Before reading these instructions, go through setting up aws-auth and understanding the aws-auth workflow.
Combining it with LastPass
If you've read the aws-auth README, you'll find that using aws-auth isn't really a one-liner, since you have to set your permanent AWS credentials first:
If you store your secrets in a CLI-friendly password manager, such as lpass or pass,
then you can reduce this even further!
If needed, you can create a LastPass account and install the client from here. The CLI client can be installed from here.
Create templates
First, store your permanent AWS credentials in lpass. I'm sure there are multiple ways this can be done but I created a
custom note and stored all user account information in it.
Open your LastPass Vault > Secure Notes > click on the (+) sign > Add Secure Note.
Change "Note Type:" to "Add Custom Template".
Give it a name like "AWS Security Credentials".
Start adding fields.
Save the template when complete.
Fields I used were:
Field Name
Field Type
User ID (IAM)
Text
Account Name
Text
Account Number
Text
Access Key ID
Text with copy button
Secret Access Key
Text with copy button
MFA ARN
Text with copy button
Once that's complete, create a second note used to for storing lines of the script.
Open your LastPass Vault > Secure Notes > click on the (+) sign > Add Secure Note.
Change "Note Type:" to "Add Custom Template".
Give it a name like "Script".
Start adding fields.
Save the template when complete.
Fields I used were:
Field Name
Field Type
Param1
Text
Param2
Text
Param3
Text
Param4
Text
Save secrets and script parameters in LastPass
Create a new Secure Note using the "AWS Security Credentials" template. Store your User ID ARN, Account Name, Account Number,
Access Key ID, Secret Access Key, and MFA ARN in that. Custom templates can't be added from the lpass cli so this has to be
done within the LastPass GUI.
$ lpass show aws-johndoe
Foldername/aws-johndoe [id: 1234567890123456]
MFA ARN: arn:aws:iam::123456789012:mfa/johndoe
Secret Access Key: JOHNDOERANDOMSECRETACCESSKEY
Access Key ID: JOHNDOEACCESSKEYID
Account Number: 123456789012
Account Name: Security
User ID (IAM): arn:aws:iam::123456789012:user/johndoe
NoteType: Custom
If you will be assuming an IAM Role ARN, put that in lpass too:
Note: For the IAM Role ARNs, I'm using the default lpass site template since I only need two fields and I can access it quickly with the CLI. The script with the --role-arn flag is saved as Username and the Role ARN is being saved as Password.
Start putting the script together
Now, we can start constructing our script in lpass that ties all of this together. Again, since this is a custom template, everything has to
be done within the LastPass console. Create a new Secure Note using the "Script" template.
In the Param1 field, copy in:
read -p "Enter your MFA token: "token
Note: The other ParamX fields were added for future use and not necessarily for this script.
Now, to setup your temporary STS credentials so it is truly a one-liner!
eval"$(lpass show aws-auth-security --field Param1; lpass show aws-auth-security --field Param2)"
Example
$ eval "$(lpass show aws-auth-security --field Param1; lpass show aws-auth-security --field Param2)"
Enter your MFA token: 1234562018-01-0816:35:18 [INFO] [aws-auth] Getting temporary credentials and token for MFA device arn:aws:iam::123456789012:mfa/johndoe
2018-01-0816:35:19 [INFO] [aws-auth] Success!
Alias all the things!
But that's still a lot of typing. How about we alias that and all the additional IAM Role ARN possibilities? I keep all my aliases defined in ~/.bash_aliases.
Note: Remember that aws-auth-otheraccount requires we specify the --role-arn so we can switch to that role/account. In this example, all
of that is stored in lpass as the secret aws-johndoe-role-arn-otheraccount. The Username field contains the script and the Password field
contains the Role ARN.
For every AWS account used in your organization, you'll need to create that additional secret and that BASH alias if you're going to follow along with this.
Remember to adjust your alias scripts as neccessary.
# Authenticate to the AWS account with the User ID
alias aws-auth-security='eval "$(lpass show aws-auth-security --field Param1; lpass show aws-auth-security --field Param2)"'
# Authenticate to the AWS account with the role arn
alias aws-auth-otheraccount='eval "$(lpass show aws-auth-security --field Param1; lpass show aws-johndoe-role-arn-otheraccount --username)"'
Note: the double quotes around the $() are required.
Example
$ aws-auth-security
Enter your MFA token: 1234562018-01-0921:14:18 [INFO] [aws-auth] Getting temporary credentials and token for MFA device arn:aws:iam::123456789012:mfa/johndoe
2018-01-0921:14:19 [INFO] [aws-auth] Success!
$ aws-auth-otheraccount
Enter your MFA token: 2345672018-01-0921:14:41 [INFO] [aws-auth] Getting temporary credentials and token for MFA device arn:aws:iam::123456789012:mfa/johndoe
2018-01-0921:14:42 [INFO] [aws-auth] Assuming role arn:aws:iam::098765432109:role/rolename
2018-01-0921:14:42 [INFO] [aws-auth] Success!
$ aws sts get-caller-identity
{
"UserId": "AWSRANDOMUSERID:johndoe",
"Account": "098765432109",
"Arn": "arn:aws:sts::098765432109:assumed-role/rolename/johndoe"
}
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"7ad9d8bc9aca12a8309416470f9f6cc0965ff330"}]},{"name":".editorconfig","path":".editorconfig","sha":"a5eec1063e66c4cb953cba222dd50b4d314ef3e2"},{"name":".gitignore","path":".gitignore","sha":"db9544649ac09686ab10d48c26aa1d65fbd25fb7"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"8d98e6d06e9c4d3f9b680dc9ab6d5ccc7f9d96d3"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"7ab1528db56eca5c136e005f4f08ec9b2c0f3aeb"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"2fa6943dc66863a9f854a55374ed6b89f1dab998"},{"name":"_ci","children":[{"name":"output-debug-values.sh","path":"_ci/output-debug-values.sh","sha":"39d6d5f080a53f932e3b5ec970b5f268fd00e50a"}]},{"name":"_docs","children":[{"name":"auto-update.png","path":"_docs/auto-update.png","sha":"77bfd1c65de0245ac8b3c67d5b0b64fc440824bf"},{"name":"aws-cloudtrail-architecture.png","path":"_docs/aws-cloudtrail-architecture.png","sha":"a2dd9a08b8ed77744fd5febab3be7bdf633dee79"},{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"acc7dcaf4b46ce3cef1bcc20be0329e12c320e7f"},{"name":"aws-config-architecture.png","path":"_docs/aws-config-architecture.png","sha":"721458048d5e539468c438498863a91fa96e0a85"},{"name":"aws-config-rules-architecture.png","path":"_docs/aws-config-rules-architecture.png","sha":"29fe3f20358b176e385d1bcdc0357bff2c1d5b4a"},{"name":"aws-config-rules.png","path":"_docs/aws-config-rules.png","sha":"ac3f7b35bcac949887e62aee260d9cb70edd3ae8"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"02f4b326aef57372def4f3fafa4f0e4cec07e395"},{"name":"aws-guardduty.png","path":"_docs/aws-guardduty.png","sha":"053b92412fb8e3fb5740acc404b493fe1dd7229b"},{"name":"aws-organizations-architecture.png","path":"_docs/aws-organizations-architecture.png","sha":"bd57412fe85d3fe8d5e358db5e3b7bfef3e786a9"},{"name":"aws-organizations-icon.png","path":"_docs/aws-organizations-icon.png","sha":"b2b3fa04f51a23e5bae1b3389ffedf5e17b3cef2"},{"name":"kms-icon.png","path":"_docs/kms-icon.png","sha":"cd4f350a9a3fda41089928a7e396ee8924b7a901"},{"name":"multi-account-multi-region-aws-config.png","path":"_docs/multi-account-multi-region-aws-config.png","sha":"a9c813b1799fe71554c20c8fefc703792293bfe4"},{"name":"multiaccount_guardduty.png","path":"_docs/multiaccount_guardduty.png","sha":"c56b50bbb4c2a041366b430cada27b88aa02524b"},{"name":"ssh-grunt-architecture.png","path":"_docs/ssh-grunt-architecture.png","sha":"9ced8c68bcc7957e50aa016cad6c5b043a05b470"},{"name":"terminal-icon.png","path":"_docs/terminal-icon.png","sha":"df09d52d5b1176d7e231bab6c7712c3728e45c1b"}]},{"name":"codegen","children":[{"name":"README.adoc","path":"codegen/README.adoc","sha":"985e83db4ee84bc073af9580c251646f08137ffc"},{"name":"core-concepts.md","path":"codegen/core-concepts.md","sha":"6194c545021687193f2d0b8d35849f3492dac6ec"},{"name":"generate-all.sh","path":"codegen/generate-all.sh","sha":"bb0eaa685dde9ae01028799cfcb611d74c615eb7"},{"name":"generate-aws-config","children":[{"name":".gitignore","path":"codegen/generate-aws-config/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-config/main.go","sha":"fbdc3f3df8ccf910430acad3d7d29e8b7d584cd2"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-config/static/README.adoc","sha":"c0e1204ac792b55ced9bedb40736621b78ef8740"},{"name":"core-concepts.md","path":"codegen/generate-aws-config/static/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"variables.tf","path":"codegen/generate-aws-config/static/variables.tf","sha":"96074af498e9907aafe0a5f30ad52eebe7fdab01"}]},{"name":"template_data.go","path":"codegen/generate-aws-config/template_data.go","sha":"5dc233c470a7bade37726233e52abe14b0d721a1"}]},{"name":"generate-aws-guardduty","children":[{"name":".gitignore","path":"codegen/generate-aws-guardduty/.gitignore","sha":"b488f31b176e8da6501add7ce148074af2337d91"},{"name":"main.go","path":"codegen/generate-aws-guardduty/main.go","sha":"65a8af5a54afd75c1123cf9905cac3a770ca210d"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-aws-guardduty/static/README.adoc","sha":"0c0833b9655d1d292f086b8f27c594ef1b968d68"},{"name":"variables.tf","path":"codegen/generate-aws-guardduty/static/variables.tf","sha":"992199e9e968a3006918b286c7f3e69eb2fbbd74"}]},{"name":"template_data.go","path":"codegen/generate-aws-guardduty/template_data.go","sha":"99aa2d3dd6e70fa736e6101e0ede935a59cec955"}]},{"name":"generate-multiregion-kms-grant","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms-grant/.gitignore","sha":"ce81abc8eeae39683199307d44536f0a8b1b7862"},{"name":"main.go","path":"codegen/generate-multiregion-kms-grant/main.go","sha":"b2de863570dc8b0beb69d015ac3b656fc6af6fbb"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms-grant/static/README.adoc","sha":"8b31bdf6b848e87f10f3ae1a2d031ede038f52b9"},{"name":"core-concepts.md","path":"codegen/generate-multiregion-kms-grant/static/core-concepts.md","sha":"53fe1d9a73a2643da5d276b71dce7ff649896ef2"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms-grant/static/variables.tf","sha":"d27a8da6b13e1ea67a1b4721edd8bbe59781df7d"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms-grant/template_data.go","sha":"778c50771f59f2fea9f226c6c1af2fb3421554fa"}]},{"name":"generate-multiregion-kms","children":[{"name":".gitignore","path":"codegen/generate-multiregion-kms/.gitignore","sha":"dd60654458233c0bdb18892c5989f1828889d55b"},{"name":"main.go","path":"codegen/generate-multiregion-kms/main.go","sha":"a4c0e0fefe40a90d724a054ceef68745871eb6e6"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-multiregion-kms/static/README.adoc","sha":"2bdf512e1f415dd833b7c5f9877ba63ab2ad1d08"},{"name":"variables.tf","path":"codegen/generate-multiregion-kms/static/variables.tf","sha":"e1c5961708f3f4d432af14f0a795d9960011dd2e"}]},{"name":"template_data.go","path":"codegen/generate-multiregion-kms/template_data.go","sha":"7ec2a39c066905afa345fd07881681f199ad700f"}]},{"name":"generator","children":[{"name":"aws.go","path":"codegen/generator/aws.go","sha":"5c4712b16f00ebfe3d9ab85e5ef7ec4e7376bd7e"},{"name":"cli.go","path":"codegen/generator/cli.go","sha":"6e92f692f11d26c182c9e987fd566b0b8cb10901"},{"name":"errors.go","path":"codegen/generator/errors.go","sha":"21fd1f6d4bef60ea9cb39939783696526ddd02e7"},{"name":"generator.go","path":"codegen/generator/generator.go","sha":"512cd371bdf1342885f4313f4bb607137f8e51f8"},{"name":"main.tf.tpl.go","path":"codegen/generator/main.tf.tpl.go","sha":"9fb77255b6bbac763fe227773841059edc12547c"},{"name":"outputs.tf.tpl.go","path":"codegen/generator/outputs.tf.tpl.go","sha":"d5f5236e76f98825f082c5d2d125b5f4f0376f09"}]},{"name":"go.mod","path":"codegen/go.mod","sha":"10fc12445001ccc8061886f383e9a37ef704121f"},{"name":"go.sum","path":"codegen/go.sum","sha":"264a7a2d25f07c58b4fcc30125fc569b23f191dd"},{"name":"logging","children":[{"name":"logging.go","path":"codegen/logging/logging.go","sha":"d4fb9da710acb21567b4e0581cb7bd7692baca04"}]}]},{"name":"examples","children":[{"name":"account-baseline-app","children":[{"name":"README.md","path":"examples/account-baseline-app/README.md","sha":"a7925e8838d754d6ffce99821d61cbe6cf1f83df"},{"name":"main.tf","path":"examples/account-baseline-app/main.tf","sha":"a2126b8b3bf366df53bd2ca4a68716311d603e66"},{"name":"outputs.tf","path":"examples/account-baseline-app/outputs.tf","sha":"99f7a2e4804e904ec545a360df3c85c4248800ae"},{"name":"variables.tf","path":"examples/account-baseline-app/variables.tf","sha":"4b259f0771cf2cba768686e1c159d1c49462ffe2"}]},{"name":"account-baseline-root","children":[{"name":"README.md","path":"examples/account-baseline-root/README.md","sha":"aa53b9925ab07a760010d174cbf7a671792b137c"},{"name":"main.tf","path":"examples/account-baseline-root/main.tf","sha":"702ac256fb8ecd4d80d75381bfb12bed85029982"},{"name":"outputs.tf","path":"examples/account-baseline-root/outputs.tf","sha":"41480db71946de957e975899635658b6926237d0"},{"name":"variables.tf","path":"examples/account-baseline-root/variables.tf","sha":"b151dc483986fc4dda8148084873c3f4fb3b0ce4"}]},{"name":"account-baseline-security","children":[{"name":"README.md","path":"examples/account-baseline-security/README.md","sha":"292b4ae949b94a126389bd8bf88df5d5ed699649"},{"name":"main.tf","path":"examples/account-baseline-security/main.tf","sha":"d58981cb07bda7acfb7fb359b20c726d9cada3cd"},{"name":"outputs.tf","path":"examples/account-baseline-security/outputs.tf","sha":"fe0478dd9605f017e38bd084c611c6390bc916d1"},{"name":"variables.tf","path":"examples/account-baseline-security/variables.tf","sha":"96a1523c3e0106681af3f1d300f65d5368cbcce2"}]},{"name":"auto-update","children":[{"name":"README.md","path":"examples/auto-update/README.md","sha":"d7c630c4585bad7869d55bc6c62fca248eeb521a"},{"name":"auto-update-example.json","path":"examples/auto-update/auto-update-example.json","sha":"cafac0a781f8c675338226eee4b2413f5a4e88c1"}]},{"name":"aws-config-multi-region","children":[{"name":"README.md","path":"examples/aws-config-multi-region/README.md","sha":"5d472db5cdc843b494852a062d8c0880f246fcd0"},{"name":"terraform","children":[{"name":"main.tf","path":"examples/aws-config-multi-region/terraform/main.tf","sha":"c48993c3152b9bd291b3671e31cd88bac65e5af0"},{"name":"outputs.tf","path":"examples/aws-config-multi-region/terraform/outputs.tf","sha":"77ee90f69634c965b8ebed79a8d3afd6adca4db4"},{"name":"variables.tf","path":"examples/aws-config-multi-region/terraform/variables.tf","sha":"b0fac72293bdf8940a97090f7a2125d4a3637037"}]},{"name":"terragrunt","children":[{"name":"terragrunt.hcl","path":"examples/aws-config-multi-region/terragrunt/terragrunt.hcl","sha":"9a55dab3f9888a9258099d558df0972abec52792"}]}]},{"name":"aws-config-rules","children":[{"name":"README.md","path":"examples/aws-config-rules/README.md","sha":"6cd2794e82af1e3c3620d8feaed136af5358207e"},{"name":"main.tf","path":"examples/aws-config-rules/main.tf","sha":"f619e63bf35ef4ff443f52bcbf9bad465d90944f"},{"name":"outputs.tf","path":"examples/aws-config-rules/outputs.tf","sha":"4319400eb4190f58458f2dd9398225869ff08da3"},{"name":"variables.tf","path":"examples/aws-config-rules/variables.tf","sha":"c97f8c6bdaf4ab3f9e5f26332fc7ec983e881a53"}]},{"name":"aws-config","children":[{"name":"README.md","path":"examples/aws-config/README.md","sha":"5d66d09633de365e154669a090edc37fc70548d1"},{"name":"main.tf","path":"examples/aws-config/main.tf","sha":"bb70b1b351ae3d94fcfe0ee6a116e95384eb604f"},{"name":"outputs.tf","path":"examples/aws-config/outputs.tf","sha":"ddd32698f39772d663a2d9b8a6276260f5431068"},{"name":"variables.tf","path":"examples/aws-config/variables.tf","sha":"66f62d7333d5df8b562e6f2dfa4f701b88e4f31b"}]},{"name":"aws-organizations","children":[{"name":"README.md","path":"examples/aws-organizations/README.md","sha":"1da3c2fc061fee6ee99564b8b2323ccf69f2c690"},{"name":"main.tf","path":"examples/aws-organizations/main.tf","sha":"7339da612ebccaa785820b0f1e6fb42d5f72e20a"},{"name":"outputs.tf","path":"examples/aws-organizations/outputs.tf","sha":"a713386520ca735201acfc9a560eda7fcf2aa51a"},{"name":"variables.tf","path":"examples/aws-organizations/variables.tf","sha":"59afc28c87bc3c49d11c6faf7e112643f0a95481"}]},{"name":"cloudtrail-custom-key","children":[{"name":"README.md","path":"examples/cloudtrail-custom-key/README.md","sha":"bb376ddaca4b52bef18a5526aa9cb0465574ff7e"},{"name":"main.tf","path":"examples/cloudtrail-custom-key/main.tf","sha":"a46a0db52463d102bbca8d89ece553be24e2a073"},{"name":"outputs.tf","path":"examples/cloudtrail-custom-key/outputs.tf","sha":"2617a8347eb588d6ed5ccb529f50f3b58ddb1b7b"},{"name":"variables.tf","path":"examples/cloudtrail-custom-key/variables.tf","sha":"7a3ac8ce318fd783a427e68e490783a93747eb02"}]},{"name":"cloudtrail","children":[{"name":"README.md","path":"examples/cloudtrail/README.md","sha":"2fbe4b7494d970738d054910d86d0ae31718c8ec"},{"name":"main.tf","path":"examples/cloudtrail/main.tf","sha":"a8304cdc9a12e4e8e0faafbff1f604c845076a6f"},{"name":"outputs.tf","path":"examples/cloudtrail/outputs.tf","sha":"2617a8347eb588d6ed5ccb529f50f3b58ddb1b7b"},{"name":"variables.tf","path":"examples/cloudtrail/variables.tf","sha":"50918a7ba4255bbc940a340010075a489adf44c5"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/README.md","sha":"bac6fd37f7f7009454a66e55e8ff377fff36aefb"},{"name":"main.tf","path":"examples/cross-account-iam-roles/main.tf","sha":"6874182894e126fd7d04c8767b1057c67ab37956"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/outputs.tf","sha":"44af3be56d0a80e4d509fcd62c0e6dd8628072fa"},{"name":"variables.tf","path":"examples/cross-account-iam-roles/variables.tf","sha":"ae71d83df1715782bb47a965435e3783b7dcee81"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"examples/custom-iam-entity/README.md","sha":"7e6c2e15f44a4ddc28ef276da4b323d2fd326a3f"},{"name":"main.tf","path":"examples/custom-iam-entity/main.tf","sha":"c1b2291bb49e98b1b4ac642920751f54bd59c2a3"},{"name":"outputs.tf","path":"examples/custom-iam-entity/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"variables.tf","path":"examples/custom-iam-entity/variables.tf","sha":"4af8f352ddc35352243f8e1ac0dd3fb50f230e11"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"examples/fail2ban/README.md","sha":"7f6b797884ac148c0e34fd6da0eb8224e2255d8a"},{"name":"fail2ban-example.json","path":"examples/fail2ban/fail2ban-example.json","sha":"dca42add6036b1e18f03aaa3f41c500b8767f31d"}]},{"name":"guardduty","children":[{"name":"README.md","path":"examples/guardduty/README.md","sha":"23c75950a1b8b33286b79bd5e9d853cee02d62ea"},{"name":"main.tf","path":"examples/guardduty/main.tf","sha":"c61ad567d527732db435f2d1b62c4a609c3fac1d"},{"name":"outputs.tf","path":"examples/guardduty/outputs.tf","sha":"24b4eecc8136725bafa182f1c4febdf90da49a92"},{"name":"variables.tf","path":"examples/guardduty/variables.tf","sha":"77f3fbbeef3500c93b55899ad8e92f44420858ee"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"examples/iam-groups/README.md","sha":"7bd21c82fd8f28f7b3155497a0524d86ce17cfdd"},{"name":"main.tf","path":"examples/iam-groups/main.tf","sha":"b7eed1e0aaa5855e0dd20485d6b6ed55a0266398"},{"name":"outputs.tf","path":"examples/iam-groups/outputs.tf","sha":"5076c13be431d7844e1ce524bcd40076450c051e"},{"name":"variables.tf","path":"examples/iam-groups/variables.tf","sha":"6132b953e392a2050532881faab88a2eb10378c6"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"examples/iam-user-password-policy/README.md","sha":"bc62258833767d2e383a130c43d57a11e229af27"},{"name":"main.tf","path":"examples/iam-user-password-policy/main.tf","sha":"ae22f0ac3173d5c0f191ec537725ea6230962fc5"},{"name":"variables.tf","path":"examples/iam-user-password-policy/variables.tf","sha":"e123f5bbbaa376c3c8edf5f37e2bc012feed65d7"}]},{"name":"iam-users","children":[{"name":"README.md","path":"examples/iam-users/README.md","sha":"f8b65e9756e9f8c8703a854c1363be700b5fe8d9"},{"name":"main.tf","path":"examples/iam-users/main.tf","sha":"b4eed5731277da357997617868872c8d8b9e4b1d"},{"name":"outputs.tf","path":"examples/iam-users/outputs.tf","sha":"2b305a310e6c78ed5d89ff62303b5c64b956bd12"},{"name":"variables.tf","path":"examples/iam-users/variables.tf","sha":"d3693a709d6bee6f57aabaf07cddb0f02349c7a4"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"examples/ip-lockdown/README.md","sha":"3962ba23a76d8f02e5c0ffc8cb71196991628e38"},{"name":"aws-example","children":[{"name":"README.md","path":"examples/ip-lockdown/aws-example/README.md","sha":"da44a1265bdd321d10b4a6e3471a655da91033bb"},{"name":"main.tf","path":"examples/ip-lockdown/aws-example/main.tf","sha":"948172240196c610e26957ca60640191fdfab0ad"},{"name":"outputs.tf","path":"examples/ip-lockdown/aws-example/outputs.tf","sha":"a175a78c9a10f9f2fd9d7c84f9b304aebc1bdb41"},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/ip-lockdown/aws-example/user-data/user-data.sh","sha":"c6d308027737a434f4c96bc3eba5bd301897af62"}]},{"name":"variables.tf","path":"examples/ip-lockdown/aws-example/variables.tf","sha":"85be46b79dfe349e32974eccdc9c3206211787ac"}]},{"name":"ip-lockdown-sample.json","path":"examples/ip-lockdown/ip-lockdown-sample.json","sha":"2ccf2fe1a5b90bf4ab760ddd4f7714a8e1d43df6"},{"name":"local-test","children":[{"name":"README.md","path":"examples/ip-lockdown/local-test/README.md","sha":"3f0e1a6483ce3155bb04dbb9a4fd76ed41486d35"},{"name":"docker-compose.yml","path":"examples/ip-lockdown/local-test/docker-compose.yml","sha":"7c8e3a5d1fd40a95ef99b4bba0911c63ed43b530"}]}]},{"name":"kms-grant-multi-region","children":[{"name":"main.tf","path":"examples/kms-grant-multi-region/main.tf","sha":"4c39e1f9c5b3a9f10ba5e415ee89cf6da651e3c6"},{"name":"variables.tf","path":"examples/kms-grant-multi-region/variables.tf","sha":"43e0dc3512d054801c09cd80e47fb28b13f249a7"}]},{"name":"kms-master-key-multi-region","children":[{"name":"main.tf","path":"examples/kms-master-key-multi-region/main.tf","sha":"2f92868a8786cfedfc5e431170382d6840b4ae21"},{"name":"outputs.tf","path":"examples/kms-master-key-multi-region/outputs.tf","sha":"c2685a282b5ce295c2dd80a78841711a40e80dcb"},{"name":"variables.tf","path":"examples/kms-master-key-multi-region/variables.tf","sha":"24c5972e988e17dc1d395f31630bd7efb20beb4e"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"examples/kms-master-key/README.md","sha":"821565d831f2afcf7a2ffeea9a0854fabdaae033"},{"name":"main.tf","path":"examples/kms-master-key/main.tf","sha":"36e66561c53a74f0c66813237d92c83c2338d46d"},{"name":"outputs.tf","path":"examples/kms-master-key/outputs.tf","sha":"4d5fd0a19ea917beff0241f169b51417ff9935b9"},{"name":"variables.tf","path":"examples/kms-master-key/variables.tf","sha":"c1de5a7b1c0859710d1253b61baf86c4564560e3"}]},{"name":"ntp","children":[{"name":"README.md","path":"examples/ntp/README.md","sha":"b676e802c1d196f6af204d14d143b80864bccd30"},{"name":"ntp-example.json","path":"examples/ntp/ntp-example.json","sha":"ab322bfd9042a9eaf3a9b2ec3418abd7188bc99a"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"examples/os-hardening/README.md","sha":"d311d0932f7e98b236d0dcf3d9c629a7f8b3b107"},{"name":"packer-build.sh","path":"examples/os-hardening/packer-build.sh","sha":"8a0cf99893046f648c04ad62d505746e9c3a5e95"},{"name":"packer","children":[{"name":"amazon-linux.json","path":"examples/os-hardening/packer/amazon-linux.json","sha":"e75442792ba2588a02bcc93a90eceade50e5a846"},{"name":"files","children":[{"name":"etc","children":[{"name":"fstab","path":"examples/os-hardening/packer/files/etc/fstab","sha":"cbf68cec68a92bc54f514dd0d6906f19cea857e6"}]}]}]},{"name":"terraform","children":[{"name":"main.tf","path":"examples/os-hardening/terraform/main.tf","sha":"0279c513bb48e2a5c966b19298066c04bf6b02f5"},{"name":"outputs.tf","path":"examples/os-hardening/terraform/outputs.tf","sha":"33083aed25a4ed6e323bf84381b896614814c9d1"},{"name":"variables.tf","path":"examples/os-hardening/terraform/variables.tf","sha":"b03be351c82d4d5c6942cd29adc78fe11e23cf1b"}]}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"examples/saml-iam-roles/README.md","sha":"b4ef2b28d5704aec892ea54cc28a61fbb46378c9"},{"name":"main.tf","path":"examples/saml-iam-roles/main.tf","sha":"1436a9989b19d0c1503066ab07bf86d7d1868ed5"},{"name":"outputs.tf","path":"examples/saml-iam-roles/outputs.tf","sha":"1bd4fec9529cddfd2d3f61bba60f9dfb8b286c70"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"variables.tf","path":"examples/saml-iam-roles/variables.tf","sha":"28705aa859940aa4b8027a19fe0b5b4affba939e"}]},{"name":"ssh-grunt","children":[{"name":"houston","children":[{"name":"README.md","path":"examples/ssh-grunt/houston/README.md","sha":"b73e23cd9fe47ba48e355605ff56a5740283a950"},{"name":"main.tf","path":"examples/ssh-grunt/houston/main.tf","sha":"259871d0103ff1bfd7e3e3a23147a0325e3600a1"},{"name":"outputs.tf","path":"examples/ssh-grunt/houston/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"variables.tf","path":"examples/ssh-grunt/houston/variables.tf","sha":"fb687fec420ea8cc16384f4bda4c4df45573d636"}]},{"name":"iam","children":[{"name":"README.md","path":"examples/ssh-grunt/iam/README.md","sha":"2add9fcdb0ed7f06816c3761fa0bef3bb6bc535d"},{"name":"main.tf","path":"examples/ssh-grunt/iam/main.tf","sha":"334d8b8f5b840b3946da954bd4e753c3d9011b42"},{"name":"outputs.tf","path":"examples/ssh-grunt/iam/outputs.tf","sha":"978b316044d417393b70100a427de1068c4d417f"},{"name":"variables.tf","path":"examples/ssh-grunt/iam/variables.tf","sha":"1ee58afdef7dad43bb3fb221995cc3daf631177b"}]},{"name":"mock-houston","children":[{"name":"README.md","path":"examples/ssh-grunt/mock-houston/README.md","sha":"94c0ef92814db64b5f3d578a4ba7011fb058fedf"},{"name":"main.tf","path":"examples/ssh-grunt/mock-houston/main.tf","sha":"5d095152e7efc51db2d2a2c25a96e6237588c538"},{"name":"outputs.tf","path":"examples/ssh-grunt/mock-houston/outputs.tf","sha":"a25069b6b919c0fa31fc32c3bcf1d326f7c3d46c"},{"name":"variables.tf","path":"examples/ssh-grunt/mock-houston/variables.tf","sha":"f435d1666f6a4ea18d6ce8a3230d8898a965fbea"}]},{"name":"packer","children":[{"name":"README.md","path":"examples/ssh-grunt/packer/README.md","sha":"40dc203c7287544434c7f668ea58782afd2f2386"},{"name":"build-binary.sh","path":"examples/ssh-grunt/packer/build-binary.sh","sha":"fe84ead78eb3e87e4855272f28c83d681c58ffff"},{"name":"ssh-grunt-houston.json","path":"examples/ssh-grunt/packer/ssh-grunt-houston.json","sha":"cd3c4a1c2053c238720b0b4111efc3003db7e6cb"},{"name":"ssh-grunt-iam.json","path":"examples/ssh-grunt/packer/ssh-grunt-iam.json","sha":"ab7237cf73deccb4f94837046be2efa0d6df3ebf"}]}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"examples/ssm-healthchecks-iam-permissions/README.md","sha":"f1fe555a3aff887a966def0a1d3ccaff3dd826e7"},{"name":"main.tf","path":"examples/ssm-healthchecks-iam-permissions/main.tf","sha":"2ff78d1f7cc4a484319a74a62880b26ad679f8b5"},{"name":"outputs.tf","path":"examples/ssm-healthchecks-iam-permissions/outputs.tf","sha":"52688c3a4f1f8349500505fb8949fa0d21c385a3"},{"name":"variables.tf","path":"examples/ssm-healthchecks-iam-permissions/variables.tf","sha":"725532cff7e91c2858c666a8d6a21cade2db213c"}]}]},{"name":"modules","children":[{"name":"_deprecated","children":[{"name":"custom-iam-group","children":[{"name":"README.md","path":"modules/_deprecated/custom-iam-group/README.md","sha":"e7a0ff783eb1052aa77fe50d7eaa6a06d2d82649"}]}]},{"name":"account-baseline-app","children":[{"name":"README.adoc","path":"modules/account-baseline-app/README.adoc","sha":"7f18ec7d53555ca35cb437e748ad46886f5995aa"},{"name":"main.tf","path":"modules/account-baseline-app/main.tf","sha":"52c0ab8c999a9cbea9582bde28a622b405fe8639"},{"name":"outputs.tf","path":"modules/account-baseline-app/outputs.tf","sha":"df81cfe1ae29f918511037530a7199ed2ae6578d"},{"name":"variables.tf","path":"modules/account-baseline-app/variables.tf","sha":"424b545d460d2098c2a2156c065e1508da701307"}]},{"name":"account-baseline-root","children":[{"name":"README.adoc","path":"modules/account-baseline-root/README.adoc","sha":"ed158ce608bc26d37a14e49266948f2194b4368f"},{"name":"core-concepts.md","path":"modules/account-baseline-root/core-concepts.md","sha":"a4bfbf153e6db44c2020a9abd944f7e21a57f58d"},{"name":"logs-account-resources.tf","path":"modules/account-baseline-root/logs-account-resources.tf","sha":"e0c9f9e1a8663725633357650c1b6eff80b161f2"},{"name":"main.tf","path":"modules/account-baseline-root/main.tf","sha":"bd8ba4047d91d18a08beef9f34cf6c905d511f1f"},{"name":"outputs.tf","path":"modules/account-baseline-root/outputs.tf","sha":"68c27771a66c5ee05958825760594054313db122"},{"name":"variables.tf","path":"modules/account-baseline-root/variables.tf","sha":"df9acaee14d131b910990953e632bb5420461a20"}]},{"name":"account-baseline-security","children":[{"name":"README.adoc","path":"modules/account-baseline-security/README.adoc","sha":"4a6ff36ad488396075f61c9e8c01ef16d2d4656d"},{"name":"main.tf","path":"modules/account-baseline-security/main.tf","sha":"d702f5a7c47ac306406c04c80b377eb0736bfb34"},{"name":"outputs.tf","path":"modules/account-baseline-security/outputs.tf","sha":"9c31fc7766226e38e620e1c9c93117aca47cafb3"},{"name":"variables.tf","path":"modules/account-baseline-security/variables.tf","sha":"8bee08db2e199e55635d6a79804237d6d2a093bf"}]},{"name":"auto-update","children":[{"name":"README.adoc","path":"modules/auto-update/README.adoc","sha":"6aefe0ec50a3479dc08366ee6ace6f306eec8e7a"},{"name":"core-concepts.md","path":"modules/auto-update/core-concepts.md","sha":"a292e900ff20e205679c5a8a2b382081f338a41f"},{"name":"install-scripts","children":[{"name":"configure-auto-update","path":"modules/auto-update/install-scripts/configure-auto-update","sha":"9557efec90bf62cbcd0360198ec2bf984a8a873b"},{"name":"unattended_upgrades_config.txt","path":"modules/auto-update/install-scripts/unattended_upgrades_config.txt","sha":"abe88fd8a5037ce518bec69a6cac0699cb421d47"},{"name":"yum_cron_config.txt","path":"modules/auto-update/install-scripts/yum_cron_config.txt","sha":"e7ef4273f1b2af0c9c032fadaacd03130ba5ea78"}]},{"name":"install.sh","path":"modules/auto-update/install.sh","sha":"7c19fd0d04b11c358af64149b3169d6b2c5e3b58"}]},{"name":"aws-auth","children":[{"name":"AWS-AUTH-1PASSWORD.md","path":"modules/aws-auth/AWS-AUTH-1PASSWORD.md","sha":"85348650e336ba37aece840bf790048b5e919910"},{"name":"AWS-AUTH-LASTPASS.md","path":"modules/aws-auth/AWS-AUTH-LASTPASS.md","sha":"f989822c9600fdb7dec2b67a929f8e4b49947aa8","toggled":true},{"name":"README.md","path":"modules/aws-auth/README.md","sha":"7c7b79c87fccb29c9bbab1c5e80de163b478ea7d"},{"name":"bin","children":[{"name":"aws-auth","path":"modules/aws-auth/bin/aws-auth","sha":"ca2ebddd0597719501b7fb1fbb04f32796dd7a69"}]},{"name":"install.sh","path":"modules/aws-auth/install.sh","sha":"ab9611d92d6822ceed981bdff3766724366037f0"}],"toggled":true},{"name":"aws-config-bucket","children":[{"name":"README.md","path":"modules/aws-config-bucket/README.md","sha":"2988d934e16617289522a4ea711ee07589ce96d7"},{"name":"main.tf","path":"modules/aws-config-bucket/main.tf","sha":"774606a8941f9f7c92c8ce20c250fdde8c2033b7"},{"name":"outputs.tf","path":"modules/aws-config-bucket/outputs.tf","sha":"04e2cc58cd9f2f38be847d1735e65bf635c9b8a9"},{"name":"variables.tf","path":"modules/aws-config-bucket/variables.tf","sha":"8c2ff746eb15fcd75f7e28ef2d9dec52c7c10c9a"}]},{"name":"aws-config-multi-region","children":[{"name":"README.adoc","path":"modules/aws-config-multi-region/README.adoc","sha":"c0e1204ac792b55ced9bedb40736621b78ef8740"},{"name":"core-concepts.md","path":"modules/aws-config-multi-region/core-concepts.md","sha":"976e6424dcb277f70377f92eb2a10d0c8e595a85"},{"name":"main.tf","path":"modules/aws-config-multi-region/main.tf","sha":"81ffa6ae6572ae7feee97ef96beffc9482586475"},{"name":"outputs.tf","path":"modules/aws-config-multi-region/outputs.tf","sha":"b0b62c8a003fcef88734cb540ad9e75b25721ffa"},{"name":"variables.tf","path":"modules/aws-config-multi-region/variables.tf","sha":"96074af498e9907aafe0a5f30ad52eebe7fdab01"}]},{"name":"aws-config-rules","children":[{"name":"README.adoc","path":"modules/aws-config-rules/README.adoc","sha":"b45089500e8c277c2eb6c744a58781bfa5394269"},{"name":"core-concepts.md","path":"modules/aws-config-rules/core-concepts.md","sha":"10477be51fde642f31032ccd15a55d9218eff224"},{"name":"main.tf","path":"modules/aws-config-rules/main.tf","sha":"5ee8a473cbfd2ad8fb65f09c5adbf78a4676a610"},{"name":"outputs.tf","path":"modules/aws-config-rules/outputs.tf","sha":"2f49386457d868067962c291a70dcef251524ffb"},{"name":"variables.tf","path":"modules/aws-config-rules/variables.tf","sha":"9d0b0f29f9783f66e5e938e3912f268f44c9fdab"}]},{"name":"aws-config","children":[{"name":"README.adoc","path":"modules/aws-config/README.adoc","sha":"6bbbc1efc5801b27371c99ecbef3bff56a56f200"},{"name":"core-concepts.md","path":"modules/aws-config/core-concepts.md","sha":"e5a7b8646bab42398ff7f5224549e528ce8c0d52"},{"name":"main.tf","path":"modules/aws-config/main.tf","sha":"9826ec52090a6e3ef937a2f9189765483fd7e858"},{"name":"outputs.tf","path":"modules/aws-config/outputs.tf","sha":"bcd505e4ac4102bc09750adb36c99398a06eb1a6"},{"name":"variables.tf","path":"modules/aws-config/variables.tf","sha":"c6732c01c8e42a8737def1991a19631308603acb"}]},{"name":"aws-organizations","children":[{"name":"README.adoc","path":"modules/aws-organizations/README.adoc","sha":"711b480a00245dc87a73e1c13a18867498eb6f7b"},{"name":"core-concepts.md","path":"modules/aws-organizations/core-concepts.md","sha":"8766c8f36eef9e8992bf13a44f6571261c43995d"},{"name":"main.tf","path":"modules/aws-organizations/main.tf","sha":"f243f1fa8d44b182904d31b24caf8a240cc8a21c"},{"name":"outputs.tf","path":"modules/aws-organizations/outputs.tf","sha":"d3b10eb4330f8d359b36fb797ba782f303988e07"},{"name":"variables.tf","path":"modules/aws-organizations/variables.tf","sha":"4eac97565d5ab76a5e0c03cde4a9337001125156"}]},{"name":"cloudtrail-bucket","children":[{"name":"README.md","path":"modules/cloudtrail-bucket/README.md","sha":"77bdc9e5689c0c06503867153355bc81d9962498"},{"name":"main.tf","path":"modules/cloudtrail-bucket/main.tf","sha":"0478007cf73cdb4bceeda4f92bda4fa2cb1d41a7"},{"name":"outputs.tf","path":"modules/cloudtrail-bucket/outputs.tf","sha":"5027f9ae3ec36bca5f1173412b1248a0b6dfcced"},{"name":"variables.tf","path":"modules/cloudtrail-bucket/variables.tf","sha":"0b8e9696685ea04ba37367c2f1690e4b1b781f01"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"cb56736b0eff0b10521fc5a42e6fd30e6660f165"},{"name":"core-concepts.md","path":"modules/cloudtrail/core-concepts.md","sha":"7e8c8a4631410e36831f5ae2b5644d229d36a4d0"},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"aa523d63a200a3d0c1f6fcda7cf221d997e53a2d"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"38190c8a3b1c5db0781a45a2965af7bd9e34deee"},{"name":"variables.tf","path":"modules/cloudtrail/variables.tf","sha":"2ca4ff6aafbd7b83227efed4dc38bbb13d911fca"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.md","path":"modules/cross-account-iam-roles/README.md","sha":"36aabf3726b3ac7960d1d50102530b8cf77ee0d5"},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"30edd9045b16799af3ee0cda4df1bdece31e711a"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"4e4697d3c627fc668206d03557f8d58b3f391465"},{"name":"variables.tf","path":"modules/cross-account-iam-roles/variables.tf","sha":"d03ba0e2e2846b2b34f0ec612e31db7485f23bdc"}]},{"name":"custom-iam-entity","children":[{"name":"README.md","path":"modules/custom-iam-entity/README.md","sha":"98ab8129418c43978d46d58896b6e64172995aba"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"f520be8f0e233548111365316c24d3bc7491cad0"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"b94249803e78991682b8542d8f39e5a728432b97"},{"name":"variables.tf","path":"modules/custom-iam-entity/variables.tf","sha":"ad93fc85d6d7c21bb348086a72406f08ccd07edb"}]},{"name":"fail2ban","children":[{"name":"README.md","path":"modules/fail2ban/README.md","sha":"2301349c1b8775