Skip to main content
Service Catalog Version 0.118.5Last updated in version 0.20.0

Gruntwork Access

View Source Release Notes

Overview

You can use this service to grant the Gruntwork team access to your AWS account to either:

Under the hood, this service creates an IAM Role in your AWS account that the Gruntwork team can assume. This allows the Gruntwork team to securely access your AWS accounts without having to create, share, or manage credentials.

Features

  • Create an IAM role that grants Gruntwork access to your AWS accounts
  • Choose the Managed IAM Policy to grant
  • Require MFA for assuming the IAM role
  • Grant access to your own security account (required for Reference Architecture deployments)

Learn

note

This repo is a part of the Gruntwork Service Catalog, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Service Catalog before, make sure to read How to use the Gruntwork Service Catalog!

Core concepts

Deploy

Non-production deployment (quick start for learning)

If you just want to try this repo out for experimenting and learning, check out the following resources:

  • examples/for-learning-and-testing folder: The examples/for-learning-and-testing folder contains standalone sample code optimized for learning, experimenting, and testing (but not direct production usage).

Production deployment

If you want to deploy this repo in production, check out the following resources:

  • examples/for-production folder: The examples/for-production folder contains sample code optimized for direct usage in production. This is code from the Gruntwork Reference Architecture, and it shows you how we build an end-to-end, integrated tech stack on top of the Gruntwork Service Catalog, configure CI / CD for your apps and infrastructure.

Sample Usage

main.tf

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S GRUNTWORK-ACCESS MODULE
# ------------------------------------------------------------------------------------------------------

module "gruntwork_access" {

source = "git::git@github.com:gruntwork-io/terraform-aws-service-catalog.git//modules/landingzone/gruntwork-access?ref=v0.118.5"

# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------

# Set to true to grant your security account, with the account ID specified in
# var.security_account_id, access to the IAM role. This is required for
# deploying a Reference Architecture.
grant_security_account_access = <bool>

# The ID of your security account (where IAM users are defined). Required for
# deploying a Reference Architecture, as the Gruntwork team deploys an EC2
# instance in the security account, and that instance assumes this IAM role to
# get access to all the other child accounts and bootstrap the deployment
# process.
security_account_id = <string>

# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------

# The ID of the AWS account that will be allowed to assume the IAM role.
gruntwork_aws_account_id = "583800379690"

# The name to use for the IAM role
iam_role_name = "GruntworkAccountAccessRole"

# The name of the AWS Managed Policy to attach to the IAM role. To deploy a
# Reference Architecture, the Gruntwork team needs AdministratorAccess, so
# this is the default.
managed_policy_name = "AdministratorAccess"

# If set to true, require MFA to assume the IAM role from the Gruntwork
# account.
require_mfa = true

# Tags to apply to all resources created by this module
tags = {}

}


Reference

Required

Set to true to grant your security account, with the account ID specified in security_account_id, access to the IAM role. This is required for deploying a Reference Architecture.

security_account_idstringrequired

The ID of your security account (where IAM users are defined). Required for deploying a Reference Architecture, as the Gruntwork team deploys an EC2 instance in the security account, and that instance assumes this IAM role to get access to all the other child accounts and bootstrap the deployment process.

Optional

The ID of the AWS account that will be allowed to assume the IAM role.

"583800379690"
iam_role_namestringoptional

The name to use for the IAM role

"GruntworkAccountAccessRole"
managed_policy_namestringoptional

The name of the AWS Managed Policy to attach to the IAM role. To deploy a Reference Architecture, the Gruntwork team needs AdministratorAccess, so this is the default.

"AdministratorAccess"
require_mfabooloptional

If set to true, require MFA to assume the IAM role from the Gruntwork account.

true
tagsmap(string)optional

Tags to apply to all resources created by this module

{}