terraform-aws-organization-access-role
terraform-aws-organization-access-role copied to clipboard
Support for MFA enforcement
I'd be awesome if this module accepted a boolean variable to enforce MFA on users.
I guess the data "aws_iam_policy_document" "assume_role" would need to be conditionally modified for this purpose. But the exact document is beyond my skills.
I guess this will come in handy:
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#override_json
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#override_policy_documents
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#source_json
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#source_policy_documents
Also, but this would be a breaking change, enforced MFA could be the default behaviour (that could be explicitly opt-out)