Module TERRAFORM-AWS-ENFORCE-MFA

Terraform module terraform-aws-enforce-mfa

Documentations

Optional .aws/config setup and aws-vault

[profile personal]
region=us-west-2
output=json

[profile work]
region=us-west-1
output=json

[profile work]
source_profile = work
mfa_serial = arn:aws:iam::<account>:mfa/<username>
credential_process = aws-vault exec work --json

[profile personal]
source_profile = personal
mfa_serial = arn:aws:iam::<account>:mfa/<username>
credential_process = aws-vault exec work --json

Usage example

Here's the gist of using it directly from github.

data aws_caller_identity current {}

resource aws_iam_group support {
  name =  "support"
}

module enforce_mfa {
  source  = "terraform-module/enforce-mfa/aws"
  version = "~> 1.0"

  policy_name                     = "managed-mfa-enforce"
  account_id                      = data.aws_caller_identity.current.id
  groups                          = [aws_iam_group.support.name]
  manage_own_signing_certificates  = true
  manage_own_ssh_public_keys      = true
  manage_own_git_credentials      = true
}

Assumptions

Available features

Module Variables

Requirements

Name	Version
terraform	>= 0.15.0
aws	>= 3.38

Providers

Name	Version
aws	>= 3.38

Modules

No modules.

Resources

Name	Type
aws_iam_group_policy_attachment.to_groups	resource
aws_iam_policy.this	resource
aws_iam_policy_document.this	data source

Inputs

Name	Description	Type	Default	Required
account_id	Account identification. (Optional, default '*')	`string`	`"*"`	no
groups	Enforce MFA for the members in these groups. (Optional, default '[]')	`list(string)`	`[]`	no
manage_explicit_deny	Manage explicit deny.	`bool`	`false`	no
manage_own_access_keys	Allow a new AWS secret access key and corresponding AWS access key ID for the specified user.	`bool`	`false`	no
manage_own_git_credentials	Allow managing git credentials.	`bool`	`false`	no
manage_own_signing_certificates	Allow managing signing certificates.	`bool`	`false`	no
manage_own_ssh_public_keys	Allow managing ssh public keys.	`bool`	`false`	no
path	Path in which to create the policy. (Optional, default '/')	`string`	`"/"`	no
policy_name	The name of the policy.	`string`	`"managed-force-mfa-policy"`	no

Outputs

Name	Description
arn	The policy's ARN.
groups	The groups to which policy is attached
id	The policy's ID.
policy_json	The above arguments serialized as a standard JSON policy document.

Commands

$ make help
hooks                          Commit hooks setup
validate                       Validate with pre-commit hooks

📝 Guidelines

📝 Use a succinct title and description.
🐛 Bugs & feature requests can be be opened
📶 Support questions are better asked on Stack Overflow
😊 Be nice, civil and polite (as always).

License

MIT Licensed. See LICENSE for full details.

How to Contribute

Submit a pull request

Authors

Currently maintained by Ivan Katliarchuk and these awesome contributors.

Terraform Registry

Module

Name		Name	Last commit message	Last commit date
Latest commit History 113 Commits
.github		.github
examples		examples
.editorconfig		.editorconfig
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.tflint.hcl		.tflint.hcl
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
data.tf		data.tf
main.tf		main.tf
outputs.tf		outputs.tf
renovate.json		renovate.json
variables.tf		variables.tf
versions.tf		versions.tf

License

terraform-module/terraform-aws-enforce-mfa

Folders and files

Latest commit

History

Repository files navigation

Module TERRAFORM-AWS-ENFORCE-MFA

Documentations

Usage example

Assumptions

Available features

Module Variables

Requirements

Providers

Modules

Resources

Inputs

Outputs

Commands

📝 Guidelines

License

How to Contribute

Authors

Terraform Registry

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Sponsor this project

Languages