Terraforming Cross account role access

This example is modified from the examples given here: http://blog.sinica.me/aws_multi_account_with_terraform.html

This code here shows how to use Terraform to set up cross account roles, here's the code in a more useable manner. You have to set up environment variables for the 2 different AWS accounts (e.g. export TF_VAR_.....).

Obviously you use a prepopulated group rather than the bob one. So id change the TF to being a data resource on an existing group.

AssumeRole https://signin.aws.amazon.com/switchrole?account=[dev_account_id]&roleName=ExternalAdminRole

Well that's all good an all but how about automation? You get the creds aws sts assume-role --role-arn "arn:aws:iam::[dev_account_id]:role/ExternalAdminRole" --role-session-name "bob_dev"

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.gitignore		.gitignore
README.md		README.md
assume_dev_admin.sh		assume_dev_admin.sh
dev.aws_iam_policy.external_admin_policy.tf		dev.aws_iam_policy.external_admin_policy.tf
dev.aws_iam_policy_attachment.external_admin_policy_attachment_to_external_admin_role.tf		dev.aws_iam_policy_attachment.external_admin_policy_attachment_to_external_admin_role.tf
dev.aws_iam_role.external_admin_role.tf		dev.aws_iam_role.external_admin_role.tf
dev.provider.tf		dev.provider.tf
inputs.tf		inputs.tf
management.aws_iam_group_membership.dev_admins.tf		management.aws_iam_group_membership.dev_admins.tf
management.aws_iam_group_policy_dev_admins_policy.tf		management.aws_iam_group_policy_dev_admins_policy.tf
management.aws_iam_user_bob.tf		management.aws_iam_user_bob.tf
management.iam_group_dev_admins.tf		management.iam_group_dev_admins.tf
management.provider.tf		management.provider.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.gitignore

.gitignore

README.md

README.md

assume_dev_admin.sh

assume_dev_admin.sh

dev.aws_iam_policy.external_admin_policy.tf

dev.aws_iam_policy.external_admin_policy.tf

dev.aws_iam_policy_attachment.external_admin_policy_attachment_to_external_admin_role.tf

dev.aws_iam_policy_attachment.external_admin_policy_attachment_to_external_admin_role.tf

dev.aws_iam_role.external_admin_role.tf

dev.aws_iam_role.external_admin_role.tf

dev.provider.tf

dev.provider.tf

inputs.tf

inputs.tf

management.aws_iam_group_membership.dev_admins.tf

management.aws_iam_group_membership.dev_admins.tf

management.aws_iam_group_policy_dev_admins_policy.tf

management.aws_iam_group_policy_dev_admins_policy.tf

management.aws_iam_user_bob.tf

management.aws_iam_user_bob.tf

management.iam_group_dev_admins.tf

management.iam_group_dev_admins.tf

management.provider.tf

management.provider.tf

Repository files navigation

Terraforming Cross account role access

About

Releases

Packages

Languages

contino/terraform-iam-crossaccount

Folders and files

Latest commit

History

Repository files navigation

Terraforming Cross account role access

About

Resources

Stars

Watchers

Forks

Languages