 'AES256',
+ },
+ },
+ ],
+ },
+ };
+ await s3.putBucketEncryption(bucketEncryption).promise();
+
+ console.log(`Bucket ${bucketName} Created.`);
+ }
+
+ public async init() {
+
+ const { repoName } = await prompt({
+ type: 'input',
+ name: 'repoName',
+ message: 'Name of repository or project?',
+ });
+
+ const { region } = await prompt({
+ type: 'input',
+ name: 'region',
+ message: 'Region?',
+ initial: 'us-east-2'
+ });
+
+ }
+}
+
+const backend: BackendTF = new BackendTF();
+backend
+ .init()
+ .then()
+ .catch();

package.json

@@ -0,0 +1,21 @@
+{
+ "name": "aws-terrabackend",
+ "version": "1.0.0",
+ "description": "",
+ "main": "index.js",
+ "scripts": {
+ "test": "echo \"Error: no test specified\" && exit 1"
+ },
+ "author": "",
+ "license": "ISC",
+ "devDependencies": {
+ "@types/minimist": "^1.2.0",
+ "@types/node": "^11.13.1"
+ },
+ "dependencies": {
+ "aws-sdk": "^2.424.0",
+ "enquirer": "^2.3.2",
+ "ts-node": "^8.0.3",
+ "typescript": "^3.6.4"
+ }
+}

tsconfig.json

@@ -0,0 +1,19 @@
+{
+ "compilerOptions": {
+ "lib": ["es5", "es6", "es7", "es2017.object", "dom"],
+ "target": "es6",
+ "module": "commonjs",
+ "moduleResolution": "node",
+ "emitDecoratorMetadata": true,
+ "experimentalDecorators": true,
+ "baseUrl": ".",
+ "noImplicitAny": true,
+ "strictNullChecks": true,
+ "outDir": "dist",
+ "sourceMap": false,
+ "typeRoots": [
+ "./node_modules/@types"
+ ]
+ },
+ "include": ["scripts/**/*"]
+}