Skip to content

Commit 59346de

Browse files
npalmnpalm
authored
Feature/permissions boundary (#27)
* Add support for permissions boundaries * Add support for permissions boundaries * Force MFA and remove hard coded value
1 parent 382d35b commit 59346de

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

modules/setup-iam-permissions/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ resource "aws_iam_policy" "boundary" {
1414
path = "/${var.namespaces.boundary_namespace}/"
1515

1616
policy = templatefile("${path.module}/policies/boundary.json", {
17-
role_namespace = "terraform"
17+
role_namespace = var.namespaces.role_namespace
1818
account_id = data.aws_caller_identity.current.account_id
1919
})
2020
}

modules/setup-iam-permissions/policies/assume-role-for-account.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,12 @@
55
"Action": "sts:AssumeRole",
66
"Principal": { "AWS": "arn:aws:iam::${account_id}:root" },
77
"Effect": "Allow",
8-
"Sid": ""
8+
"Sid": "",
9+
"Condition": {
10+
"Bool": {
11+
"aws:MultiFactorAuthPresent": "true"
12+
}
13+
}
914
}
1015
]
1116
}

0 commit comments

Comments
 (0)