Skip to content

T
terraform-aws-iam
Commit 5e45e47c authored by Conor Maher's avatar Conor Maher Committed by Anton Babenko
Browse files
Options

Custom Session Duration (#9)

parent eaf730b8
Show whitespace changes
Inline Side-by-side
Showing with 14 additions and 6 deletions
modules/iam-assumable-roles/main.tf
View file @ 5e45e47c
......@@ -42,6 +42,7 @@ resource "aws_iam_role" "admin" {
name = "${var.admin_role_name}"
path = "${var.admin_role_path}"
max_session_duration = "${var.max_session_duration}"
assume_role_policy = "${var.admin_role_requires_mfa ? data.aws_iam_policy_document.assume_role_with_mfa.json : data.aws_iam_policy_document.assume_role.json}"
}
......@@ -66,6 +67,7 @@ resource "aws_iam_role" "poweruser" {
name = "${var.poweruser_role_name}"
path = "${var.poweruser_role_path}"
max_session_duration = "${var.max_session_duration}"
assume_role_policy = "${var.poweruser_role_requires_mfa ? data.aws_iam_policy_document.assume_role_with_mfa.json : data.aws_iam_policy_document.assume_role.json}"
}
......@@ -83,6 +85,7 @@ resource "aws_iam_role" "readonly" {
name = "${var.readonly_role_name}"
path = "${var.readonly_role_path}"
max_session_duration = "${var.max_session_duration}"
assume_role_policy = "${var.readonly_role_requires_mfa ? data.aws_iam_policy_document.assume_role_with_mfa.json : data.aws_iam_policy_document.assume_role.json}"
}
modules/iam-assumable-roles/variables.tf
View file @ 5e45e47c
......@@ -85,3 +85,8 @@ variable "readonly_role_policy_arn" {
description = "Policy ARN to use for admin role"
default = "arn:aws:iam::aws:policy/ReadOnlyAccess"
}
variable "max_session_duration" {
description = "Maximum CLI/API session duration in seconds between 3600 and 43200"
default = 3600
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment