Panfactum LogoPanfactum
Infrastructure ModulesAWSaws_iam_identity_center_permissions

AWS IAM Identity Center Permissions

aws_iam_identity_center_permissions
Stable
Live
Source Code Link

Creates the three core permission tiers for each AWS account:

  1. superusers - Maps to the arn:aws:iam::aws:policy/AdministratorAccess managed policy

  2. admins - Maps to a role that has admin access to most items but attempts to block permissions that could create obvious security problems or delete key infrastructure

  3. readers - Read-only access to the specific subset of AWS resources used in the Panfactum stack

Providers

The following providers are needed by this module:

Required Inputs

The following input variables are required:

account_access_configuration

Description: Configuration for assigning access to various AWS accounts via Identity Center

Type:

map(object({
    account_id               = string
    superuser_groups         = list(string)
    admin_groups             = optional(list(string), [])
    reader_groups            = optional(list(string), [])
    restricted_reader_groups = optional(list(string), [])
    billing_admin_groups     = optional(list(string), [])
  }))

Optional Inputs

The following input variables are optional (have default values):

Outputs

The following outputs are exported:

cli_config

Description: To be used by the 'pf-aws-update --build' script

Usage

No notes