Giters

henrydobson / terraform-aws_customer

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AWS Customer Module

Table of Contents

Prerequisites

  • Create IAM User: terraform

  • Create S3 bucket for terraform state: ie. terraform-me

  • Attach policy to bucket:

    {
    "Version": "2012-10-17",
    "Id": "Policy1468259090486",
    "Statement": [
        {
            "Sid": "Stmt1468256907790",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT_ID:user/terraform"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::terraform-me/*"
        }
    ]
}

  • terraform remote config setup

IAM Roles

  • readonly

  • admin

Policy: allow_account_assume_role

  • Accepts the master_account_id variable from your ./terraform.tfvars
  • Allows attached roles to be assumed from the master_account_id provided

Groups

  • Force_MFA

IAM Group Policy

  • Restricts members access to all services unless they have signed in with MFA

Console Changes Required

  • Set custom IAM User Sign In URL
  • Setup Config if required
  • MFA
  • Password policy
  • Consolidated billing
  • Lambda

About

Languages

Language:HCL 43.3%Language:Smarty 32.3%Language:Python 24.4%