13 docs tagged with "privileged"

account

This component is responsible for creating or importing a single AWS Account within an AWS Organization

account-map

This component is responsible for provisioning information only: it simply populates Terraform state with data (account ids, groups, and roles) that other root modules need via outputs

This component is responsible for provisioning account-level settings: AWS Account Alias, EBS encryption, S3 block public access, alternate contacts, SSM session preferences, EBS snapshot block public access, EC2 instance metadata defaults, EC2 AMI block public access, and EMR block public access configuration

aws-saml

This component provisions SAML metadata into AWS IAM as new SAML providers

aws-team-roles

This component is responsible for provisioning user and system IAM roles outside the `identity` account

aws-teams

This component is responsible for provisioning all primary user and system roles into the centralized identity account

github-oidc-provider

This component authorizes the GitHub OIDC provider as an identity provider for an AWS account

github-oidc-role

This component is responsible for creating IAM roles for GitHub Actions to assume

identity-center

This component is responsible for creating [AWS SSO Permission Sets][1] and creating AWS SSO Account Assignments, that is, assigning IdP (Okta) groups and/or users to AWS SSO permission sets in specific AWS Accounts

organization

This component is responsible for creating or importing a single AWS Organization

organizational-unit

This component is responsible for creating or importing a single AWS Organizations Organizational Unit (OU)

scp

This component is responsible for creating a single Service Control Policy (SCP) and optionally attaching it to a target (organization root, OU, or account)

tfstate-backend

This component is responsible for provisioning an S3 Bucket and DynamoDB table that follow security best practices for usage as a Terraform backend