Skip to content

appvia/terraform-aws-appvia-audit-role

BranchesTags

Repository files navigation

Appvia Banner

Terraform Registry Latest Release Slack Community Contributors

Github Actions

Terraform AWS Appvia Audit Role

Description

This module creates a federated AWS IAM role in one or more accounts for the purpose of providing remote audit access for Appvia. The module should be deployed from the organization management account or a delegated administrator account.

The role is designed as such that it can only be consumed from a coresponding audit role within Appvia's infrastructure and when an agreed external ID is in place. Once the audit is complete, this role should be removed, however it will automatically block further access after 7 days.

Usage

Add example usage here

module "example" {
  source  = "appvia/appvia-audit-role/aws"
  version = "1.0.0"

  external_id = "<random secure id>"

  deployment_account_ids = [
    "012345678910",
    "102938475632",
  ]

  expiry_days = 7
}

Update Documentation

The terraform-docs utility is used to generate this README. Follow the below steps to update:

  1. Make changes to the .terraform-docs.yml file
  2. Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
  3. Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Requirements

Name Version
terraform >= 1.0.7
aws >= 5.58.0
time >= 0.12.0

Providers

Name Version
aws >= 5.58.0
time >= 0.12.0

Modules

No modules.

Resources

Name Type
aws_cloudformation_stack.management resource
aws_cloudformation_stack_set.member_accounts resource
aws_cloudformation_stack_set_instance.member_accounts resource
time_offset.expiry resource
aws_organizations_organization.current data source

Inputs

Name Description Type Default Required
deployment_account_ids List of account IDs in which to deploy the remote audit access role list(string) n/a yes
external_id External ID should be a string of cryptographically safe random characters string n/a yes
appvia_role_arn Allows specifying a non-standard IAM role. Only set this if asked to do so by Appvia string "arn:aws:iam::730335310409:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_WAFSupport_19c9bc61106389c3" no
expiry_days The number of days the role is available before access will be denied number 14 no
managed_policy_arns List of managed AWS policy ARNs to apply to the role list(string) 
[
  "arn:aws:iam::aws:policy/SecurityAudit",
  "arn:aws:iam::aws:policy/ReadOnlyAccess"
]
 no

Outputs

No outputs.

About

Terraform module for creating a remote access role used by Appvia for auditing purposes

Resources

Readme

License

GPL-3.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases 2

v1.1.0 Latest
Sep 17, 2024
+ 1 release

Packages

No packages published

Contributors 5

Languages