This is an example of how to use the custom-iam-entity module to create an IAM group or role with attached IAM policies. If you're using Terragrunt, see the terragrunt example.
Use the boolean variables should_create_iam_group and should_create_iam_role variables to specify whether to create a group and/or a role, respectively. Name the group and/or role with the iam_group_name and iam_role_name variables. If creating an IAM role, you must also specify a list of ARNs that are allowed to assume the role in assume_role_arns.
This example will create an IAM group and/or role with several example IAM policies attached. You can attach policies in any combination of the following variables:
iam_policy_arns: Attach policies by providing a list of policy ARNs
iam_customer_managed_policy_names: Attach policies by providing a list of customer-managed policy names
iam_aws_managed_policy_names: Attach policies by providing a list of AWS-managed policy names
All of these variables are optional.
If you provide customer-managed policy names, the module will look up the current AWS account ID and use it to generate the policy ARN for attachment.
arn:aws:iam::0123456789012:policy/MyCustomPolicy
If you provide AWS-managed policy names, the module will use the AWS formatted policy names for attachment. For example:
arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
Any policies you provide must already exist or Terraform will throw an error.
Quick start
To try these templates out you must have Terraform installed:
Open variables.tf and fill in any variables that don't have a default.
Review the policies in variables.tf and decide which policies you would like to include.
Lean on the example policy in main.tf to generate your own managed policies to attach.
Run terraform init
Run terraform apply to create the IAM groups/roles.
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"f5221bddaff4eea1f0a9e6f623ea49e50cb00cbc"}]},{"name":".gitignore","path":".gitignore","sha":"03aff38511349fa3b4441e2b0157b707218aa7ef"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"b9fd389c37a0872a9d838269b406c0f8186acfcc"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"47ca720c554dc4a85a502b796941512d019f6046"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","sha":"a4c2813ee9206bc483df5fec152369c60b89de98"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"dbc5cd9a551f59b0f647602d3b5a62409a27ad75"},{"name":"README.adoc","path":"README.adoc","sha":"8f49d11b20cb2aeddf5ed21e14e7cbd3c8ee3df2"},{"name":"_docs","children":[{"name":"aws-cloudtrail.png","path":"_docs/aws-cloudtrail.png","sha":"c5482ed9b343509b76ce9678c5d6fcc07902a664"},{"name":"aws-cloudwatch.png","path":"_docs/aws-cloudwatch.png","sha":"5211cf11b76d724d86ffe022a314c443afef74cf"},{"name":"aws-config.png","path":"_docs/aws-config.png","sha":"bfa3bd7f86edfb2d914b2fad0c608b8120cb13cd"},{"name":"aws-iam.png","path":"_docs/aws-iam.png","sha":"9c0ebb4b5543199462b52282d86617db471ec48a"},{"name":"cis-account-architecture.png","path":"_docs/cis-account-architecture.png","sha":"86113f679c13fb529ceed5596fecec41d5204f54"},{"name":"cis-logo.png","path":"_docs/cis-logo.png","sha":"e75a052f28ac1e4d1d2292fa6cdc1ccd6a904885"}]},{"name":"codegen","children":[{"name":"generate-securityhub","children":[{"name":".gitignore","path":"codegen/generate-securityhub/.gitignore","sha":"61f44f130bdff8fcac8058495bd28ffd9062de25"},{"name":"README.md","path":"codegen/generate-securityhub/README.md","sha":"54c6a598c451f3618b7fdd26ac9de7814ee212d4"},{"name":"main.go","path