We are huge followers of the Cloud-Native DevOps movement and are firm believers in the power of treating Infrastructure as Code using immutable architecture & GitOps style deployments. We adhere to a strict automation mindset (automation first, as opposed to manual first with automation later) and strive to provide the best technical acumen that will enable organizations improve Cloud Security Posture, Release More Often, Scale with Demand, Brace Agility, Operate within Budget and focus on value derived by the time saved on the execution of a task rather than having to spend cycles on design & tool selection.
✔ Better utilization of cloud resources by 40%
✔ Self-service infrastructure provisioning by 35%
✔ Security and governance by 30%
✔ Return on value/investment by 20%
✔ Team management & governance by 15%
✔ Earlier detection of bugs by 32%
✔ Response to issues/events by 23%
Chat more? Email | Contact us
Creates IAM group, IAM group policy, IAM self attach policy and provides IAM group membership. All of these are optional resources.
Attribution: This module is a slightly improvised version of the community repository
- Creates IAM group
- Creates IAM custom group policy
- Creates IAM self attach policy
- Provides IAM group membership
module "aws_iam_group" {
source = "git::https://github.com/LaunchRack/terraform-aws-iam-group.git"
name = "CognitoReadOnly"
group_users = [
alice,
bob,
]
custom_group_policy_arns = [
"arn:aws:iam::aws:policy/AmazonCognitoReadOnly",
]
tags = {
BusinessUnit = "tools"
Application = "cicd"
}
}terraform init
terraform plan # use -var-file=terraform.tfvars if you plan to use a different file for the value overrides. See examples folder
terraform apply -auto-approve # use -var-file=terraform.tfvars if you plan to use a different file for the value overrides. See examples folder
Note: The
terraform.tfvarsfile will need to be created in the root directory with value overrides
| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| aws | ~> 4.0 |
| local | ~> 2.0 |
| null | ~> 3.0 |
| Name | Version |
|---|---|
| aws | ~> 4.0 |
| Name | Type |
|---|---|
| aws_iam_group.this | resource |
| aws_iam_group_membership.this | resource |
| aws_iam_group_policy_attachment.custom | resource |
| aws_iam_group_policy_attachment.custom_arns | resource |
| aws_iam_group_policy_attachment.iam_self_management | resource |
| aws_iam_policy.custom | resource |
| aws_iam_policy.iam_self_management | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.iam_self_management | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| attach_iam_self_management_policy | Whether to attach IAM policy which allows IAM users to manage their credentials and MFA. | bool |
true |
no |
| aws_account_id | AWS account id to use inside IAM policies. If empty, current AWS account ID will be used. | string |
"" |
no |
| create_group | Whether to create IAM group. | bool |
true |
no |
| custom_group_policies | List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element. |
list(map(string)) |
[] |
no |
| custom_group_policy_arns | List of IAM policies ARNs to attach to IAM group. | list(string) |
[] |
no |
| group_users | List of IAM users to have in an IAM group which can assume the role. | list(string) |
[] |
no |
| iam_self_management_policy_name_prefix | Name prefix for IAM policy to create with IAM self-management permissions. | string |
"IAMSelfManagement-" |
no |
| name | Name of IAM group. | string |
"" |
yes |
| tags | A map of tags for the resources. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| aws_account_id | IAM AWS account id. |
| this_group_name | IAM group name. |
| this_group_users | List of IAM users in IAM group. |
This module is maintained by our awsome platform engineering team. Here are our contributors
See LICENSE for full details
All other trademarks referenced herein are the property of their respective owners