aws-iam-user-group

Maintained by @goci-io/prp-terraform

This module creates a group for humans interacting with AWS. It only allows users without MFA enabled to change their MFA device and denies all access until MFA is enabled. Once a user is logged in with MFA enabled the user will be able to perform actions defined by the additional_statements and they will be granted access to change their own security credentials and read policies attached to them via groups, roles or directly.

To create users and attach created groups to them you can use the aws-iam-user-keybase or the terraform-aws-iam-user (without keybase requirement) module.

Usage

module "group" {
  source                = "git::https://github.com/goci-io/aws-iam-user-group.git?ref=tags/<latest-version>"
  namespace             = "goci"
  stage                 = "staging"
  additional_statements = [
    {
      actions   = ["sts:AssumeRole"]
      resources = ["arn:aws:iam::*:role/goci-staging-account-manager"]
    }
  ]
}

Name		Name	Last commit message	Last commit date
Latest commit History 23 Commits
.github/workflows		.github/workflows
.editorconfig		.editorconfig
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
main.tf		main.tf
policy.tf		policy.tf
provider.tf		provider.tf
variables.tf		variables.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

aws-iam-user-group

Maintained by @goci-io/prp-terraform

Usage

About

Releases 1

Packages

Contributors 2

Languages

License

goci-io/aws-iam-user-group

Folders and files

Latest commit

History

Repository files navigation

aws-iam-user-group

Maintained by @goci-io/prp-terraform

Usage

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 1

Packages 0

Contributors 2

Languages

Packages