-
-
Notifications
You must be signed in to change notification settings - Fork 568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add permissions boundary for IAM role #104
feat: Add permissions boundary for IAM role #104
Conversation
Hey team. |
Awesome @edersonbrilhante - using this now!! |
Bump, having the same use case! Btw I think it would be better if the purpose of the |
@zephinzer I think it is a good idea. I can change, but I would like more feedback before changing. |
@edersonbrilhante personally I would keep the code as is - but you could add more detail or a link in the Readme if you want to better explain the purpose of the permission boundary. The permission boundary isn't actually for enhanced_monitoring. |
@david-wells-1 it seems it's for the iam user created for the enhanced_monitoring (we're currently maintaining our own fork for this feature, would be good to have this in the main module because it seems like enterprises that are on AWS tend to impose a permissions boundary as a form of control over subaccounts) |
variable "permissions_boundary" { | ||
description = "The ARN of the policy that is used to set the permissions boundary for the role." | ||
type = string | ||
default = null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe the default value should be null
for people who don't want to enforce any permissions_boundary
. I have updated it.
Thanks, everyone! v2.18.0 has been released. |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
This PR will close issue #115. Allowing to create "aws_iam_role" "rds_enhanced_monitoring" when AWS is set to use permissions boundary in an IAM role creation.
Motivation and Context
In my case, my AWS account I am using permissions boundary to avoid creating a new role with bigger permissions. So any new role must set this boundary.
To run the resource aws_iam_role. rds_enhanced_monitoring, it is needed to set permissions boundary.
Breaking Changes
None