Create and manage IAM roles for Rhythmic engineers to access accounts via cross-account IAM roles.
module "rhythmic-iam-roles" {
source = "git::https://github.com/rhythmictech/terraform-aws-rhythmic-iam-roles.git"
role_prefix = "RhythmicOps-"
master_account = "123456789012"
}
Name | Version |
---|---|
terraform | >= 0.12.19 |
aws | >= 3 |
Name | Version |
---|---|
aws | >= 3 |
No modules.
Name | Type |
---|---|
aws_iam_role.FullAdminAccess | resource |
aws_iam_role.FullReadOnlyAccess | resource |
aws_iam_role.SecurityAnalyst | resource |
aws_iam_role.StandardAdminAccess | resource |
aws_iam_role_policy_attachment.FullAdminAccess | resource |
aws_iam_role_policy_attachment.FullReadOnlyAccess | resource |
aws_iam_role_policy_attachment.SecurityAnalyst | resource |
aws_iam_role_policy_attachment.StandardAdminAccess | resource |
aws_iam_role_policy_attachment.StandardAdmin_additional_policies | resource |
aws_iam_policy_document.assume | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
create_security_analyst_role | Create role with SecurityAudit managed policy attached | bool |
true |
no |
create_standard_admin_role | Create StandardAdmin role | bool |
true |
no |
external_id | External ID associated with the IAM role to be assumed, if applicable | string |
"" |
no |
master_account | Master account that holds cross-account roles | string |
n/a | yes |
max_session_duration | STS token max lifetime | number |
7200 |
no |
role_prefix | Optional prefix for IAM role names | string |
"" |
no |
standard_admin_additional_policies | List of additional policy ARNs to attach to standard admin role | list(string) |
[] |
no |
standard_admin_attach_poweruser | Attach AWS managed policy PowerUser to Standard Admin role | bool |
true |
no |
standard_admin_role_name | Standard Admin role name | string |
"StandardAdmin" |
no |
tags | Tags to apply across all roles | map(string) |
{} |
no |
No outputs.