메인 콘텐츠로 건너뛰기AWS Startups
로그인가입
  1. 프롬프트 및 에이전트 라이브러리
  2. AWS 보안 기준: Terraform 배포 키트
Prompt Icon

AWS 보안 기준: Terraform 배포 키트

  • 초보자
  • 보안 및 규정 준수
  • 코드형 인프라

자동화된 모니터링, 위협 탐지 및 규정 준수 제어 기능을 갖춘 Terraform을 사용하여 포괄적인 AWS 보안 기준을 배포하면 Startup이 엔터프라이즈 보안 요구 사항을 더 빠르게 충족할 수 있습니다.

Kelsey Jamison이(가) 2026년 2월 13일에 생성함

이러한 프롬프트를 사용하면 고지 사항에 동의하는 것으로 간주됩니다.

시스템 프롬프트

Create a comprehensive AWS security baseline using Terraform that includes:

1. Multi-region CloudTrail with encryption, log file validation, and CloudWatch integration
2. GuardDuty with S3 protection and malware scanning enabled
3. Security Hub with AWS Foundational Best Practices standard
4. AWS WAF with OWASP Top 10 rules and rate limiting (2000 req/5min)
5. AWS Inspector for EC2, ECR, and Lambda vulnerability scanning
6. CloudWatch Dashboard with 8 widgets showing security metrics
7. 4 CloudWatch Alarms: root account usage, unauthorized API calls (5+ in 5min), IAM policy changes, S3 bucket policy changes
8. 3 IAM roles with least-privilege access:
   - BreakGlassAdmin (requires ExternalId for emergency access)
   - SecurityAuditor (read-only security monitoring)
   - DeveloperTemplate (least-privilege development access)
9. KMS encryption with auto-rotation for CloudTrail and SNS
10. S3 state management with versioning and DynamoDB locking
11. SNS topic for security alerts with email subscription

Requirements:
- Use modular Terraform structure (root + security_baseline module)
- Include comprehensive documentation: README, QUICKSTART, SECURITY-BASELINE with SOC 2 mapping
- Provide migration script for S3 backend
- Include .gitignore for sensitive files
- Add terraform.tfvars.example template
- Create demo scripts for 5-minute and 10-minute presentations
- Ensure all resources are tagged with Project, Environment, ManagedBy
- Configure proper IAM policies and trust relationships
- Enable versioning and encryption on all S3 buckets
- Set up metric filters for security event detection

Output should be production-ready, well-documented, and deployable in under 10 minutes.

어떻게 사용하나요?

Prerequisites 

Required Access:

  1. AWS Knowledge MCP Server integration enabled in AI assistant
  2. AWS account access (read-only sufficient for assessment)
  3. Basic understanding of AWS services (EC2, RDS, S3, IAM)

Recommended Background:

  • Familiarity with cloud security concepts
  • Understanding of startup funding stages
  • Basic knowledge of compliance frameworks (SOC2, GDPR)

Tools Required:

  1. AI assistant with MCP support
  2. Access to MCP tools: aws_search_documentation, aws_read_documentation, aws_get_regional_availability, aws_list_regionsSETUP 

Instructions

Step 1: Prepare Assessment Context

Gather the following information:

  • Startup Profile: Company name, funding stage, industry, current scale
  • AWS Environment: Services in use, account structure, team size
  • Security Goals: Primary objectives, timeline, budget, compliance requirements

Step 2: Configure the Prompt

  • Copy the complete prompt composition
  • Replace all bracketed placeholders [LIKE_THIS] with your specific information
  • Ensure all sections are completed, especially Current Environment Context

Step 3: Execute Assessment

  • Submit configured prompt to AI assistant with MCP support
  • Assistant will systematically assess each control using MCP tools
  • Review output for completeness (Executive Summary, Control Reports, Remediation Roadmap)