mirror of
https://github.com/ghndrx/terraform-foundation.git
synced 2026-02-10 06:45:06 +00:00
Greg Hendrickson
6136cde9bb
Enterprise-grade multi-tenant AWS cloud foundation. Modules: - GitHub OIDC for keyless CI/CD authentication - IAM account settings and security baseline - AWS Config Rules for compliance - ABAC (Attribute-Based Access Control) - SCPs (Service Control Policies) Features: - Multi-account architecture - Cost optimization patterns - Security best practices - Comprehensive documentation Tech: Terraform, AWS Organizations, IAM Identity Center
identity-center
Terraform module for AWS landing zone pattern.
Configure AWS IAM Identity Center (formerly AWS SSO).
Planned Features
- Default permission sets (Admin, PowerUser, ReadOnly, Billing)
- Custom permission sets with managed + inline policies
- Group-to-account assignments
- SCIM provisioning setup
- MFA enforcement
- Session duration policies
Planned Usage
module "identity_center" {
source = "../modules/identity-center"
default_permission_sets = true
permission_sets = {
DatabaseAdmin = {
description = "Database administration access"
session_duration = "PT8H"
managed_policies = ["arn:aws:iam::aws:policy/AmazonRDSFullAccess"]
}
}
group_assignments = {
admins_prod = {
group_name = "AWS-Admins"
permission_set = "AdministratorAccess"
account_ids = ["111111111111", "222222222222"]
}
}
}