This Terraform module implements an AWS Identity and Access Management role that helps you assess your multi-account environment in AWS Organizations using Prowler security assessment tool deployed on AWS Fargate. The role is assumed by the Prowler deployment account and should be deployed to your management account and the member accounts you want to include in the assessment scope.
-
- Creates an IAM role assumed by Prowler deployment account.
- Allows Prowler to write assessment report to a central S3 bucket.
-
- Defines the Terraform output values of this Terraform module.
-
- Defines the input variables for this Terraform module.
-
- Defines the IAM policy document for the Prowler role.
| Name | Type |
|---|---|
| aws_iam_role | Resource |
| aws_iam_policy | Resource |
| aws_iam_policy_attachment | Resource |
All variable details can be found in aws-tf-prowler-fargate/aws-tf-iam-role. Refer to the file for default variable values.
| Variable Name | Description | Required |
|---|---|---|
deployment_accountid |
The AWS Account Id to deploy Prowler | Yes |
prowler_iamrole_name |
IAM role name to assign to prowler cross-account role | Yes |
prowler_s3 |
Enter the S3 Bucket for Prowler Reports. Format: prefix-awsaccount-awsregion | Yes |
tags |
A map of tags (key-value pairs) passed to resources. | Yes |
All output details can be found in aws-tf-prowler-fargate/outputs.tf.
| Output Name | Description |
|---|---|
aws_iam_role |
ARN of the Prowler IAM role |