Skip to content

bcostabatista/iam-roles-anywhere

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
modules
modules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
backend.tf
backend.tf
 
 
main.tf
main.tf
 
 
providers.tf
providers.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

IAM Roles Anywhere Terraform Module

This Terraform module simplifies the setup and management of AWS IAM Roles Anywhere, including creating:

  • A trust anchor
  • A profile
  • An IAM role with the appropriate trust relationships
  • A private certificate authority (PCA) certificate chain and private key securely stored in AWS Secrets Manager

Module Features

  • Fully automates the creation of all necessary IAM Roles Anywhere resources.
  • Securely stores sensitive data (certificate chain and private key) in AWS Secrets Manager.

Instructions

Prerequisites

  • Ensure you have Terraform installed.
  • AWS CLI configured with appropriate permissions.

Retrieve Certificate Chain and Private Key

  1. Retrieve the certificate chain:

    aws secretsmanager get-secret-value \
    --secret-id roles-anywhere-certificate-chain \
    --query SecretString --output text > ./certificates/full_certificate_chain.pem

  2. Retrieve the private key:

    aws secretsmanager get-secret-value \
    --secret-id roles-anywhere-private-key \
    --query SecretString --output text > ./private-key.pem

Sign in Using aws_signing_helper

  1. Use the aws_signing_helper to initiate a session: 
    aws_signing_helper credential-process \
    --certificate ./certificates/full_certificate_chain.pem \
    --private-key ./private-key.pem \
    --profile-arn arn:aws:rolesanywhere:us-east-1:123456789012:profile/your-profile-id \
    --role-arn arn:aws:iam::123456789012:role/your-role-name \
    --trust-anchor-arn arn:aws:rolesanywhere:us-east-1:123456789012:trust-anchor/your-trust-anchor-id

Replace the placeholders (your-profile-id, your-role-name, and your-trust-anchor-id) with the appropriate values output by Terraform.

Notes

  • Rotate the private key and certificate regularly for security.
  • Ensure AWS Secrets Manager is secured with appropriate permissions.

Requirements

Name Version
aws ~> 5.0

Providers

No providers.

Modules

Name Source Version
certificates ./modules/acm n/a
iam_role ./modules/iam/roles n/a
roles_anywhere ./modules/iam/roles_anywhere n/a

Resources

No resources.

Inputs

Name Description Type Default Required
role Name of the IAM role being created string "roles-anywhere-iam-role" no

Outputs

Name Description
certificate_arn The ARN of the certificate created by the ACM module
certificate_id The ID of the certificate created by the ACM module
role The name of the IAM Role created by the roles_anywhere module
role_arn The ARN of the IAM Role created by the roles_anywhere module

License

MIT

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages