ghndrx/terraform-foundation
1
0
Fork 0
mirror of https://github.com/ghndrx/terraform-foundation.git synced 2026-02-10 06:45:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
terraform-foundation/terraform/modules/tenant-iam/README.md
Greg Hendrickson 6136cde9bb feat: Terraform Foundation - AWS Landing Zone 
Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center
2026-02-02 02:57:23 +00:00

1.0 KiB
Raw Permalink Blame History

tenant-iam

Terraform module for AWS landing zone pattern.

Create tenant-specific IAM roles with proper isolation.

Planned Features

  • Tenant admin role (full tenant access)
  • Tenant developer role (limited write)
  • Tenant readonly role (view only)
  • Permissions boundary enforcement
  • Resource-based isolation (tenant prefix)
  • Cross-account trust configuration

Planned Usage

module "tenant_iam" {
  source = "../modules/tenant-iam"
  
  tenant_name = "acme-corp"
  tenant_id   = "acme"
  
  create_admin_role     = true
  create_developer_role = true
  create_readonly_role  = true
  
  trusted_principals = [
    "arn:aws:iam::111111111111:root"  # Identity account
  ]
  
  allowed_services = ["ec2", "s3", "lambda", "rds"]
  resource_prefix  = "acme-"
  
  permissions_boundary = aws_iam_policy.tenant_boundary.arn
}

Security

All tenant roles are created with permissions boundaries to prevent:

  • Creating IAM users/roles without boundaries
  • Accessing other tenants' resources
  • Modifying security services
Reference in New Issue View Git Blame Copy Permalink