[codex] add prod-like Terraform sandbox design by InfoSecHack · Pull Request #37 · InfoSecHack/iamscope

InfoSecHack · 2026-06-04T01:30:54Z

Summary

Add the Phase 3 Terraform sandbox design for the prod-like AWS accuracy benchmark.
Map the frozen 24-row oracle fixture to future Terraform resource groups without expanding scope.
Define dedicated sandbox account policy, future module layout, max v1 limits, optional live probe categories, collection/cleanup plans, gates, and non-claims.

Docs/spec only.
No Terraform files, tests, code, runner changes, live AWS, AWS CLI, STS/Lambda/API calls, iam:PassRole calls, Terraform init/plan/apply/destroy, reasoner changes, benchmark semantic changes, release/version change, or new evidence claims.
No composite benchmark score or pass/fail benchmark label.

design grep for fixture id, Terraform path, dedicated sandbox/account guard/ack, max v1 limits, live probe boundary, gates, non-claims, and next slice
account/ARN hygiene scans
generated live/Terraform artifact scan
./scripts/check.sh
./scripts/test_fast.sh
git diff --check

add

4fe33de

InfoSecHack marked this pull request as ready for review June 4, 2026 04:52

InfoSecHack merged commit b393a37 into main Jun 4, 2026
6 checks passed

InfoSecHack deleted the codex/prod-like-terraform-sandbox-design branch June 4, 2026 04:52