├── LICENSE
├── README.md
├── ROADMAP.md
├── examples
    └── full-organization
    │   ├── allow-all-policy.json
    │   └── organization.yaml
├── scripts
    ├── create_org_diagram_from_config.py
    ├── get-ct-scps.py
    └── policy.json
└── terraform-cdk
    ├── .gitignore
    ├── cdktf.json
    ├── entities
        ├── Account.py
        ├── ConfigEntity.py
        ├── GlobalConfig.py
        ├── OrganizationalUnit.py
        ├── Policy.py
        ├── TerraformModule.py
        ├── __pycache__
        │   ├── Account.cpython-38.pyc
        │   ├── ConfigEntity.cpython-38.pyc
        │   ├── GlobalConfig.cpython-38.pyc
        │   ├── OrganizationalUnit.cpython-38.pyc
        │   ├── Policy.cpython-38.pyc
        │   ├── TerraformModule.cpython-38.pyc
        │   ├── errors.cpython-38.pyc
        │   └── exceptions.cpython-38.pyc
        ├── errors.py
        └── exceptions.py
    ├── guardrails
        ├── README.md
        ├── audit_bucket_deletion_prohibited.json
        ├── audit_bucket_encryption_enabled.json
        ├── audit_bucket_logging_enabled.json
        ├── audit_bucket_policy_changes_prohibited.json
        ├── audit_bucket_retention_policy.json
        ├── cloudtrail_change_prohibited.json
        ├── cloudtrail_cloudwatch_logs_enabled.json
        ├── cloudtrail_enabled.json
        ├── cloudtrail_validation_enabled.json
        ├── cloudwatch_events_change_prohibited.json
        ├── config_aggregation_authorization_policy.json
        ├── config_aggregation_change_prohibited.json
        ├── config_change_prohibited.json
        ├── config_enabled.json
        ├── config_rule_change_prohibited.json
        ├── ct_audit_bucket_encryption_changes_prohibited.json
        ├── ct_audit_bucket_lifecycle_configuration_changes_prohibited.json
        ├── ct_audit_bucket_logging_configuration_changes_prohibited.json
        ├── ct_audit_bucket_policy_changes_prohibited.json
        ├── iam_role_change_prohibited.json
        ├── lambda_change_prohibited.json
        ├── log_group_policy.json
        ├── restrict_root_user.json
        ├── restrict_root_user_access_keys.json
        ├── restrict_s3_cross_region_replication.json
        ├── restrict_s3_delete_without_mfa.json
        ├── sns_change_prohibited.json
        └── sns_subscription_change_prohibited.json
    ├── help
    ├── main.py
    ├── modules
        ├── audit
        │   ├── data_sources.tf
        │   ├── security_resources.tf
        │   ├── variables.tf
        │   └── versions.tf
        └── log-archive
        │   ├── buckets.tf
        │   ├── cloudwatch.tf
        │   ├── data_sources.tf
        │   ├── files
        │       └── index.py
        │   ├── outputs.tf
        │   ├── roles.tf
        │   ├── service_roles.tf
        │   ├── variables.tf
        │   └── versions.tf
    └── requirements.txt


/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/README.md


--------------------------------------------------------------------------------
/ROADMAP.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/ROADMAP.md


--------------------------------------------------------------------------------
/examples/full-organization/allow-all-policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/examples/full-organization/allow-all-policy.json


--------------------------------------------------------------------------------
/examples/full-organization/organization.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/examples/full-organization/organization.yaml


--------------------------------------------------------------------------------
/scripts/create_org_diagram_from_config.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/scripts/create_org_diagram_from_config.py


--------------------------------------------------------------------------------
/scripts/get-ct-scps.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/scripts/get-ct-scps.py


--------------------------------------------------------------------------------
/scripts/policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/scripts/policy.json


--------------------------------------------------------------------------------
/terraform-cdk/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/.gitignore


--------------------------------------------------------------------------------
/terraform-cdk/cdktf.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/cdktf.json


--------------------------------------------------------------------------------
/terraform-cdk/entities/Account.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/Account.py


--------------------------------------------------------------------------------
/terraform-cdk/entities/ConfigEntity.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/ConfigEntity.py


--------------------------------------------------------------------------------
/terraform-cdk/entities/GlobalConfig.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/GlobalConfig.py


--------------------------------------------------------------------------------
/terraform-cdk/entities/OrganizationalUnit.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/OrganizationalUnit.py


--------------------------------------------------------------------------------
/terraform-cdk/entities/Policy.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/Policy.py


