Skip to content

trussworks/terraform-aws-mfa

BranchesTags

Repository files navigation

Configures IAM policy to enforce MFA when accessing the AWS API.

This configured policy also requires users to assume a role for most API calls.

Creates the following resources:

  • IAM policy requiring a valid MFA security token for all API calls except those needed for managing a user's own IAM user.
  • IAM group policy attachment for defining which IAM groups to enforce MFA on.
  • IAM user policy attachment for defining which IAM users to enforce MFA on.

Usage

module "aws_mfa" {
  source = "trussworks/mfa/aws"

  iam_groups = ["engineers"]
  iam_users  = ["jill"]
}

Requirements

Name Version
terraform >= 1.0
aws >= 3

Providers

Name Version
aws >= 3

Modules

No modules.

Resources

Name Type
aws_iam_group_policy_attachment.main resource
aws_iam_policy.main resource
aws_iam_user_policy_attachment.main resource
aws_iam_policy_document.main data source
aws_partition.current data source

Inputs

Name Description Type Default Required
iam_groups List of IAM groups to enforce MFA when accessing the AWS API. list(string) [] no
iam_users List of IAM users to enforce MFA when accessing the AWS API. list(string) [] no

Outputs

No outputs.

Developer Setup

Install dependencies (macOS)

brew install pre-commit go terraform terraform-docs

About

Enforces MFA on an AWS account

registry.terraform.io/modules/trussworks/mfa

Topics

aws terraform mfa terraform-modules

Resources

Readme

License

BSD-3-Clause license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

14 stars

Watchers

4 watching

Forks

8 forks
Report repository

Releases 7

v4.1.0: Merge pull request #118 from trussworks/update-mfa-creation Latest
Jan 11, 2024
+ 6 releases

Packages

No packages published

Contributors 21

+ 7 contributors

Languages