Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/terraform-aws-modules/terraform-aws-iam
Terraform module to create AWS IAM resources πΊπ¦
https://github.com/terraform-aws-modules/terraform-aws-iam
aws aws-iam iam terraform-module
Last synced: 22 days ago
JSON representation
Terraform module to create AWS IAM resources πΊπ¦
- Host: GitHub
- URL: https://github.com/terraform-aws-modules/terraform-aws-iam
- Owner: terraform-aws-modules
- License: apache-2.0
- Created: 2017-10-26T08:13:55.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2024-09-24T19:26:49.000Z (about 1 month ago)
- Last Synced: 2024-09-30T15:22:20.486Z (about 1 month ago)
- Topics: aws, aws-iam, iam, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/terraform-aws-modules/iam/aws
- Size: 666 KB
- Stars: 785
- Watchers: 22
- Forks: 989
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# AWS Identity and Access Management (IAM) Terraform module
[](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)
## Features
1. **Cross-account access.** Define IAM roles using `iam_assumable_role` or `iam_assumable_roles` submodules in "resource AWS accounts (prod, staging, dev)" and IAM groups and users using `iam-group-with-assumable-roles-policy` submodule in "IAM AWS Account" to setup access controls between accounts. See [iam-group-with-assumable-roles-policy example](https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/examples/iam-group-with-assumable-roles-policy) for more details.
2. **Individual IAM resources (users, roles, policies).** See usage snippets and [examples](https://github.com/terraform-aws-modules/terraform-aws-iam#examples) listed below.
## Usage
`iam-account`:
```hcl
module "iam_account" {
source = "terraform-aws-modules/iam/aws//modules/iam-account"
account_alias = "awesome-company"
minimum_password_length = 37
require_numbers = false
}
```
`iam-assumable-role`:
```hcl
module "iam_assumable_role" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
trusted_role_arns = [
"arn:aws:iam::307990089504:root",
"arn:aws:iam::835367859851:user/anton",
]
create_role = true
role_name = "custom"
role_requires_mfa = true
custom_role_policy_arns = [
"arn:aws:iam::aws:policy/AmazonCognitoReadOnly",
"arn:aws:iam::aws:policy/AlexaForBusinessFullAccess",
]
number_of_custom_role_policy_arns = 2
}
```
`iam-assumable-role-with-oidc`:
```hcl
module "iam_assumable_role_with_oidc" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
create_role = true
role_name = "role-with-oidc"
tags = {
Role = "role-with-oidc"
}
provider_url = "oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"
role_policy_arns = [
"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
]
number_of_role_policy_arns = 1
}
```
`iam-assumable-role-with-saml`:
```hcl
module "iam_assumable_role_with_saml" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-saml"
create_role = true
role_name = "role-with-saml"
tags = {
Role = "role-with-saml"
}
provider_id = "arn:aws:iam::235367859851:saml-provider/idp_saml"
role_policy_arns = [
"arn:aws:iam::aws:policy/ReadOnlyAccess"
]
number_of_role_policy_arns = 1
}
```
`iam-assumable-roles`:
```hcl
module "iam_assumable_roles" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-roles"
trusted_role_arns = [
"arn:aws:iam::307990089504:root",
"arn:aws:iam::835367859851:user/anton",
]
create_admin_role = true
create_poweruser_role = true
poweruser_role_name = "developer"
create_readonly_role = true
readonly_role_requires_mfa = false
}
```
`iam-assumable-roles-with-saml`:
```hcl
module "iam_assumable_roles_with_saml" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-roles-with-saml"
create_admin_role = true
create_poweruser_role = true
poweruser_role_name = "developer"
create_readonly_role = true
provider_id = "arn:aws:iam::235367859851:saml-provider/idp_saml"
}
```
`iam-eks-role`:
```hcl
module "iam_eks_role" {
source = "terraform-aws-modules/iam/aws//modules/iam-eks-role"
role_name = "my-app"
cluster_service_accounts = {
"cluster1" = ["default:my-app"]
"cluster2" = [
"default:my-app",
"canary:my-app",
]
}
tags = {
Name = "eks-role"
}
role_policy_arns = {
AmazonEKS_CNI_Policy = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
}
}
```
`iam-github-oidc-provider`:
```hcl
module "iam_github_oidc_provider" {
source = "terraform-aws-modules/iam/aws//modules/iam-github-oidc-provider"
tags = {
Environment = "test"
}
}
```
`iam-github-oidc-role`:
```hcl
module "iam_github_oidc_role" {
source = "terraform-aws-modules/iam/aws//modules/iam-github-oidc-role"
# This should be updated to suit your organization, repository, references/branches, etc.
subjects = ["terraform-aws-modules/terraform-aws-iam:*"]
policies = {
S3ReadOnly = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
}
tags = {
Environment = "test"
}
}
```
`iam-group-with-assumable-roles-policy`:
```hcl
module "iam_group_with_assumable_roles_policy" {
source = "terraform-aws-modules/iam/aws//modules/iam-group-with-assumable-roles-policy"
name = "production-readonly"
assumable_roles = [
"arn:aws:iam::835367859855:role/readonly" # these roles can be created using `iam_assumable_roles` submodule
]
group_users = [
"user1",
"user2"
]
}
```
`iam-group-with-policies`:
```hcl
module "iam_group_with_policies" {
source = "terraform-aws-modules/iam/aws//modules/iam-group-with-policies"
name = "superadmins"
group_users = [
"user1",
"user2"
]
attach_iam_self_management_policy = true
custom_group_policy_arns = [
"arn:aws:iam::aws:policy/AdministratorAccess",
]
custom_group_policies = [
{
name = "AllowS3Listing"
policy = data.aws_iam_policy_document.sample.json
}
]
}
```
`iam-policy`:
```hcl
module "iam_policy" {
source = "terraform-aws-modules/iam/aws//modules/iam-policy"
name = "example"
path = "/"
description = "My example policy"
policy = <