安全审计>> tf-iam>> 返回
项目作者: rpstreef

项目描述 :
Terraform AWS IAM module
高级语言: HCL
项目地址: git://github.com/rpstreef/tf-iam.git
创建时间: 2020-02-17T05:28:16Z
项目社区:https://github.com/rpstreef/tf-iam
开源协议:Apache License 2.0
下载


Terraform AWS IAM module

About:

Basic AWS IAM role and policy module that expects 2 json files (see directory: ./lambda-policy-example/):

1) Assume role policy, defines the principle service actor. In the example that is Lambda.
2) Access policy, defines the policies that determine which services the assumed role has access to.

How to use:

You can copy the example files in the local module policies directory. To set up variables you can use the role_vars parameter to pass thm along to the json policy file.

  1. module "iam" {
  2.   source = "github.com/rpstreef/tf-iam?ref=v1.2"
  4.   namespace         = var.namespace
  5.   region            = var.region
  6.   resource_tag_name = var.resource_tag_name
  8.   iam_module_enabled = var.iam_module_enabled
  10.   assume_role_policy = file("${path.module}/policies/lambda-assume-role.json")
  11.   template           = file("${path.module}/policies/lambda.json")
  12.   role_name          = "${local.lambda_function_name}-role"
  13.   policy_name        = "${local.lambda_function_name}-policy"
  15.   role_vars = {
  16.     cognito_user_pool_arn = var.cognito_user_pool_arn
  17.   }
  18. }

Changelog

v1.2

  • Added module on/off switch iam_module_enabled
  • Added tags

v1.1

  • Added template variables for assume role

v1.0

  • Initial release