809b7362189a72655ce58b26fb"},{"name":"install-scripts","children":[{"name":"cloudwatch-metric.conf","path":"modules/fail2ban/install-scripts/cloudwatch-metric.conf","sha":"f78f5f55f585a6efe60a51a2c0f41e4a63f99749"},{"name":"configure-fail2ban","path":"modules/fail2ban/install-scripts/configure-fail2ban","sha":"2d44d0459dbbcc9a1d2747648875a1ab44d7548f"},{"name":"fail2ban.local","path":"modules/fail2ban/install-scripts/fail2ban.local","sha":"8292c4a18c825bfbf0a8d52cfb2746aa43f76ca4"},{"name":"filters.sshd.amazon.conf","path":"modules/fail2ban/install-scripts/filters.sshd.amazon.conf","sha":"093bb1baf88a1e283a43b7dd7d04c64992abecc6"},{"name":"jail.amazon.local","path":"modules/fail2ban/install-scripts/jail.amazon.local","sha":"a0aef73873e461c46ff63a4a3e5166ad3453c5e3"},{"name":"jail.amazon2.local","path":"modules/fail2ban/install-scripts/jail.amazon2.local","sha":"7f0c82cc3e4f5e3e569f8bb902164f7dbd6a3dee"},{"name":"jail.ubuntu.local","path":"modules/fail2ban/install-scripts/jail.ubuntu.local","sha":"148543b26f543c3e37434736fba7d484ad176804"}]},{"name":"install.sh","path":"modules/fail2ban/install.sh","sha":"8f7b536f08506dabc2f6beb6cd5a50f7282168aa"},{"name":"user-data-scripts","children":[{"name":"configure-fail2ban-cloudwatch.sh","path":"modules/fail2ban/user-data-scripts/configure-fail2ban-cloudwatch.sh","sha":"64b7c27b8aa50302f4f7e35ebd8bbf93064bb777"}]}]},{"name":"guardduty-multi-region","children":[{"name":"README.adoc","path":"modules/guardduty-multi-region/README.adoc","sha":"0c0833b9655d1d292f086b8f27c594ef1b968d68"},{"name":"main.tf","path":"modules/guardduty-multi-region/main.tf","sha":"d568bd745674f1cf03ea6045846172f37d1e36c8"},{"name":"outputs.tf","path":"modules/guardduty-multi-region/outputs.tf","sha":"17ed87f6be722742d29aee0ef8e35a641a2ea54e"},{"name":"variables.tf","path":"modules/guardduty-multi-region/variables.tf","sha":"992199e9e968a3006918b286c7f3e69eb2fbbd74"}]},{"name":"guardduty","children":[{"name":"README.adoc","path":"modules/guardduty/README.adoc","sha":"8826f32664593d0cdc0ff4a7fd94e5cbf475478a"},{"name":"core-concepts.md","path":"modules/guardduty/core-concepts.md","sha":"2eab0fd6c0548ba11104b6d778eb224df5622886"},{"name":"main.tf","path":"modules/guardduty/main.tf","sha":"37cfa8a2a9c13d7ee6f9227af08981f60c90a318"},{"name":"outputs.tf","path":"modules/guardduty/outputs.tf","sha":"0fd6fdc76d8bc1bb4c544028c802248999d309f7"},{"name":"variables.tf","path":"modules/guardduty/variables.tf","sha":"e5c1e4b60f219d93e21a382bb3dad970977c9fcf"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"modules/iam-groups/README.md","sha":"07820342d38caf90b08a1ff0df904298ed132c8f"},{"name":"_docs","children":[{"name":"iam-user-access-to-billing.png","path":"modules/iam-groups/_docs/iam-user-access-to-billing.png","sha":"063f6cf8dc766b4d44942de89660e8ab9e1f3d63"},{"name":"my-account.png","path":"modules/iam-groups/_docs/my-account.png","sha":"387320200ed756ce4191afef87f0ab76e2c3d89a"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"800bd1bfc3f4822b8ba54f20f97dd36fcfb4cf8c"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"0fc97269b51e6c51647aa5420198d1d11c5afa37"},{"name":"variables.tf","path":"modules/iam-groups/variables.tf","sha":"d54e229b070925f1c927090781333c20ae6d765f"}]},{"name":"iam-policies","children":[{"name":"README.md","path":"modules/iam-policies/README.md","sha":"0297e14a7dfdf5727d9be5ab4f47dcf67357b247"},{"name":"main.tf","path":"modules/iam-policies/main.tf","sha":"1392a1c8a2c897d98184f8427d8fcb4a590a50d3"},{"name":"outputs.tf","path":"modules/iam-policies/outputs.tf","sha":"19511cfc28b22103cb164c6df8b5b530e7e3e172"},{"name":"variables.tf","path":"modules/iam-policies/variables.tf","sha":"02a3add807a7878bc736a0a1aaa193ac42ee5b47"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"modules/iam-user-password-policy/README.md","sha":"5bea6ba56fc796be5b860549156a3a251735fc2a"},{"name":"main.tf","path":"modules/iam-user-password-policy/main.tf","sha":"9670fa0991057e03a72b72987c02a71e14611724"},{"name":"variables.tf","path":"modules/iam-user-password-policy/variables.tf","sha":"7c08eef88a7b13226cc4e18aa8338db64fdf83f0"}]},{"name":"iam-users","children":[{"name":"README.md","path":"modules/iam-users/README.md","sha":"eacb8c8dd745d047f3844e0b63573af66b8c1083"},{"name":"main.tf","path":"modules/iam-users/main.tf","sha":"76321096c30e09156c7247d4f2770f5f5f7e9f4b"},{"name":"outputs.tf","path":"modules/iam-users/outputs.tf","sha":"4d053caccca2412befcf956c94e908b2d5c89054"},{"name":"variables.tf","path":"modules/iam-users/variables.tf","sha":"25e55a291fa64e63996f5baab05a2082b548cd41"}]},{"name":"ip-lockdown","children":[{"name":"README.md","path":"modules/ip-lockdown/README.md","sha":"af806e396600aed64922eac8a3c7ab29a90f858d"},{"name":"install.sh","path":"modules/ip-lockdown/install.sh","sha":"ce61af763bee9ad29754220ae24521f22c3a956f"},{"name":"ip-lockdown","path":"modules/ip-lockdown/ip-lockdown","sha":"93a0e1f5876e7de5778c595e8801d64986cb118b"}]},{"name":"kms-grant-multi-region","children":[{"name":"README.adoc","path":"modules/kms-grant-multi-region/README.adoc","sha":"8b31bdf6b848e87f10f3ae1a2d031ede038f52b9"},{"name":"core-concepts.md","path":"modules/kms-grant-multi-region/core-concepts.md","sha":"53fe1d9a73a2643da5d276b71dce7ff649896ef2"},{"name":"main.tf","path":"modules/kms-grant-multi-region/main.tf","sha":"c9d6e1c929edd197b37b467c6a030a9ef6952d0b"},{"name":"outputs.tf","path":"modules/kms-grant-multi-region/outputs.tf","sha":"b9d84078afacb154536292bddba4afbd6c9158c2"},{"name":"variables.tf","path":"modules/kms-grant-multi-region/variables.tf","sha":"d27a8da6b13e1ea67a1b4721edd8bbe59781df7d"}]},{"name":"kms-master-key-multi-region","children":[{"name":"README.adoc","path":"modules/kms-master-key-multi-region/README.adoc","sha":"2bdf512e1f415dd833b7c5f9877ba63ab2ad1d08"},{"name":"main.tf","path":"modules/kms-master-key-multi-region/main.tf","sha":"385c07554a1ba5e497ea8bf4e5050cae68eb6a5a"},{"name":"outputs.tf","path":"modules/kms-master-key-multi-region/outputs.tf","sha":"932a3ac2a94e4950267c55c115f1118328345bf3"},{"name":"variables.tf","path":"modules/kms-master-key-multi-region/variables.tf","sha":"e1c5961708f3f4d432af14f0a795d9960011dd2e"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"modules/kms-master-key/README.md","sha":"1b43a005494f12b05551adb020a31726f28e10d3"},{"name":"main.tf","path":"modules/kms-master-key/main.tf","sha":"07502e4ee2c202f5d7e78c69245078c9b430683f"},{"name":"outputs.tf","path":"modules/kms-master-key/outputs.tf","sha":"4d0dbba81e8186243d96a8325a5f643d87543451"},{"name":"variables.tf","path":"modules/kms-master-key/variables.tf","sha":"283610dd4c318adbac1b3475d261b28ca30c4c28"}]},{"name":"ntp","children":[{"name":"README.md","path":"modules/ntp/README.md","sha":"c81ae3adf4d5af364729c5537414de1ada470af5"},{"name":"install.sh","path":"modules/ntp/install.sh","sha":"66f01538550459e770dde3d03b8c1ee705301b49"}]},{"name":"os-hardening","children":[{"name":"README.md","path":"modules/os-hardening/README.md","sha":"3e864b0e9208eb6809adf41968c51e02fc233ee1"},{"name":"_docs","children":[{"name":"Helpful Email.md","path":"modules/os-hardening/_docs/Helpful Email.md","sha":"246a0b80b29f5ff3d2b2f4c5c170fc927e2d9dd7"}]},{"name":"ami-builder","children":[{"name":"files","children":[{"name":"user-data.sh.template","path":"modules/os-hardening/ami-builder/files/user-data.sh.template","sha":"4a3c87a19e1a4caa20b9b425b2a02101566d1166"}]},{"name":"main.tf","path":"modules/os-hardening/ami-builder/main.tf","sha":"3b23018276920ce33dab358eab79ef39e269fd98"},{"name":"outputs.tf","path":"modules/os-hardening/ami-builder/outputs.tf","sha":"8ce2ee598124ca50dd530a33aa60f5d1452a4a2b"},{"name":"variables.tf","path":"modules/os-hardening/ami-builder/variables.tf","sha":"c5927cfcebf6781b8b920d8fd7872f2992bb1501"}]},{"name":"partition-scripts","children":[{"name":"README.md","path":"modules/os-hardening/partition-scripts/README.md","sha":"a2986f1ab8f7470d2ba71d5270e5217d64cb10a3"},{"name":"bin","children":[{"name":"cleanup-volume","path":"modules/os-hardening/partition-scripts/bin/cleanup-volume","sha":"c7cbf3ecebd915235238557d27a1ce25e6fc10fa"},{"name":"partition-volume","path":"modules/os-hardening/partition-scripts/bin/partition-volume","sha":"f4f8566a1ef6aa4ff0c0268bd28721488aa6dfc4"}]},{"name":"install.sh","path":"modules/os-hardening/partition-scripts/install.sh","sha":"606776c068260836e8612a681ff4e3edc8abdb41"}]}]},{"name":"saml-iam-roles","children":[{"name":"README.md","path":"modules/saml-iam-roles/README.md","sha":"528798d6db316adb724cc295e043108a5c426854"},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"3bfa41aaf3ce250eabd15e84b160c4a11bf2472b"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"c579901907b216c55e4c815d28f0a22171a960e6"},{"name":"variables.tf","path":"modules/saml-iam-roles/variables.tf","sha":"1f3f26ade9fd75d8e66ba12649f45d075b5e0f2b"}]},{"name":"ssh-grunt-selinux-policy","children":[{"name":"README.md","path":"modules/ssh-grunt-selinux-policy/README.md","sha":"8a934c81da696e32c365183b6a707594da99ba79"},{"name":"install.sh","path":"modules/ssh-grunt-selinux-policy/install.sh","sha":"3de871d61a9990e7f2c130f23afaf00daeb6bbef"},{"name":"ssh-grunt.pp","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.pp","sha":"7c7050f812cd0e3cb34e37b88c35fb09f369be7d"},{"name":"ssh-grunt.te","path":"modules/ssh-grunt-selinux-policy/ssh-grunt.te","sha":"3317a71feaa633662a00b1dc05b1176cb85c9793"}]},{"name":"ssh-grunt","children":[{"name":".dockerignore","path":"modules/ssh-grunt/.dockerignore","sha":"a725465aee245635a2bd129af54858ed32c84cb8"},{"name":"Dockerfile","path":"modules/ssh-grunt/Dockerfile","sha":"3d1a6eb67de35573d8ec48bb6ac06b515f9a63d8"},{"name":"README.adoc","path":"modules/ssh-grunt/README.adoc","sha":"89e1ff7db5620809af182703c45f87601e59a766"},{"name":"_ci","children":[{"name":"build-and-test.sh","path":"modules/ssh-grunt/_ci/build-and-test.sh","sha":"903993de2d7bcde19d472fa5e510ee862d4b10c3"},{"name":"test.sh","path":"modules/ssh-grunt/_ci/test.sh","sha":"235603944316e81f1da1cc0248b80beecf99cb27"}]},{"name":"_docs","children":[{"name":"houston-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/houston-upload-ssh-key.png","sha":"e32519497262f9796a4ea46c53953923975cbd7d"},{"name":"iam-upload-ssh-key.png","path":"modules/ssh-grunt/_docs/iam-upload-ssh-key.png","sha":"8bb1e793185eb0b4822023552899874394342f21"}]},{"name":"core-concepts.md","path":"modules/ssh-grunt/core-concepts.md","sha":"be3b64a930906b8b16412ccdc0fe9384079a2191"},{"name":"docker-compose.yml","path":"modules/ssh-grunt/docker-compose.yml","sha":"0609cfaadf18bb9eb8ff13459cf9f0f10928765e"},{"name":"go.mod","path":"modules/ssh-grunt/go.mod","sha":"33e7bfc12450f68fe0fc800d06248129ed229b9f"},{"name":"go.sum","path":"modules/ssh-grunt/go.sum","sha":"9c21e75d8e59393633a732fe8b646daedf4ac139"},{"name":"scripts","children":[{"name":"build-linux-binary.sh","path":"modules/ssh-grunt/scripts/build-linux-binary.sh","sha":"fc74dd9990e9f4526ae2e7cd13e338d4fd0f11c4"},{"name":"run.sh","path":"modules/ssh-grunt/scripts/run.sh","sha":"050027e034cd03e53625986eb0f331c043492cf6"}]},{"name":"src","children":[{"name":"cli.go","path":"modules/ssh-grunt/src/cli.go","sha":"f72f670dcf0ae2e0bcb8ed02e91c706a5e8c3be0"},{"name":"cli_test.go","path":"modules/ssh-grunt/src/cli_test.go","sha":"89c94ffdefb2e607fa005f028bdbd13b2f6c13f0"},{"name":"collections.go","path":"modules/ssh-grunt/src/collections.go","sha":"aa9b67f00f57088f9bf4e129dcc53003524dd0a7"},{"name":"cron.go","path":"modules/ssh-grunt/src/cron.go","sha":"4ceb8efd0cdf51b5170bb152b6824fc54f8d429c"},{"name":"cron_test.go","path":"modules/ssh-grunt/src/cron_test.go","sha":"4b87577a1cc2b8dbff08457d60bbc96546149174"},{"name":"errors.go","path":"modules/ssh-grunt/src/errors.go","sha":"03c89804638ecc45fdcd0a0aeaed9ea5f605940b"},{"name":"file.go","path":"modules/ssh-grunt/src/file.go","sha":"eb991fd15ac2c3660313e6d4c5669b36ccc9cc21"},{"name":"groups.go","path":"modules/ssh-grunt/src/groups.go","sha":"49e569a80abb6306ab0f7fd79c810d2e2ad8ab3a"},{"name":"groups_test.go","path":"modules/ssh-grunt/src/groups_test.go","sha":"7e54ba9b640b07605ae959de086fc6998861e311"},{"name":"houston.go","path":"modules/ssh-grunt/src/houston.go","sha":"e9db062f2cb815b49e4df754427ae286e4d163d4"},{"name":"houston_test.go","path":"modules/ssh-grunt/src/houston_test.go","sha":"82a9b2d2d41e09b6949897ed989a483fc7e0a650"},{"name":"iam.go","path":"modules/ssh-grunt/src/iam.go","sha":"dafbc8fbb732d2d6212cade786eb13d7215b9862"},{"name":"iam_test.go","path":"modules/ssh-grunt/src/iam_test.go","sha":"79a55543a72baf93bbac7140d89226e3fd7ab133"},{"name":"logger.go","path":"modules/ssh-grunt/src/logger.go","sha":"93095ba8216709b3178fcc44a76421a765f4e302"},{"name":"main.go","path":"modules/ssh-grunt/src/main.go","sha":"a89d9402d32d371dc9b945ab9c72996808d17b85"},{"name":"shell.go","path":"modules/ssh-grunt/src/shell.go","sha":"7f49eeee4119efde0bd58d7c78fd4ef785dc5f6c"},{"name":"ssh.go","path":"modules/ssh-grunt/src/ssh.go","sha":"8e6b62d6c33279aaf5af6cabacd0afc4d186ca97"},{"name":"ssh_test.go","path":"modules/ssh-grunt/src/ssh_test.go","sha":"7500d8fd85ef74758501f6952be45cb523e29cd1"},{"name":"string.go","path":"modules/ssh-grunt/src/string.go","sha":"fc61ca9625f9d654c2b3576ff932db1b90ae9dfe"},{"name":"string_test.go","path":"modules/ssh-grunt/src/string_test.go","sha":"78bf08d239079c9c985d40da1cc9bcdcb4c0bc5d"},{"name":"sync.go","path":"modules/ssh-grunt/src/sync.go","sha":"7c2f9ff292b484a7ca1ab14e1bbd558cd24553f2"},{"name":"sync_test.go","path":"modules/ssh-grunt/src/sync_test.go","sha":"2ddb07aedec67d1698af022e4e1391ea60636f9e"},{"name":"url.go","path":"modules/ssh-grunt/src/url.go","sha":"0af5ddc5f3e27af95d6f6ddd41acf0c229962f7f"},{"name":"url_test.go","path":"modules/ssh-grunt/src/url_test.go","sha":"606974cac1eee3f309a951c1d9e11ed389088836"},{"name":"users.go","path":"modules/ssh-grunt/src/users.go","sha":"6c3a8a22006a91656fcc5fd31d684271cdf129e3"},{"name":"users_test.go","path":"modules/ssh-grunt/src/users_test.go","sha":"fdd9f7f99466c223b9abdd4951147c8febc0b3fb"}]}]},{"name":"ssh-iam","children":[{"name":"README.md","path":"modules/ssh-iam/README.md","sha":"4aa06d6a729e53384b6d2a43c06ee38807092f32"}]},{"name":"ssm-healthchecks-iam-permissions","children":[{"name":"README.md","path":"modules/ssm-healthchecks-iam-permissions/README.md","sha":"005260025ae51ed9e13f1b6c6f9d737a02d5db68"},{"name":"main.tf","path":"modules/ssm-healthchecks-iam-permissions/main.tf","sha":"6b6b91fa59bc86de7521264ff34217cc88ae3842"},{"name":"variables.tf","path":"modules/ssm-healthchecks-iam-permissions/variables.tf","sha":"731aa1c2f275f723272114ef0357a8c3a246b47e"}]},{"name":"tls-cert-private","children":[{"name":"Dockerfile","path":"modules/tls-cert-private/Dockerfile","sha":"2d8683d51957cb17ffef180dd57b43651b1e9d23"},{"name":"README.md","path":"modules/tls-cert-private/README.md","sha":"c6996ec25d7d9b1ab4f79d8164a14e86e1ac844f"},{"name":"docker-compose.yml","path":"modules/tls-cert-private/docker-compose.yml","sha":"f872026e8d51ceaab2e1c11cc9cf9c35ba81f29c"},{"name":"files","children":[{"name":"openssl.cnf","path":"modules/tls-cert-private/files/openssl.cnf","sha":"2542542c80ab180c47d3e0a27dbded65bed572de"}]},{"name":"scripts","children":[{"name":"generate-ca-keypair.sh","path":"modules/tls-cert-private/scripts/generate-ca-keypair.sh","sha":"395ee97c0e499c660efac5c5cf1f79dfcdbb69f8"},{"name":"generate-tls-keypair.sh","path":"modules/tls-cert-private/scripts/generate-tls-keypair.sh","sha":"f1c3577437fd589087704a9c003de416cb87d232"},{"name":"main.sh","path":"modules/tls-cert-private/scripts/main.sh","sha":"dc7af965ffb783bbef449010818e69294fa2ef75"}]}]}],"toggled":true},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"b44e2152ea21d65a8c51bb58321e18ec7527c22e"},{"name":"common","children":[{"name":"test_helpers.go","path":"test/common/test_helpers.go","sha":"d42b5149d99dd3fce84a7cef158a8cea44be3c99"}]},{"name":"go.mod","path":"test/go.mod","sha":"f89000aa7b89d75f19bb6cbe600bdc6643b5d4da"},{"name":"go.sum","path":"test/go.sum","sha":"a9bb6350331b345bf2c2e485ce60a79647c7f9e5"},{"name":"landingzone","children":[{"name":"account_baseline_test.go","path":"test/landingzone/account_baseline_test.go","sha":"2e79014b70907d5d5e585c242b948b5457b3cb87"},{"name":"aws_config_rules_test.go","path":"test/landingzone/aws_config_rules_test.go","sha":"b27f3d36432250dbc681386dbd673db086f1d96f"},{"name":"aws_config_test.go","path":"test/landingzone/aws_config_test.go","sha":"15cc48ac8174a753ed353d61a9582bd3d495fe88"},{"name":"aws_organizations_test.go","path":"test/landingzone/aws_organizations_test.go","sha":"b8b2a9d87d27b48adf3190d9254fe565e27e2834"},{"name":"guardduty_test.go","path":"test/landingzone/guardduty_test.go","sha":"bbaeb7b991d27e915828f1cf96c9dc23f270205a"},{"name":"kms_grant_multiregion_test.go","path":"test/landingzone/kms_grant_multiregion_test.go","sha":"2a663a74f3a6052503d966e6727b9fd289db7b48"},{"name":"kms_master_key_multiregion_test.go","path":"test/landingzone/kms_master_key_multiregion_test.go","sha":"4f718b41f6f1f0d4c1a0daded1a42f1bdf99993b"},{"name":"test_helpers.go","path":"test/landingzone/test_helpers.go","sha":"09aaf2f51de76d47732b36b6347407841519c28b"}]},{"name":"security","children":[{"name":"auto_update_test.go","path":"test/security/auto_update_test.go","sha":"c55fc7bde4cdd3ff7301d6b066133a3b00393677"},{"name":"cloudtrail_test.go","path":"test/security/cloudtrail_test.go","sha":"b227aab5838e6c93441f7b649b907a9416ee68a5"},{"name":"cross_account_iam_roles_test.go","path":"test/security/cross_account_iam_roles_test.go","sha":"889923cccfaf4775a15a0e500a810bc78fafd55f"},{"name":"custom_iam_entity_test.go","path":"test/security/custom_iam_entity_test.go","sha":"514a06c2e5bab3c0537b67e9c75e33629248cfcd"},{"name":"fail2ban_test.go","path":"test/security/fail2ban_test.go","sha":"261978b73bec743d6bb3a74e1062366cff61ab5f"},{"name":"iam_groups_test.go","path":"test/security/iam_groups_test.go","sha":"e0a7ae52a0b0edcb1aee42db4eff686c994f263b"},{"name":"iam_ssm_test.go","path":