diff --git a/CHANGELOG.md b/CHANGELOG.md index 01fe6fb..7973725 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,3 +52,6 @@ - ses-domain - add code to enable mail_from - change `ses_enable_production` to `enable_production` + +* v1.8.0 -- 20210329 + - iam-account-settings created diff --git a/common/version.tf b/common/version.tf index 7226ec0..c36b41b 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "1.7.5" + _module_version = "1.8.0" } diff --git a/iam-account-setings/data.tf b/iam-account-setings/data.tf new file mode 120000 index 0000000..995624d --- /dev/null +++ b/iam-account-setings/data.tf @@ -0,0 +1 @@ +../common/data.tf \ No newline at end of file diff --git a/iam-account-setings/defaults.tf b/iam-account-setings/defaults.tf new file mode 120000 index 0000000..a5556ac --- /dev/null +++ b/iam-account-setings/defaults.tf @@ -0,0 +1 @@ +../common/defaults.tf \ No newline at end of file diff --git a/iam-account-setings/main.tf b/iam-account-setings/main.tf new file mode 100644 index 0000000..c11f6a4 --- /dev/null +++ b/iam-account-setings/main.tf @@ -0,0 +1,46 @@ +/* +* # aws-inf-setup :: iam-account-settings +* +* # Usage +* Here is a simple example, the one most commonly expected to be used. +* +* ```hcl +* module "settings" { +* source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//iam-account-settings" +* +* account_alias = "ma5-gov" +* account_usage = "GovCloud Management Account" +* } +* ``` +*/ + +locals { + account_id = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id + account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew" + console_url_selector = local.account_environment == "gov" ? "-us-gov" : "" + console_url = format("https://%v.signin.amazonaws%v.com/console", var.account_alias, local.console_url_selector) + + base_tags = { + "boc:tf_module_version" = local._module_version + "boc:created_by" = "terraform" + } +} + +#--- +# IAM account specific configurations +#--- +resource "aws_iam_account_alias" "alias" { + account_alias = var.account_alias +} + +resource "aws_iam_account_password_policy" "account_settings" { + allow_users_to_change_password = true + hard_expiry = false + max_password_age = 89 + minimum_password_length = 14 + password_reuse_prevention = 24 + require_lowercase_characters = true + require_numbers = true + require_symbols = true + require_uppercase_characters = true +} diff --git a/iam-account-setings/outputs.tf b/iam-account-setings/outputs.tf new file mode 100644 index 0000000..71caeb3 --- /dev/null +++ b/iam-account-setings/outputs.tf @@ -0,0 +1,4 @@ +output "console_url" { + description = "AWS Console URL" + value = local.console_url +} diff --git a/iam-account-setings/prefixes.tf b/iam-account-setings/prefixes.tf new file mode 120000 index 0000000..7e265d5 --- /dev/null +++ b/iam-account-setings/prefixes.tf @@ -0,0 +1 @@ +../common/prefixes.tf \ No newline at end of file diff --git a/iam-account-setings/variables.common.tf b/iam-account-setings/variables.common.tf new file mode 120000 index 0000000..7439ed8 --- /dev/null +++ b/iam-account-setings/variables.common.tf @@ -0,0 +1 @@ +../common/variables.common.tf \ No newline at end of file diff --git a/iam-account-setings/variables.tf b/iam-account-setings/variables.tf new file mode 100644 index 0000000..1d1338b --- /dev/null +++ b/iam-account-setings/variables.tf @@ -0,0 +1,5 @@ +variable "account_usage" { + description = "AWS Account Usage (what we are using it for)" + type = string + default = "" +} diff --git a/iam-account-setings/version.tf b/iam-account-setings/version.tf new file mode 120000 index 0000000..b83c5b7 --- /dev/null +++ b/iam-account-setings/version.tf @@ -0,0 +1 @@ +../common/version.tf \ No newline at end of file