HomeTerraform Moduleaccount-security

account-security

DNXLabs/account-security/aws

Terraform Module HCL AWS

This terraform module creates IAM roles for federated users to assume from an IdP account.

Install
module "account-security" {
source = "DNXLabs/account-security/aws"
version = "1.4.0"
}
plain text: /constructs/tfmod-dnxlabs-account-security-aws/install.txt
⭐ Source on GitHub 📦 Registry page
README

terraform-aws-account-security ![Lint Status](https://github.com/DNXLabs/terraform-aws-account-security/actions) ![LICENSE](https://github.com/DNXLabs/terraform-aws-account-security/blob/master/LICENSE) This terraform module creates IAM roles for federated users to assume from an IdP account. It creates 2 roles: idp-admin with full admin permissions idp-read-only with read-only permissions Usage ``hcl module "my_account_roles" { source = "git::https://github.com/DNXLabs/terraform-aws-account-roles.git?ref=0.2.0" org_name = "my_organization" account_name = "my_account" idp_account_id = "000000000000" idp_admin_trust_account_ids = ["1234567890123"] # optional idp_admin_trust_names = ["dnx"] # optional } ` Deploy this module to every AWS account, except _IdP_ and _master_. You will need an AW

Inputs (15)
NameTypeDescriptionDefault
account_namestringAccount name (slug) required
org_namestringName for this organization (slug) required
idp_external_trust_account_idslist(string)List of account IDs to trust as external IDPs (leave empty to disable external a[]
idp_external_trust_client_rolestringCreates a client-admin/client-read-only role for external IDPstrue
ssm_account_idslist(string)List of account IDs to save in SSM[]
ssm_account_nameslist(string)List of account names (slugs) to save in SSM, must match ssm_account_ids[]
extra_roles_policymapA map of { <role_name> = <json policy> } to create policies to extra roles in th{}
extra_roleslistA list of extra roles to create in this account[]
extra_roles_policy_arnmapA map of { <role_name> = <policy arn> } to attach policies to extra roles in thi{}
ci_account_idstringAccount ID of MGMT account for use with IAM CI role. Required when create_ci_iam""
create_idp_trusted_rolesstringCreate admin and read-only roles trusting IDP accounttrue
idp_account_idstringAccount ID of IDP account (needs to be set when is_idp_account=true)""
role_max_session_durationstringMaximum CLI/API session duration"43200"
create_ci_profilestringCreate IAM instance profile and user for use with CI workers deployed to the accfalse
create_ci_rolestringCreate IAM role to assume from MGMT account for CI deploymentstrue
Outputs (2)
iam_role_admin_arn — ARN for admin IAM role
iam_role_read_only_arn — ARN for read-only IAM role
Resources (9)
aws_iam_account_aliasaws_iam_instance_profileaws_iam_policyaws_iam_roleaws_iam_role_policyaws_iam_role_policy_attachmentaws_iam_useraws_iam_user_policy_attachmentaws_ssm_parameter
Topics & Tags
aws-iamawsterraform-module
Details
FrameworkTerraform Module
LanguageHCL
Version1.4.0
Cloud AWS
★ Stars1
Forks2
Total downloads6.0k
Inputs15
Outputs2
Resources9
LicenseApache-2.0
NamespaceDNXLabs
Updated
Similar packages
lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

★ 210terraform-module
avm-ptn-alz

Terraform Azure Verified Pattern Module for Azure Landing Zone

★ 122terraform-module
avm-res-keyvault-vault

Terraform Azure Verified Resource Module for Key Vault

★ 45terraform-module
next-js

Terraform module for building and deploying Next.js apps to AWS. Supports SSR (L

★ 1.5kterraform-module
Tools
⚖ Compare with another construct → 📋 View data schema