":"codegen/generate-securityhub/main.go","sha":"c7b20c0d8d573d140b14a9da9f002215641fc6ca"},{"name":"static","children":[{"name":"README.adoc","path":"codegen/generate-securityhub/static/README.adoc","sha":"7ab2155fa9a03eb4a8e6d0e0fcc8fefad3e4254f"},{"name":"core-concepts.md","path":"codegen/generate-securityhub/static/core-concepts.md","sha":"6307ca9d06fb54f2d0061a81290ffead6bf5e7fa"},{"name":"invite-external-accounts","children":[{"name":"build_scripts","children":[{"name":"build.sh","path":"codegen/generate-securityhub/static/invite-external-accounts/build_scripts/build.sh","sha":"d88b72cd2e82f5156a50a35fb8cfa238159c6f82"}]},{"name":"dev_requirements.txt","path":"codegen/generate-securityhub/static/invite-external-accounts/dev_requirements.txt","sha":"ff7dfc3a64633aa716313a6adc39a95412bb9da8"},{"name":"invite_external_accounts","children":[{"name":"__init__.py","path":"codegen/generate-securityhub/static/invite-external-accounts/invite_external_accounts/__init__.py","sha":"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391"},{"name":"errors.py","path":"codegen/generate-securityhub/static/invite-external-accounts/invite_external_accounts/errors.py","sha":"7dc0edfd882b693d431c6fc8c345bdc1be70e520"},{"name":"main.py","path":"codegen/generate-securityhub/static/invite-external-accounts/invite_external_accounts/main.py","sha":"3cbba395f54591fd4d13750a5c07fccc061236bb"},{"name":"project_logging.py","path":"codegen/generate-securityhub/static/invite-external-accounts/invite_external_accounts/project_logging.py","sha":"82c5fecd96fc2531417d0ac09f4adedd39fc169b"},{"name":"securityhub.py","path":"codegen/generate-securityhub/static/invite-external-accounts/invite_external_accounts/securityhub.py","sha":"d40b61026878f522afebc9172d1d4b8bba7074e2"}]},{"name":"invite_external_accounts_pex.tar","path":"codegen/generate-securityhub/static/invite-external-accounts/invite_external_accounts_pex.tar","sha":"35d9ea3ff4b964125095d80d49276b86ed38558c"},{"name":"requirements.txt","path":"codegen/generate-securityhub/static/invite-external-accounts/requirements.txt","sha":"a40be0ee80ae138ac17fe8e4015ecfc5115b29c0"}]},{"name":"variables.tf","path":"codegen/generate-securityhub/static/variables.tf","sha":"86d66fb4c2861dac9f088047f58ee7efb124543e"}]},{"name":"template_data.go","path":"codegen/generate-securityhub/template_data.go","sha":"fa040a005387677e1e17a6e7516f581e12d9f9e9"}]},{"name":"go.mod","path":"codegen/go.mod","sha":"c39f1f8474eedb9f179d2d4ba9bd39d6b191cb9b"},{"name":"go.sum","path":"codegen/go.sum","sha":"5baeca1e4232b2bfd89fe7c9fbb92425d572077b"}]},{"name":"examples","children":[{"name":"cloudtrail","children":[{"name":"terraform","children":[{"name":"README.md","path":"examples/cloudtrail/terraform/README.md","sha":"649683a26bf72c79ece3d337cd1054d940f24ded"},{"name":"main.tf","path":"examples/cloudtrail/terraform/main.tf","sha":"b4fbcdc0812484e50d6a5a85f7e0a01a5554f220"},{"name":"outputs.tf","path":"examples/cloudtrail/terraform/outputs.tf","sha":"d761e149fa2b1a22c74727b0f7ef1329f3063037"},{"name":"variables.tf","path":"examples/cloudtrail/terraform/variables.tf","sha":"81d4f4bb2ea1131763003f85de7b2e88f800f241"}]},{"name":"terragrunt","children":[{"name":"README.md","path":"examples/cloudtrail/terragrunt/README.md","sha":"cdc1635aef8a86985e80cc7bd8dc6c36137e9edf"},{"name":"terragrunt.hcl","path":"examples/cloudtrail/terragrunt/terragrunt.hcl","sha":"64a8047867d9b341b3d11ea07a492e8fcd4367cb"}]}]},{"name":"cloudwatch-logs-metric-filters","children":[{"name":"terraform","children":[{"name