feat: Terraform Foundation - AWS Landing Zone

Enterprise-grade multi-tenant AWS cloud foundation. Modules: - GitHub OIDC for keyless CI/CD authentication - IAM account settings and security baseline - AWS Config Rules for compliance - ABAC (Attribute-Based Access Control) - SCPs (Service Control Policies) Features: - Multi-account architecture - Cost optimization patterns - Security best practices - Comprehensive documentation Tech: Terraform, AWS Organizations, IAM Identity Center
2026-02-10 14:54:56 +00:00 · 2026-02-01 20:06:28 +00:00
commit 6136cde9bb
145 changed files with 30832 additions and 0 deletions
--- a/terraform/modules/tenant-iam/outputs.tf
+++ b/terraform/modules/tenant-iam/outputs.tf
@@ -0,0 +1,52 @@
+################################################################################
+# Tenant IAM - Outputs
+################################################################################
+
+output "permissions_boundary_arn" {
+  value       = var.create_permissions_boundary ? aws_iam_policy.boundary[0].arn : var.permissions_boundary_arn
+  description = "Permissions boundary policy ARN"
+}
+
+output "admin_role_arn" {
+  value       = try(aws_iam_role.admin[0].arn, null)
+  description = "Tenant admin role ARN"
+}
+
+output "admin_role_name" {
+  value       = try(aws_iam_role.admin[0].name, null)
+  description = "Tenant admin role name"
+}
+
+output "developer_role_arn" {
+  value       = try(aws_iam_role.developer[0].arn, null)
+  description = "Tenant developer role ARN"
+}
+
+output "developer_role_name" {
+  value       = try(aws_iam_role.developer[0].name, null)
+  description = "Tenant developer role name"
+}
+
+output "readonly_role_arn" {
+  value       = try(aws_iam_role.readonly[0].arn, null)
+  description = "Tenant readonly role ARN"
+}
+
+output "readonly_role_name" {
+  value       = try(aws_iam_role.readonly[0].name, null)
+  description = "Tenant readonly role name"
+}
+
+output "all_role_arns" {
+  value = {
+    admin     = try(aws_iam_role.admin[0].arn, null)
+    developer = try(aws_iam_role.developer[0].arn, null)
+    readonly  = try(aws_iam_role.readonly[0].arn, null)
+  }
+  description = "Map of all tenant role ARNs"
+}
+
+output "resource_prefix" {
+  value       = local.resource_prefix
+  description = "Resource prefix for tenant naming"
+}