"test/security/iam_ssm_test.go","sha":"20268ac744df04c901a1cbf81d042c1f535e5371"},{"name":"iam_user_password_policy_test.go","path":"test/security/iam_user_password_policy_test.go","sha":"e6eea3e767a427352fe9f0226e7fa3c39ed338d6"},{"name":"iam_users_test.go","path":"test/security/iam_users_test.go","sha":"d71b6d7f8f215a05afbd84e5043fe5b0baf9f012"},{"name":"ip-lockdown-test-scripts","children":[{"name":"allow-several-users.sh","path":"test/security/ip-lockdown-test-scripts/allow-several-users.sh","sha":"2f75dbe0880ed0907b43db58b6ac030a0d0e9bd4"},{"name":"common.sh","path":"test/security/ip-lockdown-test-scripts/common.sh","sha":"cdfe11aca76607a4feaf254a394f32273b738c5c"},{"name":"index.html","path":"test/security/ip-lockdown-test-scripts/index.html","sha":"557db03de997c86a4a028e1ebd3a1ceb225be238"},{"name":"restrict-all-users.sh","path":"test/security/ip-lockdown-test-scripts/restrict-all-users.sh","sha":"a37c1ffc90f2532e7cc3f9f5a859b75c98661dc6"},{"name":"restrict-one-user.sh","path":"test/security/ip-lockdown-test-scripts/restrict-one-user.sh","sha":"4214e1c15102f4568d1e995aa82add46ee430237"},{"name":"sanity-check.sh","path":"test/security/ip-lockdown-test-scripts/sanity-check.sh","sha":"542ed72f4f0952ace67c9cbf2e5ac07e81e6870c"}]},{"name":"ip_lockdown_test.go","path":"test/security/ip_lockdown_test.go","sha":"14d5236b574215f568131ba7f915ba2812d92c55"},{"name":"kms_master_key_test.go","path":"test/security/kms_master_key_test.go","sha":"b9addac57172419069956f4fb2db8424d32fa2ff"},{"name":"ntp_test.go","path":"test/security/ntp_test.go","sha":"38c92a6ecc39a49629d6ff2f072e849da17ff2ec"},{"name":"os_hardening_test.go","path":"test/security/os_hardening_test.go","sha":"c50ac78e1b70a8b1cea2ac4b56de433795ef3a1e"},{"name":"saml_iam_roles_test.go","path":"test/security/saml_iam_roles_test.go","sha":"c74cf88af9132ddd9f1a587f5182594f388326d8"},{"name":"ssh_grunt_houston_test.go","path":"test/security/ssh_grunt_houston_test.go","sha":"d5f07e8ffc33add2341d2a6a4f39fbff1ad3d8c6"},{"name":"ssh_grunt_iam_test.go","path":"test/security/ssh_grunt_iam_test.go","sha":"a4d5c3b5a3d302b7213cf2a1b103c7effa70c75b"},{"name":"test_helpers.go","path":"test/security/test_helpers.go","sha":"fcd91c0059f4ab6701db6368fc2acda8b9d1dd60"},{"name":"test_helpers_aws_auth.go","path":"test/security/test_helpers_aws_auth.go","sha":"de42c70f5e1b875f994b433cf94f1ff6bacc7de7"},{"name":"tls_cert_private_test.go","path":"test/security/tls_cert_private_test.go","sha":"455501c058664b1066381be8c1423e68ba436fdf"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"last-pass-with-aws\">LastPass with AWS</h1><div class=\"preview__body--border\"></div><h2 class=\"preview__body--subtitle\" id=\"aws-auth-script\"><code>aws-auth</code> script</h2>\n<p>Before reading these instructions, go through setting up <code>aws-auth</code> and understanding the <a href=\"/repos/v0.44.6/module-security/modules/aws-auth/README.md\" class=\"preview__body--description--blue\">aws-auth workflow</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"combining-it-with-last-pass\">Combining it with LastPass</h2>\n<p>If you've read the <a href=\"/repos/v0.44.6/module-security/modules/aws-auth/README.md\" class=\"preview__body--description--blue\">aws-auth README</a>, you'll find that using <code>aws-auth</code> isn't <em>really</em> a one-liner, since you have to set your permanent AWS credentials first:</p>\n<pre>export AWS_ACCESS_KEY_ID='<PERMANENT_ACCESS_KEY>'\nexport AWS_SECRET_ACCESS_KEY='<PERMANENT_SECRET_KEY>'\neval <span class=\"hljs-constructor\">$(<span class=\"hljs-params\">aws</span>-<span class=\"hljs-params\">auth</span> --<span class=\"hljs-params\">serial</span>-<span class=\"hljs-params\">number</span> <span class=\"hljs-params\">arn</span>:<span class=\"hljs-params\">aws</span>:<span class=\"hljs-params\">iam</span>::123456789011:<span class=\"hljs-params\">mfa</span><span class=\"hljs-operator\">/</span><span class=\"hljs-params\">jondoe</span> --<span class=\"hljs-params\">token</span>-<span class=\"hljs-params\">code</span> 123456)</span>\n</pre>\n<p>If you store your secrets in a CLI-friendly password manager, such as <a href=\"https://github.com/lastpass/lastpass-cli\" class=\"preview__body--description--blue\" target=\"_blank\">lpass</a> or <a href=\"/repos/v0.44.6/module-security/modules/aws-auth#combining-it-with-password-managers\" class=\"preview__body--description--blue\">pass</a>,\nthen you can reduce this even further!</p>\n<p>If needed, you can create a LastPass account and install the client from <a href=\"https://www.lastpass.com/\" class=\"preview__body--description--blue\" target=\"_blank\">here</a>. The CLI client can be installed from <a href=\"https://github.com/lastpass/lastpass-cli\" class=\"preview__body--description--blue\" target=\"_blank\">here</a>.</p>\n<h4 id=\"create-templates\">Create templates</h4>\n<p>First, store your permanent AWS credentials in <code>lpass</code>. I'm sure there are multiple ways this can be done but I created a\ncustom note and stored all user account information in it.</p>\n<ol>\n<li>Open your LastPass Vault > Secure Notes > click on the (+) sign > Add Secure Note.</li>\n<li>Change "Note Type:" to "Add Custom Template".</li>\n<li>Give it a name like "AWS Security Credentials".</li>\n<li>Start adding fields.</li>\n<li>Save the template when complete.</li>\n</ol>\n<p>Fields I used were:</p>\n<table>\n<thead>\n<tr>\n<th>Field Name</th>\n<th style=\"text-align:right\">Field Type</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>User ID (IAM)</td>\n<td style=\"text-align:right\">Text</td>\n</tr>\n<tr>\n<td>Account Name</td>\n<td style=\"text-align:right\">Text</td>\n</tr>\n<tr>\n<td>Account Number</td>\n<td style=\"text-align:right\">Text</td>\n</tr>\n<tr>\n<td>Access Key ID</td>\n<td style=\"text-align:right\">Text with copy button</td>\n</tr>\n<tr>\n<td>Secret Access Key</td>\n<td style=\"text-align:right\">Text with copy button</td>\n</tr>\n<tr>\n<td>MFA ARN</td>\n<td style=\"text-align:right\">Text with copy button</td>\n</tr>\n</tbody>\n</table>\n<p>Once that's complete, create a second note used to for storing lines of the script.</p>\n<ol>\n<li>Open your LastPass Vault > Secure Notes > click on the (+) sign > Add Secure Note.</li>\n<li>Change "Note Type:" to "Add Custom Template".</li>\n<li>Give it a name like "Script".</li>\n<li>Start adding fields.</li>\n<li>Save the template when complete.</li>\n</ol>\n<p>Fields I used were:</p>\n<table>\n<thead>\n<tr>\n<th>Field Name</th>\n<th style=\"text-align:right\">Field Type</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Param1</td>\n<td style=\"text-align:right\">Text</td>\n</tr>\n<tr>\n<td>Param2</td>\n<td style=\"text-align:right\">Text</td>\n</tr>\n<tr>\n<td>Param3</td>\n<td style=\"text-align:right\">Text</td>\n</tr>\n<tr>\n<td>Param4</td>\n<td style=\"text-align:right\">Text</td>\n</tr>\n</tbody>\n</table>\n<h4 id=\"save-secrets-and-script-parameters-in-last-pass\">Save secrets and script parameters in LastPass</h4>\n<p>Create a new Secure Note using the "AWS Security Credentials" template. Store your User ID ARN, Account Name, Account Number,\nAccess Key ID, Secret Access Key, and MFA ARN in that. Custom templates can't be added from the <code>lpass</code> cli so this has to be\ndone within the LastPass GUI.</p>\n<pre>$ lpass show aws-johndoe\nFoldername/aws-johndoe [id: 1234567890123456]\nMFA ARN: arn:aws:iam::123456789012:mfa/johndoe<span class=\"hljs-built_in\">\nSecret </span>Access Key: JOHNDOERANDOMSECRETACCESSKEY\nAccess Key ID: JOHNDOEACCESSKEYID\nAccount Number: 123456789012\nAccount Name: Security<span class=\"hljs-built_in\">\nUser </span>ID (IAM): arn:aws:iam::123456789012:user/johndoe\nNoteType: Custom\n</pre>\n<p>If you will be assuming an IAM Role ARN, put that in <code>lpass</code> too:</p>\n<pre>lpass add aws-johndoe-role-arn-otheraccount\nUsername: eval <span class=\"hljs-constructor\">$(AWS_ACCESS_KEY_ID=$(<span class=\"hljs-params\">lpass</span> <span class=\"hljs-params\">show</span> <span class=\"hljs-params\">aws</span>-<span class=\"hljs-params\">johndoe</span> --<span class=\"hljs-params\">field</span> <span class=\"hljs-string\">\"Access Key ID\"</span>)</span> AWS_SECRET_ACCESS_KEY=<span class=\"hljs-constructor\">$(<span class=\"hljs-params\">lpass</span> <span class=\"hljs-params\">show</span> <span class=\"hljs-params\">aws</span>-<span class=\"hljs-params\">johndoe</span> --<span class=\"hljs-params\">field</span> <span class=\"hljs-string\">\"Secret Access Key\"</span>)</span> aws-auth --serial-number <span class=\"hljs-constructor\">$(<span class=\"hljs-params\">lpass</span> <span class=\"hljs-params\">show</span> <span class=\"hljs-params\">aws</span>-<span class=\"hljs-params\">johndoe</span> --<span class=\"hljs-params\">field</span> <span class=\"hljs-string\">\"MFA ARN\"</span>)</span> --token-code <span class=\"hljs-string\">\"$token\"</span> --role-arn <span class=\"hljs-constructor\">$(<span class=\"hljs-params\">lpass</span> <span class=\"hljs-params\">show</span> <span class=\"hljs-params\">aws</span>-<span class=\"hljs-params\">johndoe</span>-<span class=\"hljs-params\">role</span>-<span class=\"hljs-params\">arn</span>-<span class=\"hljs-params\">otheraccount</span> --<span class=\"hljs-params\">password</span>)</span>)\nPassword: arn:aws:iam::<span class=\"hljs-number\">098765432109</span>:role/role-name\n</pre>\n<p><em>Note: For the IAM Role ARNs, I'm using the default <code>lpass</code> site template since I only need two fields and I can access it quickly with the CLI. The script with the <code>--role-arn</code> flag is saved as <code>Username</code> and the Role ARN is being saved as <code>Password</code>.