Accueil Explorer Aide
S'inscrire Connexion
AFS
/
xdr-terraform-modules
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Adds 'AWSSupportAccess' Policy to mdr_terraformer

CIS 1.20 requires "Ensure a support role has been created to manage
incidents with AWS support".

While the mdr_terraformer role already has this access, an explicit
policy attachment is required in order to correctly trigger the
config rule.

To be tagged v0.7.8
Fred Damstra il y a 5 ans
Parent
ed6a756e83
commit
65bf317038
2 fichiers modifiés avec 10 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 5 0
      submodules/iam/child_account_roles/role-mdr_terraformer.tf
  2. 5 0
      submodules/iam/common_services_roles/role-mdr_terraformer.tf

+ 5 - 0
submodules/iam/child_account_roles/role-mdr_terraformer.tf
Voir le fichier 

@@ -9,3 +9,8 @@ resource aws_iam_role_policy_attachment "mdr_terraformer-mdr_terraformer" {
 
   role       = aws_iam_role.mdr_terraformer.name 
   policy_arn = module.standard_iam_policies.arns["mdr_terraformer"]
 
 }
 
+
 
+resource aws_iam_role_policy_attachment "mdr_terraformer-AWSSupportAccess" {
 
+  role       = aws_iam_role.mdr_terraformer.name
 
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSSupportAccess"
 
+}

+ 5 - 0
submodules/iam/common_services_roles/role-mdr_terraformer.tf
Voir le fichier 

@@ -9,3 +9,8 @@ resource aws_iam_role_policy_attachment "mdr_terraformer-mdr_terraformer" {
 
   role       = aws_iam_role.mdr_terraformer.name 
   policy_arn = module.standard_iam_policies.arns["mdr_terraformer"]
 
 }
 
+
 
+resource aws_iam_role_policy_attachment "mdr_terraformer-AWSSupportAccess" {
 
+  role       = aws_iam_role.mdr_terraformer.name 
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSSupportAccess"
 
+}