13 docs tagged with "privileged"

account

This component is responsible for creating or importing a single AWS Account within an AWS Organization

account-map

This component is responsible for provisioning information only: it simply populates Terraform state with data (account ids, groups, and roles) that other root modules need via outputs

account-settings

This component is responsible for provisioning account level settings: AWS Account Alias, EBS encryption, S3 block public access, alternate contacts, and SSM session preferences

aws-saml

This component provisions SAML metadata into AWS IAM as new SAML providers

aws-team-roles

This component is responsible for provisioning user and system IAM roles outside the `identity` account

aws-teams

This component is responsible for provisioning all primary user and system roles into the centralized identity account

github-oidc-provider

This component authorizes the GitHub OIDC provider as an identity provider for an AWS account

github-oidc-role

This component is responsible for creating IAM roles for GitHub Actions to assume

This component is responsible for creating [AWS SSO Permission Sets][1] and creating AWS SSO Account Assignments, that is, assigning IdP (Okta) groups and/or users to AWS SSO permission sets in specific AWS Accounts

organization

This component is responsible for creating or importing a single AWS Organization

organizational-unit

This component is responsible for creating or importing a single AWS Organizations Organizational Unit (OU)

scp

This component is responsible for creating a single Service Control Policy (SCP) and optionally attaching it to a target (organization root, OU, or account)

tfstate-backend

This component is responsible for provisioning an S3 Bucket and DynamoDB table that follow security best practices for usage as a Terraform backend