iam-baseline

iam-baseline

Features

• Set up IAM Password Policy.
• Create default IAM roles for managing AWS account.

Requirements

Name	Version
terraform	>= 0.13
aws	>= 3.50.0

Providers

Name	Version
aws	3.60.0

Modules

No modules.

Resources

Name	Type
aws_iam_account_password_policy.default	resource
aws_iam_role.support	resource
aws_iam_role_policy_attachment.support_policy	resource
aws_iam_policy_document.support_assume_policy	data source

Inputs

Name	Description	Type	Default	Required
allow_users_to_change_password	Whether to allow users to change their own password.	bool	true	no
aws_account_id	The AWS Account ID number of the account.	any	n/a	yes
create_password_policy	Define if the password policy should be created.	bool	true	no
create_support_role	Define if the support role should be created.	bool	true	no
max_password_age	The number of days that an user password is valid.	number	0	no
minimum_password_length	Minimum length to require for user passwords.	number	14	no
password_reuse_prevention	The number of previous passwords that users are prevented from reusing.	number	24	no
require_lowercase_characters	Whether to require lowercase characters for user passwords.	bool	false	no
require_numbers	Whether to require numbers for user passwords.	bool	false	no
require_symbols	Whether to require symbols for user passwords.	bool	false	no
require_uppercase_characters	Whether to require uppercase characters for user passwords.	bool	false	no
support_iam_role_name	The name of the the support role.	string	"IAM-Support"	no
support_iam_role_policy_name	The name of the support role policy.	string	"IAM-Support-Role"	no
support_iam_role_principal_arns	List of ARNs of the IAM principal elements by which the support role could be assumed.	list(any)	n/a	yes
tags	Specifies object tags key and value. This applies to all resources created by this module.	map	{ "Terraform": true }	no

Outputs

Name	Description
support_iam_role	The IAM role used for the support user.