</em></p>\n<h4 id=\"start-putting-the-script-together\">Start putting the script together</h4>\n<p>Now, we can start constructing our script in <code>lpass</code> that ties all of this together. Again, since this is a custom template, everything has to\nbe done within the LastPass console. Create a new Secure Note using the "Script" template.</p>\n<p>In the Param1 field, copy in:</p>\n<pre><span class=\"hljs-built_in\">read</span> -p <span class=\"hljs-string\">\"Enter your MFA token: \"</span> <span class=\"hljs-keyword\">token</span>\n</pre>\n<p><em>Note: The other ParamX fields were added for future use and not necessarily for this script.</em></p>\n<pre>$ lpass show aws-auth-security\nFoldername/aws-auth-security <span class=\"hljs-literal\">[<span class=\"hljs-identifier\">id</span>: <span class=\"hljs-number\">7056520004343215957</span>]</span>\nParam4:\nParam3:\nParam2: eval <span class=\"hljs-constructor\">$(AWS_ACCESS_KEY_ID=$(<span class=\"hljs-params\">lpass</span> <span class=\"hljs-params\">show</span> <span class=\"hljs-params\">aws</span>-<span class=\"hljs-params\">johndoe</span> --<span class=\"hljs-params\">field</span> <span class=\"hljs-string\">\"Access Key ID\"</span>)</span> AWS_SECRET_ACCESS_KEY=<span class=\"hljs-constructor\">$(<span class=\"hljs-params\">lpass</span> <span class=\"hljs-params\">show</span> <span class=\"hljs-params\">aws</span>-<span class=\"hljs-params\">johndoe</span> --<span class=\"hljs-params\">field</span> <span class=\"hljs-string\">\"Secret Access Key\"</span>)</span> aws-auth --serial-number <span class=\"hljs-constructor\">$(<span class=\"hljs-params\">lpass</span> <span class=\"hljs-params\">show</span> <span class=\"hljs-params\">aws</span>-<span class=\"hljs-params\">johndoe</span> --<span class=\"hljs-params\">field</span> <span class=\"hljs-string\">\"MFA ARN\"</span>)</span> --token-code <span class=\"hljs-string\">\"$token\"</span>)\nParam1: read -p <span class=\"hljs-string\">\"Enter your MFA token: \"</span> token\nNoteType: Custom\n</pre>\n<p>Now, to setup your temporary STS credentials so it is <em>truly</em> a one-liner!</p>\n<pre><span class=\"hljs-built_in\">eval</span> <span class=\"hljs-string\">\"<span class=\"hljs-variable\">$(lpass show aws-auth-security --field Param1; lpass show aws-auth-security --field Param2)</span>\"</span>\n</pre>\n<p><strong>Example</strong></p>\n<pre>$ eval <span class=\"hljs-string\">\"$(lpass show aws-auth-security --field Param1; lpass show aws-auth-security --field Param2)\"</span>\nEnter your MFA token: <span class=\"hljs-number\">123456</span>\n<span class=\"hljs-number\">2018</span><span class=\"hljs-number\">-01</span><span class=\"hljs-number\">-08</span> <span class=\"hljs-number\">16</span>:<span class=\"hljs-number\">35</span>:<span class=\"hljs-number\">18</span> [INFO] [aws-auth] Getting temporary credentials <span class=\"hljs-keyword\">and</span> token <span class=\"hljs-keyword\">for</span> MFA device arn:aws:iam::<span class=\"hljs-number\">123456789012</span>:mfa/johndoe\n<span class=\"hljs-number\">2018</span><span class=\"hljs-number\">-01</span><span class=\"hljs-number\">-08</span> <span class=\"hljs-number\">16</span>:<span class=\"hljs-number\">35</span>:<span class=\"hljs-number\">19</span> [INFO] [aws-auth] Success!\n</pre>\n<h4 id=\"alias-all-the-things\">Alias all the things!</h4>\n<p>But that's still a lot of typing. How about we alias that and all the additional IAM Role ARN possibilities? I keep all my aliases defined in <code>~/.bash_aliases</code>.</p>\n<p><em>Note: Remember that <code>aws-auth-otheraccount</code> requires we specify the <code>--role-arn</code> so we can switch to that role/account. In this example, all\nof that is stored in <code>lpass</code> as the secret <code>aws-johndoe-role-arn-otheraccount</code>. The <code>Username</code> field contains the script and the <code>Password</code> field\ncontains the Role ARN.</em></p>\n<p><em>For every AWS account used in your organization, you'll need to create that additional secret and that BASH alias if you're going to follow along with this.\nRemember to adjust your <code>alias</code> scripts as neccessary.</em></p>\n<pre><span class=\"hljs-comment\"># Authenticate to the AWS account with the User ID</span>\nalias aws-auth-security='eval <span class=\"hljs-string\">\"$(lpass show aws-auth-security --field Param1; lpass show aws-auth-security --field Param2)\"</span>'\n\n<span class=\"hljs-comment\"># Authenticate to the AWS account with the role arn</span>\nalias aws-auth-otheraccount='eval <span class=\"hljs-string\">\"$(lpass show aws-auth-security --field Param1; lpass show aws-johndoe-role-arn-otheraccount --username)\"</span>'\n</pre>\n<p><em>Note: the double quotes around the <code>$()</code> are required.</em></p>\n<p><strong>Example</strong></p>\n<pre>$ aws-auth-security\nEnter your MFA token: <span class=\"hljs-number\">123456</span>\n<span class=\"hljs-number\">2018</span><span class=\"hljs-number\">-01</span><span class=\"hljs-number\">-09</span> <span class=\"hljs-number\">21</span>:<span class=\"hljs-number\">14</span>:<span class=\"hljs-number\">18</span> [INFO] [aws-auth] Getting temporary credentials <span class=\"hljs-keyword\">and</span> token <span class=\"hljs-keyword\">for</span> MFA device arn:aws:iam::<span class=\"hljs-number\">123456789012</span>:mfa/johndoe\n<span class=\"hljs-number\">2018</span><span class=\"hljs-number\">-01</span><span class=\"hljs-number\">-09</span> <span class=\"hljs-number\">21</span>:<span class=\"hljs-number\">14</span>:<span class=\"hljs-number\">19</span> [INFO] [aws-auth] Success!\n\n$ aws-auth-otheraccount\nEnter your MFA token: <span class=\"hljs-number\">234567</span>\n<span class=\"hljs-number\">2018</span><span class=\"hljs-number\">-01</span><span class=\"hljs-number\">-09</span> <span class=\"hljs-number\">21</span>:<span class=\"hljs-number\">14</span>:<span class=\"hljs-number\">41</span> [INFO] [aws-auth] Getting temporary credentials <span class=\"hljs-keyword\">and</span> token <span class=\"hljs-keyword\">for</span> MFA device arn:aws:iam::<span class=\"hljs-number\">123456789012</span>:mfa/johndoe\n<span class=\"hljs-number\">2018</span><span class=\"hljs-number\">-01</span><span class=\"hljs-number\">-09</span> <span class=\"hljs-number\">21</span>:<span class=\"hljs-number\">14</span>:<span class=\"hljs-number\">42</span> [INFO] [aws-auth] Assuming role arn:aws:iam::<span class=\"hljs-number\">098765432109</span>:role/rolename\n<span class=\"hljs-number\">2018</span><span class=\"hljs-number\">-01</span><span class=\"hljs-number\">-09</span> <span class=\"hljs-number\">21</span>:<span class=\"hljs-number\">14</span>:<span class=\"hljs-number\">42</span> [INFO] [aws-auth] Success!\n\n$ aws sts <span class=\"hljs-keyword\">get</span>-caller-identity\n{\n <span class=\"hljs-string\">\"UserId\"</span>: <span class=\"hljs-string\">\"AWSRANDOMUSERID:johndoe\"</span>,\n <span class=\"hljs-string\">\"Account\"</span>: <span class=\"hljs-string\">\"098765432109\"</span>,\n <span class=\"hljs-string\">\"Arn\"</span>: <span class=\"hljs-string\">\"arn:aws:sts::098765432109:assumed-role/rolename/johndoe\"</span>\n}\n</pre>\n<h3 class=\"preview__body--subtitle\" id=\"thanks\">Thanks</h3>\n<ul>\n<li><a href=\"https://github.com/lastpass/lastpass-cli\" class=\"preview__body--description--blue\" target=\"_blank\">LastPass</a>, for creating a CLI.</li>\n<li><a href=\"https://github.com/gruntwork-io\" class=\"preview__body--description--blue\" target=\"_blank\">Gruntwork.io</a>, for creating the initial script and instructions.</li>\n</ul>\n","repoName":"module-security","repoRef":"v0.36.3","serviceDescriptor":{"serviceName":"ssh-grunt","serviceRepoName":"module-security","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/ssh-grunt","cloudProviders":["aws"],"description":"Manage SSH access to EC2 Instances using groups in AWS IAM or your Identity Provider (e.g., ADFS, Google, Okta, etc).","imageUrl":"grunt.png","licenseType":"subscriber","technologies":["Terraform","Go"],"compliance":[],"tags":[""]},"serviceCategoryName":"SSH access","fileName":"AWS-AUTH-LASTPASS.md","filePath":"/modules/aws-auth/AWS-AUTH-LASTPASS.md","title":"Repo Browser: ssh-grunt","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}