Custom Session Duration (#9)

5e45e47c · Conor Maher · Anton Babenko · eaf730b8 · 5e45e47c · 5e45e47c
Commit 5e45e47c authored May 28, 2018 by Conor Maher Committed by Anton Babenko May 28, 2018
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 6 deletions

main.tf modules/iam-assumable-roles/main.tf +9 -6

variables.tf modules/iam-assumable-roles/variables.tf +5 -0

No files found.
--- a/modules/iam-assumable-roles/main.tf
+++ b/modules/iam-assumable-roles/main.tf
@@ -42,6 +42,7 @@ resource "aws_iam_role" "admin" {
  name                 = "${var.admin_role_name}"
  path                 = "${var.admin_role_path}"
+  max_session_duration = "${var.max_session_duration}"
  assume_role_policy = "${var.admin_role_requires_mfa ? data.aws_iam_policy_document.assume_role_with_mfa.json : data.aws_iam_policy_document.assume_role.json}"
 }
@@ -66,6 +67,7 @@ resource "aws_iam_role" "poweruser" {
  name                 = "${var.poweruser_role_name}"
  path                 = "${var.poweruser_role_path}"
+  max_session_duration = "${var.max_session_duration}"
  assume_role_policy = "${var.poweruser_role_requires_mfa ? data.aws_iam_policy_document.assume_role_with_mfa.json : data.aws_iam_policy_document.assume_role.json}"
 }
@@ -83,6 +85,7 @@ resource "aws_iam_role" "readonly" {
  name                 = "${var.readonly_role_name}"
  path                 = "${var.readonly_role_path}"
+  max_session_duration = "${var.max_session_duration}"
  assume_role_policy = "${var.readonly_role_requires_mfa ?  data.aws_iam_policy_document.assume_role_with_mfa.json : data.aws_iam_policy_document.assume_role.json}"
 }
--- a/modules/iam-assumable-roles/variables.tf
+++ b/modules/iam-assumable-roles/variables.tf
@@ -85,3 +85,8 @@ variable "readonly_role_policy_arn" {
  description = "Policy ARN to use for admin role"
  default     = "arn:aws:iam::aws:policy/ReadOnlyAccess"
 }
+variable "max_session_duration" {
+  description = "Maximum CLI/API session duration in seconds between 3600 and 43200"
+  default     = 3600
+}