Skip to main content
Security Modules 0.74.5Last updated in version 0.74.0

AWS IAM Access Analyzer

View Source Release Notes

This repo contains a Module for creating and enabling IAM Access Analyzer

This module is not meant to be used directly. Instead, it’s used under the hood in the account-baseline-root & account-baseline-security modules. Please see those modules and their respective examples for specific configuration and usage.

Features

  • Create an IAM Access Analyzer service for different regions in one module

  • Enable the IAM Access Analyzer service for a given AWS account

Learn

Note

This repo is a part of the Gruntwork Infrastructure as Code Library, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Infrastructure as Code Library before, make sure to read How to use the Gruntwork Infrastructure as Code Library!

Core concepts

Repo organization

  • modules: the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.

  • examples: This folder contains working examples of how to use the submodules.

  • test: Automated tests for the modules and examples.

Deploy

Non-production deployment (quick start for learning)

If you just want to try this out for experimenting and learning, check out the following resources:

  • examples folder: The examples folder contains sample code optimized for learning, experimenting, and testing (but not production usage).

Manage

Sample Usage

main.tf

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S IAM-ACCESS-ANALYZER-MULTI-REGION MODULE
# ------------------------------------------------------------------------------------------------------

module "iam_access_analyzer_multi_region" {

  source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/iam-access-analyzer-multi-region?ref=v0.74.5"

  # ----------------------------------------------------------------------------------------------------
  # REQUIRED VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # The AWS Account ID the template should be operated on. This avoids
  # misconfiguration errors caused by environment variables.
  aws_account_id = <string>

  # ----------------------------------------------------------------------------------------------------
  # OPTIONAL VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # A feature flag to enable or disable this module.
  create_resources = true

  # The name of the IAM Access Analyzer module
  iam_access_analyzer_name = "iam-access-analyzer"

  # If set to ACCOUNT, the analyzer will only be scanning the current AWS
  # account it's in. If set to ORGANIZATION - will scan the organization AWS
  # account and the child accounts.
  iam_access_analyzer_type = "ACCOUNT"

}