--------------------------------------------------------------------------------
/terraform-cdk/entities/TerraformModule.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/TerraformModule.py


--------------------------------------------------------------------------------
/terraform-cdk/entities/__pycache__/Account.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/__pycache__/Account.cpython-38.pyc


--------------------------------------------------------------------------------
/terraform-cdk/entities/__pycache__/ConfigEntity.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/__pycache__/ConfigEntity.cpython-38.pyc


--------------------------------------------------------------------------------
/terraform-cdk/entities/__pycache__/GlobalConfig.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/__pycache__/GlobalConfig.cpython-38.pyc


--------------------------------------------------------------------------------
/terraform-cdk/entities/__pycache__/OrganizationalUnit.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/__pycache__/OrganizationalUnit.cpython-38.pyc


--------------------------------------------------------------------------------
/terraform-cdk/entities/__pycache__/Policy.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/__pycache__/Policy.cpython-38.pyc


--------------------------------------------------------------------------------
/terraform-cdk/entities/__pycache__/TerraformModule.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/__pycache__/TerraformModule.cpython-38.pyc


--------------------------------------------------------------------------------
/terraform-cdk/entities/__pycache__/errors.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/__pycache__/errors.cpython-38.pyc


--------------------------------------------------------------------------------
/terraform-cdk/entities/__pycache__/exceptions.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/__pycache__/exceptions.cpython-38.pyc


--------------------------------------------------------------------------------
/terraform-cdk/entities/errors.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/errors.py


--------------------------------------------------------------------------------
/terraform-cdk/entities/exceptions.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/entities/exceptions.py


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/README.md


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/audit_bucket_deletion_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/audit_bucket_deletion_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/audit_bucket_encryption_enabled.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/audit_bucket_encryption_enabled.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/audit_bucket_logging_enabled.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/audit_bucket_logging_enabled.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/audit_bucket_policy_changes_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/audit_bucket_policy_changes_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/audit_bucket_retention_policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/audit_bucket_retention_policy.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/cloudtrail_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/cloudtrail_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/cloudtrail_cloudwatch_logs_enabled.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/cloudtrail_cloudwatch_logs_enabled.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/cloudtrail_enabled.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/cloudtrail_enabled.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/cloudtrail_validation_enabled.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/cloudtrail_validation_enabled.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/cloudwatch_events_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/cloudwatch_events_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/config_aggregation_authorization_policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/config_aggregation_authorization_policy.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/config_aggregation_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/config_aggregation_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/config_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/config_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/config_enabled.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/config_enabled.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/config_rule_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/config_rule_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/ct_audit_bucket_encryption_changes_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/ct_audit_bucket_encryption_changes_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/ct_audit_bucket_lifecycle_configuration_changes_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/ct_audit_bucket_lifecycle_configuration_changes_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/ct_audit_bucket_logging_configuration_changes_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/ct_audit_bucket_logging_configuration_changes_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/ct_audit_bucket_policy_changes_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/ct_audit_bucket_policy_changes_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/iam_role_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/iam_role_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/lambda_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/lambda_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/log_group_policy.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/log_group_policy.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/restrict_root_user.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/restrict_root_user.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/restrict_root_user_access_keys.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/restrict_root_user_access_keys.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/restrict_s3_cross_region_replication.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/restrict_s3_cross_region_replication.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/restrict_s3_delete_without_mfa.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/restrict_s3_delete_without_mfa.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/sns_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/sns_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/guardrails/sns_subscription_change_prohibited.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/guardrails/sns_subscription_change_prohibited.json


--------------------------------------------------------------------------------
/terraform-cdk/help:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/help


--------------------------------------------------------------------------------
/terraform-cdk/main.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/main.py


--------------------------------------------------------------------------------
/terraform-cdk/modules/audit/data_sources.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/audit/data_sources.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/audit/security_resources.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/audit/security_resources.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/audit/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/audit/variables.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/audit/versions.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/audit/versions.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/buckets.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/buckets.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/cloudwatch.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/cloudwatch.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/data_sources.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/data_sources.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/files/index.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/files/index.py


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/outputs.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/outputs.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/roles.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/roles.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/service_roles.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/service_roles.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/variables.tf


--------------------------------------------------------------------------------
/terraform-cdk/modules/log-archive/versions.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/modules/log-archive/versions.tf


--------------------------------------------------------------------------------
/terraform-cdk/requirements.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TeraSky-OSS/laze/HEAD/terraform-cdk/requirements.txt


--------------------------------------------------------------------------------