Creation of group with an specific role assigned - Best practices for Ref Arch
Hi, We want to create a new group to access some specific resources (cloudwatch logs) in some of our accounts (dev/staging). What would be the recommended way to create a group with those requirements that can be assigned to a user in the security account with cross-account access? Thanks.
The best way to create this group is to use the [custom-iam-entity](https://github.com/gruntwork-io/terraform-aws-security/tree/master/modules/custom-iam-entity) module directly. E.g., you can add a new terragrunt config in `infrastructure-live` that looks like the following: ```hcl terraform { source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/custom-iam-entity?ref=v0.61.0" } inputs = { should_require_mfa = false should_create_iam_group = true iam_group_name = "TODO: name of IAM Group" iam_policy_arns = ["LIST", "OF", "IAM_POLICIES", "TO", "ATTACH"] } ```