":"README.md","path":"examples/cloudwatch-logs-metric-filters/terraform/README.md","sha":"fe9e01f99c45176e0af002fbdf18269c30097714"},{"name":"main.tf","path":"examples/cloudwatch-logs-metric-filters/terraform/main.tf","sha":"8ccb2e619843d8af516755b85da00480717dddfb"},{"name":"outputs.tf","path":"examples/cloudwatch-logs-metric-filters/terraform/outputs.tf","sha":"074e6118f58a6fd89d339ee3561c241b5de3583e"},{"name":"variables.tf","path":"examples/cloudwatch-logs-metric-filters/terraform/variables.tf","sha":"8e9c4651d9a5d79026c591b18616600499b1bdd9"}]},{"name":"terragrunt","children":[{"name":"README.md","path":"examples/cloudwatch-logs-metric-filters/terragrunt/README.md","sha":"5428ae138344bcb31a29bf653de47adbacf65976"},{"name":"terragrunt.hcl","path":"examples/cloudwatch-logs-metric-filters/terragrunt/terragrunt.hcl","sha":"4782ce6b03c26c43f2d0849d1baa0298edc5e13b"}]}]},{"name":"cross-account-iam-roles","children":[{"name":"terraform","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/terraform/README.md","sha":"1fe9486482282071f4f86113923832441f389fbf"},{"name":"main.tf","path":"examples/cross-account-iam-roles/terraform/main.tf","sha":"26aca4cd77367b7424078fd4cfe042ce6f37b447"},{"name":"outputs.tf","path":"examples/cross-account-iam-roles/terraform/outputs.tf","sha":"4635d74afd5ba0289decfaabe9e57266621866e2"},{"name":"variables.tf","path":"examples/cross-account-iam-roles/terraform/variables.tf","sha":"1c80da1943250d2c40180963c0a2f89fb2df9175"}]},{"name":"terragrunt","children":[{"name":"README.md","path":"examples/cross-account-iam-roles/terragrunt/README.md","sha":"bac0b37e9f2a156569390b4c3504ec4153462aa4"},{"name":"terragrunt.hcl","path":"examples/cross-account-iam-roles/terragrunt/terragrunt.hcl","sha":"eb5224cea7b8e53a085045e490a79005e7814cf4"}]}]},{"name":"custom-iam-entity","children":[{"name":"terraform","children":[{"name":"README.md","path":"examples/custom-iam-entity/terraform/README.md","sha":"3aab55b2e5ab522b79d028904ba9de832e9465e7","toggled":true},{"name":"main.tf","path":"examples/custom-iam-entity/terraform/main.tf","sha":"33a2fc66826b737702aef28787ab83d9545b58c2"},{"name":"outputs.tf","path":"examples/custom-iam-entity/terraform/outputs.tf","sha":"835eb64f431386925438cb2f63e48e413faee90c"},{"name":"variables.tf","path":"examples/custom-iam-entity/terraform/variables.tf","sha":"7539c565d899f88078983f2232c550361a0ee502"}],"toggled":true},{"name":"terragrunt","children":[{"name":"README.md","path":"examples/custom-iam-entity/terragrunt/README.md","sha":"f29d07f8ffe7e2a8918e3e75ae9f2c1072f82a1c"},{"name":"terragrunt.hcl","path":"examples/custom-iam-entity/terragrunt/terragrunt.hcl","sha":"99bdccc50f04f2efb82ba424e86926066fddacff"}]}],"toggled":true},{"name":"iam-groups","children":[{"name":"terraform","children":[{"name":"README.md","path":"examples/iam-groups/terraform/README.md","sha":"bb42f2a822c2e6fd1f6c0b55e4eeef81066c06c0"},{"name":"main.tf","path":"examples/iam-groups/terraform/main.tf","sha":"852d3e363fa4aab098cfcb7b382f145a246f7e5e"},{"name":"outputs.tf","path":"examples/iam-groups/terraform/outputs.tf","sha":"f386fa2f8b93fddfc8a04cb067220e4297c03ada"},{"name":"variables.tf","path":"examples/iam-groups/terraform/variables.tf","sha":"154f5a51e416bec433824942c65199bc74f28321"}]},{"name":"terragrunt","children":[{"name":"README.md","path":"examples/iam-groups/terragrunt/README.md","sha":"693eb9b7a7bd820d40b016931a61989bff2c8be8"},{"name":"terragrunt.hcl","path":"examples/iam-groups/terragrunt/terragrunt.hcl","sha":"de01124a0a417059d5b62bf1cbb1352f4063ba24"}]}]},{"name":"iam-password-policy","children":[{"name":"terraform","children":[{"name":"README.md","path":"examples/iam-password-policy/terraform/README.md","sha":"26651683bdfbf526f289e779278e7861ee4fbc48"},{"name":"main.tf","path":"examples/iam-password-policy/terraform/main.tf","sha":"6cfd3decf581247ab410c1a6966b52c8d6f3d2da"},{"name":"variables.tf","path":"examples/iam-password-policy/terraform/variables.tf","sha":"ee9fe6604ee7b34c3a59b42cb9bcc503e5707abc"}]},{"name":"terragrunt","children":[{"name":"README.md","path":"examples/iam-password-policy/terragrunt/README.md","sha":"207bb1ad3e44c64e0e70c73de185e1f42b68756b"},{"name":"terragrunt.hcl","path":"examples/iam-password-policy/terragrunt/terragrunt.hcl","sha":"9a5abfb7982ee98aace97a1ea691a948aab5929e"}]}]},{"name":"saml-iam-roles","children":[{"name":"terraform","children":[{"name":"README.md","path":"examples/saml-iam-roles/terraform/README.md","sha":"a00fd7cc39b77395657aee02b5b50f25b60d97bb"},{"name":"main.tf","path":"examples/saml-iam-roles/terraform/main.tf","sha":"f669a1c4418c2249b5f850ac1614d64439db542b"},{"name":"outputs.tf","path":"examples/saml-iam-roles/terraform/outputs.tf","sha":"6e69339e781035cc29323a9dda927bea8a3d115b"},{"name":"saml-metadata.xml","path":"examples/saml-iam-roles/terraform/saml-metadata.xml","sha":"88596cfde52242a43559c79216a1c60b2ea12903"},{"name":"variables.tf","path":"examples/saml-iam-roles/terraform/variables.tf","sha":"7e552ab7a080ca8b9f4d0fd2b2058cda4b75c0c3"}]},{"name":"terragrunt","children":[{"name":"README.md","path":"examples/saml-iam-roles/terragrunt/README.md","sha":"00f9e3e903f4ebc4eeed20bff8f06546c546388d"},{"name":"terragrunt.hcl","path":"examples/saml-iam-roles/terragrunt/terragrunt.hcl","sha":"68c50d324603caa08181d1744b315c75e3697df8"}]}]},{"name":"securityhub","children":[{"name":"terragrunt","children":[{"name":"README.md","path":"examples/securityhub/terragrunt/README.md","sha":"e37eac4f45aab63a46d5b04d08ed53a6ac2471fe"},{"name":"master","children":[{"name":"terragrunt.hcl","path":"examples/securityhub/terragrunt/master/terragrunt.hcl","sha":"43f9e1834d0ccde7de6ebd01657078e73cba7574"}]},{"name":"member","children":[{"name":"terragrunt.hcl","path":"examples/securityhub/terragrunt/member/terragrunt.hcl","sha":"e27e078840046a1fff817ff84ba47a9a26c2fac9"}]}]}]}],"toggled":true},{"name":"modules","children":[{"name":"aws-securityhub","children":[{"name":"README.adoc","path":"modules/aws-securityhub/README.adoc","sha":"7ab2155fa9a03eb4a8e6d0e0fcc8fefad3e4254f"},{"name":"core-concepts.md","path":"modules/aws-securityhub/core-concepts.md","sha":"6307ca9d06fb54f2d0061a81290ffead6bf5e7fa"},{"name":"invite-external-accounts","children":[{"name":"bin","children":[{"name":"invite_external_accounts_py27_env.pex","path":"modules/aws-securityhub/invite-external-accounts/bin/invite_external_accounts_py27_env.pex","sha":"a61d838d1fd681fd56760c4ab3c9b8ef7750e051"},{"name":"invite_external_accounts_py3_env.pex","path":"modules/aws-securityhub/invite-external-accounts/bin/invite_external_accounts_py3_env.pex","sha":"d1afb0ae6efe358dd053458799367c0bb29e0614"}]},{"name":"invite_external_accounts","children":[{"name":"__init__.py","path":"modules/aws-securityhub/invite-external-accounts/invite_external_accounts/__init__.py","sha":"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391"},{"name":"errors.py","path":"modules/aws-securityhub/invite-external-accounts/invite_external_accounts/errors.py","sha":"7dc0edfd882b693d431c6fc8c345bdc1be70e520"},{"name":"main.py","path":"modules/aws-securityhub/invite-external-accounts/invite_external_accounts/main.py","sha":"3cbba395f54591fd4d13750a5c07fccc061236bb"},{"name":"project_logging.py","path":"modules/aws-securityhub/invite-external-accounts/invite_external_accounts/project_logging.py","sha":"82c5fecd96fc2531417d0ac09f4adedd39fc169b"},{"name":"securityhub.py","path":"modules/aws-securityhub/invite-external-accounts/invite_external_accounts/securityhub.py","sha":"d40b61026878f522afebc9172d1d4b8bba7074e2"}]}]},{"name":"main.tf","path":"modules/aws-securityhub/main.tf","sha":"2621f18cd060eeab76ff15c0ad50dc15a0e3f072"},{"name":"outputs.tf","path":"modules/aws-securityhub/outputs.tf","sha":"6ef6622d5e3b4575b7de0ede63272990d6d84c35"},{"name":"variables.tf","path":"modules/aws-securityhub/variables.tf","sha":"86d66fb4c2861dac9f088047f58ee7efb124543e"}]},{"name":"cloudtrail","children":[{"name":"README.adoc","path":"modules/cloudtrail/README.adoc","sha":"c8d0a4e5f5fe44fa5dc41bc74aa36fbc191b21d4"},{"name":"images","children":[{"name":"cloudtrail-cis-architecture.png","path":"modules/cloudtrail/images/cloudtrail-cis-architecture.png","sha":"70b296eb99f2c2da1bcc73fbb8d4528eb4743204"}]},{"name":"main.tf","path":"modules/cloudtrail/main.tf","sha":"68864581db72d48cb9c09a98ce7a765d09d5a72b"},{"name":"outputs.tf","path":"modules/cloudtrail/outputs.tf","sha":"33c67afdc73569394d1b43c182355156938d9b11"},{"name":"variables.tf","path":"modules/cloudtrail/variables.tf","sha":"8862afa2218c75cb0c2af079428bbd2358042b89"}]},{"name":"cloudwatch-logs-metric-filters","children":[{"name":"README.adoc","path":"modules/cloudwatch-logs-metric-filters/README.adoc","sha":"7f75dcb395f2cc6395950aefb5cf6849d3975e9f"},{"name":"core-concepts.md","path":"modules/cloudwatch-logs-metric-filters/core-concepts.md","sha":"75301bd203c74458fc05857510fdf89188ef3921"},{"name":"images","children":[{"name":"cloudwatch-alarm.png","path":"modules/cloudwatch-logs-metric-filters/images/cloudwatch-alarm.png","sha":"b9fa4a893e9a4c402f117d4fa3922b4e5fdc0b4f"},{"name":"cloudwatch-logs-architecture.png","path":"modules/cloudwatch-logs-metric-filters/images/cloudwatch-logs-architecture.png","sha":"65a8d960553521dbcb5d2342609b648fc1397f91"}]},{"name":"main.tf","path":"modules/cloudwatch-logs-metric-filters/main.tf","sha":"ed801c84926b89fe7753a6bf02e8bca0327a790e"},{"name":"outputs.tf","path":"modules/cloudwatch-logs-metric-filters/outputs.tf","sha":"1d0237d1e1bf5ba6d9e2136ecf1f2bf047ec7063"},{"name":"variables.tf","path":"modules/cloudwatch-logs-metric-filters/variables.tf","sha":"09c5655a6cd58fab958bea3afe91cc2287bfc248"}]},{"name":"cross-account-iam-roles","children":[{"name":"README.adoc","path":"modules/cross-account-iam-roles/README.adoc","sha":"081ea89c0912444bc7e9e0058910092884fa9cb3"},{"name":"images","children":[{"name":"iam-roles-architecture.png","path":"modules/cross-account-iam-roles/images/iam-roles-architecture.png","sha":"5b7c1e935fac59214299e224eb8425c8c9b246b8"}]},{"name":"main.tf","path":"modules/cross-account-iam-roles/main.tf","sha":"ced23a20d145023b87a22a9cf90ce9841500b757"},{"name":"outputs.tf","path":"modules/cross-account-iam-roles/outputs.tf","sha":"4635d74afd5ba0289decfaabe9e57266621866e2"},{"name":"variables.tf","path":"modules/cross-account-iam-roles/variables.tf","sha":"d7835df3cc93a9a0d858ac824f213144e419168b"}]},{"name":"custom-iam-entity","children":[{"name":"README.adoc","path":"modules/custom-iam-entity/README.adoc","sha":"b30df86a761f4640c90e3a8fbf376e9d3a24888d"},{"name":"main.tf","path":"modules/custom-iam-entity/main.tf","sha":"4b0a1e7443048694d727d5a64015e12dce4026e3"},{"name":"outputs.tf","path":"modules/custom-iam-entity/outputs.tf","sha":"157e624e8e8610fbeaf54f603dce2516806c332f"},{"name":"variables.tf","path":"modules/custom-iam-entity/variables.tf","sha":"9a4e12646a30d1bfee9ce18b28e134dad19983da"}]},{"name":"iam-groups","children":[{"name":"README.adoc","path":"modules/iam-groups/README.adoc","sha":"bd8a0a3a77ac0d40385c804635b108a14d2750db"},{"name":"core-concepts.md","path":"modules/iam-groups/core-concepts.md","sha":"02dc8472d42c7ae6497417b378f31e8bd9882bd9"},{"name":"images","children":[{"name":"iam-groups-architecture.png","path":"modules/iam-groups/images/iam-groups-architecture.png","sha":"c95384f4ee5e543cda1b39bbfe6239f9581609f0"}]},{"name":"main.tf","path":"modules/iam-groups/main.tf","sha":"0540e498e623a11d60316cfbc6949b3767f65ba3"},{"name":"outputs.tf","path":"modules/iam-groups/outputs.tf","sha":"0919bcae3e51cadad70355a2c52fd15b45434287"},{"name":"variables.tf","path":"modules/iam-groups/variables.tf","sha":"a24e2fb4548de52da24e1c7eb8b3a2078b44c552"}]},{"name":"iam-password-policy","children":[{"name":"README.adoc","path":"modules/iam-password-policy/README.adoc","sha":"55fd68765af71303c4d1db6d249a245cf37a7540"},{"name":"main.tf","path":"modules/iam-password-policy/main.tf","sha":"7438c6148e697e1ec28537b86f1e3f4a3111393d"},{"name":"variables.tf","path":"modules/iam-password-policy/variables.tf","sha":"e8c3867f0ef9eb1a1d253ef6d5dffe6c902a4221"}]},{"name":"saml-iam-roles","children":[{"name":"README.adoc","path":"modules/saml-iam-roles/README.adoc","sha":"26de3c0843d0ea4436fdf19dd60cb569a2be3402"},{"name":"images","children":[{"name":"saml-iam-roles.png","path":"modules/saml-iam-roles/images/saml-iam-roles.png","sha":"d8bb2b15ad1fbcb4cb0f823663735edc469d0c14"}]},{"name":"main.tf","path":"modules/saml-iam-roles/main.tf","sha":"1bcacf255b990ba9ea71d8a90cf363af7cac4020"},{"name":"outputs.tf","path":"modules/saml-iam-roles/outputs.tf","sha":"6e69339e781035cc29323a9dda927bea8a3d115b"},{"name":"variables.tf","path":"modules/saml-iam-roles/variables.tf","sha":"4319d117656b5a6945009dd15d62083af779852e"}]}]},{"name":"rfcs","children":[{"name":"flexible-backends.md","path":"rfcs/flexible-backends.md","sha":"8c308f20484932b9773c07f127d498de14c76bae"}]},{"name":"setup.cfg","path":"setup.cfg","sha":"981bc2bfd0b35029438d56c6d862a7f1519b8fe6"},{"name":"test","children":[{"name":"cloudtrail_test.go","path":"test/cloudtrail_test.go","sha":"46669ddd1b32aeb3f959a8dac9000d599bcbb03a"},{"name":"cloudwatch_logs_metric_filters_test.go","path":"test/cloudwatch_logs_metric_filters_test.go","sha":"1110d7f0ddeeda36fff67ffaf49fd326a71dc83c"},{"name":"cross_account_iam_roles_test.go","path":"test/cross_account_iam_roles_test.go","sha":"aa6d75cf953722a65edd0f623fe76a142c9aa02a"},{"name":"custom_iam_entity_test.go","path":"test/custom_iam_entity_test.go","sha":"4c95a46959349aeba26e80131a35af96ab16955a"},{"name":"generate_securityhub_test.go","path":"test/generate_securityhub_test.go","sha":"492a4a86011210beb598ad1fdeb73736fec1a27e"},{"name":"go.mod","path":"test/go.mod","sha":"ae654fc7163a2df0241010e098b6456fe1dc965e"},{"name":"go.sum","path":"test/go.sum","sha":"3e43d17a39b86941caf74aa75e470cb35ced4ddd"},{"name":"iam_groups_test.go","path":"test/iam_groups_test.go","sha":"a361792deea45a980ed7ceae6f7a759c20c5ae3a"},{"name":"iam_password_policy_test.go","path":"test/iam_password_policy_test.go","sha":"0402874302c76da6e7fdf035a6b688e39ef33d8c"},{"name":"saml_iam_roles_test.go","path":"test/saml_iam_roles_test.go","sha":"7fc7ae5a4a268b6b78e90830ac150a98c92bfd82"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"f0614e492133b9e9b9bbaec4b34251493d31f4cd"}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"custom-iam-entity-terraform-wrapper-example\">Custom