This repo is a collection of standard, official templates used by the Cornell CIT Cloud DevOps Team.
- baseline-nacl creates a standard baseline network access control list for AWS VPCs
- client-vpn example deployment of Client VPN
- codepipeline-simple creates a simple CodePipeline and CodeBuild project
- iam-access-analyzer creates an IAM Role that IAM Access Analyzer can use to examine CloudTrail logs and generate IAM Policies based on actual usage
- marketplace-iam IAM roles and policies for limiting Marketplace actions
- ses creates IAM policy and user group for sending email using SES
- shib-dba creates an IAM Role that grants privileges for DBAs to function within AWS with RDS, EC2, etc.
- shib-ec2emr creates an IAM Role that grants privileges that would be useful to data scientists.
- shib-tagged creates an IAM role showing how to control access via tagging of resources
- sns-teams-relay creates a Lambda function to relay SNS messages to Microsoft Teams
- standard-vpc creates a Cornell Standard VPC
- template-template a standard starting point for new CloudFormation templates, including a helpful script
- vpc-endpoints creates VPC endpoints for commonly used AWS services