terraform-aws-tardigrade-iam-account

Terraform module to manage AWS account password policy

Testing

At the moment, testing is manual:

Note: This test should be run in an account that doesn't already have an existing AccessAnalyzer.

# Replace "xxx" with an actual AWS profile, then execute the integration tests.
export AWS_PROFILE=xxx 
make terraform/pytest PYTEST_ARGS="-v --nomock"

Requirements

Name	Version
terraform	>= 0.12

Providers

Name	Version
aws	n/a

Resources

Name	Type

Inputs

Name	Description	Type	Default	Required
access_analyzer	Object of attributes for an IAM Access Analyzier	object({ name = optional(string, "AccountAnalyzer") type = optional(string, "ACCOUNT") tags = optional(map(string)) configuration = optional(object({ unused_access = object({ unused_access_age = number }) })) })	{}	no
account_alias	Object of attributes for the IAM account alias	object({ name = string })	null	no
password_policy	Object of attributes for the IAM account password policy	object({ allow_users_to_change_password = optional(bool, true) hard_expiry = optional(bool, false) max_password_age = optional(string, "90") minimum_password_length = optional(string, "14") password_reuse_prevention = optional(string, "24") require_lowercase_characters = optional(bool, true) require_numbers = optional(bool, true) require_symbols = optional(bool, true) require_uppercase_characters = optional(bool, true) })	{}	no

Outputs

No outputs.