HomeTerraform Moduleorganization-access-group

organization-access-group

cloudposse/organization-access-group/aws

Terraform Module HCL AWS

Terraform module to create an IAM Group and Policy to grant permissions to delegated IAM users in the Organization's master account to access a member account

Install
module "organization-access-group" {
source = "cloudposse/organization-access-group/aws"
version = "0.5.0"
}
plain text: /constructs/tfmod-cloudposse-organization-access-group-aws/install.txt
⭐ Source on GitHub 📦 Registry page
README

[![README Header][readme_header_img]][readme_header_link] [![Cloud Posse][logo]](https://cpco.io/homepage) terraform-aws-organization-access-group ![Build Status](https://travis-ci.org/cloudposse/terraform-aws-organization-access-group) ![Latest Release](https://github.com/cloudposse/terraform-aws-organization-access-group/releases/latest) ![Slack Community](https://slack.cloudposse.com) Terraform module to create an IAM Group and Policy to grant permissions to delegated IAM users in the Organization's master account to access a member account https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html --- This project is part of our comprehensive "SweetOps" approach towards DevOps. [ ][share_email] [ ][share_googleplus] [ ][share_facebook] [ ][share_reddit]

Inputs (11)
NameTypeDescriptionDefault
user_nameslistA list of IAM User names to associate with the Group required
namespacestringNamespace (e.g. `cp` or `cloudposse`) required
stagestringStage (e.g. `prod`, `dev`, `staging`, `infra`) required
namestringName (e.g. `app` or `cluster`) required
enabledstringWhether to create these resources"true"
delimiterstringDelimiter to be used between `namespace`, `stage`, `name`, and `attributes`"-"
role_arnsmapA map of alias -> IAM Role ARNs the users in the Group can assume{}
require_mfastringRequire the users to have MFA enabled"false"
switchrole_url_templatestringURL template for the IAM console to switch to the roles"https://signin.aws.amazon.com/switchrol
attributeslistAdditional attributes (e.g. `1`)[]
tagsmapAdditional tags (e.g. map(`BusinessUnit`,`XYZ`){}
Outputs (7)
policy_id — The policy ID
switchrole_urls — List of URL to the IAM console to switch to the roles
group_name — The Group's name
group_id — The Group's ID
group_unique_id — Group's unique ID assigned by AWS
group_arn — The ARN assigned by AWS for the Group
policy_name — The name of the policy
Resources (4)
aws_iam_groupaws_iam_group_policyaws_iam_user_group_membershipnull_resource
Topics & Tags
groupiam-policyterraformawsiamiam-roleterraform-modulecross-account
Details
FrameworkTerraform Module
LanguageHCL
Version0.5.0
Cloud AWS
★ Stars23
Forks26
Total downloads6.6k
Inputs11
Outputs7
Resources4
LicenseApache-2.0
Namespacecloudposse
Updated
Similar packages
caf-enterprise-scale

Azure landing zones Terraform module

★ 952terraform
caf

Terraform supermodule for the Terraform platform engineering for Azure

★ 581terraform
lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

★ 210terraform-module
label

Terraform Module to define a consistent naming convention by (namespace, stage,

★ 702terraform
Tools
⚖ Compare with another construct → 📋 View data schema