Skip to content
/ terraform-aws-boundary-stack Public

A wrapper to deploy an IAM boundary via a cloudformation stackset

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

appvia/terraform-aws-boundary-stack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits

.github

.github

 
 

docs

docs

 
 

examples/basic

examples/basic

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.terraform-docs.yaml

.terraform-docs.yaml

 
 

.terraform.lock.hcl

.terraform.lock.hcl

 
 

.tflint.hcl

.tflint.hcl

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

data.tf

data.tf

 
 

main.tf

main.tf

 
 

outputs.tf

outputs.tf

 
 

terraform.tf

terraform.tf

 
 

variables.tf

variables.tf

 
 

Repository files navigation

Github Actions

Terraform AWS IAM Boundary Stack



IAM Boundary

Description

The purpose of this module is to provide a convenient method of deploying IAM boundaries to all AWS accounts within an AWS Organization, including the management account. The method effectively wraps a cloudformation stackset, and deploy to the organization root. Note, since stacksets are not deployed to the management account, the same functionality is deployed your a single cloudformation stack.

Usage

module "boundary" {
  source = "../.."

  description               = "Used to deploy the default permissions boundary for the pipelines."
  enable_management_account = true
  name                      = "LZA-IAM-DefaultBoundary"
  region                    = "us-west-2"
  tags                      = {}
  template                  = file("assets/default-boundary.yml")
  parameters                = {}
}

Update Documentation

The terraform-docs utility is used to generate this README. Follow the below steps to update:

  1. Make changes to the .terraform-docs.yml file
  2. Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
  3. Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Requirements

Name Version
terraform >= 1.0
aws ~> 5.0

Providers

Name Version
aws ~> 5.0

Modules

No modules.

Resources

Name Type
aws_cloudformation_stack.management resource
aws_cloudformation_stack_set.boundary resource
aws_cloudformation_stack_set_instance.root resource
aws_organizations_organization.current data source

Inputs

Name Description Type Default Required
description The description of the cloudformation stack string n/a yes
name The name of the cloudformation stack string n/a yes
region The region to deploy the cloudformation template string n/a yes
tags The tags to apply to the cloudformation stack map(string) n/a yes
template The body of the cloudformation template to deploy string n/a yes
capabilities The capabilities required to deploy the cloudformation template list(string) 
[
  "CAPABILITY_NAMED_IAM",
  "CAPABILITY_AUTO_EXPAND",
  "CAPABILITY_IAM"
]
 no
enable_management_account Enable the deployment to the management account bool false no
max_concurrent_count The maximum number of concurrent deployments number 10 no
parameters The parameters to pass to the cloudformation template map(string) {} no

Outputs

Name Description
stack_instance_id The arn for the cloudformation stack instance when deployed to management account
stack_set_arn The arn for the cloudformation stack set

About

A wrapper to deploy an IAM boundary via a cloudformation stackset

Topics

aws terraform landing-zone

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 7

v0.1.6 Latest
May 17, 2024
+ 6 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages