Compliant Financial Infrastructure accelerates the development, deployment and adoption of services provided for AWS, Azure and Google in a way that meets existing regulatory and internal security controls.
Broadly speaking, we think, define VPC as a mod with all the features one'd want, with switches in the resources for count so that if var true then deploy element else don't. This provides flexibility for members deploying a VPC but who dont want routing and subnets with it for instance. Example
split into security, routing and core. We would need to associate groups of resources to need so eg no point having a switch allowing a user to not have an endpoint resource, but still have an endpoint route table association.
We should then excise as needed to create separate compliant child mods for these as well (eg a subnet mod) for max flex.
Originally from https://github.com/finos/terraform-aws-cfi-eks/issues/7#issuecomment-1276432654