Brownfield Migration Kit
Migrate from terraform-aws-modules to compliance.tf with compliance controls enforced automatically. No state surgery, no resource recreation, no workflow changes. Change the source URL, fix any validation errors, and apply.
Quick Start
Migration is three steps:
- Change the source URL:
terraform-aws-modules/s3-bucket/awsbecomessoc2.compliance.tf/terraform-aws-modules/s3-bucket/aws - Run
terraform init -upgradeto download the module from the compliance.tf registry - Run
terraform plan, fix any validation errors, thenterraform apply
For the full walkthrough with authentication setup, bulk find-and-replace, rollback instructions, and team coordination: Full Migration Guide.
Module Playbooks
Step-by-step migration playbooks for individual modules. Each covers before/after configuration, enforced controls, common issues, and rollback.
| Module | Difficulty | Time Estimate |
|---|---|---|
| S3 Bucket | Minor fixes | 15-30 min per instance |
| RDS | Minor fixes | 15-30 min per instance |
| VPC | Usually clean | 10-15 min per instance |
| EC2 Instance | Minor fixes | 15-30 min per instance |
Reference
- Version Compatibility Matrix: which upstream terraform-aws-modules versions are supported for each of the 34 modules
- Assessment Checklist: self-serve checklist to evaluate migration readiness before you start
- Full Migration Guide: complete 7-step walkthrough with authentication, bulk replacement, phased rollout, and FAQ
Other Modules
compliance.tf supports 34 modules from terraform-aws-modules. The four playbooks above cover the most common starting points. All 34 modules follow the same migration pattern: change the source, init, plan, fix, apply.
For the full list of supported modules and their control counts, see the module compatibility page.