Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trussworks/terraform-aws-mfa

Enforces MFA on an AWS account
https://github.com/trussworks/terraform-aws-mfa

aws mfa terraform terraform-modules

Last synced: about 2 months ago
JSON representation

Enforces MFA on an AWS account

Host: GitHub
URL: https://github.com/trussworks/terraform-aws-mfa
Owner: trussworks
License: bsd-3-clause
Created: 2019-07-23T18:18:13.000Z (over 5 years ago)
Default Branch: main
Last Pushed: 2024-01-11T20:02:21.000Z (about 1 year ago)
Last Synced: 2024-10-31T13:23:53.332Z (3 months ago)
Topics: aws, mfa, terraform, terraform-modules
Language: HCL
Homepage: https://registry.terraform.io/modules/trussworks/mfa
Size: 235 KB
Stars: 14
Watchers: 4
Forks: 8
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        

Configures IAM policy to enforce MFA when accessing the AWS API.

This configured policy also requires users to assume a role for most API calls.

Creates the following resources:

* IAM policy requiring a valid MFA security token for all API calls except those needed for managing a user's own IAM user.

* IAM group policy attachment for defining which IAM groups to enforce MFA on.

* IAM user policy attachment for defining which IAM users to enforce MFA on.

## Usage

```hcl

module "aws_mfa" {

  source = "trussworks/mfa/aws"

  iam_groups = ["engineers"]

  iam_users  = ["jill"]

}

```

## Requirements

| Name | Version |

|------|---------|

| terraform | >= 1.0 |

| aws | >= 3 |

## Providers

| Name | Version |

|------|---------|

| aws | >= 3 |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [aws_iam_group_policy_attachment.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |

| [aws_iam_policy.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

| [aws_iam_user_policy_attachment.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |

| [aws_iam_policy_document.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

| iam\_groups | List of IAM groups to enforce MFA when accessing the AWS API. | `list(string)` | `[]` | no |

| iam\_users | List of IAM users to enforce MFA when accessing the AWS API. | `list(string)` | `[]` | no |

## Outputs

No outputs.

## Developer Setup

Install dependencies (macOS)

```shell

brew install pre-commit go terraform terraform-docs

```