@@ -18,6 +18,34 @@ Terraform module `terraform-aws-enforce-mfa`
1818![ ] ( https://img.shields.io/github/last-commit/terraform-module/terraform-aws-enforce-mfa )
1919[ ![ Maintenance] ( https://img.shields.io/badge/Maintenu%3F-oui-green.svg )] ( https://GitHub.com/terraform-module/terraform-aws-enforce-mfa/graphs/commit-activity )
2020
21+ ## Documentations
22+
23+ - [ aws-vault setup] ( https://github.com/99designs/aws-vault )
24+ - [ aws-cli setup] ( https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes )
25+ - [ users with self managed mfa] ( https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_users-self-manage-mfa-and-creds.html )
26+
27+ Optional ` .aws/config ` setup and ` aws-vault `
28+
29+ ``` sh
30+ [profile personal]
31+ region=us-west-2
32+ output=json
33+
34+ [profile work]
35+ region=us-west-1
36+ output=json
37+
38+ [profile work]
39+ source_profile = work
40+ mfa_serial = arn:aws:iam::< account> :mfa/< username>
41+ credential_process = aws-vault exec work --json
42+
43+ [profile personal]
44+ source_profile = personal
45+ mfa_serial = arn:aws:iam::< account> :mfa/< username>
46+ credential_process = aws-vault exec work --json
47+ ```
48+
2149## Usage example
2250
2351Here's the gist of using it directly from github.
@@ -33,7 +61,41 @@ Here's the gist of using it directly from github.
3361## Module Variables
3462
3563<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
36- Error: no lines in file
64+ ## Requirements
65+
66+ | Name | Version |
67+ | ------| ---------|
68+ | terraform | >= 0.12 |
69+
70+ ## Providers
71+
72+ | Name | Version |
73+ | ------| ---------|
74+ | aws | n/a |
75+
76+ ## Inputs
77+
78+ | Name | Description | Type | Default | Required |
79+ | ------| -------------| ------| ---------| :--------:|
80+ | account\_ id | Account identification. (Optional, default '\* ') | ` string ` | ` "*" ` | no |
81+ | groups | Enforce MFA for the members in these groups. (Optional, default '[ ] ') | ` list(string) ` | ` [] ` | no |
82+ | manage\_ own\_ access\_ keys | Allow a new AWS secret access key and corresponding AWS access key ID for the specified user. | ` bool ` | ` false ` | no |
83+ | manage\_ own\_ git\_ credentials | Allow managing git credentials. | ` bool ` | ` false ` | no |
84+ | manage\_ own\_ password\_ without\_ mfa | Whethehr password management without mfa is allowd | ` bool ` | ` true ` | no |
85+ | manage\_ own\_ signing\_ certificates | Allow managing signing certificates. | ` bool ` | ` false ` | no |
86+ | manage\_ own\_ ssh\_ public\_ keys | Allow managing ssh public keys. | ` bool ` | ` false ` | no |
87+ | path | Path in which to create the policy. (Optional, default '/') | ` string ` | ` "/" ` | no |
88+ | policy\_ name | The name of the policy. | ` string ` | ` "managed-force-mfa-policy" ` | no |
89+
90+ ## Outputs
91+
92+ | Name | Description |
93+ | ------| -------------|
94+ | arn | The policy's ARN. |
95+ | groups | The groups to which policy is attached |
96+ | id | The policy's ID. |
97+ | policy\_ json | The above arguments serialized as a standard JSON policy document. |
98+
3799<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
38100
39101## Commands
0 commit comments