Tags

Tags give the ability to mark specific points in history as being important

  • v0.2.0

    ab012b1c · Merge pull request #7 from phpboyscout/develop · 
    v0.2.0 — GitLab CI provider + state-backend toggle

  • v0.1.0

    453932b2 · fix(ci): suppress CKV_TF_1 on registry sources + populate terraform-docs tables · 
    v0.1.0 — Initial release

Three sub-modules and a root composition:

  - state-backend: S3 + customer-managed KMS CMK with S3-native
    locking (use_lockfile = true). prevent_destroy on the bucket;
    TLS-only / SSE-KMS-required bucket policy.
  - automation-iam: GitHub Actions OIDC IDP + assumable role,
    wrapping terraform-aws-modules/iam (~> 5.0) for the IDP and
    role-with-OIDC sub-modules.
  - nuke-config: rendered aws-nuke (ekristen fork) YAML from typed
    inputs. No AWS resources; optional local_file write via
    output_path.

The root composes all three behind a 4-required-input surface
(account_id, region, project_name, github_repo) plus 7 optional
overrides for tags, naming, and per-knob tightening.

Pre-1.0: minor bumps may break the input/output surface. Stable
semver from v1.0.

Out of scope (consumers add via downstream stacks): account
hardening (alias, password policy, EBS, public-access block),
audit logging (CloudTrail), AWS Config, threat detection
(GuardDuty, Security Hub, Access Analyzer), human operator roles.
Master spec: docs/development/specs/2026-04-26-aws-bootstrap-v0.1.md