mirror of
https://github.com/ghndrx/terraform-foundation.git
synced 2026-02-10 06:45:06 +00:00
Greg Hendrickson
6136cde9bb
Enterprise-grade multi-tenant AWS cloud foundation. Modules: - GitHub OIDC for keyless CI/CD authentication - IAM account settings and security baseline - AWS Config Rules for compliance - ABAC (Attribute-Based Access Control) - SCPs (Service Control Policies) Features: - Multi-account architecture - Cost optimization patterns - Security best practices - Comprehensive documentation Tech: Terraform, AWS Organizations, IAM Identity Center
1.3 KiB
1.3 KiB
iam-account-settings
IAM Account Settings Module
Usage
module "iam_account_settings" {
source = "../modules/iam-account-settings"
# Required variables
password_policy = ""
# Optional: see variables.tf for all options
}
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.5.0 |
| aws | >= 5.0 |
Inputs
| Name | Description | Type | Required |
|---|---|---|---|
| account_alias | AWS account alias (appears in sign-in URL) | string |
no |
| password_policy | object({ |
yes | |
| enable_password_policy | Enable custom password policy | bool |
no |
| enforce_mfa | Create IAM policy to enforce MFA for all actions | bool |
no |
| mfa_grace_period_days | Days new users have before MFA is required (0 = immediate) | number |
no |
| mfa_exempt_roles | Role names exempt from MFA requirement | list(string) |
no |
| tags | map(string) |
no |
Outputs
| Name | Description |
|---|---|
| account_alias | AWS account alias |
| signin_url | |
| password_policy | |
| mfa_enforcement_policy_arn | MFA enforcement policy ARN |
| mfa_required_group | Group name for users requiring MFA |
| mfa_scp_template_policy | Template policy for MFA SCP (copy to Organizations) |
License
Apache 2.0 - See LICENSE for details.