IAM Entity Terraform wrapper example</h1><div class=\"preview__body--border\"></div><p>This is an example of how to use the <a href=\"/repos/v0.9.2/cis-compliance-aws/modules/custom-iam-entity\" class=\"preview__body--description--blue\"><code>custom-iam-entity</code> module</a> to create an IAM group or role with attached IAM policies. If you're using Terragrunt, see the <a href=\"/repos/v0.9.2/cis-compliance-aws/examples/custom-iam-entity/terragrunt\" class=\"preview__body--description--blue\">terragrunt example</a>.</p>\n<p>Use the boolean variables <code>should_create_iam_group</code> and <code>should_create_iam_role</code> variables to specify whether to create a group and/or a role, respectively. Name the group and/or role with the <code>iam_group_name</code> and <code>iam_role_name</code> variables. If creating an IAM role, you must also specify a list of ARNs that are allowed to assume the role in <code>assume_role_arns</code>.</p>\n<p>This example will create an IAM group and/or role with several example IAM policies attached. You can attach policies in any combination of the following variables:</p>\n<ul>\n<li><code>iam_policy_arns</code>: Attach policies by providing a list of policy ARNs</li>\n<li><code>iam_customer_managed_policy_names</code>: Attach policies by providing a list of customer-managed policy names</li>\n<li><code>iam_aws_managed_policy_names</code>: Attach policies by providing a list of AWS-managed policy names</li>\n</ul>\n<p>All of these variables are optional.</p>\n<p>If you provide customer-managed policy names, the module will look up the current AWS account ID and use it to generate the policy ARN for attachment.</p>\n<pre><code>arn:aws:iam::0123456789012:policy/MyCustomPolicy\n</code></pre>\n<p>If you provide AWS-managed policy names, the module will use the AWS formatted policy names for attachment. For example:</p>\n<pre><code>arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess\n</code></pre>\n<p>Any policies you provide must already exist or Terraform will throw an error.</p>\n<h2 class=\"preview__body--subtitle\" id=\"quick-start\">Quick start</h2>\n<p>To try these templates out you must have Terraform installed:</p>\n<ol>\n<li>Open <code>variables.tf</code> and fill in any variables that don't have a default.</li>\n<li>Review the policies in <code>variables.tf</code> and decide which policies you would like to include.</li>\n<li>Lean on the example policy in <code>main.tf</code> to generate your own managed policies to attach.</li>\n<li>Run <code>terraform init</code></li>\n<li>Run <code>terraform apply</code> to create the IAM groups/roles.</li>\n</ol>\n","repoName":"cis-compliance-aws","repoRef":"v0.4.1","serviceDescriptor":{"serviceName":"CIS Foundations Benchmark","serviceRepoName":"cis-compliance-aws","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"Modules and utilities certified by Gruntwork and CIS to comply with the CIS AWS Foundations Benchmark","imageUrl":"cis-logo.png","licenseType":"subscriber","technologies":["Terraform","Go","Python"],"compliance":["CIS"],"tags":[""]},"serviceCategoryName":"Compliance","fileName":"README.md","filePath":"/examples/custom-iam-entity/terraform","title":"Repo Browser: CIS Foundations Benchmark","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}