terraform-aws-organization-access-role icon indicating copy to clipboard operation
terraform-aws-organization-access-role copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

Support for MFA enforcement

Open n1ngu opened this issue 3 years ago • 0 comments

I'd be awesome if this module accepted a boolean variable to enforce MFA on users.

I guess the data "aws_iam_policy_document" "assume_role" would need to be conditionally modified for this purpose. But the exact document is beyond my skills.

I guess this will come in handy:

  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#override_json
  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#override_policy_documents
  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#source_json
  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#source_policy_documents

Also, but this would be a breaking change, enforced MFA could be the default behaviour (that could be explicitly opt-out)

n1ngu avatar Apr 07 '21 08:04 n1ngu