Terraform module terraform-aws-enforce-mfa
Optional .aws/config
setup and aws-vault
[profile personal]
region=us-west-2
output=json
[profile work]
region=us-west-1
output=json
[profile work]
source_profile = work
mfa_serial = arn:aws:iam::<account>:mfa/<username>
credential_process = aws-vault exec work --json
[profile personal]
source_profile = personal
mfa_serial = arn:aws:iam::<account>:mfa/<username>
credential_process = aws-vault exec work --json
Here's the gist of using it directly from github.
data aws_caller_identity current {}
resource aws_iam_group support {
name = "support"
}
module enforce_mfa {
source = "terraform-module/enforce-mfa/aws"
version = "0.12.0"
policy_name = "managed-mfa-enforce"
account_id = data.aws_caller_identity.current.id
groups = [aws_iam_group.support.name]
manage_own_signing_certificates = true
manage_own_ssh_public_keys = true
manage_own_git_credentials = true
}
Name | Version |
---|---|
terraform | >= 0.12 |
Name | Version |
---|---|
aws | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
account_id | Account identification. (Optional, default '*') | string |
"*" |
no |
groups | Enforce MFA for the members in these groups. (Optional, default '[]') | list(string) |
[] |
no |
manage_explicit_deny | Manage explicit deny. | bool |
false |
no |
manage_own_access_keys | Allow a new AWS secret access key and corresponding AWS access key ID for the specified user. | bool |
false |
no |
manage_own_git_credentials | Allow managing git credentials. | bool |
false |
no |
manage_own_signing_certificates | Allow managing signing certificates. | bool |
false |
no |
manage_own_ssh_public_keys | Allow managing ssh public keys. | bool |
false |
no |
path | Path in which to create the policy. (Optional, default '/') | string |
"/" |
no |
policy_name | The name of the policy. | string |
"managed-force-mfa-policy" |
no |
Name | Description |
---|---|
arn | The policy's ARN. |
groups | The groups to which policy is attached |
id | The policy's ID. |
policy_json | The above arguments serialized as a standard JSON policy document. |
$ make help
hooks Commit hooks setup
validate Validate with pre-commit hooks
changelog Update changelog
- 📝 Use a succinct title and description.
- 🐛 Bugs & feature requests can be be opened
- 📶 Support questions are better asked on Stack Overflow
- 😊 Be nice, civil and polite (as always).
Copyright 2019 Ivan Katliarhcuk
MIT Licensed. See LICENSE for full details.
Submit a pull request
Currently maintained by Ivan Katliarchuk and these awesome contributors.