aws_base_iam_multiaccount

Configure base AWS account IAM policies automatically using terraform.

Bootstrap: first manual configuration

Follow the instructions in BOOTSTRAP.md to initalise your account or add new subaccounts.

Allow usage only from whitelisted IPs

This repository adds a policy to only allow access from a list whitelisted IPs.

These IPs are configured in pass keytwine/aws/allowed_ips.json and it will also pick the current IP when running terraform apply.

If the IP is not alllowed, you can load the user AWS admi ncredentials and run ./scripts/whitelist_current_ip.sh. For example, using the awssts tool:

awssts user:hector.rivas+admin@keytwine \
      ./scripts/whitelist_current_ip.sh

Credits

Based on: https://medium.com/@PatrikKarisch/automated-aws-account-initialization-with-terraform-and-onelogin-saml-sso-1301ff4851ab

Name		Name	Last commit message	Last commit date
Latest commit History 44 Commits
aws-iam-user-init		aws-iam-user-init
aws-ip-restriction		aws-ip-restriction
aws-root-account-init		aws-root-account-init
aws-sub-account-init		aws-sub-account-init
scripts		scripts
.gitignore		.gitignore
BOOTSTRAP.md		BOOTSTRAP.md
Dockerfile		Dockerfile
README.md		README.md
backend_config.tf		backend_config.tf
main.tf		main.tf
provider.tf		provider.tf
root_account.tf		root_account.tf
run-terraform.sh		run-terraform.sh
subaccount_gfl.tf		subaccount_gfl.tf
subaccount_sandbox.tf		subaccount_sandbox.tf
terraform-common.sh		terraform-common.sh
terraform-vars.sh		terraform-vars.sh
users.tf		users.tf
variables.tf		variables.tf

keymon/aws_iam_multiaccount

Folders and files

Latest commit

History

Repository files navigation

aws_base_iam_multiaccount

Bootstrap: first manual configuration

Allow usage only from whitelisted IPs

Credits

About

Resources

Stars

Watchers

Forks

Languages