AWS IAM Access Analyzer
This repo contains a Module for creating and enabling IAM Access Analyzer
This module is not meant to be used directly. Instead, it’s used under the hood in the account-baseline-root & account-baseline-security modules. Please see those modules and their respective examples for specific configuration and usage.
Features
Create an IAM Access Analyzer service for different regions in one module
Enable the IAM Access Analyzer service for a given AWS account
Learn
Note
This repo is a part of the Gruntwork Infrastructure as Code Library, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Infrastructure as Code Library before, make sure to read How to use the Gruntwork Infrastructure as Code Library!
Core concepts
Repo organization
modules: the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
examples: This folder contains working examples of how to use the submodules.
test: Automated tests for the modules and examples.
Deploy
Non-production deployment (quick start for learning)
If you just want to try this out for experimenting and learning, check out the following resources:
- examples folder: The
examplesfolder contains sample code optimized for learning, experimenting, and testing (but not production usage).
Manage
Reference
- Inputs
- Outputs
Required
aws_account_idstringThe AWS Account ID the template should be operated on. This avoids misconfiguration errors caused by environment variables.
Optional
create_resourcesboolA feature flag to enable or disable this module.
trueiam_access_analyzer_namestringThe name of the IAM Access Analyzer module
"iam-access-analyzer"iam_access_analyzer_typestringIf set to ACCOUNT, the analyzer will only be scanning the current AWS account it's in. If set to ORGANIZATION - will scan the organization AWS account and the child accounts.
"ACCOUNT"