Compliance-Ready Terraform Modules
Compliance controls built into your Terraform modules — enforced at plan time, not after deployment.
Same terraform-aws-modules you already use. Change the source URL. Compliance controls are enforced automatically at terraform plan time. No new CLI tools, no policy engines, no agents.
See it in action
module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "5.0.0"
}module "s3_bucket" {
source = "soc2.compliance.tf/terraform-aws-modules/s3-bucket/aws"
version = "5.0.0"
}Same arguments. Same outputs. Compliance controls enforced automatically.
SOC 2 Type II Certified · 34 modules · 300+ controls · Works with Checkov, OPA, Sentinel · No state migration
I want to...
Get a compliant terraform plan — typically in under 10 minutes.
Browse all AWS controls, filter by framework, service, or effort level.
Switch from terraform-aws-modules with a single source URL change.
Pre-composed Terraform for SOC 2, PCI DSS, and HIPAA. Clone, fill in tfvars, apply.
SOC 2, PCI DSS, CIS, HIPAA, NIST, and 35+ more.
Generate compliance artifacts and evidence for your auditors.
Validate compliance in GitHub Actions, GitLab CI, and more.
Lifecycle blocks, tag management, provisioner removal — applied at download time.
How it works
-
Pick your compliance framework — SOC 2, PCI DSS, HIPAA, CIS, NIST, and 35+ more. Each framework maps to a registry endpoint. Browse frameworks →
-
Change the source URL — Replace
terraform-aws-modules/...withsoc2.compliance.tf/terraform-aws-modules/...in your Terraform config. See registry endpoints → -
Deploy with confidence — Run
terraform plan. Controls are enforced automatically. Non-compliant configurations fail with clear error messages telling you exactly what to fix. No post-deployment scanning step. No post-deployment remediation cycle.
Controls are validated at terraform plan time. If your configuration violates a control, you get an error message — not a scan finding after deployment.