mirror of
https://github.com/ghndrx/terraform-foundation.git
synced 2026-02-10 06:45:06 +00:00
Greg Hendrickson
6136cde9bb
Enterprise-grade multi-tenant AWS cloud foundation. Modules: - GitHub OIDC for keyless CI/CD authentication - IAM account settings and security baseline - AWS Config Rules for compliance - ABAC (Attribute-Based Access Control) - SCPs (Service Control Policies) Features: - Multi-account architecture - Cost optimization patterns - Security best practices - Comprehensive documentation Tech: Terraform, AWS Organizations, IAM Identity Center
41 lines
939 B
Markdown
41 lines
939 B
Markdown
# identity-center
|
|
|
|
Terraform module for AWS landing zone pattern.
|
|
|
|
Configure AWS IAM Identity Center (formerly AWS SSO).
|
|
|
|
## Planned Features
|
|
|
|
- [ ] Default permission sets (Admin, PowerUser, ReadOnly, Billing)
|
|
- [ ] Custom permission sets with managed + inline policies
|
|
- [ ] Group-to-account assignments
|
|
- [ ] SCIM provisioning setup
|
|
- [ ] MFA enforcement
|
|
- [ ] Session duration policies
|
|
|
|
## Planned Usage
|
|
|
|
```hcl
|
|
module "identity_center" {
|
|
source = "../modules/identity-center"
|
|
|
|
default_permission_sets = true
|
|
|
|
permission_sets = {
|
|
DatabaseAdmin = {
|
|
description = "Database administration access"
|
|
session_duration = "PT8H"
|
|
managed_policies = ["arn:aws:iam::aws:policy/AmazonRDSFullAccess"]
|
|
}
|
|
}
|
|
|
|
group_assignments = {
|
|
admins_prod = {
|
|
group_name = "AWS-Admins"
|
|
permission_set = "AdministratorAccess"
|
|
account_ids = ["111111111111", "222222222222"]
|
|
}
|
|
}
|
|
}
|
|
```
|